1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.wa.starter.pac4j.saml;
20
21 import java.io.ByteArrayInputStream;
22 import java.io.ByteArrayOutputStream;
23 import java.io.File;
24 import java.math.BigInteger;
25 import java.security.KeyPair;
26 import java.security.KeyPairGenerator;
27 import java.security.KeyStore;
28 import java.security.Signature;
29 import java.security.cert.Certificate;
30 import java.security.cert.CertificateFactory;
31 import java.util.Base64;
32 import java.util.Date;
33 import org.bouncycastle.asn1.ASN1EncodableVector;
34 import org.bouncycastle.asn1.ASN1Encoding;
35 import org.bouncycastle.asn1.ASN1Integer;
36 import org.bouncycastle.asn1.DERBitString;
37 import org.bouncycastle.asn1.DERNull;
38 import org.bouncycastle.asn1.DERSequence;
39 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
40 import org.bouncycastle.asn1.x500.X500Name;
41 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
42 import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
43 import org.bouncycastle.asn1.x509.TBSCertificate;
44 import org.bouncycastle.asn1.x509.Time;
45 import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
46 import org.pac4j.saml.client.SAML2Client;
47 import org.pac4j.saml.config.SAML2Configuration;
48 import org.springframework.core.io.ClassPathResource;
49 import org.springframework.core.io.FileSystemResource;
50
51 public abstract class BaseWASAML2ClientTest {
52
53 protected static Certificate createSelfSignedCert(final KeyPair keyPair) throws Exception {
54 final X500Name dn = new X500Name("cn=Unknown");
55 final V3TBSCertificateGenerator certGen = new V3TBSCertificateGenerator();
56
57 certGen.setSerialNumber(new ASN1Integer(BigInteger.valueOf(1)));
58 certGen.setIssuer(dn);
59 certGen.setSubject(dn);
60 certGen.setStartDate(new Time(new Date(System.currentTimeMillis() - 1000L)));
61
62 final Date expiration = new Date(System.currentTimeMillis() + 100000);
63 certGen.setEndDate(new Time(expiration));
64
65 final AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption,
66 DERNull.INSTANCE);
67 certGen.setSignature(sigAlgID);
68 certGen.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
69
70 final Signature sig = Signature.getInstance("SHA1WithRSA");
71 sig.initSign(keyPair.getPrivate());
72 sig.update(certGen.generateTBSCertificate().getEncoded(ASN1Encoding.DER));
73
74 final TBSCertificate tbsCert = certGen.generateTBSCertificate();
75 final ASN1EncodableVector v = new ASN1EncodableVector();
76
77 v.add(tbsCert);
78 v.add(sigAlgID);
79 v.add(new DERBitString(sig.sign()));
80
81 final Certificate cert = CertificateFactory.getInstance("X.509")
82 .generateCertificate(new ByteArrayInputStream(new DERSequence(v).getEncoded(ASN1Encoding.DER)));
83 cert.verify(keyPair.getPublic());
84 return cert;
85 }
86
87 protected static SAML2Client getSAML2Client() throws Exception {
88 SAML2Configuration saml2Configuration = new SAML2Configuration();
89 saml2Configuration.setKeystorePassword("password");
90 saml2Configuration.setPrivateKeyPassword("password");
91 saml2Configuration.setKeystoreAlias("Syncope");
92 saml2Configuration.setIdentityProviderMetadataResource(new ClassPathResource("idp-metadata.xml"));
93 saml2Configuration.setServiceProviderMetadataResource(new FileSystemResource(File.createTempFile("sp-metadata",
94 ".xml")));
95 SAML2Client client = new SAML2Client(saml2Configuration);
96 client.setCallbackUrl("https://syncope.apache.org");
97 return client;
98 }
99
100 protected static KeyStore getKeystore() throws Exception {
101 KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
102 char[] pwdArray = "password".toCharArray();
103 ks.load(null, pwdArray);
104 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
105 keyPairGenerator.initialize(4096);
106 KeyPair keyPair = keyPairGenerator.generateKeyPair();
107 Certificate certificate = createSelfSignedCert(keyPair);
108 ks.setKeyEntry("Syncope", keyPair.getPrivate(), "password".toCharArray(), new Certificate[] { certificate });
109 return ks;
110 }
111
112 protected static String getKeystoreAsString() throws Exception {
113 char[] pwdArray = "password".toCharArray();
114 try (ByteArrayOutputStream fos = new ByteArrayOutputStream()) {
115 getKeystore().store(fos, pwdArray);
116 fos.flush();
117 return Base64.getEncoder().encodeToString(fos.toByteArray());
118 }
119 }
120 }