tidy up and now using message handlers to do signing of SOAP
This commit is contained in:
srasmusson
@@ -69,7 +69,7 @@ public class ArtifactResolutionServlet extends HttpServlet {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
|
protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
|
||||||
System.out.println("recieved artifactResolve");
|
logger.debug("recieved artifactResolve");
|
||||||
HTTPSOAP11Decoder decoder = new HTTPSOAP11Decoder();
|
HTTPSOAP11Decoder decoder = new HTTPSOAP11Decoder();
|
||||||
decoder.setHttpServletRequest(req);
|
decoder.setHttpServletRequest(req);
|
||||||
|
|
||||||
@@ -85,8 +85,9 @@ public class ArtifactResolutionServlet extends HttpServlet {
|
|||||||
} catch (ComponentInitializationException e) {
|
} catch (ComponentInitializationException e) {
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
}
|
}
|
||||||
System.out.println(decoder.getMessageContext().getMessage());
|
|
||||||
|
|
||||||
|
|
||||||
|
OpenSAMLUtils.logSAMLObject(decoder.getMessageContext().getMessage());
|
||||||
ArtifactResponse artifactResponse = buildArtifactResponse();
|
ArtifactResponse artifactResponse = buildArtifactResponse();
|
||||||
|
|
||||||
MessageContext<SAMLObject> context = new MessageContext<SAMLObject>();
|
MessageContext<SAMLObject> context = new MessageContext<SAMLObject>();
|
||||||
@@ -108,11 +109,6 @@ public class ArtifactResolutionServlet extends HttpServlet {
|
|||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
}
|
}
|
||||||
|
|
||||||
/*ArtifactResponse artifactResponse = buildArtifactResponse();
|
|
||||||
artifactResponse.setInResponseTo("Made up ID");
|
|
||||||
|
|
||||||
printSAMLObject(wrapInSOAPEnvelope(artifactResponse), resp.getWriter());
|
|
||||||
*/
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
package no.steras.opensamlbook.idp;
|
package no.steras.opensamlbook.idp;
|
||||||
|
|
||||||
import no.steras.opensamlbook.OpenSAMLUtils;
|
import no.steras.opensamlbook.OpenSAMLUtils;
|
||||||
|
import no.steras.opensamlbook.sp.SPConstants;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
@@ -16,7 +17,7 @@ import java.io.Writer;
|
|||||||
*/
|
*/
|
||||||
public class SingleSignOnServlet extends HttpServlet {
|
public class SingleSignOnServlet extends HttpServlet {
|
||||||
private static Logger logger = LoggerFactory.getLogger(SingleSignOnServlet.class);
|
private static Logger logger = LoggerFactory.getLogger(SingleSignOnServlet.class);
|
||||||
private static final String ASSERTION_CONSUMER_SERVICE = "http://localhost:8080/webprofile-ref-project/sp/consumer";
|
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@@ -30,7 +31,7 @@ public class SingleSignOnServlet extends HttpServlet {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
|
protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
|
||||||
resp.sendRedirect(ASSERTION_CONSUMER_SERVICE + "?SAMLart=AAQAAMFbLinlXaCM%2BFIxiDwGOLAy2T71gbpO7ZhNzAgEANlB90ECfpNEVLg%3D");
|
resp.sendRedirect(SPConstants.ASSERTION_CONSUMER_SERVICE + "?SAMLart=AAQAAMFbLinlXaCM%2BFIxiDwGOLAy2T71gbpO7ZhNzAgEANlB90ECfpNEVLg%3D");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -43,6 +43,8 @@ import org.opensaml.soap.common.SOAPException;
|
|||||||
import org.opensaml.soap.messaging.context.SOAP11Context;
|
import org.opensaml.soap.messaging.context.SOAP11Context;
|
||||||
import org.opensaml.soap.soap11.Envelope;
|
import org.opensaml.soap.soap11.Envelope;
|
||||||
import org.opensaml.soap.soap11.decoder.http.impl.EnvelopeBodyHandler;
|
import org.opensaml.soap.soap11.decoder.http.impl.EnvelopeBodyHandler;
|
||||||
|
import org.opensaml.xmlsec.SignatureSigningParameters;
|
||||||
|
import org.opensaml.xmlsec.context.SecurityParametersContext;
|
||||||
import org.opensaml.xmlsec.encryption.support.DecryptionException;
|
import org.opensaml.xmlsec.encryption.support.DecryptionException;
|
||||||
import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
|
import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver;
|
||||||
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
|
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
|
||||||
@@ -76,7 +78,7 @@ public class ConsumerServlet extends HttpServlet {
|
|||||||
logger.info("Artifact: " + artifact.getArtifact());
|
logger.info("Artifact: " + artifact.getArtifact());
|
||||||
|
|
||||||
ArtifactResolve artifactResolve = buildArtifactResolve(artifact);
|
ArtifactResolve artifactResolve = buildArtifactResolve(artifact);
|
||||||
signArtifactResolve(artifactResolve);
|
//signArtifactResolve(artifactResolve);
|
||||||
logger.info("Sending ArtifactResolve");
|
logger.info("Sending ArtifactResolve");
|
||||||
logger.info("ArtifactResolve: ");
|
logger.info("ArtifactResolve: ");
|
||||||
//OpenSAMLUtils.logSAMLObject(artifactResolve);
|
//OpenSAMLUtils.logSAMLObject(artifactResolve);
|
||||||
@@ -132,27 +134,6 @@ public class ConsumerServlet extends HttpServlet {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void signArtifactResolve(ArtifactResolve artifactResolve) {
|
|
||||||
Signature signature = OpenSAMLUtils.buildSAMLObject(Signature.class);
|
|
||||||
signature.setSigningCredential(SPCredentials.getCredential());
|
|
||||||
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
|
|
||||||
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
|
|
||||||
|
|
||||||
artifactResolve.setSignature(signature);
|
|
||||||
|
|
||||||
try {
|
|
||||||
XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(artifactResolve).marshall(artifactResolve);
|
|
||||||
} catch (MarshallingException e) {
|
|
||||||
throw new RuntimeException(e);
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
Signer.signObject(signature);
|
|
||||||
} catch (SignatureException e) {
|
|
||||||
throw new RuntimeException(e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private void setAuthenticatedSession(HttpServletRequest req) {
|
private void setAuthenticatedSession(HttpServletRequest req) {
|
||||||
req.getSession().setAttribute(SPConstants.AUTHENTICATED_SESSION_ATTRIBUTE, true);
|
req.getSession().setAttribute(SPConstants.AUTHENTICATED_SESSION_ATTRIBUTE, true);
|
||||||
}
|
}
|
||||||
@@ -193,31 +174,21 @@ public class ConsumerServlet extends HttpServlet {
|
|||||||
private ArtifactResponse sendAndReceiveArtifactResolve(final ArtifactResolve artifactResolve, HttpServletResponse servletResponse) {
|
private ArtifactResponse sendAndReceiveArtifactResolve(final ArtifactResolve artifactResolve, HttpServletResponse servletResponse) {
|
||||||
try {
|
try {
|
||||||
|
|
||||||
//HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
|
|
||||||
MessageContext<ArtifactResolve> contextout = new MessageContext<ArtifactResolve>();
|
MessageContext<ArtifactResolve> contextout = new MessageContext<ArtifactResolve>();
|
||||||
|
|
||||||
SAMLPeerEntityContext peerEntityContext = contextout.getSubcontext(SAMLPeerEntityContext.class, true);
|
|
||||||
peerEntityContext.setEntityId(IDPConstants.IDP_ENTITY_ID);
|
|
||||||
|
|
||||||
SAMLEndpointContext endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true);
|
|
||||||
endpointContext.setEndpoint(getIPDArtifactResolutionEndpoint());
|
|
||||||
|
|
||||||
//SOAP11Context soapContext = contextout.getSubcontext(SOAP11Context.class, true);
|
|
||||||
|
|
||||||
contextout.setMessage(artifactResolve);
|
contextout.setMessage(artifactResolve);
|
||||||
|
|
||||||
|
SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters();
|
||||||
|
signatureSigningParameters.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
|
||||||
|
signatureSigningParameters.setSigningCredential(SPCredentials.getCredential());
|
||||||
|
signatureSigningParameters.setSignatureCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
|
||||||
|
|
||||||
|
SecurityParametersContext securityParametersContext = contextout.getSubcontext(SecurityParametersContext.class, true);
|
||||||
|
securityParametersContext.setSignatureSigningParameters(signatureSigningParameters);
|
||||||
|
|
||||||
InOutOperationContext<ArtifactResponse, ArtifactResolve> context = new ProfileRequestContext<ArtifactResponse, ArtifactResolve>();
|
InOutOperationContext<ArtifactResponse, ArtifactResolve> context = new ProfileRequestContext<ArtifactResponse, ArtifactResolve>();
|
||||||
context.setOutboundMessageContext(contextout);
|
context.setOutboundMessageContext(contextout);
|
||||||
|
|
||||||
/*encoder.setMessageContext(context);
|
|
||||||
encoder.initialize();
|
|
||||||
encoder.prepareContext();
|
|
||||||
encoder.encode();
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
AbstractPipelineHttpSOAPClient<SAMLObject, SAMLObject> soapClient = new AbstractPipelineHttpSOAPClient() {
|
AbstractPipelineHttpSOAPClient<SAMLObject, SAMLObject> soapClient = new AbstractPipelineHttpSOAPClient() {
|
||||||
@@ -231,20 +202,18 @@ public class ConsumerServlet extends HttpServlet {
|
|||||||
decoder
|
decoder
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
||||||
BasicMessageHandlerChain<SAMLObject> outboundPayloadHandler = new BasicMessageHandlerChain<SAMLObject>();
|
BasicMessageHandlerChain<SAMLObject> outboundPayloadHandler = new BasicMessageHandlerChain<SAMLObject>();
|
||||||
outboundPayloadHandler.setHandlers(Lists.<MessageHandler<SAMLObject>>newArrayList(
|
outboundPayloadHandler.setHandlers(Lists.<MessageHandler<SAMLObject>>newArrayList(
|
||||||
new SAMLOutboundProtocolMessageSigningHandler()));
|
new SAMLOutboundProtocolMessageSigningHandler()));
|
||||||
pipeline.setOutboundPayloadHandler(outboundPayloadHandler);
|
pipeline.setOutboundPayloadHandler(outboundPayloadHandler);
|
||||||
pipeline.setInboundHandler(new SAMLSOAPDecoderBodyHandler());
|
|
||||||
|
|
||||||
return pipeline;
|
return pipeline;
|
||||||
}};
|
}};
|
||||||
|
|
||||||
HttpClientBuilder clientBuilder = new HttpClientBuilder();
|
HttpClientBuilder clientBuilder = new HttpClientBuilder();
|
||||||
|
|
||||||
soapClient.setHttpClient(clientBuilder.buildClient());
|
soapClient.setHttpClient(clientBuilder.buildClient());
|
||||||
soapClient.send(IDPConstants.ARTIFACT_RESOLUTION_SERVICE, context);
|
soapClient.send(IDPConstants.ARTIFACT_RESOLUTION_SERVICE, context);
|
||||||
System.out.println(context.getInboundMessageContext().getMessage());
|
|
||||||
return context.getInboundMessageContext().getMessage();
|
return context.getInboundMessageContext().getMessage();
|
||||||
} catch (SecurityException e) {
|
} catch (SecurityException e) {
|
||||||
throw new RuntimeException(e);
|
throw new RuntimeException(e);
|
||||||
@@ -285,12 +254,6 @@ public class ConsumerServlet extends HttpServlet {
|
|||||||
return artifactResolve;
|
return artifactResolve;
|
||||||
}
|
}
|
||||||
|
|
||||||
private Endpoint getIPDArtifactResolutionEndpoint() {
|
|
||||||
ArtifactResolutionService endpoint = OpenSAMLUtils.buildSAMLObject(ArtifactResolutionService.class);
|
|
||||||
endpoint.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
|
|
||||||
endpoint.setLocation(IDPConstants.ARTIFACT_RESOLUTION_SERVICE);
|
|
||||||
|
|
||||||
return endpoint;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user