Repository: cloudstack Updated Branches: refs/heads/master 12ad5ba19 -> 550762a0d
SAMLUtils: fix signature, refactor generateRandomX509Certificate Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com> Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/550762a0 Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/550762a0 Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/550762a0 Branch: refs/heads/master Commit: 550762a0dcecc04e7b40302322864ea6b52c0098 Parents: 12ad5ba Author: Rohit Yadav <rohit.ya...@shapeblue.com> Authored: Sat Aug 30 21:37:55 2014 +0200 Committer: Rohit Yadav <rohit.ya...@shapeblue.com> Committed: Sat Aug 30 21:37:55 2014 +0200 ---------------------------------------------------------------------- .../GetServiceProviderMetaDataCmdTest.java | 2 +- .../SAML2LoginAPIAuthenticatorCmdTest.java | 2 +- .../SAML2LogoutAPIAuthenticatorCmdTest.java | 2 +- .../apache/cloudstack/utils/auth/SAMLUtils.java | 26 +++++++++++++++----- 4 files changed, 23 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cloudstack/blob/550762a0/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmdTest.java ---------------------------------------------------------------------- diff --git a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmdTest.java b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmdTest.java index fbd381d..3826390 100644 --- a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmdTest.java +++ b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/GetServiceProviderMetaDataCmdTest.java @@ -71,7 +71,7 @@ public class GetServiceProviderMetaDataCmdTest { String spId = "someSPID"; String url = "someUrl"; - X509Certificate cert = SAMLUtils.generateRandomX509Certificate(); + X509Certificate cert = SAMLUtils.generateRandomX509Certificate(SAMLUtils.generateRandomKeyPair()); Mockito.when(samlAuthManager.getServiceProviderId()).thenReturn(spId); Mockito.when(samlAuthManager.getIdpSigningKey()).thenReturn(cert); Mockito.when(samlAuthManager.getIdpSingleLogOutUrl()).thenReturn(url); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/550762a0/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java ---------------------------------------------------------------------- diff --git a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java index b91978e..514edb5 100644 --- a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java +++ b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LoginAPIAuthenticatorCmdTest.java @@ -152,7 +152,7 @@ public class SAML2LoginAPIAuthenticatorCmdTest { String spId = "someSPID"; String url = "someUrl"; - X509Certificate cert = SAMLUtils.generateRandomX509Certificate(); + X509Certificate cert = SAMLUtils.generateRandomX509Certificate(SAMLUtils.generateRandomKeyPair()); Mockito.when(samlAuthManager.getServiceProviderId()).thenReturn(spId); Mockito.when(samlAuthManager.getIdpSigningKey()).thenReturn(null); Mockito.when(samlAuthManager.getIdpSingleSignOnUrl()).thenReturn(url); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/550762a0/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmdTest.java ---------------------------------------------------------------------- diff --git a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmdTest.java b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmdTest.java index 820132b..a6005b7 100644 --- a/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmdTest.java +++ b/plugins/user-authenticators/saml2/test/org/apache/cloudstack/api/command/SAML2LogoutAPIAuthenticatorCmdTest.java @@ -73,7 +73,7 @@ public class SAML2LogoutAPIAuthenticatorCmdTest { String spId = "someSPID"; String url = "someUrl"; - X509Certificate cert = SAMLUtils.generateRandomX509Certificate(); + X509Certificate cert = SAMLUtils.generateRandomX509Certificate(SAMLUtils.generateRandomKeyPair()); Mockito.when(samlAuthManager.getServiceProviderId()).thenReturn(spId); Mockito.when(samlAuthManager.getIdpSigningKey()).thenReturn(cert); Mockito.when(samlAuthManager.getIdpSingleLogOutUrl()).thenReturn(url); http://git-wip-us.apache.org/repos/asf/cloudstack/blob/550762a0/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java ---------------------------------------------------------------------- diff --git a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java index 1f31dca..55c2ee2 100644 --- a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java +++ b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java @@ -53,6 +53,7 @@ import org.opensaml.xml.io.MarshallingException; import org.opensaml.xml.io.Unmarshaller; import org.opensaml.xml.io.UnmarshallerFactory; import org.opensaml.xml.io.UnmarshallingException; +import org.opensaml.xml.signature.SignatureConstants; import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; import org.w3c.dom.Document; @@ -67,6 +68,7 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.StringWriter; +import java.io.UnsupportedEncodingException; import java.math.BigInteger; import java.net.URLEncoder; import java.security.InvalidKeyException; @@ -74,8 +76,10 @@ import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; +import java.security.PrivateKey; import java.security.SecureRandom; import java.security.Security; +import java.security.Signature; import java.security.SignatureException; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; @@ -90,7 +94,7 @@ public class SAMLUtils { public static final String SAML_NS = "saml://"; public static final String SAML_NAMEID = "SAML_NAMEID"; public static final String SAML_SESSION = "SAML_SESSION"; - public static final String CERTIFICATE_NAME = "SAMLSP_X509CERTIFICATE"; + public static final String CERTIFICATE_NAME = "SAMLSP_CERTIFICATE"; public static String createSAMLId(String uid) { return SAML_NS + uid; @@ -207,15 +211,25 @@ public class SAMLUtils { return (Response) unmarshaller.unmarshall(element); } - public static X509Certificate generateRandomX509Certificate() throws NoSuchAlgorithmException, NoSuchProviderException, CertificateEncodingException, SignatureException, InvalidKeyException { - Date validityBeginDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); - Date validityEndDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); + public static String generateSAMLRequestSignature(String urlEncodedString, PrivateKey signingKey) + throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, UnsupportedEncodingException { + String url = urlEncodedString + "&SigAlg=" + URLEncoder.encode(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1, HttpUtils.UTF_8); + Signature signature = Signature.getInstance("SHA1withRSA"); + signature.initSign(signingKey); + signature.update(url.getBytes()); + return URLEncoder.encode(Base64.encodeBytes(signature.sign(), Base64.DONT_BREAK_LINES), HttpUtils.UTF_8); + } + public static KeyPair generateRandomKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException { Security.addProvider(new BouncyCastleProvider()); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC"); - keyPairGenerator.initialize(1024, new SecureRandom()); - KeyPair keyPair = keyPairGenerator.generateKeyPair(); + keyPairGenerator.initialize(2048, new SecureRandom()); + return keyPairGenerator.generateKeyPair(); + } + public static X509Certificate generateRandomX509Certificate(KeyPair keyPair) throws NoSuchAlgorithmException, NoSuchProviderException, CertificateEncodingException, SignatureException, InvalidKeyException { + Date validityBeginDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); + Date validityEndDate = new Date(System.currentTimeMillis() + 365 * 24 * 60 * 60 * 1000); X500Principal dnName = new X500Principal("CN=Apache CloudStack"); X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
