Search in sources :

Example 21 with Saml2Exception

use of org.springframework.security.saml2.Saml2Exception in project midpoint by Evolveum.

the class MidpointAssertingPartyMetadataConverter method entityDescriptor.

private EntityDescriptor entityDescriptor(InputStream inputStream) {
    Document document = document(inputStream);
    Element element = document.getDocumentElement();
    Unmarshaller unmarshaller = this.registry.getUnmarshallerFactory().getUnmarshaller(element);
    if (unmarshaller == null) {
        throw new Saml2Exception("Unsupported element of type " + element.getTagName());
    }
    try {
        XMLObject object = unmarshaller.unmarshall(element);
        if (object instanceof EntitiesDescriptor) {
            return ((EntitiesDescriptor) object).getEntityDescriptors().get(0);
        }
        if (object instanceof EntityDescriptor) {
            return (EntityDescriptor) object;
        }
    } catch (Exception ex) {
        throw new Saml2Exception(ex);
    }
    throw new Saml2Exception("Unsupported element of type " + element.getTagName());
}
Also used : Element(org.w3c.dom.Element) XMLObject(org.opensaml.core.xml.XMLObject) Document(org.w3c.dom.Document) Unmarshaller(org.opensaml.core.xml.io.Unmarshaller) Saml2Exception(org.springframework.security.saml2.Saml2Exception) Saml2Exception(org.springframework.security.saml2.Saml2Exception) CertificateException(java.security.cert.CertificateException)

Example 22 with Saml2Exception

use of org.springframework.security.saml2.Saml2Exception in project midpoint by Evolveum.

the class MidpointAssertingPartyMetadataConverter method defineSingleLogoutService.

private void defineSingleLogoutService(IDPSSODescriptor idpssoDescriptor, RelyingPartyRegistration.Builder builder) {
    Saml2MessageBinding authBinding = null;
    for (SingleLogoutService singleLogoutService : idpssoDescriptor.getSingleLogoutServices()) {
        if (singleLogoutService.getBinding().equals(Saml2MessageBinding.POST.getUrn())) {
            authBinding = Saml2MessageBinding.POST;
        } else if (singleLogoutService.getBinding().equals(Saml2MessageBinding.REDIRECT.getUrn())) {
            authBinding = Saml2MessageBinding.REDIRECT;
        } else {
            continue;
        }
        Saml2MessageBinding finalAuthBinding = authBinding;
        builder.assertingPartyDetails((party) -> party.singleLogoutServiceLocation(singleLogoutService.getLocation()).singleLogoutServiceBinding(finalAuthBinding));
        break;
    }
    if (authBinding == null) {
        throw new Saml2Exception("Metadata response is missing a SingleLogoutService, necessary for sending LogoutRequests");
    }
}
Also used : Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) Saml2Exception(org.springframework.security.saml2.Saml2Exception)

Example 23 with Saml2Exception

use of org.springframework.security.saml2.Saml2Exception in project spring-security by spring-projects.

the class Saml2Utils method samlDeflate.

static byte[] samlDeflate(String s) {
    try {
        ByteArrayOutputStream b = new ByteArrayOutputStream();
        DeflaterOutputStream deflater = new DeflaterOutputStream(b, new Deflater(Deflater.DEFLATED, true));
        deflater.write(s.getBytes(StandardCharsets.UTF_8));
        deflater.finish();
        return b.toByteArray();
    } catch (IOException ex) {
        throw new Saml2Exception("Unable to deflate string", ex);
    }
}
Also used : Deflater(java.util.zip.Deflater) DeflaterOutputStream(java.util.zip.DeflaterOutputStream) ByteArrayOutputStream(java.io.ByteArrayOutputStream) IOException(java.io.IOException) Saml2Exception(org.springframework.security.saml2.Saml2Exception)

Example 24 with Saml2Exception

use of org.springframework.security.saml2.Saml2Exception in project spring-security by spring-projects.

the class OpenSamlSigningUtils method resolveSigningParameters.

private static SignatureSigningParameters resolveSigningParameters(RelyingPartyRegistration relyingPartyRegistration) {
    List<Credential> credentials = resolveSigningCredentials(relyingPartyRegistration);
    List<String> algorithms = relyingPartyRegistration.getAssertingPartyDetails().getSigningAlgorithms();
    List<String> digests = Collections.singletonList(SignatureConstants.ALGO_ID_DIGEST_SHA256);
    String canonicalization = SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
    SignatureSigningParametersResolver resolver = new SAMLMetadataSignatureSigningParametersResolver();
    CriteriaSet criteria = new CriteriaSet();
    BasicSignatureSigningConfiguration signingConfiguration = new BasicSignatureSigningConfiguration();
    signingConfiguration.setSigningCredentials(credentials);
    signingConfiguration.setSignatureAlgorithms(algorithms);
    signingConfiguration.setSignatureReferenceDigestMethods(digests);
    signingConfiguration.setSignatureCanonicalizationAlgorithm(canonicalization);
    signingConfiguration.setKeyInfoGeneratorManager(buildSignatureKeyInfoGeneratorManager());
    criteria.add(new SignatureSigningConfigurationCriterion(signingConfiguration));
    try {
        SignatureSigningParameters parameters = resolver.resolveSingle(criteria);
        Assert.notNull(parameters, "Failed to resolve any signing credential");
        return parameters;
    } catch (Exception ex) {
        throw new Saml2Exception(ex);
    }
}
Also used : BasicCredential(org.opensaml.security.credential.BasicCredential) Credential(org.opensaml.security.credential.Credential) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) SAMLMetadataSignatureSigningParametersResolver(org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver) SignatureSigningParametersResolver(org.opensaml.xmlsec.SignatureSigningParametersResolver) SignatureSigningParameters(org.opensaml.xmlsec.SignatureSigningParameters) SAMLMetadataSignatureSigningParametersResolver(org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) SignatureSigningConfigurationCriterion(org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion) Saml2Exception(org.springframework.security.saml2.Saml2Exception) BasicSignatureSigningConfiguration(org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration) MarshallingException(org.opensaml.core.xml.io.MarshallingException) SecurityException(org.opensaml.security.SecurityException) Saml2Exception(org.springframework.security.saml2.Saml2Exception)

Example 25 with Saml2Exception

use of org.springframework.security.saml2.Saml2Exception in project spring-security by spring-projects.

the class OpenSamlSigningUtils method resolveSigningParameters.

private static SignatureSigningParameters resolveSigningParameters(RelyingPartyRegistration relyingPartyRegistration) {
    List<Credential> credentials = resolveSigningCredentials(relyingPartyRegistration);
    List<String> algorithms = relyingPartyRegistration.getAssertingPartyDetails().getSigningAlgorithms();
    List<String> digests = Collections.singletonList(SignatureConstants.ALGO_ID_DIGEST_SHA256);
    String canonicalization = SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
    SignatureSigningParametersResolver resolver = new SAMLMetadataSignatureSigningParametersResolver();
    CriteriaSet criteria = new CriteriaSet();
    BasicSignatureSigningConfiguration signingConfiguration = new BasicSignatureSigningConfiguration();
    signingConfiguration.setSigningCredentials(credentials);
    signingConfiguration.setSignatureAlgorithms(algorithms);
    signingConfiguration.setSignatureReferenceDigestMethods(digests);
    signingConfiguration.setSignatureCanonicalizationAlgorithm(canonicalization);
    criteria.add(new SignatureSigningConfigurationCriterion(signingConfiguration));
    try {
        SignatureSigningParameters parameters = resolver.resolveSingle(criteria);
        Assert.notNull(parameters, "Failed to resolve any signing credential");
        return parameters;
    } catch (Exception ex) {
        throw new Saml2Exception(ex);
    }
}
Also used : BasicCredential(org.opensaml.security.credential.BasicCredential) Credential(org.opensaml.security.credential.Credential) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) SAMLMetadataSignatureSigningParametersResolver(org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver) SignatureSigningParametersResolver(org.opensaml.xmlsec.SignatureSigningParametersResolver) SignatureSigningParameters(org.opensaml.xmlsec.SignatureSigningParameters) SAMLMetadataSignatureSigningParametersResolver(org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) SignatureSigningConfigurationCriterion(org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion) Saml2Exception(org.springframework.security.saml2.Saml2Exception) BasicSignatureSigningConfiguration(org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration) MarshallingException(org.opensaml.core.xml.io.MarshallingException) SecurityException(org.opensaml.security.SecurityException) Saml2Exception(org.springframework.security.saml2.Saml2Exception)

Aggregations

Saml2Exception (org.springframework.security.saml2.Saml2Exception)46 Element (org.w3c.dom.Element)19 Document (org.w3c.dom.Document)13 MarshallingException (org.opensaml.core.xml.io.MarshallingException)12 ByteArrayOutputStream (java.io.ByteArrayOutputStream)10 IOException (java.io.IOException)10 ByteArrayInputStream (java.io.ByteArrayInputStream)9 Saml2X509Credential (org.springframework.security.saml2.core.Saml2X509Credential)9 X509Certificate (java.security.cert.X509Certificate)7 CertificateException (java.security.cert.CertificateException)6 Marshaller (org.opensaml.core.xml.io.Marshaller)6 Deflater (java.util.zip.Deflater)5 DeflaterOutputStream (java.util.zip.DeflaterOutputStream)5 Inflater (java.util.zip.Inflater)5 InflaterOutputStream (java.util.zip.InflaterOutputStream)5 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)4 XMLObject (org.opensaml.core.xml.XMLObject)4 Unmarshaller (org.opensaml.core.xml.io.Unmarshaller)4 SAMLMetadataSignatureSigningParametersResolver (org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver)4 SecurityException (org.opensaml.security.SecurityException)4