net.shibboleth.utilities.java.support.component.ComponentInitializationException Java Examples

The following examples show how to use net.shibboleth.utilities.java.support.component.ComponentInitializationException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: MockSamlIdpServer.java    From deprecated-security-advanced-modules with Apache License 2.0 6 votes vote down vote up
public String handleSsoGetRequestBase(HttpRequest request) {
    try {

        HttpServletRequest httpServletRequest = new FakeHttpServletRequest(request);

        HTTPRedirectDeflateDecoder decoder = new HTTPRedirectDeflateDecoder();
        decoder.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
        decoder.setHttpServletRequest(httpServletRequest);
        decoder.initialize();
        decoder.decode();

        MessageContext<SAMLObject> messageContext = decoder.getMessageContext();

        if (!(messageContext.getMessage() instanceof AuthnRequest)) {
            throw new RuntimeException("Expected AuthnRequest; received: " + messageContext.getMessage());
        }

        AuthnRequest authnRequest = (AuthnRequest) messageContext.getMessage();

        return createSamlAuthResponse(authnRequest);
    } catch (URISyntaxException | ComponentInitializationException | MessageDecodingException e) {
        throw new RuntimeException(e);
    }
}
 
Example #2
Source File: AbstractMetadataResolverAdapter.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
/**
 * Build single metadata resolver.
 *
 * @param metadataFilterChain the metadata filters chained together
 * @param resource the resource
 * @param document the xml document to parse
 * @return list of resolved metadata from resources.
 * @throws IOException the iO exception
 */
private List<MetadataResolver> buildSingleMetadataResolver(final MetadataFilter metadataFilterChain,
                                         final Resource resource, final Document document) throws IOException {
    final List<MetadataResolver> resolvers = new ArrayList<>();
    final Element metadataRoot = document.getDocumentElement();
    final DOMMetadataResolver metadataProvider = new DOMMetadataResolver(metadataRoot);

    metadataProvider.setParserPool(this.configBean.getParserPool());
    metadataProvider.setFailFastInitialization(true);
    metadataProvider.setRequireValidMetadata(this.requireValidMetadata);
    metadataProvider.setId(metadataProvider.getClass().getCanonicalName());
    if (metadataFilterChain != null) {
        metadataProvider.setMetadataFilter(metadataFilterChain);
    }
    logger.debug("Initializing metadata resolver for [{}]", resource.getURL());

    try {
        metadataProvider.initialize();
    } catch (final ComponentInitializationException ex) {
        logger.warn("Could not initialize metadata resolver. Resource will be ignored", ex);
    }
    resolvers.add(metadataProvider);
    return resolvers;
}
 
Example #3
Source File: HTTPSamlAuthenticator.java    From deprecated-security-advanced-modules with Apache License 2.0 5 votes vote down vote up
private AbstractReloadingMetadataResolver createMetadataResolver(final Settings settings, final Path configPath)
        throws Exception {
    final AbstractReloadingMetadataResolver metadataResolver;

    if (idpMetadataUrl != null) {
        metadataResolver = new SamlHTTPMetadataResolver(settings, configPath);
    } else {
        metadataResolver = new SamlFilesystemMetadataResolver(settings, configPath);
    }

    SecurityManager sm = System.getSecurityManager();

    if (sm != null) {
        sm.checkPermission(new SpecialPermission());
    }

    try {
        AccessController.doPrivileged(new PrivilegedExceptionAction<Void>() {
            @Override
            public Void run() throws ComponentInitializationException {
                metadataResolver.initialize();
                return null;
            }
        });
    } catch (PrivilegedActionException e) {
        if (e.getCause() instanceof ComponentInitializationException) {
            throw (ComponentInitializationException) e.getCause();
        } else {
            throw new RuntimeException(e.getCause());
        }
    }

    return metadataResolver;

}
 
Example #4
Source File: SamlClient.java    From saml-client with MIT License 5 votes vote down vote up
private static BasicParserPool createDOMParser() throws SamlException {
  BasicParserPool basicParserPool = new BasicParserPool();
  try {
    basicParserPool.initialize();
  } catch (ComponentInitializationException e) {
    throw new SamlException("Failed to create an XML parser");
  }

  return basicParserPool;
}
 
Example #5
Source File: SamlClient.java    From saml-client with MIT License 5 votes vote down vote up
private static DOMMetadataResolver createMetadataResolver(InputStream metadata)
    throws SamlException {
  try {
    BasicParserPool parser = createDOMParser();
    Document metadataDocument = parser.parse(metadata);
    DOMMetadataResolver resolver = new DOMMetadataResolver(metadataDocument.getDocumentElement());
    resolver.setId(
        "componentId"); // The resolver needs an ID for the initialization to go through.
    resolver.initialize();
    return resolver;
  } catch (ComponentInitializationException | XMLParserException ex) {
    throw new SamlException("Cannot load identity provider metadata", ex);
  }
}
 
Example #6
Source File: MockSamlIdpServer.java    From deprecated-security-advanced-modules with Apache License 2.0 4 votes vote down vote up
@SuppressWarnings("unchecked")
public void handleSloGetRequestBase(HttpRequest request) {
    try {

        HttpServletRequest httpServletRequest = new FakeHttpServletRequest(request);

        HTTPRedirectDeflateDecoder decoder = new HTTPRedirectDeflateDecoder();
        decoder.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
        decoder.setHttpServletRequest(httpServletRequest);
        decoder.initialize();
        decoder.decode();

        MessageContext<SAMLObject> messageContext = decoder.getMessageContext();

        if (!(messageContext.getMessage() instanceof LogoutRequest)) {
            throw new RuntimeException("Expected LogoutRequest; received: " + messageContext.getMessage());
        }

        LogoutRequest logoutRequest = (LogoutRequest) messageContext.getMessage();

        SAML2HTTPRedirectDeflateSignatureSecurityHandler signatureSecurityHandler = new SAML2HTTPRedirectDeflateSignatureSecurityHandler();
        SignatureValidationParameters validationParams = new SignatureValidationParameters();
        SecurityParametersContext securityParametersContext = messageContext
                .getSubcontext(SecurityParametersContext.class, true);

        SAMLPeerEntityContext peerEntityContext = messageContext.getSubcontext(SAMLPeerEntityContext.class, true);
        peerEntityContext.setEntityId(idpEntityId);
        peerEntityContext.setRole(org.opensaml.saml.saml2.metadata.SPSSODescriptor.DEFAULT_ELEMENT_NAME);

        SAMLProtocolContext protocolContext = messageContext.getSubcontext(SAMLProtocolContext.class, true);
        protocolContext.setProtocol(SAMLConstants.SAML20P_NS);

        validationParams.setSignatureTrustEngine(buildSignatureTrustEngine(this.spSignatureCertificate));
        securityParametersContext.setSignatureValidationParameters(validationParams);
        signatureSecurityHandler.setHttpServletRequest(httpServletRequest);
        signatureSecurityHandler.initialize();
        signatureSecurityHandler.invoke(messageContext);

        if (!this.authenticateUser.equals(logoutRequest.getNameID().getValue())) {
            throw new RuntimeException("Unexpected NameID in LogoutRequest: " + logoutRequest);
        }

    } catch (URISyntaxException | ComponentInitializationException | MessageDecodingException
            | MessageHandlerException e) {
        throw new RuntimeException(e);
    }
}
 
Example #7
Source File: ResponseServiceTest.java    From verify-service-provider with MIT License 4 votes vote down vote up
@Before
public void setUp() throws ComponentInitializationException, KeyException {
    // Note: the private key and the encrypting credential need to be from the same keypair
    PrivateKey privateKey = new PrivateKeyStoreFactory().create(TestEntityIds.TEST_RP).getEncryptionPrivateKeys().get(0);
    KeyPair keyPair = new KeyPair(KeySupport.derivePublicKey(privateKey), privateKey);
    List<KeyPair>  keyPairs = asList(keyPair, keyPair);
    encryptionCredentialFactory = new TestCredentialFactory(TEST_RP_PUBLIC_ENCRYPTION_CERT, TEST_RP_PRIVATE_ENCRYPTION_KEY);
    testRpSigningCredential = new TestCredentialFactory(TEST_RP_PUBLIC_SIGNING_CERT, TEST_RP_PRIVATE_SIGNING_KEY).getSigningCredential();

    hubMetadataResolver = mock(MetadataResolver.class);

    ResponseFactory responseFactory = new ResponseFactory(keyPairs);
    DateTimeComparator dateTimeComparator = new DateTimeComparator(Duration.standardSeconds(5));
    TimeRestrictionValidator timeRestrictionValidator = new TimeRestrictionValidator(dateTimeComparator);

    SamlAssertionsSignatureValidator samlAssertionsSignatureValidator = mock(SamlAssertionsSignatureValidator.class);
    InstantValidator instantValidator = new InstantValidator(dateTimeComparator);
    SubjectValidator subjectValidator = new SubjectValidator(timeRestrictionValidator);
    ConditionsValidator conditionsValidator = new ConditionsValidator(timeRestrictionValidator, new AudienceRestrictionValidator());
    AssertionValidator assertionValidator = new AssertionValidator(instantValidator, subjectValidator, conditionsValidator);
    LevelOfAssuranceValidator levelOfAssuranceValidator = new LevelOfAssuranceValidator();
    MatchingAssertionTranslator msaAssertionService = new MatchingAssertionTranslator(assertionValidator, levelOfAssuranceValidator, samlAssertionsSignatureValidator);

    ExplicitKeySignatureTrustEngine signatureTrustEngine = new MetadataSignatureTrustEngineFactory().createSignatureTrustEngine(hubMetadataResolver);

    matchingResponseService = responseFactory.createMatchingResponseService(
        signatureTrustEngine,
        msaAssertionService,
        dateTimeComparator
    );

    eidasNonMatchingResponseService = responseFactory.createNonMatchingResponseService(
            signatureTrustEngine,
            mockAssertionTranslator,
            dateTimeComparator,
            mockUnsignedAssertionsResponseHandler
    );

    badlyConfiguredEidasNonMatchingResponseService = responseFactory.createNonMatchingResponseService(
            signatureTrustEngine,
            mockAssertionTranslator,
            dateTimeComparator,
            null
    );
}