Search in sources :

Example 1 with KeyStoreCredentialResolver

use of org.opensaml.security.credential.impl.KeyStoreCredentialResolver in project syncope by apache.

the class SAML2SPLoader method load.

@Override
public void load() {
    EntitlementsHolder.getInstance().init(SAML2SPEntitlement.values());
    Pair<Properties, String> init = PropertyUtils.read(getClass(), SAML2SP_LOGIC_PROPERTIES, "conf.directory");
    Properties props = init.getLeft();
    String confDirectory = init.getRight();
    assertNotNull(confDirectory, "<conf.directory>");
    String name = props.getProperty("keystore.name");
    assertNotNull(name, "<keystore.name>");
    String type = props.getProperty("keystore.type");
    assertNotNull(type, "<keystore.type>");
    String storePass = props.getProperty("keystore.storepass");
    assertNotNull(storePass, "<keystore.storepass>");
    keyPass = props.getProperty("keystore.keypass");
    assertNotNull(keyPass, "<keystore.keypass>");
    String certAlias = props.getProperty("sp.cert.alias");
    assertNotNull(certAlias, "<sp.cert.alias>");
    signatureAlgorithm = props.getProperty("signature.algorithm");
    LOG.debug("Attempting to load the provided keystore...");
    try {
        ResourceWithFallbackLoader loader = new ResourceWithFallbackLoader();
        loader.setResourceLoader(ApplicationContextProvider.getApplicationContext());
        loader.setPrimary(StringUtils.appendIfMissing("file:" + confDirectory, "/") + name);
        loader.setFallback("classpath:" + name);
        keystore = KeyStore.getInstance(type);
        try (InputStream inputStream = loader.getResource().getInputStream()) {
            keystore.load(inputStream, storePass.toCharArray());
            LOG.debug("Keystore loaded");
        }
        Map<String, String> passwordMap = new HashMap<>();
        passwordMap.put(certAlias, keyPass);
        KeyStoreCredentialResolver resolver = new KeyStoreCredentialResolver(keystore, passwordMap);
        this.credential = resolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(certAlias)));
        LOG.debug("SAML 2.0 Service Provider certificate loaded");
        saml2rw.init();
        inited = true;
    } catch (Exception e) {
        LOG.error("Could not initialize the SAML 2.0 Service Provider certificate", e);
        inited = false;
    }
    domainsHolder.getDomains().keySet().forEach(domain -> {
        AuthContextUtils.execWithAuthContext(domain, () -> {
            idpDAO.findAll().forEach(idp -> {
                try {
                    cache.put(idp);
                } catch (Exception e) {
                    LOG.error("Could not cache the SAML 2.0 IdP with key ", idp.getEntityID(), e);
                }
            });
            return null;
        });
    });
}
Also used : HashMap(java.util.HashMap) InputStream(java.io.InputStream) ResourceWithFallbackLoader(org.apache.syncope.core.spring.ResourceWithFallbackLoader) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) Properties(java.util.Properties) KeyStoreCredentialResolver(org.opensaml.security.credential.impl.KeyStoreCredentialResolver)

Aggregations

InputStream (java.io.InputStream)1 HashMap (java.util.HashMap)1 Properties (java.util.Properties)1 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)1 ResourceWithFallbackLoader (org.apache.syncope.core.spring.ResourceWithFallbackLoader)1 EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)1 KeyStoreCredentialResolver (org.opensaml.security.credential.impl.KeyStoreCredentialResolver)1