View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.syncope.wa.starter.pac4j.saml;
20  
21  import java.io.ByteArrayInputStream;
22  import java.io.ByteArrayOutputStream;
23  import java.io.File;
24  import java.math.BigInteger;
25  import java.security.KeyPair;
26  import java.security.KeyPairGenerator;
27  import java.security.KeyStore;
28  import java.security.Signature;
29  import java.security.cert.Certificate;
30  import java.security.cert.CertificateFactory;
31  import java.util.Base64;
32  import java.util.Date;
33  import org.bouncycastle.asn1.ASN1EncodableVector;
34  import org.bouncycastle.asn1.ASN1Encoding;
35  import org.bouncycastle.asn1.ASN1Integer;
36  import org.bouncycastle.asn1.DERBitString;
37  import org.bouncycastle.asn1.DERNull;
38  import org.bouncycastle.asn1.DERSequence;
39  import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
40  import org.bouncycastle.asn1.x500.X500Name;
41  import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
42  import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
43  import org.bouncycastle.asn1.x509.TBSCertificate;
44  import org.bouncycastle.asn1.x509.Time;
45  import org.bouncycastle.asn1.x509.V3TBSCertificateGenerator;
46  import org.pac4j.saml.client.SAML2Client;
47  import org.pac4j.saml.config.SAML2Configuration;
48  import org.springframework.core.io.ClassPathResource;
49  import org.springframework.core.io.FileSystemResource;
50  
51  public abstract class BaseWASAML2ClientTest {
52  
53      protected static Certificate createSelfSignedCert(final KeyPair keyPair) throws Exception {
54          final X500Name dn = new X500Name("cn=Unknown");
55          final V3TBSCertificateGenerator certGen = new V3TBSCertificateGenerator();
56  
57          certGen.setSerialNumber(new ASN1Integer(BigInteger.valueOf(1)));
58          certGen.setIssuer(dn);
59          certGen.setSubject(dn);
60          certGen.setStartDate(new Time(new Date(System.currentTimeMillis() - 1000L)));
61  
62          final Date expiration = new Date(System.currentTimeMillis() + 100000);
63          certGen.setEndDate(new Time(expiration));
64  
65          final AlgorithmIdentifier sigAlgID = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption,
66                  DERNull.INSTANCE);
67          certGen.setSignature(sigAlgID);
68          certGen.setSubjectPublicKeyInfo(SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded()));
69  
70          final Signature sig = Signature.getInstance("SHA1WithRSA");
71          sig.initSign(keyPair.getPrivate());
72          sig.update(certGen.generateTBSCertificate().getEncoded(ASN1Encoding.DER));
73  
74          final TBSCertificate tbsCert = certGen.generateTBSCertificate();
75          final ASN1EncodableVector v = new ASN1EncodableVector();
76  
77          v.add(tbsCert);
78          v.add(sigAlgID);
79          v.add(new DERBitString(sig.sign()));
80  
81          final Certificate cert = CertificateFactory.getInstance("X.509")
82                  .generateCertificate(new ByteArrayInputStream(new DERSequence(v).getEncoded(ASN1Encoding.DER)));
83          cert.verify(keyPair.getPublic());
84          return cert;
85      }
86  
87      protected static SAML2Client getSAML2Client() throws Exception {
88          SAML2Configuration saml2Configuration = new SAML2Configuration();
89          saml2Configuration.setKeystorePassword("password");
90          saml2Configuration.setPrivateKeyPassword("password");
91          saml2Configuration.setKeystoreAlias("Syncope");
92          saml2Configuration.setIdentityProviderMetadataResource(new ClassPathResource("idp-metadata.xml"));
93          saml2Configuration.setServiceProviderMetadataResource(new FileSystemResource(File.createTempFile("sp-metadata",
94                  ".xml")));
95          SAML2Client client = new SAML2Client(saml2Configuration);
96          client.setCallbackUrl("https://syncope.apache.org");
97          return client;
98      }
99  
100     protected static KeyStore getKeystore() throws Exception {
101         KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
102         char[] pwdArray = "password".toCharArray();
103         ks.load(null, pwdArray);
104         KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
105         keyPairGenerator.initialize(4096);
106         KeyPair keyPair = keyPairGenerator.generateKeyPair();
107         Certificate certificate = createSelfSignedCert(keyPair);
108         ks.setKeyEntry("Syncope", keyPair.getPrivate(), "password".toCharArray(), new Certificate[] { certificate });
109         return ks;
110     }
111 
112     protected static String getKeystoreAsString() throws Exception {
113         char[] pwdArray = "password".toCharArray();
114         try (ByteArrayOutputStream fos = new ByteArrayOutputStream()) {
115             getKeystore().store(fos, pwdArray);
116             fos.flush();
117             return Base64.getEncoder().encodeToString(fos.toByteArray());
118         }
119     }
120 }