Skip to content
This repository has been archived by the owner on Oct 5, 2021. It is now read-only.

Commit

Permalink
reformat code
Browse files Browse the repository at this point in the history
  • Loading branch information
@chamathns
chamathns committed Aug 11, 2020
1 parent 36b5e7e commit cf15f5e
Show file tree
Hide file tree
Showing 26 changed files with 421 additions and 171 deletions.
3 changes: 2 additions & 1 deletion components/org.wso2.carbon.identity.sso.agent.saml/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

<parent>
<groupId>org.wso2.carbon.identity.agent.sso.java</groupId>
Expand Down
6 changes: 3 additions & 3 deletions ...ty.sso.agent.saml/src/main/java/org/wso2/carbon/identity/sso/agent/saml/AESDecryptor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,17 +22,17 @@
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.bouncycastle.crypto.params.KeyParameter;
import org.wso2.carbon.identity.sso.agent.saml.exception.SSOAgentException;

import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.StandardCharsets;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

import org.wso2.carbon.identity.sso.agent.saml.exception.SSOAgentException;

/**
* Class for decrypt the encrypted values using AES algorithm.
*/
Expand All @@ -47,7 +47,7 @@ public class AESDecryptor {
* Decrypt and decrypt the encrypted values.
*
* @param encryptedSecret encrypted value.
* @param cipherKey password used for encryption.
* @param cipherKey password used for encryption.
* @return
* @throws SSOAgentException If an error occurred.
*/
Expand Down
75 changes: 40 additions & 35 deletions ...sso.agent.saml/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SAML2SSOManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,17 +18,22 @@

package org.wso2.carbon.identity.sso.agent.saml;

import net.shibboleth.utilities.java.support.codec.Base64Support;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.signature.XMLSignature;
import org.joda.time.DateTime;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.Marshaller;
import org.opensaml.core.xml.io.MarshallerFactory;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.Extensions;
import org.opensaml.saml.saml2.core.ArtifactResponse;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
Expand All @@ -40,6 +45,7 @@
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.Conditions;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.Extensions;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.LogoutRequest;
import org.opensaml.saml.saml2.core.LogoutResponse;
Expand Down Expand Up @@ -67,37 +73,31 @@
import org.opensaml.saml.saml2.ecp.RelayState;
import org.opensaml.saml.saml2.encryption.Decrypter;
import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.xmlsec.encryption.EncryptedKey;
import org.opensaml.core.xml.io.Marshaller;
import org.opensaml.core.xml.io.MarshallerFactory;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.xmlsec.encryption.EncryptedKey;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver;
import org.opensaml.xmlsec.signature.impl.SignatureImpl;
import org.opensaml.xmlsec.signature.support.SignatureValidator;
import net.shibboleth.utilities.java.support.codec.Base64Support;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureValidator;
import org.owasp.encoder.Encode;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.w3c.dom.bootstrap.DOMImplementationRegistry;
import org.w3c.dom.ls.DOMImplementationLS;
import org.w3c.dom.ls.LSOutput;
import org.w3c.dom.ls.LSSerializer;
import org.wso2.carbon.identity.sso.agent.saml.util.SSOAgentConstants;
import org.wso2.carbon.identity.sso.agent.saml.artifact.SAMLSSOArtifactResolutionService;
import org.wso2.carbon.identity.sso.agent.saml.bean.LoggedInSessionBean;
import org.wso2.carbon.identity.sso.agent.saml.bean.SSOAgentConfig;
import org.wso2.carbon.identity.sso.agent.saml.exception.ArtifactResolutionException;
import org.wso2.carbon.identity.sso.agent.saml.exception.InvalidSessionException;
import org.wso2.carbon.identity.sso.agent.saml.exception.SSOAgentException;
import org.wso2.carbon.identity.sso.agent.saml.internal.SSOAgentServiceComponent;
import org.wso2.carbon.identity.sso.agent.saml.artifact.SAMLSSOArtifactResolutionService;
import org.wso2.carbon.identity.sso.agent.saml.security.X509CredentialImpl;
import org.wso2.carbon.identity.sso.agent.saml.session.management.SSOAgentSessionManager;
import org.wso2.carbon.identity.sso.agent.saml.util.SSOAgentConstants;
import org.wso2.carbon.identity.sso.agent.saml.util.SSOAgentDataHolder;
import org.wso2.carbon.identity.sso.agent.saml.util.SSOAgentUtils;
import org.wso2.carbon.user.api.UserRealm;
Expand All @@ -120,6 +120,7 @@
import java.util.logging.Logger;
import java.util.zip.Deflater;
import java.util.zip.DeflaterOutputStream;

import javax.crypto.SecretKey;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
Expand All @@ -134,16 +135,14 @@
*/
public class SAML2SSOManager {

private static String DEFAULT_MULTI_ATTRIBUTE_SEPARATOR = ",";
private static final Log log = LogFactory.getLog(SAML2SSOManager.class);


private static final Logger LOGGER = Logger.getLogger(SSOAgentConstants.LOGGER_NAME);
private static String DEFAULT_MULTI_ATTRIBUTE_SEPARATOR = ",";
private SSOAgentConfig ssoAgentConfig = null;

public SAML2SSOManager(SSOAgentConfig ssoAgentConfig) throws SSOAgentException {

/* Initializing the OpenSAML library, loading default configurations */
/* Initializing the OpenSAML library, loading default configurations */
this.ssoAgentConfig = ssoAgentConfig;
//load custom Signature Validator Class
String signerClassName = ssoAgentConfig.getSAML2().getSignatureValidatorImplClass();
Expand Down Expand Up @@ -232,8 +231,6 @@ public String buildRedirectRequest(HttpServletRequest request, boolean isLogout)
httpQueryString.append(builder);
}



if (ssoAgentConfig.getSAML2().getIdPURL().indexOf("?") > -1) {
idpUrl = ssoAgentConfig.getSAML2().getIdPURL().concat("&").concat(httpQueryString.toString());
} else {
Expand Down Expand Up @@ -351,7 +348,9 @@ public void processResponse(HttpServletRequest request, HttpServletResponse resp
if (samlObject instanceof LogoutResponse) {
//This is a SAML response for a single logout request from the SP
doSLO(request);
request.setAttribute(org.wso2.carbon.identity.sso.agent.saml.util.SSOAgentConstants.SHOULD_GO_TO_WELCOME_PAGE, "true");
request.setAttribute(
org.wso2.carbon.identity.sso.agent.saml.util.SSOAgentConstants.SHOULD_GO_TO_WELCOME_PAGE,
"true");
} else {
processSSOResponse(request);
}
Expand Down Expand Up @@ -432,6 +431,7 @@ private void validateSAMLResponseInArtifactResponse(XMLObject response) throws S
* @throws SSOAgentException
*/
private void executeSAMLResponse(HttpServletRequest request, XMLObject samlObject) throws SSOAgentException {

if (samlObject instanceof LogoutResponse) {
// This is a SAML response for a single logout request from the SP.
doSLO(request);
Expand Down Expand Up @@ -523,7 +523,8 @@ private void processSSOResponse(HttpServletRequest servletRequest) throws SSOAge
processSSOResponse(servletRequest, saml2Response);
}

private void processSSOResponse(HttpServletRequest servletRequest, Response saml2Response) throws SSOAgentException {
private void processSSOResponse(HttpServletRequest servletRequest, Response saml2Response)
throws SSOAgentException {

LoggedInSessionBean sessionBean = new LoggedInSessionBean();
sessionBean.setSAML2SSO(sessionBean.new SAML2SSO());
Expand Down Expand Up @@ -554,7 +555,9 @@ private void processSSOResponse(HttpServletRequest servletRequest, Response saml
if (assertion == null) {
if (isNoPassive(saml2Response)) {
LOGGER.log(Level.FINE, "Cannot authenticate in passive mode");
servletRequest.setAttribute(org.wso2.carbon.identity.sso.agent.saml.util.SSOAgentConstants.SHOULD_GO_TO_WELCOME_PAGE, "true");
servletRequest.setAttribute(
org.wso2.carbon.identity.sso.agent.saml.util.SSOAgentConstants.SHOULD_GO_TO_WELCOME_PAGE,
"true");
return;
}
throw new SSOAgentException("SAML2 Assertion not found in the Response");
Expand Down Expand Up @@ -691,22 +694,23 @@ protected AuthnRequest buildAuthnRequest(HttpServletRequest request) throws SSOA
"Issuer", "samlp");
issuer.setValue(ssoAgentConfig.getSAML2().getSPEntityId());

/* NameIDPolicy */
/* NameIDPolicy */
NameIDPolicyBuilder nameIdPolicyBuilder = new NameIDPolicyBuilder();
NameIDPolicy nameIdPolicy = nameIdPolicyBuilder.buildObject();
nameIdPolicy.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
nameIdPolicy.setSPNameQualifier("Issuer");
nameIdPolicy.setAllowCreate(true);

/* AuthnContextClass */
/* AuthnContextClass */
AuthnContextClassRefBuilder authnContextClassRefBuilder = new AuthnContextClassRefBuilder();
AuthnContextClassRef authnContextClassRef =
authnContextClassRefBuilder.buildObject("urn:oasis:names:tc:SAML:2.0:assertion",
"AuthnContextClassRef",
"saml");
authnContextClassRef.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
authnContextClassRef
.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");

/* AuthnContex */
/* AuthnContex */
RequestedAuthnContextBuilder requestedAuthnContextBuilder =
new RequestedAuthnContextBuilder();
RequestedAuthnContext requestedAuthnContext = requestedAuthnContextBuilder.buildObject();
Expand All @@ -715,7 +719,7 @@ protected AuthnRequest buildAuthnRequest(HttpServletRequest request) throws SSOA

DateTime issueInstant = new DateTime();

/* Creation of AuthRequestObject */
/* Creation of AuthRequestObject */
AuthnRequestBuilder authRequestBuilder = new AuthnRequestBuilder();
AuthnRequest authRequest =
authRequestBuilder.buildObject("urn:oasis:names:tc:SAML:2.0:protocol",
Expand All @@ -736,7 +740,7 @@ protected AuthnRequest buildAuthnRequest(HttpServletRequest request) throws SSOA
authRequest.setExtensions((Extensions) request.getAttribute(Extensions.DEFAULT_ELEMENT_LOCAL_NAME));
}

/* Requesting Attributes. This Index value is registered in the IDP */
/* Requesting Attributes. This Index value is registered in the IDP */
if (ssoAgentConfig.getSAML2().getAttributeConsumingServiceIndex() != null &&
ssoAgentConfig.getSAML2().getAttributeConsumingServiceIndex().trim().length() > 0) {
authRequest.setAttributeConsumingServiceIndex(Integer.parseInt(
Expand Down Expand Up @@ -784,7 +788,6 @@ protected String encodeRequestMessage(SignableSAMLObject requestMessage, String
}
}


/*
* Process the response and returns the results
*/
Expand All @@ -811,7 +814,6 @@ private Map<String, String> getAssertionStatements(Assertion assertion) {

List<AttributeStatement> attributeStatementList = assertion.getAttributeStatements();


for (AttributeStatement statement : attributeStatementList) {
List<Attribute> attributesList = statement.getAttributes();
for (Attribute attribute : attributesList) {
Expand Down Expand Up @@ -848,7 +850,7 @@ protected void validateAudienceRestriction(Assertion assertion) throws SSOAgentE
boolean audienceFound = false;
for (AudienceRestriction audienceRestriction : audienceRestrictions) {
if (audienceRestriction.getAudiences() != null && !audienceRestriction.getAudiences().isEmpty()
) {
) {
for (Audience audience : audienceRestriction.getAudiences()) {
if (ssoAgentConfig.getSAML2().getSPEntityId().equals(audience.getAudienceURI())) {
audienceFound = true;
Expand All @@ -872,7 +874,6 @@ protected void validateAudienceRestriction(Assertion assertion) throws SSOAgentE
}
}


/**
* Validate the signature of a SAML2 Response and Assertion
*
Expand All @@ -890,14 +891,16 @@ protected void validateSignature(Response response, Assertion assertion) throws
//If custom implementation not found, Execute the default implementation
if (ssoAgentConfig.getSAML2().isResponseSigned()) {
if (response.getSignature() == null) {
throw new SSOAgentException("SAML2 Response signing is enabled, but signature element not found in SAML2 Response element");
throw new SSOAgentException(
"SAML2 Response signing is enabled, but signature element not found in SAML2 Response element");
} else {
validateSignature(response.getSignature());
}
}
if (ssoAgentConfig.getSAML2().isAssertionSigned()) {
if (assertion.getSignature() == null) {
throw new SSOAgentException("SAML2 Assertion signing is enabled, but signature element not found in SAML2 Assertion element");
throw new SSOAgentException(
"SAML2 Assertion signing is enabled, but signature element not found in SAML2 Assertion element");
} else {
validateSignature(assertion.getSignature());
}
Expand Down Expand Up @@ -978,6 +981,7 @@ protected boolean isNoPassive(Response response) {
}

public SSOAgentConfig getSsoAgentConfig() {

return ssoAgentConfig;
}

Expand Down Expand Up @@ -1017,7 +1021,7 @@ private void validateAssertionValidityPeriod(Assertion assertion) throws SSOAgen
* @throws SSOAgentException
*/

private void validateSignature(XMLObject signature) throws SSOAgentException{
private void validateSignature(XMLObject signature) throws SSOAgentException {

SignatureImpl signImpl = (SignatureImpl) signature;
try {
Expand All @@ -1034,7 +1038,8 @@ private void validateSignature(XMLObject signature) throws SSOAgentException{
}

try {
SignatureValidator.validate(signImpl, new X509CredentialImpl(ssoAgentConfig.getSAML2().getSSOAgentX509Credential()));
SignatureValidator
.validate(signImpl, new X509CredentialImpl(ssoAgentConfig.getSAML2().getSSOAgentX509Credential()));
} catch (SignatureException e) {
if (log.isDebugEnabled()) {
log.debug("Validation exception : ", e);
Expand Down
6 changes: 4 additions & 2 deletions ...nt.saml/src/main/java/org/wso2/carbon/identity/sso/agent/saml/SAMLSignatureValidator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,11 @@

import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Response;
import org.wso2.carbon.identity.sso.agent.saml.exception.SSOAgentException;
import org.wso2.carbon.identity.sso.agent.saml.bean.SSOAgentConfig;
import org.wso2.carbon.identity.sso.agent.saml.exception.SSOAgentException;

public interface SAMLSignatureValidator {
void validateSignature(Response response, Assertion assertion, SSOAgentConfig ssoAgentConfig) throws SSOAgentException;

void validateSignature(Response response, Assertion assertion, SSOAgentConfig ssoAgentConfig)
throws SSOAgentException;
}
6 changes: 4 additions & 2 deletions ...va/org/wso2/carbon/identity/sso/agent/saml/artifact/SAMLSSOArtifactResolutionService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.signature.XMLSignature;
import org.joda.time.DateTime;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.SAMLObjectBuilder;
Expand All @@ -34,7 +35,6 @@
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.soap.soap11.Envelope;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.wso2.carbon.identity.sso.agent.saml.bean.SSOAgentConfig;
import org.wso2.carbon.identity.sso.agent.saml.exception.ArtifactResolutionException;
import org.wso2.carbon.identity.sso.agent.saml.exception.SSOAgentException;
Expand All @@ -48,6 +48,7 @@
import java.nio.charset.StandardCharsets;
import java.util.Iterator;
import java.util.UUID;

import javax.xml.soap.MessageFactory;
import javax.xml.soap.MimeHeaders;
import javax.xml.soap.SOAPBody;
Expand Down Expand Up @@ -243,7 +244,8 @@ private ArtifactResolve createArtifactResolveObject(String samlArtReceived) {
Artifact artifact = artifactBuilder.buildObject();
artifact.setArtifact(samlArtReceived);

SAMLObjectBuilder<Issuer> issuerBuilder = (SAMLObjectBuilder<Issuer>) builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
SAMLObjectBuilder<Issuer> issuerBuilder =
(SAMLObjectBuilder<Issuer>) builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(ssoAgentConfig.getSAML2().getSPEntityId());

Expand Down
Loading

0 comments on commit cf15f5e

Please sign in to comment.