cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject [01/10] git commit: updated refs/heads/master to d46e459
Date Fri, 12 Sep 2014 15:16:35 GMT
Repository: cloudstack
Updated Branches:
  refs/heads/master aeec24b2c -> d46e45991


saml2: WIP X509 certificate auth stuff

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
(cherry picked from commit f7d409e0f4d2b6f56ec82ae339eff5f477e4a832)
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/f1440819
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/f1440819
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/f1440819

Branch: refs/heads/master
Commit: f1440819582ca4c30d337af53a17f31065405585
Parents: aeec24b
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
Authored: Sat Aug 30 21:38:59 2014 +0200
Committer: Rohit Yadav <rohit.yadav@shapeblue.com>
Committed: Fri Sep 12 14:31:21 2014 +0200

----------------------------------------------------------------------
 .../command/SAML2LoginAPIAuthenticatorCmd.java  | 14 +++++---
 .../cloudstack/saml/SAML2AuthManagerImpl.java   | 38 ++++++++++++++++++++
 2 files changed, 48 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f1440819/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
index b279977..b204e72 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmd.java
@@ -55,7 +55,8 @@ import org.opensaml.xml.ConfigurationException;
 import org.opensaml.xml.io.MarshallingException;
 import org.opensaml.xml.io.UnmarshallingException;
 import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+import org.opensaml.xml.signature.SignatureException;
 import org.opensaml.xml.signature.SignatureValidator;
 import org.opensaml.xml.validation.ValidationException;
 import org.xml.sax.SAXException;
@@ -68,6 +69,10 @@ import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.stream.FactoryConfigurationError;
 import java.io.IOException;
 import java.net.URLEncoder;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.Signature;
 import java.util.List;
 import java.util.Map;
 
@@ -134,8 +139,9 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements
APIAuthent
         try {
             DefaultBootstrap.bootstrap();
             AuthnRequest authnRequest = SAMLUtils.buildAuthnRequestObject(spId, identityProviderUrl,
consumerUrl);
-            redirectUrl = identityProviderUrl + "?SAMLRequest=" + SAMLUtils.encodeSAMLRequest(authnRequest);
-        } catch (ConfigurationException | FactoryConfigurationError | MarshallingException
| IOException e) {
+            redirectUrl = "SAMLRequest=" + SAMLUtils.encodeSAMLRequest(authnRequest);
+            redirectUrl = identityProviderUrl + "?" + SAMLUtils.generateSAMLRequestSignature(redirectUrl,
privateKey);
+        } catch (ConfigurationException | FactoryConfigurationError | MarshallingException
| IOException | SignatureException | NoSuchAlgorithmException | InvalidKeyException | java.security.SignatureException
e) {
             s_logger.error("SAML AuthnRequest message building error: " + e.getMessage());
         }
         return redirectUrl;
@@ -176,7 +182,7 @@ public class SAML2LoginAPIAuthenticatorCmd extends BaseCmd implements
APIAuthent
                 }
 
                 if (_samlAuthManager.getIdpSigningKey() != null) {
-                    Signature sig = processedSAMLResponse.getSignature();
+                    org.opensaml.xml.signature.Signature sig = processedSAMLResponse.getSignature();
                     BasicX509Credential credential = new BasicX509Credential();
                     credential.setEntityCertificate(_samlAuthManager.getIdpSigningKey());
                     SignatureValidator validator = new SignatureValidator(credential);

http://git-wip-us.apache.org/repos/asf/cloudstack/blob/f1440819/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
----------------------------------------------------------------------
diff --git a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
index aa06320..fa4a695 100644
--- a/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
+++ b/plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java
@@ -23,6 +23,9 @@ import org.apache.cloudstack.api.command.GetServiceProviderMetaDataCmd;
 import org.apache.cloudstack.api.command.SAML2LoginAPIAuthenticatorCmd;
 import org.apache.cloudstack.api.command.SAML2LogoutAPIAuthenticatorCmd;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
+import org.apache.cloudstack.framework.security.keystore.KeystoreDao;
+import org.apache.cloudstack.framework.security.keystore.KeystoreVO;
+import org.apache.cloudstack.utils.auth.SAMLUtils;
 import org.apache.log4j.Logger;
 import org.opensaml.DefaultBootstrap;
 import org.opensaml.common.xml.SAMLConstants;
@@ -42,8 +45,17 @@ import org.springframework.stereotype.Component;
 import javax.ejb.Local;
 import javax.inject.Inject;
 import javax.xml.stream.FactoryConfigurationError;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.SignatureException;
+import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.spec.RSAPrivateKeySpec;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -69,6 +81,9 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage
     @Inject
     ConfigurationDao _configDao;
 
+    @Inject
+    private KeystoreDao _ksDao;
+
     @Override
     public boolean start() {
         if (isSAMLPluginEnabled()) {
@@ -80,6 +95,29 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage
     private boolean setup() {
         // TODO: In future if need added logic to get SP X509 cert for Idps that need signed
requests
 
+        KeystoreVO keyStoreVO = _ksDao.findByName(SAMLUtils.CERTIFICATE_NAME);
+        if (keyStoreVO == null) {
+            try {
+                KeyPair keyPair = SAMLUtils.generateRandomKeyPair();
+                _ksDao.save(SAMLUtils.CERTIFICATE_NAME, keyPair.getPrivate().getEncoded().toString(),
keyPair.getPublic().getEncoded().toString(), "saml-sp");
+                keyStoreVO = _ksDao.findByName(SAMLUtils.CERTIFICATE_NAME);
+            } catch (NoSuchProviderException | NoSuchAlgorithmException e) {
+                s_logger.error("Unable to create and save SAML keypair");
+            }
+        }
+
+        if (keyStoreVO != null) {
+            PrivateKey privateKey = new RSAPrivateKeySpec();
+            KeyPair keyPair = new KeyPair();
+        }
+
+        try {
+
+            X509Certificate spCert = SAMLUtils.generateRandomX509Certificate();
+        } catch (NoSuchAlgorithmException | NoSuchProviderException | CertificateEncodingException
| SignatureException | InvalidKeyException e) {
+            e.printStackTrace();
+        }
+
         this.serviceProviderId = _configDao.getValue(Config.SAMLServiceProviderID.key());
         this.identityProviderId = _configDao.getValue(Config.SAMLIdentityProviderID.key());
 


Mime
View raw message