diff --git a/src/main/java/no/steras/opensamlbook/OpenSAMLUtils.java b/src/main/java/no/steras/opensamlbook/OpenSAMLUtils.java index 12a2378..d67e611 100644 --- a/src/main/java/no/steras/opensamlbook/OpenSAMLUtils.java +++ b/src/main/java/no/steras/opensamlbook/OpenSAMLUtils.java @@ -6,6 +6,8 @@ import org.opensaml.core.xml.XMLObjectBuilderFactory; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.core.xml.io.Marshaller; import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.soap.soap11.Body; +import org.opensaml.soap.soap11.Envelope; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.w3c.dom.Document; @@ -81,8 +83,9 @@ public class OpenSAMLUtils { } catch (TransformerException e) { logger.error(e.getMessage(), e); } + } -/* + public static Envelope wrapInSOAPEnvelope(final XMLObject xmlObject) throws IllegalAccessException { Envelope envelope = OpenSAMLUtils.buildSAMLObject(Envelope.class); Body body = OpenSAMLUtils.buildSAMLObject(Body.class); @@ -93,5 +96,5 @@ public class OpenSAMLUtils { return envelope; } - */ + } diff --git a/src/main/java/no/steras/opensamlbook/idp/ArtifactResolutionServlet.java b/src/main/java/no/steras/opensamlbook/idp/ArtifactResolutionServlet.java index 8e66b6c..008f270 100644 --- a/src/main/java/no/steras/opensamlbook/idp/ArtifactResolutionServlet.java +++ b/src/main/java/no/steras/opensamlbook/idp/ArtifactResolutionServlet.java @@ -1,10 +1,38 @@ package no.steras.opensamlbook.idp; +import net.shibboleth.utilities.java.support.component.ComponentInitializationException; +import net.shibboleth.utilities.java.support.xml.BasicParserPool; +import net.shibboleth.utilities.java.support.xml.XMLParserException; import no.steras.opensamlbook.OpenSAMLUtils; import no.steras.opensamlbook.sp.SPConstants; import no.steras.opensamlbook.sp.SPCredentials; import org.apache.xml.security.utils.EncryptionConstants; import org.joda.time.DateTime; +import org.opensaml.core.xml.XMLObject; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.*; +import org.opensaml.core.xml.schema.XSString; +import org.opensaml.core.xml.schema.impl.XSStringBuilder; +import org.opensaml.messaging.context.MessageContext; +import org.opensaml.messaging.decoder.MessageDecodingException; +import org.opensaml.messaging.encoder.MessageEncodingException; +import org.opensaml.saml.common.SAMLObject; +import org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder; +import org.opensaml.saml.saml2.binding.encoding.impl.HTTPSOAP11Encoder; +import org.opensaml.saml.saml2.core.*; +import org.opensaml.saml.saml2.encryption.Encrypter; +import org.opensaml.soap.messaging.context.SOAP11Context; +import org.opensaml.soap.soap11.Body; +import org.opensaml.soap.soap11.Envelope; +import org.opensaml.soap.soap11.decoder.http.impl.EnvelopeBodyHandler; +import org.opensaml.xmlsec.EncryptionParameters; +import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters; +import org.opensaml.xmlsec.encryption.support.EncryptionException; +import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters; +import org.opensaml.xmlsec.signature.Signature; +import org.opensaml.xmlsec.signature.support.SignatureConstants; +import org.opensaml.xmlsec.signature.support.SignatureException; +import org.opensaml.xmlsec.signature.support.Signer; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.w3c.dom.Document; @@ -18,6 +46,7 @@ import javax.servlet.http.HttpServletResponse; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; +import javax.xml.soap.SOAPEnvelope; import javax.xml.transform.OutputKeys; import javax.xml.transform.Transformer; import javax.xml.transform.TransformerException; @@ -36,57 +65,59 @@ import java.security.spec.ECField; * Created by Privat on 4/6/14. */ public class ArtifactResolutionServlet extends HttpServlet { - /* private static Logger logger = LoggerFactory.getLogger(ArtifactResolutionServlet.class); + private static Logger logger = LoggerFactory.getLogger(ArtifactResolutionServlet.class); @Override protected void doPost(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException { + System.out.println("recieved artifactResolve"); + HTTPSOAP11Decoder decoder = new HTTPSOAP11Decoder(); + decoder.setHttpServletRequest(req); + + + try { + BasicParserPool parserPool = new BasicParserPool(); + parserPool.initialize(); + decoder.setParserPool(parserPool); + decoder.initialize(); + decoder.decode(); + } catch (MessageDecodingException e) { + e.printStackTrace(); + } catch (ComponentInitializationException e) { + e.printStackTrace(); + } + System.out.println(decoder.getMessageContext().getMessage()); + ArtifactResponse artifactResponse = buildArtifactResponse(); + + MessageContext context = new MessageContext(); + + context.setMessage(artifactResponse); + + + + HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); + encoder.setMessageContext(context); + encoder.setHttpServletResponse(resp); + try { + encoder.prepareContext(); + encoder.initialize(); + encoder.encode(); + } catch (MessageEncodingException e) { + e.printStackTrace(); + } catch (ComponentInitializationException e) { + e.printStackTrace(); + } + + /*ArtifactResponse artifactResponse = buildArtifactResponse(); artifactResponse.setInResponseTo("Made up ID"); printSAMLObject(wrapInSOAPEnvelope(artifactResponse), resp.getWriter()); - } - - public static ArtifactResolve unmarshallArtifactResolve(final InputStream input) { - try { - BasicParserPool ppMgr = new BasicParserPool(); - ppMgr.setNamespaceAware(true); - - Document soap = ppMgr.parse(input); - - Element soapRoot = soap.getDocumentElement(); - - UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); - Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(soapRoot); - - Envelope soapEnvelope = (Envelope)unmarshaller.unmarshall(soapRoot); - - return (ArtifactResolve)soapEnvelope.getBody().getUnknownXMLObjects().get(0); - } catch (XMLParserException e) { - throw new RuntimeException(e); - } catch (UnmarshallingException e) { - throw new RuntimeException(e); - } + */ } - public static org.w3c.dom.Element marshallSAMLObject(final SAMLObject object) { - org.w3c.dom.Element element = null; - try { - MarshallerFactory unMarshallerFactory = Configuration.getMarshallerFactory(); - Marshaller marshaller = unMarshallerFactory.getMarshaller(object); - - element = marshaller.marshall(object); - } catch (ClassCastException e) { - throw new IllegalArgumentException("The class does not implement the interface XMLObject", e); - } catch (MarshallingException e) { - throw new RuntimeException(e); - } - - return element; - } - - private ArtifactResponse buildArtifactResponse() { + private ArtifactResponse buildArtifactResponse() { ArtifactResponse artifactResponse = OpenSAMLUtils.buildSAMLObject(ArtifactResponse.class); @@ -100,7 +131,7 @@ public class ArtifactResolutionServlet extends HttpServlet { Status status = OpenSAMLUtils.buildSAMLObject(Status.class); StatusCode statusCode = OpenSAMLUtils.buildSAMLObject(StatusCode.class); - statusCode.setValue(StatusCode.SUCCESS_URI); + statusCode.setValue(StatusCode.SUCCESS); status.setStatusCode(statusCode); artifactResponse.setStatus(status); @@ -115,7 +146,7 @@ public class ArtifactResolutionServlet extends HttpServlet { Status status2 = OpenSAMLUtils.buildSAMLObject(Status.class); StatusCode statusCode2 = OpenSAMLUtils.buildSAMLObject(StatusCode.class); - statusCode2.setValue(StatusCode.SUCCESS_URI); + statusCode2.setValue(StatusCode.SUCCESS); status2.setStatusCode(statusCode2); response.setStatus(status2); @@ -132,7 +163,7 @@ public class ArtifactResolutionServlet extends HttpServlet { } private EncryptedAssertion encryptAssertion(Assertion assertion) { - EncryptionParameters encryptionParameters = new EncryptionParameters(); + DataEncryptionParameters encryptionParameters = new DataEncryptionParameters(); encryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128); KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters(); @@ -159,7 +190,7 @@ public class ArtifactResolutionServlet extends HttpServlet { assertion.setSignature(signature); try { - Configuration.getMarshallerFactory().getMarshaller(assertion).marshall(assertion); + XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(assertion).marshall(assertion); } catch (MarshallingException e) { throw new RuntimeException(e); } @@ -249,7 +280,7 @@ public class ArtifactResolutionServlet extends HttpServlet { Attribute attributeUserName = OpenSAMLUtils.buildSAMLObject(Attribute.class); - XSStringBuilder stringBuilder = (XSStringBuilder)Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME); + XSStringBuilder stringBuilder = (XSStringBuilder)XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(XSString.TYPE_NAME); XSString userNameValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME); userNameValue.setValue("bob"); @@ -279,32 +310,4 @@ public class ArtifactResolutionServlet extends HttpServlet { return envelope; } - - - public static void printSAMLObject(final XMLObject object, final PrintWriter writer) { - try { - DocumentBuilder builder; - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - - builder = factory.newDocumentBuilder(); - - org.w3c.dom.Document document = builder.newDocument(); - Marshaller out = Configuration.getMarshallerFactory().getMarshaller(object); - out.marshall(object, document); - - Transformer transformer = TransformerFactory.newInstance().newTransformer(); - transformer.setOutputProperty(OutputKeys.INDENT, "yes"); - StreamResult result = new StreamResult(writer); - DOMSource source = new DOMSource(document); - transformer.transform(source, result); - } catch (ParserConfigurationException e) { - e.printStackTrace(); - } catch (MarshallingException e) { - e.printStackTrace(); - } catch (TransformerException e) { - e.printStackTrace(); - } - }*/ - } diff --git a/src/main/java/no/steras/opensamlbook/idp/IDPCredentials.java b/src/main/java/no/steras/opensamlbook/idp/IDPCredentials.java index 35db04f..fb121f1 100644 --- a/src/main/java/no/steras/opensamlbook/idp/IDPCredentials.java +++ b/src/main/java/no/steras/opensamlbook/idp/IDPCredentials.java @@ -39,5 +39,5 @@ public class IDPCredentials { public static Credential getCredential() { return credential; } - + } diff --git a/src/main/java/no/steras/opensamlbook/sp/AccessFilter.java b/src/main/java/no/steras/opensamlbook/sp/AccessFilter.java index 4781f04..c4c5246 100644 --- a/src/main/java/no/steras/opensamlbook/sp/AccessFilter.java +++ b/src/main/java/no/steras/opensamlbook/sp/AccessFilter.java @@ -110,7 +110,7 @@ public class AccessFilter implements Filter { } logger.info("AuthnRequest: "); - //OpenSAMLUtils.logSAMLObject(authnRequest); + OpenSAMLUtils.logSAMLObject(authnRequest); logger.info("Redirecting to IDP"); try { diff --git a/src/main/java/no/steras/opensamlbook/sp/ConsumerServlet.java b/src/main/java/no/steras/opensamlbook/sp/ConsumerServlet.java index 7a386ba..5842191 100644 --- a/src/main/java/no/steras/opensamlbook/sp/ConsumerServlet.java +++ b/src/main/java/no/steras/opensamlbook/sp/ConsumerServlet.java @@ -1,6 +1,8 @@ package no.steras.opensamlbook.sp; +import com.google.common.collect.Lists; import net.shibboleth.utilities.java.support.component.ComponentInitializationException; +import net.shibboleth.utilities.java.support.httpclient.HttpClientBuilder; import net.shibboleth.utilities.java.support.xml.BasicParserPool; import no.steras.opensamlbook.OpenSAMLUtils; import no.steras.opensamlbook.idp.IDPConstants; @@ -10,21 +12,37 @@ import org.opensaml.core.xml.XMLObject; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.core.xml.io.MarshallingException; import org.opensaml.core.xml.schema.XSString; +import org.opensaml.messaging.context.InOutOperationContext; import org.opensaml.messaging.context.MessageContext; import org.opensaml.messaging.encoder.MessageEncodingException; +import org.opensaml.messaging.handler.MessageHandler; +import org.opensaml.messaging.handler.impl.BasicMessageHandlerChain; +import org.opensaml.messaging.pipeline.httpclient.BasicHttpClientMessagePipeline; +import org.opensaml.messaging.pipeline.httpclient.HttpClientMessagePipeline; +import org.opensaml.messaging.pipeline.httpclient.HttpClientMessagePipelineFactory; +import org.opensaml.profile.context.ProfileRequestContext; +import org.opensaml.saml.common.SAMLObject; +import org.opensaml.saml.common.binding.impl.SAMLSOAPDecoderBodyHandler; +import org.opensaml.saml.common.binding.security.impl.SAMLOutboundProtocolMessageSigningHandler; import org.opensaml.saml.common.messaging.context.SAMLEndpointContext; import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext; import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.saml2.binding.decoding.impl.HttpClientResponseSOAP11Decoder; import org.opensaml.saml.saml2.binding.encoding.impl.HTTPSOAP11Encoder; +import org.opensaml.saml.saml2.binding.encoding.impl.HttpClientRequestSOAP11Encoder; import org.opensaml.saml.saml2.core.*; import org.opensaml.saml.saml2.encryption.Decrypter; import org.opensaml.saml.saml2.metadata.ArtifactResolutionService; import org.opensaml.saml.saml2.metadata.Endpoint; import org.opensaml.saml.saml2.metadata.SingleSignOnService; import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator; +import org.opensaml.soap.client.http.AbstractPipelineHttpSOAPClient; import org.opensaml.soap.client.http.HttpSOAPClient; +import org.opensaml.soap.client.http.PipelineFactoryHttpSOAPClient; import org.opensaml.soap.common.SOAPException; +import org.opensaml.soap.messaging.context.SOAP11Context; import org.opensaml.soap.soap11.Envelope; +import org.opensaml.soap.soap11.decoder.http.impl.EnvelopeBodyHandler; import org.opensaml.xmlsec.encryption.support.DecryptionException; import org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver; import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver; @@ -36,6 +54,8 @@ import org.opensaml.xmlsec.signature.support.Signer; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.annotation.Nonnull; +import javax.annotation.Nullable; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -59,12 +79,12 @@ public class ConsumerServlet extends HttpServlet { signArtifactResolve(artifactResolve); logger.info("Sending ArtifactResolve"); logger.info("ArtifactResolve: "); - OpenSAMLUtils.logSAMLObject(artifactResolve); + //OpenSAMLUtils.logSAMLObject(artifactResolve); ArtifactResponse artifactResponse = sendAndReceiveArtifactResolve(artifactResolve, resp); logger.info("ArtifactResponse received"); logger.info("ArtifactResponse: "); - OpenSAMLUtils.logSAMLObject(artifactResponse); + // OpenSAMLUtils.logSAMLObject(artifactResponse); EncryptedAssertion encryptedAssertion = getEncryptedAssertion(artifactResponse); Assertion assertion = decryptAssertion(encryptedAssertion); @@ -173,29 +193,69 @@ public class ConsumerServlet extends HttpServlet { private ArtifactResponse sendAndReceiveArtifactResolve(final ArtifactResolve artifactResolve, HttpServletResponse servletResponse) { try { - HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); - MessageContext context = new MessageContext(); + //HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); + MessageContext contextout = new MessageContext(); - SAMLPeerEntityContext peerEntityContext = context.getSubcontext(SAMLPeerEntityContext.class, true); + SAMLPeerEntityContext peerEntityContext = contextout.getSubcontext(SAMLPeerEntityContext.class, true); peerEntityContext.setEntityId(IDPConstants.IDP_ENTITY_ID); SAMLEndpointContext endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true); endpointContext.setEndpoint(getIPDArtifactResolutionEndpoint()); - context.setMessage(artifactResolve); - encoder.setHttpServletResponse(servletResponse); - encoder.setMessageContext(context); + //SOAP11Context soapContext = contextout.getSubcontext(SOAP11Context.class, true); + + contextout.setMessage(artifactResolve); + + + InOutOperationContext context = new ProfileRequestContext(); + context.setOutboundMessageContext(contextout); + + /*encoder.setMessageContext(context); encoder.initialize(); + encoder.prepareContext(); encoder.encode(); +*/ - //return (ArtifactResponse)soapResponse.getBody().getUnknownXMLObjects().get(0); + + + + AbstractPipelineHttpSOAPClient soapClient = new AbstractPipelineHttpSOAPClient() { + protected HttpClientMessagePipeline newPipeline() throws SOAPException { + HttpClientRequestSOAP11Encoder encoder = new HttpClientRequestSOAP11Encoder(); + HttpClientResponseSOAP11Decoder decoder = new HttpClientResponseSOAP11Decoder(); + + decoder.setBodyHandler(new SAMLSOAPDecoderBodyHandler()); + BasicHttpClientMessagePipeline pipeline = new BasicHttpClientMessagePipeline( + encoder, + decoder + ); + + + BasicMessageHandlerChain outboundPayloadHandler = new BasicMessageHandlerChain(); + outboundPayloadHandler.setHandlers(Lists.>newArrayList( + new SAMLOutboundProtocolMessageSigningHandler())); + pipeline.setOutboundPayloadHandler(outboundPayloadHandler); + pipeline.setInboundHandler(new SAMLSOAPDecoderBodyHandler()); + + return pipeline; + }}; + + HttpClientBuilder clientBuilder = new HttpClientBuilder(); + soapClient.setHttpClient(clientBuilder.buildClient()); + soapClient.send(IDPConstants.ARTIFACT_RESOLUTION_SERVICE, context); + System.out.println(context.getInboundMessageContext().getMessage()); + return context.getInboundMessageContext().getMessage(); } catch (SecurityException e) { throw new RuntimeException(e); } catch (ComponentInitializationException e) { e.printStackTrace(); } catch (MessageEncodingException e) { e.printStackTrace(); + } catch (IllegalAccessException e) { + e.printStackTrace(); + } catch (Exception e) { + e.printStackTrace(); } return null;