mirror of
https://github.com/Stirling-Tools/Stirling-PDF.git
synced 2025-06-11 18:15:05 +00:00
WIP: trying to make it work
This commit is contained in:
Dimitrios Kaitantzidis
parent
e660237e28
commit
4c9c9b5cbe
@ -46,7 +46,6 @@ public class LicenseKeyChecker {
|
||||
log.info("License key is invalid.");
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public void updateLicenseKey(String newKey) throws IOException {
|
||||
|
||||
@ -1,11 +1,20 @@
|
||||
package stirling.software.SPDF.config.security.saml;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.security.interfaces.RSAPrivateKey;
|
||||
|
||||
import org.opensaml.security.x509.X509Support;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.io.ClassPathResource;
|
||||
import org.springframework.core.io.Resource;
|
||||
import org.springframework.security.converter.RsaKeyConverters;
|
||||
import org.springframework.security.saml2.core.Saml2X509Credential;
|
||||
import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
|
||||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
|
||||
@ -20,14 +29,34 @@ public class SamlConfig {
|
||||
|
||||
@Autowired ApplicationProperties applicationProperties;
|
||||
|
||||
|
||||
|
||||
@Bean
|
||||
@ConditionalOnProperty(
|
||||
value = "security.saml.enabled",
|
||||
havingValue = "true",
|
||||
matchIfMissing = false)
|
||||
public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository()
|
||||
throws CertificateException {
|
||||
RelyingPartyRegistration registration =
|
||||
throws CertificateException, IOException {
|
||||
|
||||
|
||||
// Resource signingCertResource = new ClassPathResource(this.rpSigningCertLocation);
|
||||
Resource signingCertResource = new ClassPathResource(this.applicationProperties.getSecurity().getSaml().getCertificateLocation());
|
||||
// Resource signingKeyResource = new ClassPathResource(this.rpSigningKeyLocation);
|
||||
Resource signingKeyResource = new ClassPathResource(this.applicationProperties.getSecurity().getSaml().getPrivateKeyLocation());
|
||||
try (
|
||||
InputStream is = signingKeyResource.getInputStream();
|
||||
InputStream certIS = signingCertResource.getInputStream();
|
||||
) {
|
||||
X509Certificate rpCertificate = X509Support.decodeCertificate(certIS.readAllBytes());
|
||||
RSAPrivateKey rpKey = RsaKeyConverters.pkcs8().convert(is);
|
||||
final Saml2X509Credential rpSigningCredentials = Saml2X509Credential.signing(rpKey, rpCertificate);
|
||||
|
||||
X509Certificate apCert = X509Support.decodeCertificate(rpCertificate.toString());
|
||||
Saml2X509Credential apCredential = Saml2X509Credential.verification(apCert);
|
||||
|
||||
|
||||
RelyingPartyRegistration registration =
|
||||
RelyingPartyRegistrations.fromMetadataLocation(
|
||||
applicationProperties
|
||||
.getSecurity()
|
||||
@ -36,6 +65,11 @@ public class SamlConfig {
|
||||
.entityId(applicationProperties.getSecurity().getSaml().getEntityId())
|
||||
.registrationId(
|
||||
applicationProperties.getSecurity().getSaml().getRegistrationId())
|
||||
.signingX509Credentials(c -> c.add(rpSigningCredentials))
|
||||
.assertingPartyDetails(party -> party
|
||||
.wantAuthnRequestsSigned(true)
|
||||
.verificationX509Credentials(c -> c.add(apCredential))
|
||||
)
|
||||
.build();
|
||||
return new InMemoryRelyingPartyRegistrationRepository(registration);
|
||||
}
|
||||
|
||||
@ -13,9 +13,6 @@ import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.PropertySource;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.core.io.ClassPathResource;
|
||||
import org.springframework.core.io.FileSystemResource;
|
||||
import org.springframework.core.io.Resource;
|
||||
|
||||
import lombok.Data;
|
||||
import lombok.ToString;
|
||||
@ -81,25 +78,30 @@ public class ApplicationProperties {
|
||||
private String registrationId;
|
||||
private String spBaseUrl;
|
||||
private String idpMetadataLocation;
|
||||
private KeyStore keystore;
|
||||
// private KeyStore keystore;
|
||||
private String privateKeyLocation;
|
||||
private String certificateLocation;
|
||||
private String singleLogoutBinding;
|
||||
private String singleLogoutResponseUri;
|
||||
private String signingCertificate;
|
||||
|
||||
@Data
|
||||
public static class KeyStore {
|
||||
private String keystoreLocation;
|
||||
private String keystorePassword;
|
||||
private String keyAlias;
|
||||
private String keyPassword;
|
||||
private String realmCertificateAlias;
|
||||
|
||||
public Resource getKeystoreResource() {
|
||||
if (keystoreLocation.startsWith("classpath:")) {
|
||||
return new ClassPathResource(
|
||||
keystoreLocation.substring("classpath:".length()));
|
||||
} else {
|
||||
return new FileSystemResource(keystoreLocation);
|
||||
}
|
||||
}
|
||||
}
|
||||
// @Data
|
||||
// public static class KeyStore {
|
||||
// private String keystoreLocation;
|
||||
// private String keystorePassword;
|
||||
// private String keyAlias;
|
||||
// private String keyPassword;
|
||||
// private String realmCertificateAlias;
|
||||
//
|
||||
// public Resource getKeystoreResource() {
|
||||
// if (keystoreLocation.startsWith("classpath:")) {
|
||||
// return new ClassPathResource(
|
||||
// keystoreLocation.substring("classpath:".length()));
|
||||
// } else {
|
||||
// return new FileSystemResource(keystoreLocation);
|
||||
// }
|
||||
// }
|
||||
// }
|
||||
}
|
||||
|
||||
@Data
|
||||
|
||||
@ -5,16 +5,21 @@ import java.io.FileOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.net.HttpURLConnection;
|
||||
import java.net.InetAddress;
|
||||
import java.net.MalformedURLException;
|
||||
import java.net.NetworkInterface;
|
||||
import java.net.URI;
|
||||
import java.net.URL;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.nio.file.FileVisitResult;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
import java.nio.file.Paths;
|
||||
import java.nio.file.SimpleFileVisitor;
|
||||
import java.nio.file.attribute.BasicFileAttributes;
|
||||
import java.security.MessageDigest;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Enumeration;
|
||||
import java.util.List;
|
||||
import java.util.UUID;
|
||||
|
||||
@ -30,11 +35,6 @@ import com.fathzer.soft.javaluator.DoubleEvaluator;
|
||||
|
||||
import io.github.pixee.security.HostValidator;
|
||||
import io.github.pixee.security.Urls;
|
||||
import java.net.InetAddress;
|
||||
import java.net.NetworkInterface;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.MessageDigest;
|
||||
import java.util.Enumeration;
|
||||
|
||||
public class GeneralUtils {
|
||||
|
||||
@ -346,7 +346,7 @@ public class GeneralUtils {
|
||||
return fingerprint.toString();
|
||||
|
||||
} catch (Exception e) {
|
||||
return "GenericID";
|
||||
return "GenericID";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user