Commit 344ddfe3 authored by michael.simon's avatar michael.simon
Browse files

compiles again. now for runtime problems

parent 97a98a6f
......@@ -15,10 +15,17 @@ import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.servlet.ServletException;
import net.shibboleth.utilities.java.support.httpclient.HttpClientBuilder;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.HttpClients;
import org.opensaml.messaging.context.InOutOperationContext;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Audience;
......@@ -257,28 +264,32 @@ public class UserLoginServiceImpl implements UserLoginService, Serializable {
AuthnRequest authnRequest = ssoHelper.buildAuthnRequest(sp.getEntityId(), sp.getEcp(),
SAMLConstants.SAML2_PAOS_BINDING_URI);
Envelope envelope = attrQueryHelper.buildSOAP11Envelope(authnRequest);
BasicSOAPMessageContext soapContext = new BasicSOAPMessageContext();
soapContext.setOutboundMessage(envelope);
//Envelope envelope = attrQueryHelper.buildSOAP11Envelope(authnRequest);
MessageContext<SAMLObject> inbound = new MessageContext<SAMLObject>();
MessageContext<SAMLObject> outbound = new MessageContext<SAMLObject>();
outbound.setMessage(authnRequest);
InOutOperationContext<SAMLObject, SAMLObject> inOutContext =
new InOutOperationContext<SAMLObject, SAMLObject>(inbound, outbound);
HttpClientBuilder clientBuilder = new HttpClientBuilder();
HttpClient client = clientBuilder.buildClient();
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(new AuthScope(bindingHost, 443),
new UsernamePasswordCredentials(username, password));
client.getParams().setAuthenticationPreemptive(true);
HttpClient client = HttpClients.custom().setDefaultCredentialsProvider(credentialsProvider).build();
client.getState().setCredentials(
new AuthScope(bindingHost, 443),
new UsernamePasswordCredentials(username, password));
HttpSOAPClient soapClient = new HttpSOAPClient(client,
samlHelper.getBasicParserPool());
HttpSOAPClient soapClient = new HttpSOAPClient();
soapClient.setHttpClient(client);
soapClient.setParserPool(samlHelper.getBasicParserPool());
try {
soapClient.send(bindingLocation, soapContext);
soapClient.send(bindingLocation, inOutContext);
} catch (SOAPClientException se) {
logger.info("Login failed for user {} idp {}", username, idp.getEntityId());
throw new LoginFailedException(se.getMessage());
}
Envelope returnEnvelope = (Envelope) soapContext.getInboundMessage();
Envelope returnEnvelope = (Envelope) inOutContext.getInboundMessageContext().getMessage();
Response response =
attrQueryHelper.getResponseFromEnvelope(returnEnvelope);
......@@ -287,7 +298,7 @@ public class UserLoginServiceImpl implements UserLoginService, Serializable {
} catch (SOAPException e) {
logger.info("exception at ecp query", e);
throw new GenericRestInterfaceException("an error occured: " + e.getMessage());
} catch (SecurityException e) {
} catch (org.opensaml.security.SecurityException e) {
logger.info("exception at ecp query", e);
throw new GenericRestInterfaceException("an error occured: " + e.getMessage());
} catch (DecryptionException e) {
......@@ -425,6 +436,9 @@ public class UserLoginServiceImpl implements UserLoginService, Serializable {
} catch (SamlAuthenticationException e) {
logger.info("exception at attribute query", e);
throw new GenericRestInterfaceException("an error occured: " + e.getMessage());
} catch (Exception e) {
logger.info("exception at attribute query", e);
throw new GenericRestInterfaceException("an error occured: " + e.getMessage());
}
}
else {
......
......@@ -295,6 +295,9 @@ public class UserUpdater implements Serializable {
} catch (SecurityException e) {
handleException(user, e, idpEntity, auditor);
throw new UserUpdateException(e);
} catch (Exception e) {
handleException(user, e, idpEntity, auditor);
throw new UserUpdateException(e);
}
try {
......
......@@ -10,10 +10,7 @@
******************************************************************************/
package edu.kit.scc.webreg.service.saml;
import java.io.IOException;
import java.io.Serializable;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.enterprise.context.ApplicationScoped;
......@@ -22,11 +19,14 @@ import javax.inject.Named;
import net.shibboleth.utilities.java.support.httpclient.HttpClientBuilder;
import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.HttpClients;
import org.joda.time.DateTime;
import org.opensaml.core.config.Configuration;
import org.opensaml.core.config.ConfigurationService;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.messaging.context.InOutOperationContext;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.saml2.core.AttributeQuery;
import org.opensaml.saml.saml2.core.Issuer;
......@@ -35,17 +35,8 @@ import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.metadata.AttributeService;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.soap.common.SOAPException;
import org.opensaml.soap.soap11.Body;
import org.opensaml.soap.soap11.Envelope;
import org.opensaml.xmlsec.DecryptionConfiguration;
import org.opensaml.xmlsec.SignatureSigningConfiguration;
import org.opensaml.xmlsec.keyinfo.KeyInfoGenerator;
import org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory;
import org.opensaml.xmlsec.signature.KeyInfo;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.SignatureConstants;
import org.slf4j.Logger;
import edu.kit.scc.webreg.entity.SamlMetadataEntity;
......@@ -72,18 +63,25 @@ public class AttributeQueryHelper implements Serializable {
private CryptoHelper cryptoHelper;
public Response query(String persistentId, SamlMetadataEntity idpEntity,
EntityDescriptor idpEntityDescriptor, SamlSpConfigurationEntity spEntity) throws MetadataException, SOAPException, SecurityException {
EntityDescriptor idpEntityDescriptor, SamlSpConfigurationEntity spEntity) throws Exception {
AttributeService attributeService = metadataHelper.getAttributeService(idpEntityDescriptor);
if (attributeService == null || attributeService.getLocation() == null)
throw new MetadataException("No Attribute Service found for IDP " + idpEntity.getEntityId());
AttributeQuery attrQuery = buildAttributeQuery(
persistentId, spEntity.getEntityId());
Envelope envelope = buildSOAP11Envelope(attrQuery);
BasicSOAPMessageContext soapContext = new BasicSOAPMessageContext();
soapContext.setOutboundMessage(envelope);
//Envelope envelope = buildSOAP11Envelope(attrQuery);
MessageContext<SAMLObject> inbound = new MessageContext<SAMLObject>();
MessageContext<SAMLObject> outbound = new MessageContext<SAMLObject>();
outbound.setMessage(attrQuery);
InOutOperationContext<SAMLObject, SAMLObject> inOutContext =
new InOutOperationContext<SAMLObject, SAMLObject>(inbound, outbound);
// BasicSOAPMessageContext soapContext = new BasicSOAPMessageContext();
// soapContext.setOutboundMessage(envelope);
/*
BasicX509Credential signingCredential;
X509Certificate x509Cert;
PrivateKey privateKey;
......@@ -95,8 +93,8 @@ public class AttributeQueryHelper implements Serializable {
} catch (IOException e1) {
throw new MetadataException("No signing credential for SP " + spEntity.getEntityId(), e1);
}
HttpClientBuilder clientBuilder = new HttpClientBuilder();
*/
// HttpClientBuilder clientBuilder = new HttpClientBuilder();
/*
try {
clientBuilder.setHttpsProtocolSocketFactory(new CustomSecureProtocolSocketFactory(x509Cert, privateKey));
......@@ -106,6 +104,8 @@ public class AttributeQueryHelper implements Serializable {
logger.info("Cannot spawn CustomSecureProtocolSocketFactory: {}", e.getMessage());
}
*/
/*
Signature signature = (Signature) samlHelper.getBuilderFactory()
.getBuilder(Signature.DEFAULT_ELEMENT_NAME)
.buildObject(Signature.DEFAULT_ELEMENT_NAME);
......@@ -131,20 +131,21 @@ public class AttributeQueryHelper implements Serializable {
signature.setKeyInfo(keyInfo);
attrQuery.setSignature(signature);
*/
HttpClient client = HttpClients.custom().build();
HttpSignableSoapClient soapClient = new HttpSignableSoapClient(
clientBuilder.buildClient(), samlHelper.getBasicParserPool(),
signature);
client, samlHelper.getBasicParserPool());
soapClient.send(attributeService.getLocation(), soapContext);
soapClient.send(attributeService.getLocation(), inOutContext);
Envelope returnEnvelope = (Envelope) soapContext.getInboundMessage();
Envelope returnEnvelope = (Envelope) inOutContext.getInboundMessageContext().getMessage();
return getResponseFromEnvelope(returnEnvelope);
}
public Response query(UserEntity entity, SamlMetadataEntity idpEntity,
EntityDescriptor idpEntityDescriptor, SamlSpConfigurationEntity spEntity) throws MetadataException, SOAPException, SecurityException {
EntityDescriptor idpEntityDescriptor, SamlSpConfigurationEntity spEntity) throws Exception {
return query(entity.getPersistentId(), idpEntity, idpEntityDescriptor, spEntity);
}
......
package edu.kit.scc.webreg.service.saml;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
public class CustomSecureProtocolSocketFactory implements SecureProtocolSocketFactory {
private KeyManager keyManager;
private SSLContext sslcontext;
public CustomSecureProtocolSocketFactory(X509Certificate cert, PrivateKey privateKey)
throws NoSuchAlgorithmException, KeyManagementException {
keyManager = new CustomKeyManager(cert, privateKey);
sslcontext = SSLContext.getInstance("SSL");
sslcontext.init(new KeyManager[] { keyManager }, null, null);
}
@Override
public Socket createSocket(String host, int port, InetAddress localAddress,
int localPort) throws IOException, UnknownHostException {
return sslcontext.getSocketFactory().createSocket(
host, port, localAddress, localPort);
}
@Override
public Socket createSocket(String host, int port, InetAddress localAddress,
int localPort, HttpConnectionParams params) throws IOException,
UnknownHostException, ConnectTimeoutException {
return sslcontext.getSocketFactory().createSocket(
host, port, localAddress, localPort);
}
@Override
public Socket createSocket(String host, int port) throws IOException,
UnknownHostException {
return sslcontext.getSocketFactory().createSocket(
host, port);
}
@Override
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
return sslcontext.getSocketFactory().createSocket(
socket, host, port, autoClose);
}
}
......@@ -10,27 +10,14 @@
******************************************************************************/
package edu.kit.scc.webreg.service.saml;
import java.io.ByteArrayOutputStream;
import java.io.OutputStreamWriter;
import java.io.Serializable;
import java.nio.charset.Charset;
import net.shibboleth.utilities.java.support.xml.ParserPool;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.apache.http.client.HttpClient;
import org.opensaml.core.config.Configuration;
import org.opensaml.core.xml.io.Marshaller;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.soap.client.SOAPClientException;
import org.opensaml.soap.client.http.HttpSOAPClient;
import org.opensaml.soap.soap11.Envelope;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.Signer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
public class HttpSignableSoapClient extends HttpSOAPClient implements Serializable {
......@@ -38,33 +25,32 @@ public class HttpSignableSoapClient extends HttpSOAPClient implements Serializab
private static Logger logger = LoggerFactory.getLogger(HttpSignableSoapClient.class);
private Signature signature;
public HttpSignableSoapClient(HttpClient client, ParserPool parser, Signature signature) {
super(client, parser);
this.signature = signature;
public HttpSignableSoapClient(HttpClient client, ParserPool parser) {
super();
setHttpClient(client);
setParserPool(parser);
}
@Override
protected RequestEntity createRequestEntity(Envelope message, Charset charset) throws SOAPClientException {
try {
Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(message);
ByteArrayOutputStream arrayOut = new ByteArrayOutputStream();
Element element = marshaller.marshall(message);
try {
Signer.signObject(signature);
} catch (SignatureException e) {
throw new SOAPClientException(e);
}
if (logger.isDebugEnabled()) {
logger.debug("Outbound SOAP message is:\n" + SerializeSupport.prettyPrintXML(element));
}
SerializeSupport.writeNode(element, arrayOut);
return new ByteArrayRequestEntity(arrayOut.toByteArray(), "text/xml");
} catch (MarshallingException e) {
throw new SOAPClientException("Unable to marshall SOAP envelope", e);
}
}
// @Override
// protected RequestEntity createRequestEntity(Envelope message, Charset charset) throws SOAPClientException {
// try {
// Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(message);
// ByteArrayOutputStream arrayOut = new ByteArrayOutputStream();
//
// Element element = marshaller.marshall(message);
// try {
// Signer.signObject(signature);
// } catch (SignatureException e) {
// throw new SOAPClientException(e);
// }
//
// if (logger.isDebugEnabled()) {
// logger.debug("Outbound SOAP message is:\n" + SerializeSupport.prettyPrintXML(element));
// }
// SerializeSupport.writeNode(element, arrayOut);
// return new ByteArrayRequestEntity(arrayOut.toByteArray(), "text/xml");
// } catch (MarshallingException e) {
// throw new SOAPClientException("Unable to marshall SOAP envelope", e);
// }
// }
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment