mirror of
https://github.com/Stirling-Tools/Stirling-PDF.git
synced 2025-05-23 10:22:01 +00:00
WIP: adds certificate properties
This commit is contained in:
Dimitrios Kaitantzidis
parent
4c9c9b5cbe
commit
3fd44fe7af
@ -11,8 +11,8 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.core.io.ClassPathResource;
|
|
||||||
import org.springframework.core.io.Resource;
|
import org.springframework.core.io.Resource;
|
||||||
|
import org.springframework.core.io.ResourceLoader;
|
||||||
import org.springframework.security.converter.RsaKeyConverters;
|
import org.springframework.security.converter.RsaKeyConverters;
|
||||||
import org.springframework.security.saml2.core.Saml2X509Credential;
|
import org.springframework.security.saml2.core.Saml2X509Credential;
|
||||||
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
|
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
|
||||||
@ -29,7 +29,7 @@ public class SamlConfig {
|
|||||||
|
|
||||||
@Autowired ApplicationProperties applicationProperties;
|
@Autowired ApplicationProperties applicationProperties;
|
||||||
|
|
||||||
|
@Autowired ResourceLoader resourceLoader;
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
@ConditionalOnProperty(
|
@ConditionalOnProperty(
|
||||||
@ -39,23 +39,29 @@ public class SamlConfig {
|
|||||||
public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository()
|
public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository()
|
||||||
throws CertificateException, IOException {
|
throws CertificateException, IOException {
|
||||||
|
|
||||||
|
// Resource signingCertResource = new ClassPathResource(this.rpSigningCertLocation);
|
||||||
// Resource signingCertResource = new ClassPathResource(this.rpSigningCertLocation);
|
Resource signingCertResource =
|
||||||
Resource signingCertResource = new ClassPathResource(this.applicationProperties.getSecurity().getSaml().getCertificateLocation());
|
resourceLoader.getResource(
|
||||||
// Resource signingKeyResource = new ClassPathResource(this.rpSigningKeyLocation);
|
this.applicationProperties
|
||||||
Resource signingKeyResource = new ClassPathResource(this.applicationProperties.getSecurity().getSaml().getPrivateKeyLocation());
|
.getSecurity()
|
||||||
try (
|
.getSaml()
|
||||||
InputStream is = signingKeyResource.getInputStream();
|
.getCertificateLocation());
|
||||||
InputStream certIS = signingCertResource.getInputStream();
|
// Resource signingKeyResource = new ClassPathResource(this.rpSigningKeyLocation);
|
||||||
) {
|
Resource signingKeyResource =
|
||||||
|
resourceLoader.getResource(
|
||||||
|
this.applicationProperties.getSecurity().getSaml().getPrivateKeyLocation());
|
||||||
|
try (InputStream is = signingKeyResource.getInputStream();
|
||||||
|
InputStream certIS = signingCertResource.getInputStream(); ) {
|
||||||
X509Certificate rpCertificate = X509Support.decodeCertificate(certIS.readAllBytes());
|
X509Certificate rpCertificate = X509Support.decodeCertificate(certIS.readAllBytes());
|
||||||
RSAPrivateKey rpKey = RsaKeyConverters.pkcs8().convert(is);
|
RSAPrivateKey rpKey = RsaKeyConverters.pkcs8().convert(is);
|
||||||
final Saml2X509Credential rpSigningCredentials = Saml2X509Credential.signing(rpKey, rpCertificate);
|
final Saml2X509Credential rpSigningCredentials =
|
||||||
|
Saml2X509Credential.signing(rpKey, rpCertificate);
|
||||||
|
|
||||||
X509Certificate apCert = X509Support.decodeCertificate(rpCertificate.toString());
|
X509Certificate apCert =
|
||||||
|
X509Support.decodeCertificate(
|
||||||
|
applicationProperties.getSecurity().getSaml().getSigningCertificate());
|
||||||
Saml2X509Credential apCredential = Saml2X509Credential.verification(apCert);
|
Saml2X509Credential apCredential = Saml2X509Credential.verification(apCert);
|
||||||
|
|
||||||
|
|
||||||
RelyingPartyRegistration registration =
|
RelyingPartyRegistration registration =
|
||||||
RelyingPartyRegistrations.fromMetadataLocation(
|
RelyingPartyRegistrations.fromMetadataLocation(
|
||||||
applicationProperties
|
applicationProperties
|
||||||
@ -64,13 +70,18 @@ public class SamlConfig {
|
|||||||
.getIdpMetadataLocation())
|
.getIdpMetadataLocation())
|
||||||
.entityId(applicationProperties.getSecurity().getSaml().getEntityId())
|
.entityId(applicationProperties.getSecurity().getSaml().getEntityId())
|
||||||
.registrationId(
|
.registrationId(
|
||||||
applicationProperties.getSecurity().getSaml().getRegistrationId())
|
applicationProperties
|
||||||
|
.getSecurity()
|
||||||
|
.getSaml()
|
||||||
|
.getRegistrationId())
|
||||||
.signingX509Credentials(c -> c.add(rpSigningCredentials))
|
.signingX509Credentials(c -> c.add(rpSigningCredentials))
|
||||||
.assertingPartyDetails(party -> party
|
.assertingPartyDetails(
|
||||||
.wantAuthnRequestsSigned(true)
|
party ->
|
||||||
.verificationX509Credentials(c -> c.add(apCredential))
|
party.wantAuthnRequestsSigned(true)
|
||||||
)
|
.verificationX509Credentials(
|
||||||
|
c -> c.add(apCredential)))
|
||||||
.build();
|
.build();
|
||||||
return new InMemoryRelyingPartyRegistrationRepository(registration);
|
return new InMemoryRelyingPartyRegistrationRepository(registration);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user