first version

Christian Pedersen · Christian Pedersen · commit 460bb6f49826 · 2011-04-04T19:07:01.000+02:00
diff --git a/com/onelogin/AccountSettings.java b/com/onelogin/AccountSettings.java
@@ -0,0 +1,19 @@
+package com.onelogin;
+
+public class AccountSettings {
+	private String certificate;
+	private String idp_sso_target_url;
+	
+	public String getCertificate() {
+		return certificate;
+	}
+	public void setCertificate(String certificate) {
+		this.certificate = certificate;
+	}
+	public String getIdp_sso_target_url() {
+		return idp_sso_target_url;
+	}
+	public void setIdp_sso_target_url(String idp_sso_target_url) {
+		this.idp_sso_target_url = idp_sso_target_url;
+	}
+}
diff --git a/com/onelogin/AppSettings.java b/com/onelogin/AppSettings.java
@@ -0,0 +1,20 @@
+package com.onelogin;
+
+public class AppSettings {
+	private String assertionConsumerServiceUrl;
+	private String issuer;
+	
+	public String getAssertionConsumerServiceUrl() {
+		return assertionConsumerServiceUrl;
+	}
+	public void setAssertionConsumerServiceUrl(String assertionConsumerServiceUrl) {
+		this.assertionConsumerServiceUrl = assertionConsumerServiceUrl;
+	}
+	public String getIssuer() {
+		return issuer;
+	}
+	public void setIssuer(String issuer) {
+		this.issuer = issuer;
+	}
+
+}
diff --git a/com/onelogin/saml/AuthRequest.java b/com/onelogin/saml/AuthRequest.java
@@ -0,0 +1,103 @@
+package com.onelogin.saml;
+
+import java.io.ByteArrayOutputStream;
+import java.nio.charset.Charset;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.UUID;
+
+import javax.xml.stream.XMLOutputFactory;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamWriter;
+
+import org.apache.commons.codec.binary.Base64;
+
+import com.onelogin.AccountSettings;
+import com.onelogin.AppSettings;
+
+public class AuthRequest {
+	
+	private String id;
+	private String issueInstant;
+	private AppSettings appSettings;
+	public static final int base64 = 1;
+	
+	public AuthRequest(AppSettings appSettings, AccountSettings accountSettings){		
+		this.appSettings = appSettings;
+		id="_"+UUID.randomUUID().toString();		
+		SimpleDateFormat simpleDf = new SimpleDateFormat("yyyy-MM-dd'T'H:mm:ss");
+		issueInstant = simpleDf.format(new Date());		
+	}
+	
+	public String getRequest(int format) throws XMLStreamException {
+		ByteArrayOutputStream baos = new ByteArrayOutputStream();		
+		XMLOutputFactory factory = XMLOutputFactory.newInstance();
+		XMLStreamWriter writer = factory.createXMLStreamWriter(baos);
+					
+		writer.writeStartElement("samlp", "AuthnRequest", "urn:oasis:names:tc:SAML:2.0:protocol");
+		writer.writeNamespace("samlp","urn:oasis:names:tc:SAML:2.0:protocol");
+		
+		writer.writeAttribute("ID", id);
+		writer.writeAttribute("Version", "2.0");
+		writer.writeAttribute("IssueInstant", this.issueInstant);
+		writer.writeAttribute("ProtocolBinding", "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+		writer.writeAttribute("AssertionConsumerServiceURL", this.appSettings.getAssertionConsumerServiceUrl());
+		
+		writer.writeStartElement("saml","Issuer","urn:oasis:names:tc:SAML:2.0:assertion");
+		writer.writeNamespace("saml","urn:oasis:names:tc:SAML:2.0:assertion");
+		writer.writeCharacters(this.appSettings.getIssuer());
+		writer.writeEndElement();
+		
+		writer.writeStartElement("samlp", "NameIDPolicy", "urn:oasis:names:tc:SAML:2.0:protocol");
+		
+		writer.writeAttribute("Format", "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
+		writer.writeAttribute("AllowCreate", "true");
+		writer.writeEndElement();
+		
+		writer.writeStartElement("samlp","RequestedAuthnContext","urn:oasis:names:tc:SAML:2.0:protocol");
+		
+		writer.writeAttribute("Comparison", "exact");
+		writer.writeEndElement();
+		
+		writer.writeStartElement("saml","AuthnContextClassRef","urn:oasis:names:tc:SAML:2.0:assertion");
+		writer.writeNamespace("saml", "urn:oasis:names:tc:SAML:2.0:assertion");
+		writer.writeCharacters("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport");
+		writer.writeEndElement();
+		
+		writer.writeEndElement();
+		writer.flush();		
+		
+		if (format == base64) {
+			byte [] encoded = Base64.encodeBase64Chunked(baos.toByteArray());
+			String result = new String(encoded,Charset.forName("UTF-8"));
+						
+			return result;
+		}
+						
+		return null;
+	}
+	
+ 	public static String getRidOfCRLF(String what) {
+		String lf = "%0D";
+		String cr = "%0A";
+		String now = lf;
+
+		int index = what.indexOf(now);
+		StringBuffer r = new StringBuffer();
+
+		while (index!=-1) {
+			r.append(what.substring(0,index));
+			what = what.substring(index+3,what.length());
+			
+			if (now.equals(lf)) {
+				now = cr;
+			} else {
+				now = lf;
+			}
+			
+			index = what.indexOf(now);
+		}
+		return r.toString();
+	}		
+
+}
diff --git a/com/onelogin/saml/Certificate.java b/com/onelogin/saml/Certificate.java
@@ -0,0 +1,37 @@
+package com.onelogin.saml;
+
+import java.io.ByteArrayInputStream;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+import org.apache.commons.codec.binary.Base64;
+
+public class Certificate {
+
+	private X509Certificate x509Cert;
+	
+	/**
+	 * Loads certificate from a base64 encoded string 
+	 */
+ 	public void loadCertificate(String certificate) throws CertificateException {
+		CertificateFactory fty = CertificateFactory.getInstance("X.509");
+		ByteArrayInputStream bais = new ByteArrayInputStream(Base64.decodeBase64(certificate.getBytes()));
+		x509Cert = (X509Certificate)fty.generateCertificate(bais);
+	}
+	
+	/**
+	 * Loads a certificate from a encoded base64 byte array.
+	 * @param certificate an encoded base64 byte array.
+	 * @throws CertificateException In case it can't load the certificate.
+	 */
+	public void loadCertificate(byte[] certificate) throws CertificateException {
+		CertificateFactory fty = CertificateFactory.getInstance("X.509");
+		ByteArrayInputStream bais = new ByteArrayInputStream(Base64.decodeBase64(certificate));
+		x509Cert = (X509Certificate)fty.generateCertificate(bais);
+	}
+
+	public X509Certificate getX509Cert() {
+		return x509Cert;
+	}						
+}
diff --git a/com/onelogin/saml/Response.java b/com/onelogin/saml/Response.java
@@ -0,0 +1,74 @@
+package com.onelogin.saml;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.commons.codec.binary.Base64;
+import org.w3c.dom.Document;
+import org.w3c.dom.NodeList;
+import org.xml.sax.SAXException;
+
+import com.onelogin.AccountSettings;
+
+public class Response {
+	
+	private Document xmlDoc;
+	private AccountSettings accountSettings;
+	private Certificate certificate;
+	
+	public Response(AccountSettings accountSettings) throws CertificateException {
+		this.accountSettings = accountSettings;
+		certificate = new Certificate();
+		certificate.loadCertificate(this.accountSettings.getCertificate());
+	}
+	
+	public void loadXml(String xml) throws ParserConfigurationException, SAXException, IOException {
+		DocumentBuilderFactory fty = DocumentBuilderFactory.newInstance();
+		fty.setNamespaceAware(true);
+		DocumentBuilder builder = fty.newDocumentBuilder();
+		ByteArrayInputStream bais = new ByteArrayInputStream(xml.getBytes());
+		xmlDoc = builder.parse(bais);		
+	}
+	
+	
+	public void loadXmlFromBase64(String response) throws ParserConfigurationException, SAXException, IOException {
+		Base64 base64 = new Base64();
+		byte [] decodedB = base64.decode(response);		
+		String decodedS = new String(decodedB);				
+		loadXml(decodedS);	
+	}
+	
+	public boolean isValid() throws Exception {
+		NodeList nodes = xmlDoc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
+								
+		if(nodes==null || nodes.getLength()==0){
+			throw new Exception("Can't find signature in document.");
+		}
+		
+		X509Certificate cert = certificate.getX509Cert();		
+		DOMValidateContext ctx = new DOMValidateContext(cert.getPublicKey() , nodes.item(0));				
+		XMLSignatureFactory sigF = XMLSignatureFactory.getInstance("DOM");
+		XMLSignature xmlSignature = sigF.unmarshalXMLSignature(ctx);
+		
+		return xmlSignature.validate(ctx);
+	}
+	
+	public String getNameId() throws Exception {
+		NodeList nodes = xmlDoc.getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:assertion", "NameID");		
+
+		if(nodes.getLength()==0){
+			throw new Exception("No name id found in document");
+		}		
+
+		return nodes.item(0).getTextContent();
+	}
+}
diff --git a/sample/consume.jsp b/sample/consume.jsp
@@ -0,0 +1,45 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ page import="com.onelogin.*,com.onelogin.saml.*,org.apache.log4j.Logger" %>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>SAML Assertion Page</title>
+</head>
+<body>
+<%
+  String certificateS ="MIIBrTCCAaGgAwIBAgIBATADBgEAMGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApD"+
+    "YWxpZm9ybmlhMRUwEwYDVQQHDAxTYW50YSBNb25pY2ExETAPBgNVBAoMCE9uZUxv"+
+    "Z2luMRkwFwYDVQQDDBBhcHAub25lbG9naW4uY29tMB4XDTExMDMxMTAwMjc0OVoX"+
+    "DTE2MDMxMDAwMjc0OVowZzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3Ju"+
+    "aWExFTATBgNVBAcMDFNhbnRhIE1vbmljYTERMA8GA1UECgwIT25lTG9naW4xGTAX"+
+    "BgNVBAMMEGFwcC5vbmVsb2dpbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ"+
+    "AoGBALfqtQf59sdh8AqMtrTMv1wONW53Rj29zzCPy1di3qJZ/PzHvYurTf9GVBz9"+
+    "ZyNLBfkt16dhv/dLTzTxJVAqnKDRcnwhskLvWp+8nPnqnNDsousAYzMs63rYO+/f"+
+    "qdt/19BZrpm7zZI6BWzQKimTLS0gYpgkqbreoKK+AdbbwtyXAgMBAAEwAwYBAAMB"+
+    "AA==";
+
+  AccountSettings accountSettings = new AccountSettings();
+  accountSettings.setCertificate(certificateS);
+
+  Response samlResponse = new Response(accountSettings);
+  samlResponse.loadXmlFromBase64(request.getParameter("SAMLResponse"));
+
+  if(samlResponse.isValid()){
+
+  	java.io.PrintWriter writer = response.getWriter();
+  	writer.write("OK!");
+  	String nameId = samlResponse.getNameId();
+  	writer.write(nameId);
+  	writer.flush();
+	
+  } else {
+
+  	java.io.PrintWriter writer = response.getWriter();
+  	writer.write("Failed");
+  	writer.flush();
+
+  }
+%>
+</body>
+</html>
diff --git a/sample/index.jsp b/sample/index.jsp
@@ -0,0 +1,23 @@
+<%@page import="java.net.URLEncoder,org.apache.log4j.Logger"%>
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ page import="com.onelogin.saml.*,com.onelogin.*" %>
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Auth Request</title>
+<%
+  AppSettings appSettings = new AppSettings();
+  appSettings.setAssertionConsumerServiceUrl("http://68.169.49.120:8080/testOneLogin/consume.jsp");
+  appSettings.setIssuer("user@onelogin.com");
+  AccountSettings accSettings = new AccountSettings();
+  accSettings.setIdp_sso_target_url("https://app.onelogin.com/saml/signon/20956");
+  AuthRequest authReq = new AuthRequest(appSettings, accSettings);
+  String reqString = accSettings.getIdp_sso_target_url()+"?SAMLRequest=" + AuthRequest.getRidOfCRLF(URLEncoder.encode(authReq.getRequest(AuthRequest.base64),"UTF-8"));
+  response.sendRedirect(reqString);
+%>
+</head>
+<body>
+
+</body>
+</html>
