diff --git a/src/main/java/no/steras/opensamlbook/idp/ArtifactResolutionServlet.java b/src/main/java/no/steras/opensamlbook/idp/ArtifactResolutionServlet.java index 6e5c722..1ad4416 100644 --- a/src/main/java/no/steras/opensamlbook/idp/ArtifactResolutionServlet.java +++ b/src/main/java/no/steras/opensamlbook/idp/ArtifactResolutionServlet.java @@ -2,13 +2,11 @@ package no.steras.opensamlbook.idp; import net.shibboleth.utilities.java.support.component.ComponentInitializationException; import net.shibboleth.utilities.java.support.xml.BasicParserPool; -import net.shibboleth.utilities.java.support.xml.XMLParserException; import no.steras.opensamlbook.OpenSAMLUtils; import no.steras.opensamlbook.sp.SPConstants; import no.steras.opensamlbook.sp.SPCredentials; import org.apache.xml.security.utils.EncryptionConstants; import org.joda.time.DateTime; -import org.opensaml.core.xml.XMLObject; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.core.xml.io.*; import org.opensaml.core.xml.schema.XSString; @@ -17,15 +15,12 @@ import org.opensaml.messaging.context.MessageContext; import org.opensaml.messaging.decoder.MessageDecodingException; import org.opensaml.messaging.encoder.MessageEncodingException; import org.opensaml.saml.common.SAMLObject; +import org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler; import org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder; import org.opensaml.saml.saml2.binding.encoding.impl.HTTPSOAP11Encoder; import org.opensaml.saml.saml2.core.*; import org.opensaml.saml.saml2.encryption.Encrypter; -import org.opensaml.soap.messaging.context.SOAP11Context; -import org.opensaml.soap.soap11.Body; -import org.opensaml.soap.soap11.Envelope; -import org.opensaml.soap.soap11.decoder.http.impl.EnvelopeBodyHandler; -import org.opensaml.xmlsec.EncryptionParameters; + import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters; import org.opensaml.xmlsec.encryption.support.EncryptionException; import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters; @@ -35,45 +30,24 @@ import org.opensaml.xmlsec.signature.support.SignatureException; import org.opensaml.xmlsec.signature.support.Signer; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.xml.sax.SAXException; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.soap.SOAPEnvelope; -import javax.xml.transform.OutputKeys; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.stream.StreamResult; import java.io.IOException; -import java.io.InputStream; -import java.io.PrintWriter; -import java.io.Writer; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.spec.ECField; -/** - * Created by Privat on 4/6/14. - */ public class ArtifactResolutionServlet extends HttpServlet { private static Logger logger = LoggerFactory.getLogger(ArtifactResolutionServlet.class); @Override protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException { - logger.debug("recieved artifactResolve"); + logger.debug("recieved artifactResolve:"); HTTPSOAP11Decoder decoder = new HTTPSOAP11Decoder(); - decoder.setHttpServletRequest(req); + decoder.setHttpServletRequest(req); + try { BasicParserPool parserPool = new BasicParserPool(); parserPool.initialize(); @@ -81,20 +55,18 @@ public class ArtifactResolutionServlet extends HttpServlet { decoder.initialize(); decoder.decode(); } catch (MessageDecodingException e) { - e.printStackTrace(); + throw new RuntimeException(e); } catch (ComponentInitializationException e) { - e.printStackTrace(); + throw new RuntimeException(e); } - OpenSAMLUtils.logSAMLObject(decoder.getMessageContext().getMessage()); + + ArtifactResponse artifactResponse = buildArtifactResponse(); MessageContext context = new MessageContext(); - - context.setMessage(artifactResponse); - - + context.setMessage(artifactResponse); HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); encoder.setMessageContext(context); @@ -104,9 +76,9 @@ public class ArtifactResolutionServlet extends HttpServlet { encoder.initialize(); encoder.encode(); } catch (MessageEncodingException e) { - e.printStackTrace(); + throw new RuntimeException(e); } catch (ComponentInitializationException e) { - e.printStackTrace(); + throw new RuntimeException(e); } @@ -295,15 +267,4 @@ public class ArtifactResolutionServlet extends HttpServlet { return attributeStatement; } - - public static Envelope wrapInSOAPEnvelope(final XMLObject xmlObject) { - Envelope envelope = OpenSAMLUtils.buildSAMLObject(Envelope.class); - Body body = OpenSAMLUtils.buildSAMLObject(Body.class); - - body.getUnknownXMLObjects().add(xmlObject); - - envelope.setBody(body); - - return envelope; - } } diff --git a/src/main/java/no/steras/opensamlbook/idp/IDPConstants.java b/src/main/java/no/steras/opensamlbook/idp/IDPConstants.java index 92572ee..6df047b 100644 --- a/src/main/java/no/steras/opensamlbook/idp/IDPConstants.java +++ b/src/main/java/no/steras/opensamlbook/idp/IDPConstants.java @@ -1,8 +1,5 @@ package no.steras.opensamlbook.idp; -/** - * Created by Privat on 4/7/14. - */ public class IDPConstants { public static final String IDP_ENTITY_ID = "TestIDP"; public static final String SSO_SERVICE = "http://localhost:8080/webprofile-ref-project/idp/singleSignOnService"; diff --git a/src/main/java/no/steras/opensamlbook/idp/IDPCredentials.java b/src/main/java/no/steras/opensamlbook/idp/IDPCredentials.java index fb121f1..cce4f1d 100644 --- a/src/main/java/no/steras/opensamlbook/idp/IDPCredentials.java +++ b/src/main/java/no/steras/opensamlbook/idp/IDPCredentials.java @@ -3,20 +3,8 @@ package no.steras.opensamlbook.idp; import org.opensaml.security.credential.Credential; import org.opensaml.security.credential.CredentialSupport; import org.opensaml.security.crypto.KeySupport; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.FileInputStream; -import java.io.InputStream; -import java.net.URL; import java.security.*; -import java.util.Collections; -import java.util.HashMap; -import java.util.Map; -/** - * Created by Privat on 13/05/14. - */ public class IDPCredentials { private static final Credential credential; @@ -26,7 +14,6 @@ public class IDPCredentials { private static Credential generateCredential() { try { - //KeySupport KeyPair keyPair = KeySupport.generateKeyPair("RSA", 1024, null); return CredentialSupport.getSimpleCredential(keyPair.getPublic(), keyPair.getPrivate()); } catch (NoSuchAlgorithmException e) { diff --git a/src/main/java/no/steras/opensamlbook/idp/SingleSignOnServlet.java b/src/main/java/no/steras/opensamlbook/idp/SingleSignOnServlet.java index 240a216..66146e8 100644 --- a/src/main/java/no/steras/opensamlbook/idp/SingleSignOnServlet.java +++ b/src/main/java/no/steras/opensamlbook/idp/SingleSignOnServlet.java @@ -1,6 +1,5 @@ package no.steras.opensamlbook.idp; -import no.steras.opensamlbook.OpenSAMLUtils; import no.steras.opensamlbook.sp.SPConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -12,14 +11,9 @@ import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.io.Writer; -/** - * Created by Privat on 4/6/14. - */ public class SingleSignOnServlet extends HttpServlet { private static Logger logger = LoggerFactory.getLogger(SingleSignOnServlet.class); - - @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { logger.info("AuthnRequest recieved"); diff --git a/src/main/java/no/steras/opensamlbook/sp/AccessFilter.java b/src/main/java/no/steras/opensamlbook/sp/AccessFilter.java index c4c5246..b2d269c 100644 --- a/src/main/java/no/steras/opensamlbook/sp/AccessFilter.java +++ b/src/main/java/no/steras/opensamlbook/sp/AccessFilter.java @@ -3,26 +3,25 @@ package no.steras.opensamlbook.sp; import net.shibboleth.utilities.java.support.component.ComponentInitializationException; import no.steras.opensamlbook.OpenSAMLUtils; import no.steras.opensamlbook.idp.IDPConstants; +import org.apache.commons.lang.ObjectUtils; import org.joda.time.DateTime; -import org.joda.time.chrono.ISOChronology; import org.opensaml.core.config.InitializationException; import org.opensaml.core.config.InitializationService; -import org.opensaml.core.config.Initializer; -import org.opensaml.messaging.context.InOutOperationContext; import org.opensaml.messaging.context.MessageContext; import org.opensaml.messaging.encoder.MessageEncodingException; -import org.opensaml.saml.common.SAMLObject; +import org.opensaml.messaging.handler.MessageHandlerException; +import org.opensaml.messaging.pipeline.servlet.BasicHttpServletMessagePipeline; +import org.opensaml.messaging.pipeline.servlet.HttpServletMessagePipeline; +import org.opensaml.saml.common.SAMLObject; +import org.opensaml.saml.common.binding.security.impl.SAMLOutboundProtocolMessageSigningHandler; import org.opensaml.saml.common.messaging.context.SAMLEndpointContext; -import org.opensaml.saml.common.messaging.context.SAMLMessageInfoContext; import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext; import org.opensaml.saml.common.xml.SAMLConstants; import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder; import org.opensaml.saml.saml2.core.*; import org.opensaml.saml.saml2.metadata.Endpoint; import org.opensaml.saml.saml2.metadata.SingleSignOnService; -import org.opensaml.xmlsec.SecurityConfigurationSupport; -import org.opensaml.xmlsec.SignatureSigningConfiguration; import org.opensaml.xmlsec.SignatureSigningParameters; import org.opensaml.xmlsec.context.SecurityParametersContext; import org.opensaml.xmlsec.signature.support.SignatureConstants; @@ -44,10 +43,6 @@ public class AccessFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { - for (Provider jceProvider : Security.getProviders()) { - logger.info(jceProvider.getInfo()); - } - try { logger.info("Bootstrapping"); InitializationService.initialize(); @@ -85,7 +80,6 @@ public class AccessFilter implements Filter { MessageContext context = new MessageContext(); SAMLPeerEntityContext peerEntityContext = context.getSubcontext(SAMLPeerEntityContext.class, true); - peerEntityContext.setEntityId(IDPConstants.IDP_ENTITY_ID); SAMLEndpointContext endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true); endpointContext.setEndpoint(getIPDEndpoint()); @@ -166,10 +160,6 @@ public class AccessFilter implements Filter { return SPConstants.SP_ENTITY_ID; } - private String getSPNameQualifier() { - return SPConstants.SP_ENTITY_ID; - } - private String getAssertionConsumerEndpoint() { return SPConstants.ASSERTION_CONSUMER_SERVICE; } diff --git a/src/main/java/no/steras/opensamlbook/sp/ConsumerServlet.java b/src/main/java/no/steras/opensamlbook/sp/ConsumerServlet.java index 3c1f76a..0973058 100644 --- a/src/main/java/no/steras/opensamlbook/sp/ConsumerServlet.java +++ b/src/main/java/no/steras/opensamlbook/sp/ConsumerServlet.java @@ -7,6 +7,7 @@ import net.shibboleth.utilities.java.support.xml.BasicParserPool; import no.steras.opensamlbook.OpenSAMLUtils; import no.steras.opensamlbook.idp.IDPConstants; import no.steras.opensamlbook.idp.IDPCredentials; +import org.apache.xml.security.algorithms.MessageDigestAlgorithm; import org.joda.time.DateTime; import org.opensaml.core.xml.XMLObject; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; @@ -16,6 +17,7 @@ import org.opensaml.messaging.context.InOutOperationContext; import org.opensaml.messaging.context.MessageContext; import org.opensaml.messaging.encoder.MessageEncodingException; import org.opensaml.messaging.handler.MessageHandler; +import org.opensaml.messaging.handler.MessageHandlerException; import org.opensaml.messaging.handler.impl.BasicMessageHandlerChain; import org.opensaml.messaging.pipeline.httpclient.BasicHttpClientMessagePipeline; import org.opensaml.messaging.pipeline.httpclient.HttpClientMessagePipeline; @@ -23,8 +25,12 @@ import org.opensaml.messaging.pipeline.httpclient.HttpClientMessagePipelineFacto import org.opensaml.profile.context.ProfileRequestContext; import org.opensaml.saml.common.SAMLObject; import org.opensaml.saml.common.binding.impl.SAMLSOAPDecoderBodyHandler; +import org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler; +import org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler; import org.opensaml.saml.common.binding.security.impl.SAMLOutboundProtocolMessageSigningHandler; +import org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler; import org.opensaml.saml.common.messaging.context.SAMLEndpointContext; +import org.opensaml.saml.common.messaging.context.SAMLMessageInfoContext; import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext; import org.opensaml.saml.common.xml.SAMLConstants; import org.opensaml.saml.saml2.binding.decoding.impl.HttpClientResponseSOAP11Decoder; @@ -64,6 +70,10 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.xml.bind.ValidationException; import java.io.IOException; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Set; /** * Created by Privat on 4/6/14. @@ -78,10 +88,9 @@ public class ConsumerServlet extends HttpServlet { logger.info("Artifact: " + artifact.getArtifact()); ArtifactResolve artifactResolve = buildArtifactResolve(artifact); - //signArtifactResolve(artifactResolve); logger.info("Sending ArtifactResolve"); logger.info("ArtifactResolve: "); - //OpenSAMLUtils.logSAMLObject(artifactResolve); + OpenSAMLUtils.logSAMLObject(artifactResolve); ArtifactResponse artifactResponse = sendAndReceiveArtifactResolve(artifactResolve, resp); logger.info("ArtifactResponse received"); @@ -116,6 +125,7 @@ public class ConsumerServlet extends HttpServlet { } private void verifyAssertionSignature(Assertion assertion) { + if (!assertion.isSigned()) { throw new RuntimeException("The SAML Assertion was not signed"); } @@ -218,15 +228,14 @@ public class ConsumerServlet extends HttpServlet { } catch (SecurityException e) { throw new RuntimeException(e); } catch (ComponentInitializationException e) { - e.printStackTrace(); + throw new RuntimeException(e); } catch (MessageEncodingException e) { - e.printStackTrace(); + throw new RuntimeException(e); } catch (IllegalAccessException e) { - e.printStackTrace(); + throw new RuntimeException(e); } catch (Exception e) { - e.printStackTrace(); + throw new RuntimeException(e); } - return null; }