mirror of
https://gitee.com/dromara/MaxKey.git
synced 2026-05-14 20:50:14 +08:00
SAML METADATA
This commit is contained in:
shimingxy
1
maxkey-core/.sts4-cache/classpath-data.json
Normal file
1
maxkey-core/.sts4-cache/classpath-data.json
Normal file
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
@@ -39,12 +39,10 @@ import org.w3c.dom.Element;
|
||||
*
|
||||
*/
|
||||
public class MetadataDescriptorUtil {
|
||||
|
||||
private final static Logger logger = LoggerFactory.getLogger(MetadataDescriptorUtil.class);
|
||||
|
||||
private static MetadataDescriptorUtil instance = null;
|
||||
|
||||
private final static Logger logger = LoggerFactory
|
||||
.getLogger(MetadataDescriptorUtil.class);
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
@@ -78,8 +76,7 @@ public class MetadataDescriptorUtil {
|
||||
// validation
|
||||
filesystemMetadataProvider.setParserPool(new BasicParserPool());
|
||||
filesystemMetadataProvider.initialize();
|
||||
EntityDescriptor entityDescriptor = (EntityDescriptorImpl) filesystemMetadataProvider
|
||||
.getMetadata();
|
||||
EntityDescriptor entityDescriptor = (EntityDescriptorImpl) filesystemMetadataProvider.getMetadata();
|
||||
return entityDescriptor;
|
||||
} catch (MetadataProviderException e) {
|
||||
logger.error("元数据解析出错", e);
|
||||
@@ -96,10 +93,8 @@ public class MetadataDescriptorUtil {
|
||||
Document inMetadataDoc = basicParserPool.parse(inputStream);
|
||||
Element metadataRoot = inMetadataDoc.getDocumentElement();
|
||||
|
||||
UnmarshallerFactory unmarshallerFactory = Configuration
|
||||
.getUnmarshallerFactory();
|
||||
Unmarshaller unmarshaller = unmarshallerFactory
|
||||
.getUnmarshaller(metadataRoot);
|
||||
UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
|
||||
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(metadataRoot);
|
||||
|
||||
// unmarshaller.unmarshall(arg0)
|
||||
// Unmarshall using the document root element, an EntitiesDescriptor
|
||||
@@ -128,14 +123,12 @@ public class MetadataDescriptorUtil {
|
||||
public EntityDescriptor getEntityDescriptor(Element elementMetadata)
|
||||
throws Exception {
|
||||
try {
|
||||
DOMMetadataProvider dOMMetadataProvider = new DOMMetadataProvider(
|
||||
elementMetadata);
|
||||
DOMMetadataProvider dOMMetadataProvider = new DOMMetadataProvider(elementMetadata);
|
||||
dOMMetadataProvider.setRequireValidMetadata(true); // Enable
|
||||
// validation
|
||||
dOMMetadataProvider.setParserPool(new BasicParserPool());
|
||||
dOMMetadataProvider.initialize();
|
||||
EntityDescriptor entityDescriptor = (EntityDescriptorImpl) dOMMetadataProvider
|
||||
.getMetadata();
|
||||
EntityDescriptor entityDescriptor = (EntityDescriptorImpl) dOMMetadataProvider.getMetadata();
|
||||
return entityDescriptor;
|
||||
} catch (MetadataProviderException e) {
|
||||
logger.error("元数据解析出错", e);
|
||||
@@ -157,8 +150,7 @@ public class MetadataDescriptorUtil {
|
||||
File file = new File("d:\\SAMLSP-00D90000000hf9n.xml");
|
||||
org.opensaml.DefaultBootstrap.bootstrap();
|
||||
|
||||
EntityDescriptor entityDescriptor = MetadataDescriptorUtil.getInstance()
|
||||
.getEntityDescriptor(file);
|
||||
EntityDescriptor entityDescriptor = MetadataDescriptorUtil.getInstance().getEntityDescriptor(file);
|
||||
|
||||
// System.out.println("2 : "+entityDescriptor.getRoleDescriptors());
|
||||
|
||||
@@ -193,11 +185,9 @@ public class MetadataDescriptorUtil {
|
||||
// //two
|
||||
InputStream in = new FileInputStream(file);
|
||||
|
||||
EntityDescriptor entityDescriptor1 = MetadataDescriptorUtil.getInstance()
|
||||
.getEntityDescriptor(in);
|
||||
EntityDescriptor entityDescriptor1 = MetadataDescriptorUtil.getInstance().getEntityDescriptor(in);
|
||||
|
||||
SPSSODescriptor sPSSODescriptor = entityDescriptor1
|
||||
.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
|
||||
SPSSODescriptor sPSSODescriptor = entityDescriptor1.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
|
||||
|
||||
System.out.println("ok :"+sPSSODescriptor.getAssertionConsumerServices().get(0).getLocation());
|
||||
|
||||
|
||||
@@ -4,12 +4,9 @@ package org.maxkey.authz.saml20.metadata;
|
||||
import org.opensaml.DefaultBootstrap;
|
||||
import org.maxkey.authz.saml.common.TrustResolver;
|
||||
import org.maxkey.crypto.keystore.KeyStoreLoader;
|
||||
import org.opensaml.Configuration;
|
||||
|
||||
import org.opensaml.util.storage.MapBasedStorageService;
|
||||
import org.opensaml.util.storage.ReplayCache;
|
||||
|
||||
import org.opensaml.common.SAMLObjectBuilder;
|
||||
import org.opensaml.common.binding.security.IssueInstantRule;
|
||||
import org.opensaml.common.binding.security.MessageReplayRule;
|
||||
import org.opensaml.xml.ConfigurationException;
|
||||
@@ -63,7 +60,11 @@ import org.opensaml.saml2.metadata.SurName;
|
||||
import org.opensaml.saml2.metadata.TelephoneNumber;
|
||||
import org.opensaml.saml2.metadata.impl.CompanyBuilder;
|
||||
import org.opensaml.saml2.metadata.impl.EmailAddressBuilder;
|
||||
import org.opensaml.saml2.metadata.impl.EntityDescriptorBuilder;
|
||||
import org.opensaml.saml2.metadata.impl.GivenNameBuilder;
|
||||
import org.opensaml.saml2.metadata.impl.KeyDescriptorBuilder;
|
||||
import org.opensaml.saml2.metadata.impl.ManageNameIDServiceBuilder;
|
||||
import org.opensaml.saml2.metadata.impl.NameIDFormatBuilder;
|
||||
import org.opensaml.saml2.metadata.impl.OrganizationBuilder;
|
||||
import org.opensaml.saml2.metadata.impl.OrganizationDisplayNameBuilder;
|
||||
import org.opensaml.saml2.metadata.impl.OrganizationNameBuilder;
|
||||
@@ -78,6 +79,33 @@ import java.security.KeyStore;
|
||||
public class MetadataGenerator {
|
||||
private final static Logger logger = LoggerFactory.getLogger(MetadataGenerator.class);
|
||||
|
||||
/** Parser manager used to parse XML. */
|
||||
protected static BasicParserPool parser;
|
||||
|
||||
/** XMLObject builder factory. */
|
||||
protected static XMLObjectBuilderFactory builderFactory;
|
||||
|
||||
/** XMLObject marshaller factory. */
|
||||
protected static MarshallerFactory marshallerFactory;
|
||||
|
||||
/** XMLObject unmarshaller factory. */
|
||||
protected static UnmarshallerFactory unmarshallerFactory;
|
||||
|
||||
/** Constructor. */
|
||||
public MetadataGenerator() {
|
||||
try {
|
||||
parser = new BasicParserPool();
|
||||
parser.setNamespaceAware(true);
|
||||
DefaultBootstrap.bootstrap();
|
||||
builderFactory = org.opensaml.xml.Configuration.getBuilderFactory();
|
||||
marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
|
||||
unmarshallerFactory = org.opensaml.xml.Configuration.getUnmarshallerFactory();
|
||||
} catch (ConfigurationException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
public static void main(String args[]) {
|
||||
MetadataGenerator metadataGenerator=new MetadataGenerator();
|
||||
|
||||
@@ -87,10 +115,6 @@ public class MetadataGenerator {
|
||||
|
||||
public void samlmtest(){
|
||||
try {
|
||||
// OpenSAML 2.5.3
|
||||
|
||||
XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
|
||||
|
||||
KeyStoreLoader keyStoreLoader=new KeyStoreLoader();
|
||||
keyStoreLoader.setKeystorePassword("secret");
|
||||
keyStoreLoader.setKeystoreFile("D:/JavaIDE/cert/idp-keystore.jks");
|
||||
@@ -126,11 +150,11 @@ public class MetadataGenerator {
|
||||
|
||||
IDPSSODescriptor descriptor = buildIDPSSODescriptor();
|
||||
|
||||
descriptor.getSingleSignOnServices().add(getSingleSignOnService("http://www.qoros.com/sso",null));
|
||||
descriptor.getSingleSignOnServices().add(getSingleSignOnService("http://sso.maxkey.org/sso",null));
|
||||
|
||||
descriptor.getSingleSignOnServices().add(getSingleSignOnService("http://www.qoros.com/sso",SAMLConstants.SAML2_POST_SIMPLE_SIGN_BINDING_URI));
|
||||
descriptor.getSingleSignOnServices().add(getSingleSignOnService("http://sso.maxkey.org/sso",SAMLConstants.SAML2_POST_SIMPLE_SIGN_BINDING_URI));
|
||||
|
||||
descriptor.getSingleLogoutServices().add(getSingleLogoutService("http://www.qoros.com/slo",null));
|
||||
descriptor.getSingleLogoutServices().add(getSingleLogoutService("http://sso.maxkey.org/slo",null));
|
||||
|
||||
descriptor.getKeyDescriptors().add(generateEncryptionKeyDescriptor(signingCredential));
|
||||
|
||||
@@ -141,9 +165,9 @@ public class MetadataGenerator {
|
||||
descriptor.getNameIDFormats().add(generateNameIDFormat(NameIDType.EMAIL));
|
||||
descriptor.getNameIDFormats().add(generateNameIDFormat(NameIDType.ENTITY));
|
||||
|
||||
descriptor.getContactPersons().add(getContactPerson("qoros","shi","ming","shimh@connsec.com","18724229876",null));
|
||||
descriptor.getContactPersons().add(getContactPerson("maxkey","shi","ming","shimingxy@163.com","18724229876",null));
|
||||
|
||||
descriptor.setOrganization(getOrganization("qoros","qorosc","http://www.qoros.com"));
|
||||
descriptor.setOrganization(getOrganization("maxkey","maxkey","http://sso.maxkey.org"));
|
||||
|
||||
String entityId="http://www.test.com";
|
||||
|
||||
@@ -163,51 +187,43 @@ public class MetadataGenerator {
|
||||
|
||||
|
||||
public IDPSSODescriptor buildIDPSSODescriptor(){
|
||||
|
||||
QName qname = new QName(SAMLConstants.SAML20MD_NS, IDPSSODescriptor.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20MD_PREFIX);
|
||||
IDPSSODescriptor idpSSODescriptor = (IDPSSODescriptor) buildXMLObject(qname);
|
||||
IDPSSODescriptor idpSSODescriptor = (IDPSSODescriptor) buildXMLObject(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
|
||||
idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
|
||||
|
||||
return idpSSODescriptor;
|
||||
}
|
||||
|
||||
public EntityDescriptor buildEntityDescriptor(String entityId,RoleDescriptor roleDescriptor){
|
||||
|
||||
SAMLObjectBuilder<EntityDescriptor> builder = (SAMLObjectBuilder<EntityDescriptor>) builderFactory.getBuilder(EntityDescriptor.DEFAULT_ELEMENT_NAME);
|
||||
EntityDescriptor entityDescriptor = builder.buildObject();
|
||||
EntityDescriptor entityDescriptor = new EntityDescriptorBuilder().buildObject();
|
||||
entityDescriptor.setEntityID(entityId);
|
||||
entityDescriptor.getRoleDescriptors().add(roleDescriptor);
|
||||
|
||||
return entityDescriptor;
|
||||
}
|
||||
|
||||
public Document marshallerMetadata(EntityDescriptor entityDescriptor){
|
||||
Document document = null;
|
||||
try{
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
|
||||
DocumentBuilder documentBuilder = factory.newDocumentBuilder();
|
||||
|
||||
document = documentBuilder.newDocument();
|
||||
|
||||
Marshaller marshaller = marshallerFactory.getMarshaller(entityDescriptor);
|
||||
marshaller.marshall(entityDescriptor, document);
|
||||
}catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
return document;
|
||||
|
||||
}
|
||||
public Document marshallerMetadata(EntityDescriptor entityDescriptor) {
|
||||
Document document = null;
|
||||
try {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
|
||||
DocumentBuilder documentBuilder = factory.newDocumentBuilder();
|
||||
|
||||
document = documentBuilder.newDocument();
|
||||
|
||||
Marshaller marshaller = marshallerFactory.getMarshaller(entityDescriptor);
|
||||
marshaller.marshall(entityDescriptor, document);
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
|
||||
return document;
|
||||
|
||||
}
|
||||
|
||||
public ManageNameIDService getManageNameIDService(String url){
|
||||
QName manageNameIDServiceQName = new QName(SAMLConstants.SAML20MD_NS, ManageNameIDService.DEFAULT_ELEMENT_LOCAL_NAME,
|
||||
SAMLConstants.SAML20MD_PREFIX);
|
||||
ManageNameIDService manageNameIDService= (ManageNameIDService) buildXMLObject(manageNameIDServiceQName);
|
||||
ManageNameIDService manageNameIDService=new ManageNameIDServiceBuilder().buildObject();
|
||||
manageNameIDService.setLocation(url);
|
||||
manageNameIDService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
|
||||
|
||||
return null;
|
||||
return manageNameIDService;
|
||||
}
|
||||
|
||||
public Organization getOrganization(String name,String displayName,String url){
|
||||
@@ -235,11 +251,7 @@ public class MetadataGenerator {
|
||||
}
|
||||
|
||||
public ContactPerson getContactPerson(String companyName,String givenName,String surName,String emailAddress,String telephoneNumber,ContactPersonTypeEnumeration contactPersonType){
|
||||
|
||||
QName contactQName = new QName(SAMLConstants.SAML20MD_NS, ContactPerson.DEFAULT_ELEMENT_LOCAL_NAME,
|
||||
SAMLConstants.SAML20MD_PREFIX);
|
||||
|
||||
ContactPerson contactPerson= (ContactPerson) buildXMLObject(contactQName);
|
||||
ContactPerson contactPerson= (ContactPerson) buildXMLObject(ContactPerson.DEFAULT_ELEMENT_NAME);
|
||||
|
||||
contactPerson.setType(contactPersonType);
|
||||
|
||||
@@ -266,8 +278,7 @@ public class MetadataGenerator {
|
||||
return contactPerson;
|
||||
}
|
||||
public SingleSignOnService getSingleSignOnService(String location,String binding){
|
||||
QName ssoQName = new QName(SAMLConstants.SAML20MD_NS, SingleSignOnService.DEFAULT_ELEMENT_LOCAL_NAME,SAMLConstants.SAML20MD_PREFIX);
|
||||
SingleSignOnService singleSignOnService=(SingleSignOnService) buildXMLObject(ssoQName);
|
||||
SingleSignOnService singleSignOnService=(SingleSignOnService) buildXMLObject(SingleSignOnService.DEFAULT_ELEMENT_NAME);
|
||||
if(binding==null){
|
||||
binding=SAMLConstants.SAML2_POST_BINDING_URI;
|
||||
}
|
||||
@@ -278,8 +289,7 @@ public class MetadataGenerator {
|
||||
}
|
||||
|
||||
public SingleLogoutService getSingleLogoutService(String location,String binding){
|
||||
QName sloQName = new QName(SAMLConstants.SAML20MD_NS, SingleLogoutService.DEFAULT_ELEMENT_LOCAL_NAME,SAMLConstants.SAML20MD_PREFIX);
|
||||
SingleLogoutService singleLogoutService=(SingleLogoutService) buildXMLObject(sloQName);
|
||||
SingleLogoutService singleLogoutService=(SingleLogoutService) buildXMLObject(SingleLogoutService.DEFAULT_ELEMENT_NAME);
|
||||
if(binding==null){
|
||||
binding=SAMLConstants.SAML2_REDIRECT_BINDING_URI;
|
||||
}
|
||||
@@ -289,7 +299,7 @@ public class MetadataGenerator {
|
||||
}
|
||||
|
||||
public NameIDFormat generateNameIDFormat(String nameIDType){
|
||||
NameIDFormat nameIDFormat =((SAMLObjectBuilder<NameIDFormat>) builderFactory.getBuilder(NameIDFormat.DEFAULT_ELEMENT_NAME)).buildObject();
|
||||
NameIDFormat nameIDFormat =new NameIDFormatBuilder().buildObject();
|
||||
nameIDFormat.setFormat(nameIDType);
|
||||
return nameIDFormat;
|
||||
}
|
||||
@@ -303,7 +313,7 @@ public class MetadataGenerator {
|
||||
}
|
||||
|
||||
public KeyDescriptor generateSignKeyDescriptor(Credential signingCredential){
|
||||
KeyDescriptor signKeyDescriptor = ((SAMLObjectBuilder<KeyDescriptor>) builderFactory.getBuilder(KeyDescriptor.DEFAULT_ELEMENT_NAME)).buildObject();
|
||||
KeyDescriptor signKeyDescriptor = new KeyDescriptorBuilder().buildObject();
|
||||
|
||||
signKeyDescriptor.setUse(UsageType.SIGNING); //Set usage
|
||||
|
||||
@@ -311,21 +321,22 @@ public class MetadataGenerator {
|
||||
try {
|
||||
signKeyDescriptor.setKeyInfo(getKeyInfoGenerator().generate(signingCredential));
|
||||
} catch (SecurityException e) {
|
||||
log.error(e.getMessage(), e);
|
||||
logger.error(e.getMessage(), e);
|
||||
}
|
||||
|
||||
return signKeyDescriptor;
|
||||
}
|
||||
|
||||
public KeyDescriptor generateEncryptionKeyDescriptor(Credential signingCredential){
|
||||
KeyDescriptor encryptionKeyDescriptor = ((SAMLObjectBuilder<KeyDescriptor>) builderFactory.getBuilder(KeyDescriptor.DEFAULT_ELEMENT_NAME)).buildObject();
|
||||
KeyDescriptor encryptionKeyDescriptor = new KeyDescriptorBuilder().buildObject();
|
||||
|
||||
encryptionKeyDescriptor.setUse(UsageType.ENCRYPTION);
|
||||
|
||||
// Generating key info. The element will contain the public key. The key is used to by the IDP to encrypt data
|
||||
try {
|
||||
encryptionKeyDescriptor.setKeyInfo(getKeyInfoGenerator().generate(signingCredential));
|
||||
} catch (SecurityException e) {
|
||||
log.error(e.getMessage(), e);
|
||||
logger.error(e.getMessage(), e);
|
||||
}
|
||||
|
||||
return encryptionKeyDescriptor;
|
||||
@@ -340,18 +351,18 @@ public class MetadataGenerator {
|
||||
}
|
||||
|
||||
|
||||
protected static XMLObject unmarshallElement( Document doc) {
|
||||
public static XMLObject unmarshallElement( Document doc) {
|
||||
try {
|
||||
Element samlElement = doc.getDocumentElement();
|
||||
|
||||
Unmarshaller unmarshaller = org.opensaml.xml.Configuration.getUnmarshallerFactory().getUnmarshaller(samlElement);
|
||||
if (unmarshaller == null) {
|
||||
;//fail("Unable to retrieve unmarshaller by DOM Element");
|
||||
logger.error("Unable to retrieve unmarshaller by DOM Element");
|
||||
}
|
||||
|
||||
return unmarshaller.unmarshall(samlElement);
|
||||
}catch (UnmarshallingException e) {
|
||||
//fail("Unmarshalling failed when parsing element file " + elementFile + ": " + e);
|
||||
logger.error("Unmarshalling failed when parsing doc : " , e);
|
||||
}
|
||||
|
||||
return null;
|
||||
@@ -361,52 +372,23 @@ public class MetadataGenerator {
|
||||
public static Element marshallerElement( XMLObject xmlObject) {
|
||||
Marshaller marshaller = marshallerFactory.getMarshaller(xmlObject);
|
||||
if(marshaller == null){
|
||||
//fail("Unable to locate marshaller for " + xmlObject.getElementQName() + " can not perform equality check assertion");
|
||||
logger.error("Unable to locate marshaller for " + xmlObject.getElementQName() + " can not perform equality check assertion");
|
||||
}
|
||||
|
||||
Element generatedDOM=null;
|
||||
try {
|
||||
generatedDOM = marshaller.marshall(xmlObject, parser.newDocument());
|
||||
if(log.isDebugEnabled()) {
|
||||
log.debug("Marshalled DOM was " + XMLHelper.nodeToString(generatedDOM));
|
||||
if(logger.isDebugEnabled()) {
|
||||
logger.debug("Marshalled DOM was " + XMLHelper.nodeToString(generatedDOM));
|
||||
}
|
||||
// assertXMLEqual(failMessage, expectedDOM, generatedDOM.getOwnerDocument());
|
||||
} catch (Exception e) {
|
||||
log.error("Marshalling failed with the following error:", e);
|
||||
// fail("Marshalling failed with the following error: " + e);
|
||||
logger.error("Marshalling failed with the following error:", e);
|
||||
}
|
||||
return generatedDOM;
|
||||
}
|
||||
|
||||
|
||||
/** Parser manager used to parse XML. */
|
||||
protected static BasicParserPool parser;
|
||||
|
||||
/** XMLObject builder factory. */
|
||||
protected static XMLObjectBuilderFactory builderFactory;
|
||||
|
||||
/** XMLObject marshaller factory. */
|
||||
protected static MarshallerFactory marshallerFactory;
|
||||
|
||||
/** XMLObject unmarshaller factory. */
|
||||
protected static UnmarshallerFactory unmarshallerFactory;
|
||||
|
||||
/** Class logger. */
|
||||
private static Logger log = LoggerFactory.getLogger(MetadataGenerator.class);
|
||||
|
||||
/** Constructor. */
|
||||
public MetadataGenerator(){
|
||||
|
||||
parser = new BasicParserPool();
|
||||
parser.setNamespaceAware(true);
|
||||
try {
|
||||
DefaultBootstrap.bootstrap();
|
||||
} catch (ConfigurationException e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
builderFactory = org.opensaml.xml.Configuration.getBuilderFactory();
|
||||
marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
|
||||
unmarshallerFactory = org.opensaml.xml.Configuration.getUnmarshallerFactory();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Reference in New Issue
Block a user