saulteafarmer/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Stirling-Tools/Stirling-PDF.git synced 2025-05-23 02:12:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

WIP: adds certificate properties

Browse Source
This commit is contained in:
Dimitrios Kaitantzidis 2024-10-07 18:46:19 +03:00
parent 4c9c9b5cbe
commit 3fd44fe7af
1 changed files with 40 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
src/main/java/stirling/software/SPDF/config/security/saml/SamlConfig.java
View File

@ -11,8 +11,8 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource; import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
import org.springframework.security.converter.RsaKeyConverters; import org.springframework.security.converter.RsaKeyConverters;
import org.springframework.security.saml2.core.Saml2X509Credential; import org.springframework.security.saml2.core.Saml2X509Credential;
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository; import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
@ -29,7 +29,7 @@ public class SamlConfig {
@Autowired ApplicationProperties applicationProperties; @Autowired ApplicationProperties applicationProperties;
@Autowired ResourceLoader resourceLoader;
@Bean @Bean
@ConditionalOnProperty( @ConditionalOnProperty(
@ -39,38 +39,49 @@ public class SamlConfig {
public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository()
throws CertificateException, IOException { throws CertificateException, IOException {
// Resource signingCertResource = new ClassPathResource(this.rpSigningCertLocation);
// Resource signingCertResource = new ClassPathResource(this.rpSigningCertLocation); Resource signingCertResource =
Resource signingCertResource = new ClassPathResource(this.applicationProperties.getSecurity().getSaml().getCertificateLocation()); resourceLoader.getResource(
// Resource signingKeyResource = new ClassPathResource(this.rpSigningKeyLocation); this.applicationProperties
Resource signingKeyResource = new ClassPathResource(this.applicationProperties.getSecurity().getSaml().getPrivateKeyLocation()); .getSecurity()
try ( .getSaml()
InputStream is = signingKeyResource.getInputStream(); .getCertificateLocation());
InputStream certIS = signingCertResource.getInputStream(); // Resource signingKeyResource = new ClassPathResource(this.rpSigningKeyLocation);
) { Resource signingKeyResource =
resourceLoader.getResource(
this.applicationProperties.getSecurity().getSaml().getPrivateKeyLocation());
try (InputStream is = signingKeyResource.getInputStream();
InputStream certIS = signingCertResource.getInputStream(); ) {
X509Certificate rpCertificate = X509Support.decodeCertificate(certIS.readAllBytes()); X509Certificate rpCertificate = X509Support.decodeCertificate(certIS.readAllBytes());
RSAPrivateKey rpKey = RsaKeyConverters.pkcs8().convert(is); RSAPrivateKey rpKey = RsaKeyConverters.pkcs8().convert(is);
final Saml2X509Credential rpSigningCredentials = Saml2X509Credential.signing(rpKey, rpCertificate); final Saml2X509Credential rpSigningCredentials =
Saml2X509Credential.signing(rpKey, rpCertificate);
X509Certificate apCert = X509Support.decodeCertificate(rpCertificate.toString()); X509Certificate apCert =
X509Support.decodeCertificate(
applicationProperties.getSecurity().getSaml().getSigningCertificate());
Saml2X509Credential apCredential = Saml2X509Credential.verification(apCert); Saml2X509Credential apCredential = Saml2X509Credential.verification(apCert);
RelyingPartyRegistration registration = RelyingPartyRegistration registration =
RelyingPartyRegistrations.fromMetadataLocation( RelyingPartyRegistrations.fromMetadataLocation(
applicationProperties applicationProperties
.getSecurity() .getSecurity()
.getSaml() .getSaml()
.getIdpMetadataLocation()) .getIdpMetadataLocation())
.entityId(applicationProperties.getSecurity().getSaml().getEntityId()) .entityId(applicationProperties.getSecurity().getSaml().getEntityId())
.registrationId( .registrationId(
applicationProperties.getSecurity().getSaml().getRegistrationId()) applicationProperties
.signingX509Credentials(c -> c.add(rpSigningCredentials)) .getSecurity()
.assertingPartyDetails(party -> party .getSaml()
.wantAuthnRequestsSigned(true) .getRegistrationId())
.verificationX509Credentials(c -> c.add(apCredential)) .signingX509Credentials(c -> c.add(rpSigningCredentials))
) .assertingPartyDetails(
.build(); party ->
return new InMemoryRelyingPartyRegistrationRepository(registration); party.wantAuthnRequestsSigned(true)
.verificationX509Credentials(
c -> c.add(apCredential)))
.build();
return new InMemoryRelyingPartyRegistrationRepository(registration);
}
} }
} }