SAML METADATA

2020-02-27 10:26:29 +08:00
parent 02ca81ddd9
commit 02fe58cd35
6 changed files with 89 additions and 115 deletions
--- a/maxkey-protocols/maxkey-protocol-saml-2.0/.sts4-cache/classpath-data.json
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/.sts4-cache/classpath-data.json
--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/metadata/MetadataDescriptorUtil.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/metadata/MetadataDescriptorUtil.java
@@ -39,12 +39,10 @@ import org.w3c.dom.Element;
 * 
 */
 public class MetadataDescriptorUtil {
-
+	private final static Logger logger = LoggerFactory.getLogger(MetadataDescriptorUtil.class);
+	
 	private static MetadataDescriptorUtil instance = null;
-
-	private final static Logger logger = LoggerFactory
-			.getLogger(MetadataDescriptorUtil.class);
-
+	
 	/**
 	 * 
 	 */
@@ -78,8 +76,7 @@ public class MetadataDescriptorUtil {
 			// validation
 			filesystemMetadataProvider.setParserPool(new BasicParserPool());
 			filesystemMetadataProvider.initialize();
-			EntityDescriptor entityDescriptor = (EntityDescriptorImpl) filesystemMetadataProvider
-					.getMetadata();
+			EntityDescriptor entityDescriptor = (EntityDescriptorImpl) filesystemMetadataProvider.getMetadata();
 			return entityDescriptor;
 		} catch (MetadataProviderException e) {
 			logger.error("元数据解析出错", e);
@@ -96,10 +93,8 @@ public class MetadataDescriptorUtil {
 			Document inMetadataDoc = basicParserPool.parse(inputStream);
 			Element metadataRoot = inMetadataDoc.getDocumentElement();

-			UnmarshallerFactory unmarshallerFactory = Configuration
-					.getUnmarshallerFactory();
-			Unmarshaller unmarshaller = unmarshallerFactory
-					.getUnmarshaller(metadataRoot);
+			UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
+			Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(metadataRoot);

 			// unmarshaller.unmarshall(arg0)
 			// Unmarshall using the document root element, an EntitiesDescriptor
@@ -128,14 +123,12 @@ public class MetadataDescriptorUtil {
 	public EntityDescriptor getEntityDescriptor(Element elementMetadata)
 			throws Exception {
 		try {
-			DOMMetadataProvider dOMMetadataProvider = new DOMMetadataProvider(
-					elementMetadata);
+			DOMMetadataProvider dOMMetadataProvider = new DOMMetadataProvider(elementMetadata);
 			dOMMetadataProvider.setRequireValidMetadata(true); // Enable
 																// validation
 			dOMMetadataProvider.setParserPool(new BasicParserPool());
 			dOMMetadataProvider.initialize();
-			EntityDescriptor entityDescriptor = (EntityDescriptorImpl) dOMMetadataProvider
-					.getMetadata();
+			EntityDescriptor entityDescriptor = (EntityDescriptorImpl) dOMMetadataProvider.getMetadata();
 			return entityDescriptor;
 		} catch (MetadataProviderException e) {
 			logger.error("元数据解析出错", e);
@@ -157,8 +150,7 @@ public class MetadataDescriptorUtil {
 		File file = new File("d:\\SAMLSP-00D90000000hf9n.xml");
 		org.opensaml.DefaultBootstrap.bootstrap();
 		
-		EntityDescriptor entityDescriptor = MetadataDescriptorUtil.getInstance()
-				.getEntityDescriptor(file);
+		EntityDescriptor entityDescriptor = MetadataDescriptorUtil.getInstance().getEntityDescriptor(file);

 		// System.out.println("2 : "+entityDescriptor.getRoleDescriptors());

@@ -193,11 +185,9 @@ public class MetadataDescriptorUtil {
 		// //two
 		InputStream in = new FileInputStream(file);

-		EntityDescriptor entityDescriptor1 = MetadataDescriptorUtil.getInstance()
-				.getEntityDescriptor(in);
+		EntityDescriptor entityDescriptor1 = MetadataDescriptorUtil.getInstance().getEntityDescriptor(in);

-		SPSSODescriptor sPSSODescriptor = entityDescriptor1
-				.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
+		SPSSODescriptor sPSSODescriptor = entityDescriptor1.getSPSSODescriptor(SAMLConstants.SAML20P_NS);

 		 System.out.println("ok :"+sPSSODescriptor.getAssertionConsumerServices().get(0).getLocation());

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/metadata/MetadataGenerator.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/metadata/MetadataGenerator.java
@@ -4,12 +4,9 @@ package org.maxkey.authz.saml20.metadata;
 import org.opensaml.DefaultBootstrap;
 import org.maxkey.authz.saml.common.TrustResolver;
 import org.maxkey.crypto.keystore.KeyStoreLoader;
-import org.opensaml.Configuration;
-
 import org.opensaml.util.storage.MapBasedStorageService;
 import org.opensaml.util.storage.ReplayCache;

-import org.opensaml.common.SAMLObjectBuilder;
 import org.opensaml.common.binding.security.IssueInstantRule;
 import org.opensaml.common.binding.security.MessageReplayRule;
 import org.opensaml.xml.ConfigurationException;
@@ -63,7 +60,11 @@ import org.opensaml.saml2.metadata.SurName;
 import org.opensaml.saml2.metadata.TelephoneNumber;
 import org.opensaml.saml2.metadata.impl.CompanyBuilder;
 import org.opensaml.saml2.metadata.impl.EmailAddressBuilder;
+import org.opensaml.saml2.metadata.impl.EntityDescriptorBuilder;
 import org.opensaml.saml2.metadata.impl.GivenNameBuilder;
+import org.opensaml.saml2.metadata.impl.KeyDescriptorBuilder;
+import org.opensaml.saml2.metadata.impl.ManageNameIDServiceBuilder;
+import org.opensaml.saml2.metadata.impl.NameIDFormatBuilder;
 import org.opensaml.saml2.metadata.impl.OrganizationBuilder;
 import org.opensaml.saml2.metadata.impl.OrganizationDisplayNameBuilder;
 import org.opensaml.saml2.metadata.impl.OrganizationNameBuilder;
@@ -78,6 +79,33 @@ import java.security.KeyStore;
 public class MetadataGenerator {
 	private final static Logger logger = LoggerFactory.getLogger(MetadataGenerator.class);

+	/** Parser manager used to parse XML. */
+	protected static BasicParserPool parser;
+
+	/** XMLObject builder factory. */
+	protected static XMLObjectBuilderFactory builderFactory;
+
+	/** XMLObject marshaller factory. */
+	protected static MarshallerFactory marshallerFactory;
+
+	/** XMLObject unmarshaller factory. */
+	protected static UnmarshallerFactory unmarshallerFactory;
+
+	/** Constructor. */
+	public MetadataGenerator() {
+		try {
+			parser = new BasicParserPool();
+			parser.setNamespaceAware(true);
+			DefaultBootstrap.bootstrap();
+			builderFactory = org.opensaml.xml.Configuration.getBuilderFactory();
+			marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
+			unmarshallerFactory = org.opensaml.xml.Configuration.getUnmarshallerFactory();
+		} catch (ConfigurationException e) {
+			e.printStackTrace();
+		}
+
+	}
+		
   public static void main(String args[]) {
 	   MetadataGenerator metadataGenerator=new  MetadataGenerator();
 	   
@@ -87,10 +115,6 @@ public class MetadataGenerator {
   
   public  void samlmtest(){
 	    try {
-	         // OpenSAML 2.5.3
-	       
-	         XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();     
-	         
 	         KeyStoreLoader keyStoreLoader=new  KeyStoreLoader();
 	         keyStoreLoader.setKeystorePassword("secret");
 	         keyStoreLoader.setKeystoreFile("D:/JavaIDE/cert/idp-keystore.jks");
@@ -126,11 +150,11 @@ public class MetadataGenerator {
 	 		
 	        IDPSSODescriptor descriptor = buildIDPSSODescriptor();

-	        descriptor.getSingleSignOnServices().add(getSingleSignOnService("http://www.qoros.com/sso",null));
+	        descriptor.getSingleSignOnServices().add(getSingleSignOnService("http://sso.maxkey.org/sso",null));
 	        
-	        descriptor.getSingleSignOnServices().add(getSingleSignOnService("http://www.qoros.com/sso",SAMLConstants.SAML2_POST_SIMPLE_SIGN_BINDING_URI));
+	        descriptor.getSingleSignOnServices().add(getSingleSignOnService("http://sso.maxkey.org/sso",SAMLConstants.SAML2_POST_SIMPLE_SIGN_BINDING_URI));
 	        
-	        descriptor.getSingleLogoutServices().add(getSingleLogoutService("http://www.qoros.com/slo",null));
+	        descriptor.getSingleLogoutServices().add(getSingleLogoutService("http://sso.maxkey.org/slo",null));
 	             
 	        descriptor.getKeyDescriptors().add(generateEncryptionKeyDescriptor(signingCredential));  
 	         
@@ -141,9 +165,9 @@ public class MetadataGenerator {
 	        descriptor.getNameIDFormats().add(generateNameIDFormat(NameIDType.EMAIL)); 
 	        descriptor.getNameIDFormats().add(generateNameIDFormat(NameIDType.ENTITY));
 	         
-            descriptor.getContactPersons().add(getContactPerson("qoros","shi","ming","shimh@connsec.com","18724229876",null));
+            descriptor.getContactPersons().add(getContactPerson("maxkey","shi","ming","shimingxy@163.com","18724229876",null));
             
-            descriptor.setOrganization(getOrganization("qoros","qorosc","http://www.qoros.com"));
+            descriptor.setOrganization(getOrganization("maxkey","maxkey","http://sso.maxkey.org"));

            String entityId="http://www.test.com";
            
@@ -163,51 +187,43 @@ public class MetadataGenerator {
   
   
   public IDPSSODescriptor buildIDPSSODescriptor(){
-	   
-	   QName qname = new QName(SAMLConstants.SAML20MD_NS, IDPSSODescriptor.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20MD_PREFIX);
-       IDPSSODescriptor idpSSODescriptor = (IDPSSODescriptor) buildXMLObject(qname);
+	   IDPSSODescriptor idpSSODescriptor = (IDPSSODescriptor) buildXMLObject(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
       idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); 
-       
       return idpSSODescriptor;
   }
   
   public EntityDescriptor buildEntityDescriptor(String entityId,RoleDescriptor roleDescriptor){
-	   
-	   SAMLObjectBuilder<EntityDescriptor> builder = (SAMLObjectBuilder<EntityDescriptor>) builderFactory.getBuilder(EntityDescriptor.DEFAULT_ELEMENT_NAME);
-       EntityDescriptor entityDescriptor = builder.buildObject();
+       EntityDescriptor entityDescriptor = new EntityDescriptorBuilder().buildObject();
       entityDescriptor.setEntityID(entityId);
       entityDescriptor.getRoleDescriptors().add(roleDescriptor);
       
       return entityDescriptor;
   }
   
-   public Document marshallerMetadata(EntityDescriptor entityDescriptor){
-	   Document document = null;
-	   try{
-		   DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();  
-	       
-	       DocumentBuilder documentBuilder = factory.newDocumentBuilder();  
-	       
-	       document = documentBuilder.newDocument();  
-	       
-	       Marshaller marshaller = marshallerFactory.getMarshaller(entityDescriptor);  
-	       marshaller.marshall(entityDescriptor, document);  
-	   }catch (Exception e) {
-           e.printStackTrace();
-	   }
-	   
-       return document;
-       
-   }
+	public Document marshallerMetadata(EntityDescriptor entityDescriptor) {
+		Document document = null;
+		try {
+			DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+
+			DocumentBuilder documentBuilder = factory.newDocumentBuilder();
+
+			document = documentBuilder.newDocument();
+
+			Marshaller marshaller = marshallerFactory.getMarshaller(entityDescriptor);
+			marshaller.marshall(entityDescriptor, document);
+		} catch (Exception e) {
+			e.printStackTrace();
+		}
+
+		return document;
+
+	}
   
   public ManageNameIDService getManageNameIDService(String url){
-	   QName manageNameIDServiceQName = new QName(SAMLConstants.SAML20MD_NS, ManageNameIDService.DEFAULT_ELEMENT_LOCAL_NAME,
-               SAMLConstants.SAML20MD_PREFIX);
-	   ManageNameIDService manageNameIDService= (ManageNameIDService) buildXMLObject(manageNameIDServiceQName);
+	   ManageNameIDService manageNameIDService=new ManageNameIDServiceBuilder().buildObject();
 	   manageNameIDService.setLocation(url);
 	   manageNameIDService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
-	   
-	   return null;
+	   return manageNameIDService;
   }
   
   public Organization getOrganization(String name,String displayName,String url){
@@ -235,11 +251,7 @@ public class MetadataGenerator {
   }
   
   public ContactPerson getContactPerson(String companyName,String givenName,String surName,String emailAddress,String telephoneNumber,ContactPersonTypeEnumeration contactPersonType){
-	   
-	 QName contactQName = new QName(SAMLConstants.SAML20MD_NS, ContactPerson.DEFAULT_ELEMENT_LOCAL_NAME,
-               SAMLConstants.SAML20MD_PREFIX);
-
-  	 ContactPerson contactPerson= (ContactPerson) buildXMLObject(contactQName);
+  	 ContactPerson contactPerson= (ContactPerson) buildXMLObject(ContactPerson.DEFAULT_ELEMENT_NAME);
  	 
  	 contactPerson.setType(contactPersonType);
  	 
@@ -266,8 +278,7 @@ public class MetadataGenerator {
  	 return contactPerson;
   }
   public SingleSignOnService getSingleSignOnService(String location,String binding){
-	   QName ssoQName = new QName(SAMLConstants.SAML20MD_NS, SingleSignOnService.DEFAULT_ELEMENT_LOCAL_NAME,SAMLConstants.SAML20MD_PREFIX);
-	   SingleSignOnService singleSignOnService=(SingleSignOnService) buildXMLObject(ssoQName);
+	   SingleSignOnService singleSignOnService=(SingleSignOnService) buildXMLObject(SingleSignOnService.DEFAULT_ELEMENT_NAME);
 	   if(binding==null){
 		   binding=SAMLConstants.SAML2_POST_BINDING_URI;
 	   }
@@ -278,8 +289,7 @@ public class MetadataGenerator {
   }
   
   public SingleLogoutService getSingleLogoutService(String location,String binding){
-	   QName sloQName = new QName(SAMLConstants.SAML20MD_NS, SingleLogoutService.DEFAULT_ELEMENT_LOCAL_NAME,SAMLConstants.SAML20MD_PREFIX);
-	   SingleLogoutService singleLogoutService=(SingleLogoutService) buildXMLObject(sloQName);
+	   SingleLogoutService singleLogoutService=(SingleLogoutService) buildXMLObject(SingleLogoutService.DEFAULT_ELEMENT_NAME);
 	   if(binding==null){
 		   binding=SAMLConstants.SAML2_REDIRECT_BINDING_URI;
 	   }
@@ -289,7 +299,7 @@ public class MetadataGenerator {
   }
   
   public NameIDFormat generateNameIDFormat(String nameIDType){
-	   NameIDFormat nameIDFormat =((SAMLObjectBuilder<NameIDFormat>) builderFactory.getBuilder(NameIDFormat.DEFAULT_ELEMENT_NAME)).buildObject();  
+	   NameIDFormat nameIDFormat =new NameIDFormatBuilder().buildObject();  
       nameIDFormat.setFormat(nameIDType);  
       return nameIDFormat;
   }
@@ -303,7 +313,7 @@ public class MetadataGenerator {
   }
   
   public KeyDescriptor generateSignKeyDescriptor(Credential signingCredential){
-	   KeyDescriptor signKeyDescriptor = ((SAMLObjectBuilder<KeyDescriptor>) builderFactory.getBuilder(KeyDescriptor.DEFAULT_ELEMENT_NAME)).buildObject();
+	   KeyDescriptor signKeyDescriptor = new KeyDescriptorBuilder().buildObject();
       
       signKeyDescriptor.setUse(UsageType.SIGNING);  //Set usage  
       
@@ -311,21 +321,22 @@ public class MetadataGenerator {
       try {  
        signKeyDescriptor.setKeyInfo(getKeyInfoGenerator().generate(signingCredential));  
       } catch (SecurityException e) {  
-        log.error(e.getMessage(), e);  
+    	   logger.error(e.getMessage(), e);  
       }  
       
       return signKeyDescriptor;
   }
   
   public KeyDescriptor generateEncryptionKeyDescriptor(Credential signingCredential){
-	   KeyDescriptor encryptionKeyDescriptor = ((SAMLObjectBuilder<KeyDescriptor>) builderFactory.getBuilder(KeyDescriptor.DEFAULT_ELEMENT_NAME)).buildObject();
+	   KeyDescriptor encryptionKeyDescriptor =  new KeyDescriptorBuilder().buildObject();
+	  
 	   encryptionKeyDescriptor.setUse(UsageType.ENCRYPTION); 
 	   
 	   // Generating key info. The element will contain the public key. The key is used to by the IDP to encrypt data  
 	   try {  
 		   encryptionKeyDescriptor.setKeyInfo(getKeyInfoGenerator().generate(signingCredential));  
 	   } catch (SecurityException e) {  
-	    log.error(e.getMessage(), e);  
+		   logger.error(e.getMessage(), e);  
 	   }  
 	   
 	   return encryptionKeyDescriptor;
@@ -340,18 +351,18 @@ public class MetadataGenerator {
   }
   
   
-   protected static  XMLObject unmarshallElement( Document doc) {
+   public static  XMLObject unmarshallElement( Document doc) {
       try {
           Element samlElement = doc.getDocumentElement();

           Unmarshaller unmarshaller = org.opensaml.xml.Configuration.getUnmarshallerFactory().getUnmarshaller(samlElement);
           if (unmarshaller == null) {
-               ;//fail("Unable to retrieve unmarshaller by DOM Element");
+        	   logger.error("Unable to retrieve unmarshaller by DOM Element");
           }

           return unmarshaller.unmarshall(samlElement);
       }catch (UnmarshallingException e) {
-           //fail("Unmarshalling failed when parsing element file " + elementFile + ": " + e);
+    	   logger.error("Unmarshalling failed when parsing doc : " , e);
       }

       return null;
@@ -361,52 +372,23 @@ public class MetadataGenerator {
   public static Element marshallerElement( XMLObject xmlObject) {
       Marshaller marshaller = marshallerFactory.getMarshaller(xmlObject);
       if(marshaller == null){
-           //fail("Unable to locate marshaller for " + xmlObject.getElementQName() + " can not perform equality check assertion");
+           logger.error("Unable to locate marshaller for " + xmlObject.getElementQName() + " can not perform equality check assertion");
       }
       
       Element generatedDOM=null;
       try {
           generatedDOM = marshaller.marshall(xmlObject, parser.newDocument());
-           if(log.isDebugEnabled()) {
-               log.debug("Marshalled DOM was " + XMLHelper.nodeToString(generatedDOM));
+           if(logger.isDebugEnabled()) {
+        	   logger.debug("Marshalled DOM was " + XMLHelper.nodeToString(generatedDOM));
           }
          // assertXMLEqual(failMessage, expectedDOM, generatedDOM.getOwnerDocument());
       } catch (Exception e) {
-           log.error("Marshalling failed with the following error:", e);
-          // fail("Marshalling failed with the following error: " + e);
+    	   logger.error("Marshalling failed with the following error:", e);
       }
       return generatedDOM;
   }
   
   
-   /** Parser manager used to parse XML. */
-   protected static BasicParserPool parser;
-   
-   /** XMLObject builder factory. */
-   protected static XMLObjectBuilderFactory builderFactory;

-   /** XMLObject marshaller factory. */
-   protected static MarshallerFactory marshallerFactory;
-
-   /** XMLObject unmarshaller factory. */
-   protected static UnmarshallerFactory unmarshallerFactory;
-   
-   /** Class logger. */
-   private static Logger log = LoggerFactory.getLogger(MetadataGenerator.class);
-   
-   /** Constructor. */
-   public MetadataGenerator(){
-       
-       parser = new BasicParserPool();
-       parser.setNamespaceAware(true);
-       try {
-		DefaultBootstrap.bootstrap();
-	} catch (ConfigurationException e) {
-		e.printStackTrace();
-	}
-       builderFactory = org.opensaml.xml.Configuration.getBuilderFactory();
-       marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
-       unmarshallerFactory = org.opensaml.xml.Configuration.getUnmarshallerFactory();
-   }

 }