Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
MaxKey单点登录官方(MaxKeyTop)
MaxKey
提交
b0c6fcbf
MaxKey
项目概览
MaxKey单点登录官方(MaxKeyTop)
/
MaxKey
8 个月 前同步成功
通知
75
Star
3
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
1
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
MaxKey
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
1
Issue
1
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
b0c6fcbf
编写于
12月 08, 2020
作者:
MaxKey单点登录官方
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
opensaml3.4.5
上级
07392156
变更
8
隐藏空白更改
内联
并排
Showing
8 changed file
with
71 addition
and
22 deletion
+71
-22
build.gradle
build.gradle
+3
-3
gradle.properties
gradle.properties
+1
-1
maxkey-core/src/main/java/org/maxkey/pretty/impl/XMLHelper.java
...-core/src/main/java/org/maxkey/pretty/impl/XMLHelper.java
+40
-0
maxkey-core/src/test/java/org/maxkey/util/XMLHelperTest.java
maxkey-core/src/test/java/org/maxkey/util/XMLHelperTest.java
+1
-0
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml/common/SignatureSecurityPolicyRule.java
...maxkey/authz/saml/common/SignatureSecurityPolicyRule.java
+6
-2
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/binding/decoder/OpenHTTPPostDecoder.java
...key/authz/saml20/binding/decoder/OpenHTTPPostDecoder.java
+3
-3
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/binding/decoder/OpenHTTPPostSimpleSignDecoder.java
...saml20/binding/decoder/OpenHTTPPostSimpleSignDecoder.java
+5
-3
maxkey-web-maxkey/src/main/java/org/maxkey/autoconfigure/Saml20AutoConfiguration.java
...ava/org/maxkey/autoconfigure/Saml20AutoConfiguration.java
+12
-10
未找到文件。
build.gradle
浏览文件 @
b0c6fcbf
...
...
@@ -31,13 +31,13 @@ allprojects {
compileJava
.
options
.
encoding
=
'UTF-8'
eclipse
{
/*第一次时请注释这段eclipse设置,可能报错
*/
/*第一次时请注释这段eclipse设置,可能报错
jdt {
File f = file('.settings/org.eclipse.core.resources.prefs')
f.write('eclipse.preferences.version=1\n')
f.append('encoding/<project>=UTF-8') //use UTF-8
}
*/
/*
wtp {
...
...
@@ -228,7 +228,7 @@ subprojects {
compile
group:
'org.opensaml'
,
name:
'opensaml-security-impl'
,
version:
"${opensamlVersion}"
compile
group:
'org.opensaml'
,
name:
'opensaml-xmlsec-api'
,
version:
"${opensamlVersion}"
compile
group:
'org.opensaml'
,
name:
'opensaml-xmlsec-impl'
,
version:
"${opensamlVersion}"
compile
group:
'net.shibboleth.utilities'
,
name:
'java-support'
,
version:
'
8.1.0
'
compile
group:
'net.shibboleth.utilities'
,
name:
'java-support'
,
version:
'
7.5.1
'
//jose-jwt
compile
group:
'com.nimbusds'
,
name:
'nimbus-jose-jwt'
,
version:
'9.0.1'
...
...
gradle.properties
浏览文件 @
b0c6fcbf
...
...
@@ -15,4 +15,4 @@ jacksonVersion =2.11.2
bouncycastleVersion
=
1.64
httpcomponentsVersion
=
4.5.12
poiVersion
=
4.1.2
opensamlVersion
=
4.0.1
opensamlVersion
=
3.4.5
maxkey-core/src/main/java/org/maxkey/pretty/impl/XMLHelper.java
浏览文件 @
b0c6fcbf
...
...
@@ -8,10 +8,18 @@ import java.util.Map;
import
javax.xml.parsers.DocumentBuilder
;
import
javax.xml.parsers.DocumentBuilderFactory
;
import
javax.xml.transform.OutputKeys
;
import
javax.xml.transform.Transformer
;
import
javax.xml.transform.TransformerConfigurationException
;
import
javax.xml.transform.TransformerException
;
import
javax.xml.transform.TransformerFactory
;
import
javax.xml.transform.dom.DOMSource
;
import
javax.xml.transform.stream.StreamResult
;
import
org.w3c.dom.DOMConfiguration
;
import
org.w3c.dom.DOMImplementation
;
import
org.w3c.dom.Document
;
import
org.w3c.dom.Element
;
import
org.w3c.dom.Node
;
import
org.w3c.dom.ls.DOMImplementationLS
;
import
org.w3c.dom.ls.LSOutput
;
...
...
@@ -206,5 +214,37 @@ public class XMLHelper {
return
domImplLS
;
}
public
static
String
transformer
(
Element
element
)
{
String
xmlString
=
null
;
try
{
Transformer
transformer
=
TransformerFactory
.
newInstance
().
newTransformer
();
transformer
.
setOutputProperty
(
OutputKeys
.
INDENT
,
"yes"
);
transformer
.
setOutputProperty
(
"{http://xml.apache.org/xslt}indent-amount"
,
"4"
);
StreamResult
result
=
new
StreamResult
(
new
StringWriter
());
DOMSource
source
=
new
DOMSource
(
element
);
transformer
.
transform
(
source
,
result
);
xmlString
=
result
.
getWriter
().
toString
();
}
catch
(
TransformerConfigurationException
e
)
{
e
.
printStackTrace
();
}
catch
(
TransformerException
e
)
{
e
.
printStackTrace
();
}
return
xmlString
;
}
public
static
String
transformer
(
String
xmlString
){
try
{
DocumentBuilderFactory
documentBuilderFactory
=
DocumentBuilderFactory
.
newInstance
();
DocumentBuilder
documentBuilder
=
documentBuilderFactory
.
newDocumentBuilder
();
Document
document
=
documentBuilder
.
parse
(
new
InputSource
(
new
StringReader
(
xmlString
)));
return
transformer
(
document
.
getDocumentElement
());
}
catch
(
Exception
e
){
e
.
printStackTrace
();
return
null
;
}
}
}
maxkey-core/src/test/java/org/maxkey/util/XMLHelperTest.java
浏览文件 @
b0c6fcbf
...
...
@@ -25,6 +25,7 @@ public class XMLHelperTest {
public
void
testSqlFormat
()
{
String
sqlString
=
"<?xml version=\"1.0\" encoding=\"UTF-8\"?><xml><data><name>maxkey</name><age v=\"20\"/></data></xml>"
;
System
.
out
.
println
(
XMLHelper
.
prettyPrintXML
(
sqlString
));
System
.
out
.
println
(
XMLHelper
.
transformer
(
sqlString
));
}
}
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml/common/SignatureSecurityPolicyRule.java
浏览文件 @
b0c6fcbf
...
...
@@ -19,17 +19,21 @@
package
org.maxkey.authz.saml.common
;
import
org.opensaml.core.config.Configuration
;
import
org.opensaml.core.criterion.EntityIdCriterion
;
import
org.opensaml.messaging.context.MessageContext
;
import
org.opensaml.saml.common.SignableSAMLObject
;
import
org.opensaml.saml.security.impl.SAMLSignatureProfileValidator
;
import
org.opensaml.security.credential.CredentialResolver
;
import
org.opensaml.security.credential.UsageType
;
import
org.opensaml.security.criteria.UsageCriterion
;
import
org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver
;
import
org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.beans.factory.InitializingBean
;
import
net.shibboleth.utilities.java.support.resolver.CriteriaSet
;
/**
* Rule to check that the message has been signed by an issuer that has credentials
* in the keystore.
...
...
@@ -95,9 +99,9 @@ public class SignatureSecurityPolicyRule implements InitializingBean, SecurityP
CriteriaSet
criteriaSet
=
new
CriteriaSet
();
logger
.
debug
(
"Inbound issuer is {}"
,
messageContext
.
getInboundMessageIssuer
());
//https://localhost-dev-ed.my.salesforce.com
criteriaSet
.
add
(
new
EntityI
DCriteria
(
messageContext
.
getInboundMessageIssuer
()));
criteriaSet
.
add
(
new
EntityI
dCriterion
(
messageContext
.
getInboundMessageIssuer
()));
//criteriaSet.add( new EntityIDCriteria("https://localhost-dev-ed.my.salesforce.com"));
criteriaSet
.
add
(
new
UsageCriteri
a
(
UsageType
.
SIGNING
)
);
criteriaSet
.
add
(
new
UsageCriteri
on
(
UsageType
.
SIGNING
)
);
try
{
if
(!
trustEngine
.
validate
(
samlMessage
.
getSignature
(),
criteriaSet
))
{
...
...
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/binding/decoder/OpenHTTPPostDecoder.java
浏览文件 @
b0c6fcbf
...
...
@@ -37,7 +37,7 @@ public class OpenHTTPPostDecoder extends HTTPPostDecoder {
}
public
OpenHTTPPostDecoder
(
ParserPool
pool
)
{
super
(
pool
);
}
/**
...
...
@@ -79,7 +79,7 @@ public class OpenHTTPPostDecoder extends HTTPPostDecoder {
log
.
debug
(
"Intended message destination endpoint: {}"
,
messageDestination
);
log
.
debug
(
"Actual message receiver endpoint: {}"
,
receiverEndpoint
);
//
鍗忚澶寸粺涓�锛坔ttp鎴杊ttps锛岄渶瑕佸拰destination缁熶竴锛
�
//
閸楀繗顔呮径瀵哥埠娑擄拷閿涘潝ttp閹存潑ttps閿涘矂娓剁憰浣告嫲destination缂佺喍绔撮敍锟
�
if
(
messageDestination
.
indexOf
(
"/"
)
!=
-
1
&&
receiverEndpoint
.
indexOf
(
"/"
)
!=
-
1
)
{
if
(!
messageDestination
.
substring
(
0
,
messageDestination
.
indexOf
(
"/"
))
.
equalsIgnoreCase
(
receiverEndpoint
.
substring
(
0
,
receiverEndpoint
.
indexOf
(
"/"
))))
{
...
...
@@ -108,7 +108,7 @@ public class OpenHTTPPostDecoder extends HTTPPostDecoder {
StringBuffer
urlBuilder
=
httpRequest
.
getRequestURL
();
String
tempUrl
=
urlBuilder
.
toString
();
//
浠巋ttp鍗忚澶村紑濮嬶紝璺宠繃鍓嶉潰涓や釜鏂滄潬
//
娴犲穻ttp閸楀繗顔呮径鏉戠磻婵绱濈捄瀹犵箖閸撳秹娼版稉銈勯嚋閺傛粍娼�
tempUrl
=
tempUrl
.
substring
(
tempUrl
.
indexOf
(
"/"
,
8
)
+
1
);
return
receiverEndpoint
+
tempUrl
;
}
...
...
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/binding/decoder/OpenHTTPPostSimpleSignDecoder.java
浏览文件 @
b0c6fcbf
...
...
@@ -25,6 +25,8 @@ import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostSimpleSignDecoder;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
net.shibboleth.utilities.java.support.xml.ParserPool
;
public
class
OpenHTTPPostSimpleSignDecoder
extends
HTTPPostSimpleSignDecoder
{
private
final
Logger
log
=
LoggerFactory
.
getLogger
(
OpenHTTPPostSimpleSignDecoder
.
class
);
...
...
@@ -35,7 +37,7 @@ public class OpenHTTPPostSimpleSignDecoder extends HTTPPostSimpleSignDecoder {
}
public
OpenHTTPPostSimpleSignDecoder
(
ParserPool
pool
)
{
super
(
pool
);
}
/**
...
...
@@ -80,7 +82,7 @@ public class OpenHTTPPostSimpleSignDecoder extends HTTPPostSimpleSignDecoder {
log
.
debug
(
"Intended message destination endpoint: {}"
,
messageDestination
);
log
.
debug
(
"Actual message receiver endpoint: {}"
,
receiverEndpoint
);
//
鍗忚澶寸粺涓�锛坔ttp鎴杊ttps锛岄渶瑕佸拰destination缁熶竴锛
�
//
閸楀繗顔呮径瀵哥埠娑擄拷閿涘潝ttp閹存潑ttps閿涘矂娓剁憰浣告嫲destination缂佺喍绔撮敍锟
�
if
(
messageDestination
.
indexOf
(
"/"
)
!=
-
1
&&
receiverEndpoint
.
indexOf
(
"/"
)
!=
-
1
)
{
if
(!
messageDestination
.
substring
(
0
,
messageDestination
.
indexOf
(
"/"
))
...
...
@@ -114,7 +116,7 @@ public class OpenHTTPPostSimpleSignDecoder extends HTTPPostSimpleSignDecoder {
StringBuffer
urlBuilder
=
httpRequest
.
getRequestURL
();
String
tempUrl
=
urlBuilder
.
toString
();
//
浠巋ttp鍗忚澶村紑濮嬶紝璺宠繃鍓嶉潰涓や釜鏂滄潬
//
娴犲穻ttp閸楀繗顔呮径鏉戠磻婵绱濈捄瀹犵箖閸撳秹娼版稉銈勯嚋閺傛粍娼�
tempUrl
=
tempUrl
.
substring
(
tempUrl
.
indexOf
(
"/"
,
8
)
+
1
);
return
receiverEndpoint
+
tempUrl
;
}
...
...
maxkey-web-maxkey/src/main/java/org/maxkey/autoconfigure/Saml20AutoConfiguration.java
浏览文件 @
b0c6fcbf
...
...
@@ -37,12 +37,8 @@ import org.maxkey.authz.saml20.xml.SAML2ValidatorSuite;
import
org.maxkey.constants.ConstantsProperties
;
import
org.maxkey.crypto.keystore.KeyStoreLoader
;
import
org.maxkey.domain.Saml20Metadata
;
import
org.opensaml.common.binding.security.IssueInstantRule
;
import
org.opensaml.common.binding.security.MessageReplayRule
;
import
org.opensaml.util.storage.MapBasedStorageService
;
import
org.opensaml.util.storage.ReplayCache
;
import
org.opensaml.xml.ConfigurationException
;
import
org.opensaml.xml.parse.BasicParserPool
;
import
org.opensaml.core.config.InitializationException
;
import
org.opensaml.core.config.InitializationService
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.beans.factory.InitializingBean
;
...
...
@@ -53,6 +49,8 @@ import org.springframework.context.annotation.Configuration;
import
org.springframework.context.annotation.PropertySource
;
import
org.springframework.ui.velocity.VelocityEngineFactoryBean
;
import
net.shibboleth.utilities.java.support.xml.BasicParserPool
;
@Configuration
@ComponentScan
(
basePackages
=
{
"org.maxkey.authz.saml20.provider.endpoint"
,
...
...
@@ -68,10 +66,14 @@ public class Saml20AutoConfiguration implements InitializingBean {
* @return samlBootstrapInitializer
* @throws ConfigurationException
*/
@Bean
(
name
=
"samlBootstrapInitializer"
)
public
String
samlBootstrapInitializer
()
throws
ConfigurationException
{
org
.
opensaml
.
DefaultBootstrap
.
bootstrap
();
return
""
;
@Bean
(
name
=
"samlBootstrapInitializationService"
)
public
String
samlBootstrapInitializer
()
throws
InitializationException
{
try
{
InitializationService
.
initialize
();
}
catch
(
final
InitializationException
e
)
{
throw
new
RuntimeException
(
"Exception initializing OpenSAML"
,
e
);
}
return
"InitializationService"
;
}
/**
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录