cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject git commit: updated refs/heads/master to 550762a
Date Sat, 30 Aug 2014 19:40:56 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/master 12ad5ba19 -> 550762a0d


SAMLUtils: fix signature, refactor generateRandomX509Certificate

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/550762a0
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/550762a0
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/550762a0

Branch: refs/heads/master
Commit: 550762a0dcecc04e7b40302322864ea6b52c0098
Parents: 12ad5ba
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
Authored: Sat Aug 30 21:37:55 2014 +0200
Committer: Rohit Yadav <rohit.yadav@shapeblue.com>
Committed: Sat Aug 30 21:37:55 2014 +0200

----------------------------------------------------------------------
 .../GetServiceProviderMetaDataCmdTest.java      |  2 +-
 .../SAML2LoginAPIAuthenticatorCmdTest.java      |  2 +-
 .../SAML2LogoutAPIAuthenticatorCmdTest.java     |  2 +-
 .../apache/cloudstack/utils/auth/SAMLUtils.java | 26 +++++++++++++++-----
 4 files changed, 23 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/550762a0/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmdTest.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmdTest.java
b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmdTest.java
index fbd381d..3826390 100644
--- a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmdTest.java
+++ b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmdTest.java
@@ -71,7 +71,7 @@ public class GetServiceProviderMetaDataCmdTest {
 
         String spId = "someSPID";
         String url = "someUrl";
-        X509Certificate cert = SAMLUtils.generateRandomX509Certificate();
+        X509Certificate cert = SAMLUtils.generateRandomX509Certificate(SAMLUtils.generateRandomKeyPair());
         Mockito.when(samlAuthManager.getServiceProviderId()).thenReturn(spId);
         Mockito.when(samlAuthManager.getIdpSigningKey()).thenReturn(cert);
         Mockito.when(samlAuthManager.getIdpSingleLogOutUrl()).thenReturn(url);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/550762a0/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java
b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java
index b91978e..514edb5 100644
--- a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java
+++ b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java
@@ -152,7 +152,7 @@ public class SAML2LoginAPIAuthenticatorCmdTest {
 
         String spId = "someSPID";
         String url = "someUrl";
-        X509Certificate cert = SAMLUtils.generateRandomX509Certificate();
+        X509Certificate cert = SAMLUtils.generateRandomX509Certificate(SAMLUtils.generateRandomKeyPair());
         Mockito.when(samlAuthManager.getServiceProviderId()).thenReturn(spId);
         Mockito.when(samlAuthManager.getIdpSigningKey()).thenReturn(null);
         Mockito.when(samlAuthManager.getIdpSingleSignOnUrl()).thenReturn(url);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/550762a0/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmdTest.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmdTest.java
b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmdTest.java
index 820132b..a6005b7 100644
--- a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmdTest.java
+++ b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmdTest.java
@@ -73,7 +73,7 @@ public class SAML2LogoutAPIAuthenticatorCmdTest {
 
         String spId = "someSPID";
         String url = "someUrl";
-        X509Certificate cert = SAMLUtils.generateRandomX509Certificate();
+        X509Certificate cert = SAMLUtils.generateRandomX509Certificate(SAMLUtils.generateRandomKeyPair());
         Mockito.when(samlAuthManager.getServiceProviderId()).thenReturn(spId);
         Mockito.when(samlAuthManager.getIdpSigningKey()).thenReturn(cert);
         Mockito.when(samlAuthManager.getIdpSingleLogOutUrl()).thenReturn(url);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/550762a0/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
index 1f31dca..55c2ee2 100644
--- a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
+++ b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
@@ -53,6 +53,7 @@ import org.opensaml.xml.io.MarshallingException;
 import org.opensaml.xml.io.Unmarshaller;
 import org.opensaml.xml.io.UnmarshallerFactory;
 import org.opensaml.xml.io.UnmarshallingException;
+import org.opensaml.xml.signature.SignatureConstants;
 import org.opensaml.xml.util.Base64;
 import org.opensaml.xml.util.XMLHelper;
 import org.w3c.dom.Document;
@@ -67,6 +68,7 @@ import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
 import java.math.BigInteger;
 import java.net.URLEncoder;
 import java.security.InvalidKeyException;
@@ -74,8 +76,10 @@ import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
 import java.security.SecureRandom;
 import java.security.Security;
+import java.security.Signature;
 import java.security.SignatureException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
@@ -90,7 +94,7 @@ public class SAMLUtils {
     public static final String SAML_NS = "saml://";
     public static final String SAML_NAMEID = "SAML_NAMEID";
     public static final String SAML_SESSION = "SAML_SESSION";
-    public static final String CERTIFICATE_NAME = "SAMLSP_X509CERTIFICATE";
+    public static final String CERTIFICATE_NAME = "SAMLSP_CERTIFICATE";
 
     public static String createSAMLId(String uid) {
         return SAML_NS + uid;
@@ -207,15 +211,25 @@ public class SAMLUtils {
         return (Response) unmarshaller.unmarshall(element);
     }
 
-    public static X509Certificate generateRandomX509Certificate() throws NoSuchAlgorithmException,
NoSuchProviderException, CertificateEncodingException, SignatureException, InvalidKeyException
{
-        Date validityBeginDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
-        Date validityEndDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 *
1000);
+    public static String generateSAMLRequestSignature(String urlEncodedString, PrivateKey
signingKey)
+            throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, UnsupportedEncodingException
{
+        String url = urlEncodedString + "&SigAlg=" + URLEncoder.encode(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1,
HttpUtils.UTF_8);
+        Signature signature = Signature.getInstance("SHA1withRSA");
+        signature.initSign(signingKey);
+        signature.update(url.getBytes());
+        return URLEncoder.encode(Base64.encodeBytes(signature.sign(), Base64.DONT_BREAK_LINES),
HttpUtils.UTF_8);
+    }
 
+    public static KeyPair generateRandomKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException
{
         Security.addProvider(new BouncyCastleProvider());
         KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
-        keyPairGenerator.initialize(1024, new SecureRandom());
-        KeyPair keyPair = keyPairGenerator.generateKeyPair();
+        keyPairGenerator.initialize(2048, new SecureRandom());
+        return keyPairGenerator.generateKeyPair();
+    }
 
+    public static X509Certificate generateRandomX509Certificate(KeyPair keyPair) throws NoSuchAlgorithmException,
NoSuchProviderException, CertificateEncodingException, SignatureException, InvalidKeyException
{
+        Date validityBeginDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
+        Date validityEndDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 *
1000);
         X500Principal dnName = new X500Principal("CN=Apache CloudStack");
         X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
         certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));


Mime
View raw message