From b0c6fcbfb9e65ecbc036f66f0557f802639a291e Mon Sep 17 00:00:00 2001
From: "Crystal.Sea" <shimingxy@163.com>
Date: Tue, 8 Dec 2020 07:55:30 +0800
Subject: [PATCH] opensaml3.4.5

---
 build.gradle                                  |  6 +--
 gradle.properties                             |  2 +-
 .../org/maxkey/pretty/impl/XMLHelper.java     | 40 +++++++++++++++++++
 .../java/org/maxkey/util/XMLHelperTest.java   |  1 +
 .../common/SignatureSecurityPolicyRule.java   |  8 +++-
 .../binding/decoder/OpenHTTPPostDecoder.java  |  6 +--
 .../OpenHTTPPostSimpleSignDecoder.java        |  8 ++--
 .../Saml20AutoConfiguration.java              | 22 +++++-----
 8 files changed, 71 insertions(+), 22 deletions(-)

diff --git a/build.gradle b/build.gradle
index 8516cc845..1939ef11a 100644
--- a/build.gradle
+++ b/build.gradle
@@ -31,13 +31,13 @@ allprojects {
 	compileJava.options.encoding = 'UTF-8'
 	
 	eclipse {
-		/*第一次时请注释这段eclipse设置，可能报错*/
+		/*第一次时请注释这段eclipse设置，可能报错
 		jdt  {
 		    File f = file('.settings/org.eclipse.core.resources.prefs')
 		    f.write('eclipse.preferences.version=1\n')
 		    f.append('encoding/<project>=UTF-8') //use UTF-8
 		}
-		
+		*/
 		
 		/*
 		wtp {
@@ -228,7 +228,7 @@ subprojects {
 		 compile group: 'org.opensaml', name: 'opensaml-security-impl', version: "${opensamlVersion}"
 		 compile group: 'org.opensaml', name: 'opensaml-xmlsec-api', version: "${opensamlVersion}"
 		 compile group: 'org.opensaml', name: 'opensaml-xmlsec-impl', version: "${opensamlVersion}"
-		 compile group: 'net.shibboleth.utilities', name: 'java-support', version: '8.1.0'
+		 compile group: 'net.shibboleth.utilities', name: 'java-support', version: '7.5.1'
          
 		 //jose-jwt
          compile group: 'com.nimbusds', name: 'nimbus-jose-jwt', version: '9.0.1'
diff --git a/gradle.properties b/gradle.properties
index 9c28986bf..2a06e78ba 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -15,4 +15,4 @@ jacksonVersion		 	=2.11.2
 bouncycastleVersion	 	=1.64
 httpcomponentsVersion	=4.5.12
 poiVersion	 			=4.1.2
-opensamlVersion			=4.0.1
+opensamlVersion			=3.4.5
diff --git a/maxkey-core/src/main/java/org/maxkey/pretty/impl/XMLHelper.java b/maxkey-core/src/main/java/org/maxkey/pretty/impl/XMLHelper.java
index f300a3ca9..d56f1f144 100644
--- a/maxkey-core/src/main/java/org/maxkey/pretty/impl/XMLHelper.java
+++ b/maxkey-core/src/main/java/org/maxkey/pretty/impl/XMLHelper.java
@@ -8,10 +8,18 @@ import java.util.Map;
 
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
 
 import org.w3c.dom.DOMConfiguration;
 import org.w3c.dom.DOMImplementation;
 import org.w3c.dom.Document;
+import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.ls.DOMImplementationLS;
 import org.w3c.dom.ls.LSOutput;
@@ -206,5 +214,37 @@ public class XMLHelper {
         return domImplLS;
     }
     
+    public static String transformer(Element element) {
+        
+        String xmlString = null;
+        try {
+            Transformer transformer = TransformerFactory.newInstance().newTransformer();
+            transformer.setOutputProperty(OutputKeys.INDENT, "yes");
+            transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
+            StreamResult result = new StreamResult(new StringWriter());
+            DOMSource source = new DOMSource(element);
+    
+            transformer.transform(source, result);
+            xmlString = result.getWriter().toString();
+    
+        } catch (TransformerConfigurationException e) {
+            e.printStackTrace();
+        } catch (TransformerException e) {
+            e.printStackTrace();
+        }
+        return xmlString;
+    }
+    
+    public static String transformer(String xmlString){
+        try{
+            DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
+            DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
+            Document document = documentBuilder.parse(new InputSource(new StringReader(xmlString)));
+            return transformer(document.getDocumentElement());
+        }catch(Exception e){
+            e.printStackTrace();
+            return null;
+        }
+    }
     
 }
diff --git a/maxkey-core/src/test/java/org/maxkey/util/XMLHelperTest.java b/maxkey-core/src/test/java/org/maxkey/util/XMLHelperTest.java
index 170218a0c..2aeb18174 100644
--- a/maxkey-core/src/test/java/org/maxkey/util/XMLHelperTest.java
+++ b/maxkey-core/src/test/java/org/maxkey/util/XMLHelperTest.java
@@ -25,6 +25,7 @@ public class XMLHelperTest {
 	public void testSqlFormat()  {
 		String sqlString="<?xml version=\"1.0\" encoding=\"UTF-8\"?><xml><data><name>maxkey</name><age v=\"20\"/></data></xml>";
 		System.out.println(XMLHelper.prettyPrintXML(sqlString));
+		System.out.println(XMLHelper.transformer(sqlString));
 	}
     
 }
diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml/common/SignatureSecurityPolicyRule.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml/common/SignatureSecurityPolicyRule.java
index c3f63d303..13e2d9c95 100644
--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml/common/SignatureSecurityPolicyRule.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml/common/SignatureSecurityPolicyRule.java
@@ -19,17 +19,21 @@
 package org.maxkey.authz.saml.common;
 
 import org.opensaml.core.config.Configuration;
+import org.opensaml.core.criterion.EntityIdCriterion;
 import org.opensaml.messaging.context.MessageContext;
 import org.opensaml.saml.common.SignableSAMLObject;
 import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
 import org.opensaml.security.credential.CredentialResolver;
 import org.opensaml.security.credential.UsageType;
+import org.opensaml.security.criteria.UsageCriterion;
 import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
 import org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.InitializingBean;
 
+import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
+
 /**
 * Rule to check that the message has been signed by an issuer that has credentials
 * in the keystore.
@@ -95,9 +99,9 @@ public class SignatureSecurityPolicyRule  implements InitializingBean, SecurityP
 		CriteriaSet criteriaSet = new CriteriaSet();
 		logger.debug("Inbound issuer is {}", messageContext.getInboundMessageIssuer());
 		//https://localhost-dev-ed.my.salesforce.com
-		criteriaSet.add( new EntityIDCriteria(messageContext.getInboundMessageIssuer()));	
+		criteriaSet.add( new EntityIdCriterion(messageContext.getInboundMessageIssuer()));	
 		//criteriaSet.add( new EntityIDCriteria("https://localhost-dev-ed.my.salesforce.com"));
-		criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
+		criteriaSet.add( new UsageCriterion(UsageType.SIGNING) );
 
 		try {
 			if (!trustEngine.validate( samlMessage.getSignature(), criteriaSet)) {
diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/binding/decoder/OpenHTTPPostDecoder.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/binding/decoder/OpenHTTPPostDecoder.java
index ab17ee992..e7bb67703 100644
--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/binding/decoder/OpenHTTPPostDecoder.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/binding/decoder/OpenHTTPPostDecoder.java
@@ -37,7 +37,7 @@ public class OpenHTTPPostDecoder extends HTTPPostDecoder {
     }
 
     public OpenHTTPPostDecoder(ParserPool pool) {
-        super(pool);
+       
     }
 
     /**
@@ -79,7 +79,7 @@ public class OpenHTTPPostDecoder extends HTTPPostDecoder {
         log.debug("Intended message destination endpoint: {}", messageDestination);
         log.debug("Actual message receiver endpoint: {}", receiverEndpoint);
 
-        // 鍗忚澶寸粺涓�锛坔ttp鎴杊ttps锛岄渶瑕佸拰destination缁熶竴锛�
+        // 閸楀繗顔呮径瀵哥埠娑擄拷閿涘潝ttp閹存潑ttps閿涘矂娓剁憰浣告嫲destination缂佺喍绔撮敍锟�
         if (messageDestination.indexOf("/") != -1 && receiverEndpoint.indexOf("/") != -1) {
             if (!messageDestination.substring(0, messageDestination.indexOf("/"))
                     .equalsIgnoreCase(receiverEndpoint.substring(0, receiverEndpoint.indexOf("/")))) {
@@ -108,7 +108,7 @@ public class OpenHTTPPostDecoder extends HTTPPostDecoder {
         StringBuffer urlBuilder = httpRequest.getRequestURL();
 
         String tempUrl = urlBuilder.toString();
-        // 浠巋ttp鍗忚澶村紑濮嬶紝璺宠繃鍓嶉潰涓や釜鏂滄潬
+        // 娴犲穻ttp閸楀繗顔呮径鏉戠磻婵绱濈捄瀹犵箖閸撳秹娼版稉銈勯嚋閺傛粍娼�
         tempUrl = tempUrl.substring(tempUrl.indexOf("/", 8) + 1);
         return receiverEndpoint + tempUrl;
     }
diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/binding/decoder/OpenHTTPPostSimpleSignDecoder.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/binding/decoder/OpenHTTPPostSimpleSignDecoder.java
index aed168ff6..700a5f9fa 100644
--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/binding/decoder/OpenHTTPPostSimpleSignDecoder.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/binding/decoder/OpenHTTPPostSimpleSignDecoder.java
@@ -25,6 +25,8 @@ import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostSimpleSignDecoder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import net.shibboleth.utilities.java.support.xml.ParserPool;
+
 public class OpenHTTPPostSimpleSignDecoder extends HTTPPostSimpleSignDecoder {
 	private final Logger log = LoggerFactory.getLogger(OpenHTTPPostSimpleSignDecoder.class);
 
@@ -35,7 +37,7 @@ public class OpenHTTPPostSimpleSignDecoder extends HTTPPostSimpleSignDecoder {
 	}
 
 	public OpenHTTPPostSimpleSignDecoder(ParserPool pool) {
-		super(pool);
+
 	}
 
 	/**
@@ -80,7 +82,7 @@ public class OpenHTTPPostSimpleSignDecoder extends HTTPPostSimpleSignDecoder {
 		log.debug("Intended message destination endpoint: {}",messageDestination);
 		log.debug("Actual message receiver endpoint: {}", receiverEndpoint);
 
-		// 鍗忚澶寸粺涓�锛坔ttp鎴杊ttps锛岄渶瑕佸拰destination缁熶竴锛�
+		// 閸楀繗顔呮径瀵哥埠娑擄拷閿涘潝ttp閹存潑ttps閿涘矂娓剁憰浣告嫲destination缂佺喍绔撮敍锟�
 		if (messageDestination.indexOf("/") != -1
 				&& receiverEndpoint.indexOf("/") != -1) {
 			if (!messageDestination.substring(0,messageDestination.indexOf("/"))
@@ -114,7 +116,7 @@ public class OpenHTTPPostSimpleSignDecoder extends HTTPPostSimpleSignDecoder {
 		StringBuffer urlBuilder = httpRequest.getRequestURL();
 
 		String tempUrl = urlBuilder.toString();
-		// 浠巋ttp鍗忚澶村紑濮嬶紝璺宠繃鍓嶉潰涓や釜鏂滄潬
+		// 娴犲穻ttp閸楀繗顔呮径鏉戠磻婵绱濈捄瀹犵箖閸撳秹娼版稉銈勯嚋閺傛粍娼�
 		tempUrl = tempUrl.substring(tempUrl.indexOf("/", 8) + 1);
 		return receiverEndpoint + tempUrl;
 	}
diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/autoconfigure/Saml20AutoConfiguration.java b/maxkey-web-maxkey/src/main/java/org/maxkey/autoconfigure/Saml20AutoConfiguration.java
index fb6511f08..8fe03f273 100644
--- a/maxkey-web-maxkey/src/main/java/org/maxkey/autoconfigure/Saml20AutoConfiguration.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/autoconfigure/Saml20AutoConfiguration.java
@@ -37,12 +37,8 @@ import org.maxkey.authz.saml20.xml.SAML2ValidatorSuite;
 import org.maxkey.constants.ConstantsProperties;
 import org.maxkey.crypto.keystore.KeyStoreLoader;
 import org.maxkey.domain.Saml20Metadata;
-import org.opensaml.common.binding.security.IssueInstantRule;
-import org.opensaml.common.binding.security.MessageReplayRule;
-import org.opensaml.util.storage.MapBasedStorageService;
-import org.opensaml.util.storage.ReplayCache;
-import org.opensaml.xml.ConfigurationException;
-import org.opensaml.xml.parse.BasicParserPool;
+import org.opensaml.core.config.InitializationException;
+import org.opensaml.core.config.InitializationService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.InitializingBean;
@@ -53,6 +49,8 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
 import org.springframework.ui.velocity.VelocityEngineFactoryBean;
 
+import net.shibboleth.utilities.java.support.xml.BasicParserPool;
+
 @Configuration
 @ComponentScan(basePackages = {
         "org.maxkey.authz.saml20.provider.endpoint",
@@ -68,10 +66,14 @@ public class Saml20AutoConfiguration implements InitializingBean {
      * @return samlBootstrapInitializer
      * @throws ConfigurationException 
      */
-    @Bean(name = "samlBootstrapInitializer")
-    public String samlBootstrapInitializer() throws ConfigurationException {
-        org.opensaml.DefaultBootstrap.bootstrap();
-        return "";
+    @Bean(name = "samlBootstrapInitializationService")
+    public String samlBootstrapInitializer() throws InitializationException {
+        try {
+            InitializationService.initialize();
+        } catch (final InitializationException e) {
+            throw new RuntimeException("Exception initializing OpenSAML", e);
+        }
+        return "InitializationService";
     }
     
     /**
-- 
GitLab