Updated pom/saml

US-ELRR · May 30, 2024 · d1cc166 · d1cc166
1 parent a34eadf
commit d1cc166
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 5 deletions.
diff --git a/src/main/java/com/deloitte/elrr/CacheConfig.java b/src/main/java/com/deloitte/elrr/CacheConfig.java
@@ -6,12 +6,19 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.saml2.core.Saml2X509Credential;
 import org.springframework.security.saml2.provider.service.registration.InMemoryRelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrations;
 import org.springframework.security.web.SecurityFilterChain;
 import static org.springframework.security.config.Customizer.withDefaults;
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+import java.security.cert.X509Certificate;
+import java.security.cert.CertificateFactory;
+
+import java.io.InputStream;
 
 @Slf4j
 @Configuration
@@ -22,12 +29,22 @@ public class CacheConfig {
 	private String samlid;
 	@Value("${lrs.samlurl}")
 	private String samlurl;
+
 	@Bean
 	public RelyingPartyRegistrationRepository relyingPartyRegistrations() throws Exception {
-		RelyingPartyRegistration relyingPartyRegistration = RelyingPartyRegistrations
-				.fromMetadataLocation(samlurl).registrationId(samlid).build();
 
-		return new InMemoryRelyingPartyRegistrationRepository(relyingPartyRegistration);
+		Resource resource = new ClassPathResource("mocksaml.crt");
+		try (InputStream is = resource.getInputStream()) {
+			X509Certificate certificate = (X509Certificate) CertificateFactory.getInstance("X.509")
+					.generateCertificate(is);
+			// Saml2X509Credential.verification(certificate);
+
+			RelyingPartyRegistration relyingPartyRegistration = RelyingPartyRegistrations
+					.fromMetadataLocation(samlurl).registrationId(samlid)
+					.signingX509Credentials((signing) -> signing.add(Saml2X509Credential.verification(certificate))).build();
+
+			return new InMemoryRelyingPartyRegistrationRepository(relyingPartyRegistration);
+		}
 	}
 
 	@Bean

diff --git a/src/main/resources/application-local.properties b/src/main/resources/application-local.properties
@@ -11,7 +11,7 @@ lrs.url=ENC(TKizOCFQLrB9Inn7WSwf7VL4pApgBW4b3srw0bYT4f8X6gZD2s2fjt6GANLa59L57qEX
 lrs.username=ENC(SBKUQHXtVO0crH+J98hBcx/FW+s4WfJyMvxqEuNS//aHJ2V4BE9rT0QrbkIqERqz2dcKlK49m8UVHuKRmzNW8eEIef+MeznReyHxu7i9vHg=)
 lrs.password=ENC(OkZckJquUf+sH9pdcvAt/+yyDS7Mpf67RwPUgnLMErzAl1GXRQkhwHdX8O29x/yVW0Zoh8CVmStR3VXM5zFUxQQmJ0N2Qp/uGBktp3pL2AajEMehsiphEdS6X+TZq+WPh5RMFRdtFpQD7PhdqY4NYg==)
 
-lrs.samlurl=https://saml.deloitteopenlxp.com/realms/master/protocol/saml/descriptor
+lrs.samlurl=https://mocksaml.com/api/saml/metadata
 lrs.samlid=samltest
 
 jasypt.encryptor.algorithm=PBEWithHMACSHA512AndAES_256

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -17,7 +17,7 @@ lrs.url=ENC(TKizOCFQLrB9Inn7WSwf7VL4pApgBW4b3srw0bYT4f8X6gZD2s2fjt6GANLa59L57qEX
 lrs.username=ENC(SBKUQHXtVO0crH+J98hBcx/FW+s4WfJyMvxqEuNS//aHJ2V4BE9rT0QrbkIqERqz2dcKlK49m8UVHuKRmzNW8eEIef+MeznReyHxu7i9vHg=)
 lrs.password=ENC(OkZckJquUf+sH9pdcvAt/+yyDS7Mpf67RwPUgnLMErzAl1GXRQkhwHdX8O29x/yVW0Zoh8CVmStR3VXM5zFUxQQmJ0N2Qp/uGBktp3pL2AajEMehsiphEdS6X+TZq+WPh5RMFRdtFpQD7PhdqY4NYg==)
 
-lrs.samlurl=https://saml.deloitteopenlxp.com/realms/master/protocol/saml/descriptor
+lrs.samlurl=https://mocksaml.com/api/saml/metadata
 lrs.samlid=samltest
 
 jasypt.encryptor.algorithm=PBEWithHMACSHA512AndAES_256

diff --git a/src/main/resources/mocksaml.crt b/src/main/resources/mocksaml.crt
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4jCCAcoCCQC33wnybT5QZDANBgkqhkiG9w0BAQsFADAyMQswCQYDVQQGEwJV
+SzEPMA0GA1UECgwGQm94eUhRMRIwEAYDVQQDDAlNb2NrIFNBTUwwIBcNMjIwMjI4
+MjE0NjM4WhgPMzAyMTA3MDEyMTQ2MzhaMDIxCzAJBgNVBAYTAlVLMQ8wDQYDVQQK
+DAZCb3h5SFExEjAQBgNVBAMMCU1vY2sgU0FNTDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALGfYettMsct1T6tVUwTudNJH5Pnb9GGnkXi9Zw/e6x45DD0
+RuRONbFlJ2T4RjAE/uG+AjXxXQ8o2SZfb9+GgmCHuTJFNgHoZ1nFVXCmb/Hg8Hpd
+4vOAGXndixaReOiq3EH5XvpMjMkJ3+8+9VYMzMZOjkgQtAqO36eAFFfNKX7dTj3V
+pwLkvz6/KFCq8OAwY+AUi4eZm5J57D31GzjHwfjH9WTeX0MyndmnNB1qV75qQR3b
+2/W5sGHRv+9AarggJkF+ptUkXoLtVA51wcfYm6hILptpde5FQC8RWY1YrswBWAEZ
+NfyrR4JeSweElNHg4NVOs4TwGjOPwWGqzTfgTlECAwEAATANBgkqhkiG9w0BAQsF
+AAOCAQEAAYRlYflSXAWoZpFfwNiCQVE5d9zZ0DPzNdWhAybXcTyMf0z5mDf6FWBW
+5Gyoi9u3EMEDnzLcJNkwJAAc39Apa4I2/tml+Jy29dk8bTyX6m93ngmCgdLh5Za4
+khuU3AM3L63g7VexCuO7kwkjh/+LqdcIXsVGO6XDfu2QOs1Xpe9zIzLpwm/RNYeX
+UjbSj5ce/jekpAw7qyVVL4xOyh8AtUW1ek3wIw1MJvEgEPt0d16oshWJpoS1OT8L
+r/22SvYEo3EmSGdTVGgk3x3s+A0qWAqTcyjr7Q4s/GKYRFfomGwz0TZ4Iw1ZN99M
+m0eo2USlSRTVl7QHRTuiuSThHpLKQQ==
+-----END CERTIFICATE-----