WIP: trying to make it work

This commit is contained in:
Dimitrios Kaitantzidis 2024-10-05 20:52:09 +03:00
parent e660237e28
commit 4c9c9b5cbe
4 changed files with 66 additions and 31 deletions

View File

@ -46,7 +46,6 @@ public class LicenseKeyChecker {
log.info("License key is invalid.");
}
}
}
public void updateLicenseKey(String newKey) throws IOException {

View File

@ -1,11 +1,20 @@
package stirling.software.SPDF.config.security.saml;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import org.opensaml.security.x509.X509Support;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.security.converter.RsaKeyConverters;
import org.springframework.security.saml2.core.Saml2X509Credential;
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
@ -20,14 +29,34 @@ public class SamlConfig {
@Autowired ApplicationProperties applicationProperties;
@Bean
@ConditionalOnProperty(
value = "security.saml.enabled",
havingValue = "true",
matchIfMissing = false)
public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository()
throws CertificateException {
RelyingPartyRegistration registration =
throws CertificateException, IOException {
// Resource signingCertResource = new ClassPathResource(this.rpSigningCertLocation);
Resource signingCertResource = new ClassPathResource(this.applicationProperties.getSecurity().getSaml().getCertificateLocation());
// Resource signingKeyResource = new ClassPathResource(this.rpSigningKeyLocation);
Resource signingKeyResource = new ClassPathResource(this.applicationProperties.getSecurity().getSaml().getPrivateKeyLocation());
try (
InputStream is = signingKeyResource.getInputStream();
InputStream certIS = signingCertResource.getInputStream();
) {
X509Certificate rpCertificate = X509Support.decodeCertificate(certIS.readAllBytes());
RSAPrivateKey rpKey = RsaKeyConverters.pkcs8().convert(is);
final Saml2X509Credential rpSigningCredentials = Saml2X509Credential.signing(rpKey, rpCertificate);
X509Certificate apCert = X509Support.decodeCertificate(rpCertificate.toString());
Saml2X509Credential apCredential = Saml2X509Credential.verification(apCert);
RelyingPartyRegistration registration =
RelyingPartyRegistrations.fromMetadataLocation(
applicationProperties
.getSecurity()
@ -36,6 +65,11 @@ public class SamlConfig {
.entityId(applicationProperties.getSecurity().getSaml().getEntityId())
.registrationId(
applicationProperties.getSecurity().getSaml().getRegistrationId())
.signingX509Credentials(c -> c.add(rpSigningCredentials))
.assertingPartyDetails(party -> party
.wantAuthnRequestsSigned(true)
.verificationX509Credentials(c -> c.add(apCredential))
)
.build();
return new InMemoryRelyingPartyRegistrationRepository(registration);
}

View File

@ -13,9 +13,6 @@ import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.FileSystemResource;
import org.springframework.core.io.Resource;
import lombok.Data;
import lombok.ToString;
@ -81,25 +78,30 @@ public class ApplicationProperties {
private String registrationId;
private String spBaseUrl;
private String idpMetadataLocation;
private KeyStore keystore;
// private KeyStore keystore;
private String privateKeyLocation;
private String certificateLocation;
private String singleLogoutBinding;
private String singleLogoutResponseUri;
private String signingCertificate;
@Data
public static class KeyStore {
private String keystoreLocation;
private String keystorePassword;
private String keyAlias;
private String keyPassword;
private String realmCertificateAlias;
public Resource getKeystoreResource() {
if (keystoreLocation.startsWith("classpath:")) {
return new ClassPathResource(
keystoreLocation.substring("classpath:".length()));
} else {
return new FileSystemResource(keystoreLocation);
}
}
}
// @Data
// public static class KeyStore {
// private String keystoreLocation;
// private String keystorePassword;
// private String keyAlias;
// private String keyPassword;
// private String realmCertificateAlias;
//
// public Resource getKeystoreResource() {
// if (keystoreLocation.startsWith("classpath:")) {
// return new ClassPathResource(
// keystoreLocation.substring("classpath:".length()));
// } else {
// return new FileSystemResource(keystoreLocation);
// }
// }
// }
}
@Data

View File

@ -5,16 +5,21 @@ import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.NetworkInterface;
import java.net.URI;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.nio.file.FileVisitResult;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.SimpleFileVisitor;
import java.nio.file.attribute.BasicFileAttributes;
import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.UUID;
@ -30,11 +35,6 @@ import com.fathzer.soft.javaluator.DoubleEvaluator;
import io.github.pixee.security.HostValidator;
import io.github.pixee.security.Urls;
import java.net.InetAddress;
import java.net.NetworkInterface;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.util.Enumeration;
public class GeneralUtils {
@ -346,7 +346,7 @@ public class GeneralUtils {
return fingerprint.toString();
} catch (Exception e) {
return "GenericID";
return "GenericID";
}
}
}