From 3fd44fe7af91747078acdbc5e96342d700f0bef0 Mon Sep 17 00:00:00 2001 From: Dimitrios Kaitantzidis Date: Mon, 7 Oct 2024 18:46:19 +0300 Subject: [PATCH] WIP: adds certificate properties --- .../SPDF/config/security/saml/SamlConfig.java | 69 +++++++++++-------- 1 file changed, 40 insertions(+), 29 deletions(-) diff --git a/src/main/java/stirling/software/SPDF/config/security/saml/SamlConfig.java b/src/main/java/stirling/software/SPDF/config/security/saml/SamlConfig.java index 4c40cce8b..5d1e47bfb 100644 --- a/src/main/java/stirling/software/SPDF/config/security/saml/SamlConfig.java +++ b/src/main/java/stirling/software/SPDF/config/security/saml/SamlConfig.java @@ -11,8 +11,8 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.core.io.ClassPathResource; import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; import org.springframework.security.converter.RsaKeyConverters; import org.springframework.security.saml2.core.Saml2X509Credential; import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository; @@ -29,7 +29,7 @@ public class SamlConfig { @Autowired ApplicationProperties applicationProperties; - + @Autowired ResourceLoader resourceLoader; @Bean @ConditionalOnProperty( @@ -39,38 +39,49 @@ public class SamlConfig { public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() throws CertificateException, IOException { - -// Resource signingCertResource = new ClassPathResource(this.rpSigningCertLocation); - Resource signingCertResource = new ClassPathResource(this.applicationProperties.getSecurity().getSaml().getCertificateLocation()); -// Resource signingKeyResource = new ClassPathResource(this.rpSigningKeyLocation); - Resource signingKeyResource = new ClassPathResource(this.applicationProperties.getSecurity().getSaml().getPrivateKeyLocation()); - try ( - InputStream is = signingKeyResource.getInputStream(); - InputStream certIS = signingCertResource.getInputStream(); - ) { + // Resource signingCertResource = new ClassPathResource(this.rpSigningCertLocation); + Resource signingCertResource = + resourceLoader.getResource( + this.applicationProperties + .getSecurity() + .getSaml() + .getCertificateLocation()); + // Resource signingKeyResource = new ClassPathResource(this.rpSigningKeyLocation); + Resource signingKeyResource = + resourceLoader.getResource( + this.applicationProperties.getSecurity().getSaml().getPrivateKeyLocation()); + try (InputStream is = signingKeyResource.getInputStream(); + InputStream certIS = signingCertResource.getInputStream(); ) { X509Certificate rpCertificate = X509Support.decodeCertificate(certIS.readAllBytes()); RSAPrivateKey rpKey = RsaKeyConverters.pkcs8().convert(is); - final Saml2X509Credential rpSigningCredentials = Saml2X509Credential.signing(rpKey, rpCertificate); + final Saml2X509Credential rpSigningCredentials = + Saml2X509Credential.signing(rpKey, rpCertificate); - X509Certificate apCert = X509Support.decodeCertificate(rpCertificate.toString()); + X509Certificate apCert = + X509Support.decodeCertificate( + applicationProperties.getSecurity().getSaml().getSigningCertificate()); Saml2X509Credential apCredential = Saml2X509Credential.verification(apCert); - RelyingPartyRegistration registration = - RelyingPartyRegistrations.fromMetadataLocation( - applicationProperties - .getSecurity() - .getSaml() - .getIdpMetadataLocation()) - .entityId(applicationProperties.getSecurity().getSaml().getEntityId()) - .registrationId( - applicationProperties.getSecurity().getSaml().getRegistrationId()) - .signingX509Credentials(c -> c.add(rpSigningCredentials)) - .assertingPartyDetails(party -> party - .wantAuthnRequestsSigned(true) - .verificationX509Credentials(c -> c.add(apCredential)) - ) - .build(); - return new InMemoryRelyingPartyRegistrationRepository(registration); + RelyingPartyRegistrations.fromMetadataLocation( + applicationProperties + .getSecurity() + .getSaml() + .getIdpMetadataLocation()) + .entityId(applicationProperties.getSecurity().getSaml().getEntityId()) + .registrationId( + applicationProperties + .getSecurity() + .getSaml() + .getRegistrationId()) + .signingX509Credentials(c -> c.add(rpSigningCredentials)) + .assertingPartyDetails( + party -> + party.wantAuthnRequestsSigned(true) + .verificationX509Credentials( + c -> c.add(apCredential))) + .build(); + return new InMemoryRelyingPartyRegistrationRepository(registration); + } } }