WIP: adds certificate properties

2025-04-19 19:21:18 +00:00 · 2024-10-07 18:46:19 +03:00 · 2024-10-07 18:46:19 +03:00 · 3fd44fe7af
commit 3fd44fe7af
parent 4c9c9b5cbe
1 changed files with 40 additions and 29 deletions
--- a/src/main/java/stirling/software/SPDF/config/security/saml/SamlConfig.java
+++ b/src/main/java/stirling/software/SPDF/config/security/saml/SamlConfig.java
@ -11,8 +11,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.core.io.ClassPathResource;
 import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
 import org.springframework.security.converter.RsaKeyConverters;
 import org.springframework.security.saml2.core.Saml2X509Credential;
 import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
@ -29,7 +29,7 @@ public class SamlConfig {

    @Autowired ApplicationProperties applicationProperties;

-
+    @Autowired ResourceLoader resourceLoader;

    @Bean
    @ConditionalOnProperty(
@ -39,38 +39,49 @@ public class SamlConfig {
    public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository()
            throws CertificateException, IOException {

-
-//        Resource signingCertResource = new ClassPathResource(this.rpSigningCertLocation);
-        Resource signingCertResource = new ClassPathResource(this.applicationProperties.getSecurity().getSaml().getCertificateLocation());
-//        Resource signingKeyResource = new ClassPathResource(this.rpSigningKeyLocation);
-        Resource signingKeyResource = new ClassPathResource(this.applicationProperties.getSecurity().getSaml().getPrivateKeyLocation());
-        try (
-                InputStream is = signingKeyResource.getInputStream();
-                InputStream certIS = signingCertResource.getInputStream();
-        ) {
+        //        Resource signingCertResource = new ClassPathResource(this.rpSigningCertLocation);
+        Resource signingCertResource =
+                resourceLoader.getResource(
+                        this.applicationProperties
+                                .getSecurity()
+                                .getSaml()
+                                .getCertificateLocation());
+        //        Resource signingKeyResource = new ClassPathResource(this.rpSigningKeyLocation);
+        Resource signingKeyResource =
+                resourceLoader.getResource(
+                        this.applicationProperties.getSecurity().getSaml().getPrivateKeyLocation());
+        try (InputStream is = signingKeyResource.getInputStream();
+                InputStream certIS = signingCertResource.getInputStream(); ) {
            X509Certificate rpCertificate = X509Support.decodeCertificate(certIS.readAllBytes());
            RSAPrivateKey rpKey = RsaKeyConverters.pkcs8().convert(is);
-            final Saml2X509Credential rpSigningCredentials = Saml2X509Credential.signing(rpKey, rpCertificate);
+            final Saml2X509Credential rpSigningCredentials =
+                    Saml2X509Credential.signing(rpKey, rpCertificate);

-            X509Certificate apCert = X509Support.decodeCertificate(rpCertificate.toString());
+            X509Certificate apCert =
+                    X509Support.decodeCertificate(
+                            applicationProperties.getSecurity().getSaml().getSigningCertificate());
            Saml2X509Credential apCredential = Saml2X509Credential.verification(apCert);

-
            RelyingPartyRegistration registration =
-                RelyingPartyRegistrations.fromMetadataLocation(
-                                applicationProperties
-                                        .getSecurity()
-                                        .getSaml()
-                                        .getIdpMetadataLocation())
-                        .entityId(applicationProperties.getSecurity().getSaml().getEntityId())
-                        .registrationId(
-                                applicationProperties.getSecurity().getSaml().getRegistrationId())
-                        .signingX509Credentials(c -> c.add(rpSigningCredentials))
-                        .assertingPartyDetails(party -> party
-                                .wantAuthnRequestsSigned(true)
-                                .verificationX509Credentials(c -> c.add(apCredential))
-                        )
-                        .build();
-        return new InMemoryRelyingPartyRegistrationRepository(registration);
+                    RelyingPartyRegistrations.fromMetadataLocation(
+                                    applicationProperties
+                                            .getSecurity()
+                                            .getSaml()
+                                            .getIdpMetadataLocation())
+                            .entityId(applicationProperties.getSecurity().getSaml().getEntityId())
+                            .registrationId(
+                                    applicationProperties
+                                            .getSecurity()
+                                            .getSaml()
+                                            .getRegistrationId())
+                            .signingX509Credentials(c -> c.add(rpSigningCredentials))
+                            .assertingPartyDetails(
+                                    party ->
+                                            party.wantAuthnRequestsSigned(true)
+                                                    .verificationX509Credentials(
+                                                            c -> c.add(apCredential)))
+                            .build();
+            return new InMemoryRelyingPartyRegistrationRepository(registration);
+        }
    }
 }