From 4c9c9b5cbe97d67e5ddc59d535a09281848951b1 Mon Sep 17 00:00:00 2001
From: Dimitrios Kaitantzidis <james_k23@hotmail.gr>
Date: Sat, 5 Oct 2024 20:52:09 +0300
Subject: [PATCH] WIP: trying to make it work

---
 .../software/SPDF/EE/LicenseKeyChecker.java   |  1 -
 .../SPDF/config/security/saml/SamlConfig.java | 38 +++++++++++++++-
 .../SPDF/model/ApplicationProperties.java     | 44 ++++++++++---------
 .../software/SPDF/utils/GeneralUtils.java     | 14 +++---
 4 files changed, 66 insertions(+), 31 deletions(-)

diff --git a/src/main/java/stirling/software/SPDF/EE/LicenseKeyChecker.java b/src/main/java/stirling/software/SPDF/EE/LicenseKeyChecker.java
index 1b1e8cf6b..ec1a51b96 100644
--- a/src/main/java/stirling/software/SPDF/EE/LicenseKeyChecker.java
+++ b/src/main/java/stirling/software/SPDF/EE/LicenseKeyChecker.java
@@ -46,7 +46,6 @@ public class LicenseKeyChecker {
                 log.info("License key is invalid.");
             }
         }
-        
     }
 
     public void updateLicenseKey(String newKey) throws IOException {
diff --git a/src/main/java/stirling/software/SPDF/config/security/saml/SamlConfig.java b/src/main/java/stirling/software/SPDF/config/security/saml/SamlConfig.java
index 358c44886..4c40cce8b 100644
--- a/src/main/java/stirling/software/SPDF/config/security/saml/SamlConfig.java
+++ b/src/main/java/stirling/software/SPDF/config/security/saml/SamlConfig.java
@@ -1,11 +1,20 @@
 package stirling.software.SPDF.config.security.saml;
 
+import java.io.IOException;
+import java.io.InputStream;
 import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.RSAPrivateKey;
 
+import org.opensaml.security.x509.X509Support;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+import org.springframework.security.converter.RsaKeyConverters;
+import org.springframework.security.saml2.core.Saml2X509Credential;
 import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
@@ -20,14 +29,34 @@ public class SamlConfig {
 
     @Autowired ApplicationProperties applicationProperties;
 
+
+
     @Bean
     @ConditionalOnProperty(
             value = "security.saml.enabled",
             havingValue = "true",
             matchIfMissing = false)
     public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository()
-            throws CertificateException {
-        RelyingPartyRegistration registration =
+            throws CertificateException, IOException {
+
+
+//        Resource signingCertResource = new ClassPathResource(this.rpSigningCertLocation);
+        Resource signingCertResource = new ClassPathResource(this.applicationProperties.getSecurity().getSaml().getCertificateLocation());
+//        Resource signingKeyResource = new ClassPathResource(this.rpSigningKeyLocation);
+        Resource signingKeyResource = new ClassPathResource(this.applicationProperties.getSecurity().getSaml().getPrivateKeyLocation());
+        try (
+                InputStream is = signingKeyResource.getInputStream();
+                InputStream certIS = signingCertResource.getInputStream();
+        ) {
+            X509Certificate rpCertificate = X509Support.decodeCertificate(certIS.readAllBytes());
+            RSAPrivateKey rpKey = RsaKeyConverters.pkcs8().convert(is);
+            final Saml2X509Credential rpSigningCredentials = Saml2X509Credential.signing(rpKey, rpCertificate);
+
+            X509Certificate apCert = X509Support.decodeCertificate(rpCertificate.toString());
+            Saml2X509Credential apCredential = Saml2X509Credential.verification(apCert);
+
+
+            RelyingPartyRegistration registration =
                 RelyingPartyRegistrations.fromMetadataLocation(
                                 applicationProperties
                                         .getSecurity()
@@ -36,6 +65,11 @@ public class SamlConfig {
                         .entityId(applicationProperties.getSecurity().getSaml().getEntityId())
                         .registrationId(
                                 applicationProperties.getSecurity().getSaml().getRegistrationId())
+                        .signingX509Credentials(c -> c.add(rpSigningCredentials))
+                        .assertingPartyDetails(party -> party
+                                .wantAuthnRequestsSigned(true)
+                                .verificationX509Credentials(c -> c.add(apCredential))
+                        )
                         .build();
         return new InMemoryRelyingPartyRegistrationRepository(registration);
     }
diff --git a/src/main/java/stirling/software/SPDF/model/ApplicationProperties.java b/src/main/java/stirling/software/SPDF/model/ApplicationProperties.java
index 758e6e8ce..0bd8dad31 100644
--- a/src/main/java/stirling/software/SPDF/model/ApplicationProperties.java
+++ b/src/main/java/stirling/software/SPDF/model/ApplicationProperties.java
@@ -13,9 +13,6 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
-import org.springframework.core.io.ClassPathResource;
-import org.springframework.core.io.FileSystemResource;
-import org.springframework.core.io.Resource;
 
 import lombok.Data;
 import lombok.ToString;
@@ -81,25 +78,30 @@ public class ApplicationProperties {
             private String registrationId;
             private String spBaseUrl;
             private String idpMetadataLocation;
-            private KeyStore keystore;
+            //            private KeyStore keystore;
+            private String privateKeyLocation;
+            private String certificateLocation;
+            private String singleLogoutBinding;
+            private String singleLogoutResponseUri;
+            private String signingCertificate;
 
-            @Data
-            public static class KeyStore {
-                private String keystoreLocation;
-                private String keystorePassword;
-                private String keyAlias;
-                private String keyPassword;
-                private String realmCertificateAlias;
-
-                public Resource getKeystoreResource() {
-                    if (keystoreLocation.startsWith("classpath:")) {
-                        return new ClassPathResource(
-                                keystoreLocation.substring("classpath:".length()));
-                    } else {
-                        return new FileSystemResource(keystoreLocation);
-                    }
-                }
-            }
+            //            @Data
+            //            public static class KeyStore {
+            //                private String keystoreLocation;
+            //                private String keystorePassword;
+            //                private String keyAlias;
+            //                private String keyPassword;
+            //                private String realmCertificateAlias;
+            //
+            //                public Resource getKeystoreResource() {
+            //                    if (keystoreLocation.startsWith("classpath:")) {
+            //                        return new ClassPathResource(
+            //                                keystoreLocation.substring("classpath:".length()));
+            //                    } else {
+            //                        return new FileSystemResource(keystoreLocation);
+            //                    }
+            //                }
+            //            }
         }
 
         @Data
diff --git a/src/main/java/stirling/software/SPDF/utils/GeneralUtils.java b/src/main/java/stirling/software/SPDF/utils/GeneralUtils.java
index 85e1bb79c..8e56c8df6 100644
--- a/src/main/java/stirling/software/SPDF/utils/GeneralUtils.java
+++ b/src/main/java/stirling/software/SPDF/utils/GeneralUtils.java
@@ -5,16 +5,21 @@ import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.HttpURLConnection;
+import java.net.InetAddress;
 import java.net.MalformedURLException;
+import java.net.NetworkInterface;
 import java.net.URI;
 import java.net.URL;
+import java.nio.charset.StandardCharsets;
 import java.nio.file.FileVisitResult;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.nio.file.SimpleFileVisitor;
 import java.nio.file.attribute.BasicFileAttributes;
+import java.security.MessageDigest;
 import java.util.ArrayList;
+import java.util.Enumeration;
 import java.util.List;
 import java.util.UUID;
 
@@ -30,11 +35,6 @@ import com.fathzer.soft.javaluator.DoubleEvaluator;
 
 import io.github.pixee.security.HostValidator;
 import io.github.pixee.security.Urls;
-import java.net.InetAddress;
-import java.net.NetworkInterface;
-import java.nio.charset.StandardCharsets;
-import java.security.MessageDigest;
-import java.util.Enumeration;
 
 public class GeneralUtils {
 
@@ -306,7 +306,7 @@ public class GeneralUtils {
         }
         settingsYml.save();
     }
-    
+
     public static String generateMachineFingerprint() {
         try {
             // Get the MAC address
@@ -346,7 +346,7 @@ public class GeneralUtils {
             return fingerprint.toString();
 
         } catch (Exception e) {
-        	return "GenericID";
+            return "GenericID";
         }
     }
 }