Add open-saml

Author: jbeers

java/cbsso-opensaml/.gitattributes

@@ -0,0 +1,9 @@
+#
+# https://help.github.com/articles/dealing-with-line-endings/
+#
+# Linux start script should use lf
+/gradlew        text eol=lf
+
+# These are Windows script files and should use crlf
+*.bat           text eol=crlf
+

java/cbsso-opensaml/.gitignore

@@ -0,0 +1,5 @@
+# Ignore Gradle project-specific cache directory
+.gradle
+
+# Ignore Gradle build output directory
+build

java/cbsso-opensaml/app/build.gradle

@@ -0,0 +1,54 @@
+/*
+ * This file was generated by the Gradle 'init' task.
+ *
+ * This generated file contains a sample Java application project to get you started.
+ * For more details on building Java & JVM projects, please refer to https://docs.gradle.org/8.8/userguide/building_java_projects.html in the Gradle documentation.
+ */
+
+plugins {
+    // Apply the application plugin to add support for building a CLI application in Java.
+    id 'application'
+}
+
+repositories {
+    // Use Maven Central for resolving dependencies.
+    mavenCentral()
+}
+
+dependencies {
+    // Use JUnit Jupiter for testing.
+    testImplementation libs.junit.jupiter
+
+    testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
+
+    // This dependency is used by the application.
+    implementation libs.guava
+
+    implementation "org.opensaml:opensaml-core:$opensamlVersion"
+    implementation "org.opensaml:opensaml-saml-impl:$opensamlVersion"
+    implementation "org.opensaml:opensaml-soap-api:$opensamlVersion"
+    implementation "org.opensaml:opensaml-xmlsec-api:$opensamlVersion"
+    implementation "org.opensaml:opensaml-security-api:$opensamlVersion"
+    implementation "org.opensaml:opensaml-security-impl:$opensamlVersion"
+    implementation "org.opensaml:opensaml-profile-api:$opensamlVersion"
+
+    implementation "org.slf4j:slf4j-api:1.7.36"
+    implementation "org.slf4j:slf4j-simple:1.7.36"
+}
+
+// Apply a specific Java toolchain to ease working on different environments.
+java {
+    toolchain {
+        languageVersion = JavaLanguageVersion.of(21)
+    }
+}
+
+application {
+    // Define the main class for the application.
+    mainClass = 'cbsso.opensaml.App'
+}
+
+tasks.named('test') {
+    // Use JUnit Platform for unit tests.
+    useJUnitPlatform()
+}

java/cbsso-opensaml/app/gradle.properties

@@ -0,0 +1 @@
+opensamlVersion=4.0.1

java/cbsso-opensaml/app/src/main/java/cbsso/opensaml/App.java

@@ -0,0 +1,111 @@
+/*
+ * This source file was generated by the Gradle 'init' task
+ */
+package cbsso.opensaml;
+
+import java.time.Instant;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.opensaml.core.config.ConfigurationService;
+import org.opensaml.core.config.InitializationException;
+import org.opensaml.core.config.InitializationService;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistry;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.NameIDPolicy;
+import org.opensaml.saml.saml2.core.NameIDType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.xml.BasicParserPool;
+import net.shibboleth.utilities.java.support.xml.ParserPool;
+
+public class App {
+    public String getGreeting() {
+        return "Hello World!";
+    }
+
+    private static final String IPD_SSO_DESTINATION = "https://idp.example.com/singleSingOnService";
+    private static final String SP_ASSERTION_CONSUMER_SERVICE_URL = "https://sp.example.com/assertionConsumerService";
+    private static final String SP_ISSUED_ID = "IssuerEntityId";
+    private static Logger logger = LoggerFactory.getLogger(App.class);
+
+    public static void main(String[] args) {
+
+        initOpenSAML();
+        AuthnRequest authnRequest = buildAuthnRequest();
+        OpenSAMLUtils.logSAMLObject(authnRequest);
+    }
+
+    private static void initOpenSAML() {
+        XMLObjectProviderRegistry registry = new XMLObjectProviderRegistry();
+        ConfigurationService.register(XMLObjectProviderRegistry.class, registry);
+
+        registry.setParserPool(getParserPool());
+        try {
+            InitializationService.initialize();
+        } catch (InitializationException e) {
+            logger.error(e.getMessage(), e);
+        }
+    }
+
+    private static ParserPool getParserPool() {
+        BasicParserPool parserPool = new BasicParserPool();
+        parserPool.setMaxPoolSize(100);
+        parserPool.setCoalescing(true);
+        parserPool.setIgnoreComments(true);
+        parserPool.setIgnoreElementContentWhitespace(true);
+        parserPool.setNamespaceAware(true);
+        parserPool.setExpandEntityReferences(false);
+        parserPool.setXincludeAware(false);
+
+        final Map<String, Boolean> features = new HashMap<String, Boolean>();
+        features.put("http://xml.org/sax/features/external-general-entities", Boolean.FALSE);
+        features.put("http://xml.org/sax/features/external-parameter-entities", Boolean.FALSE);
+        features.put("http://apache.org/xml/features/disallow-doctype-decl", Boolean.TRUE);
+        features.put("http://apache.org/xml/features/validation/schema/normalized-value", Boolean.FALSE);
+        features.put("http://javax.xml.XMLConstants/feature/secure-processing", Boolean.TRUE);
+
+        parserPool.setBuilderFeatures(features);
+
+        parserPool.setBuilderAttributes(new HashMap<String, Object>());
+
+        try {
+            parserPool.initialize();
+        } catch (ComponentInitializationException e) {
+            logger.error(e.getMessage(), e);
+        }
+
+        return parserPool;
+    }
+
+    private static AuthnRequest buildAuthnRequest() {
+        AuthnRequest authnRequest = OpenSAMLUtils.buildSAMLObject(AuthnRequest.class);
+        authnRequest.setIssueInstant(Instant.now());
+        // authnRequest.setDestination(IPD_SSO_DESTINATION);
+        // authnRequest.setProtocolBinding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
+        // authnRequest.setAssertionConsumerServiceURL(SP_ASSERTION_CONSUMER_SERVICE_URL);
+        authnRequest.setID(OpenSAMLUtils.generateSecureRandomId());
+        authnRequest.setIssuer(buildIssuer());
+        authnRequest.setNameIDPolicy(buildNameIdPolicy());
+
+        return authnRequest;
+    }
+
+    private static NameIDPolicy buildNameIdPolicy() {
+        NameIDPolicy nameIDPolicy = OpenSAMLUtils.buildSAMLObject(NameIDPolicy.class);
+        nameIDPolicy.setAllowCreate(true);
+        nameIDPolicy.setFormat(NameIDType.TRANSIENT);
+
+        return nameIDPolicy;
+    }
+
+    private static Issuer buildIssuer() {
+        Issuer issuer = OpenSAMLUtils.buildSAMLObject(Issuer.class);
+        issuer.setValue(SP_ISSUED_ID);
+
+        return issuer;
+    }
+}

java/cbsso-opensaml/app/src/main/java/cbsso/opensaml/AuthNRequestGenerator.java

@@ -0,0 +1,89 @@
+package cbsso.opensaml;
+
+import java.time.Instant;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.opensaml.core.config.ConfigurationService;
+import org.opensaml.core.config.InitializationException;
+import org.opensaml.core.config.InitializationService;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistry;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.NameIDPolicy;
+import org.opensaml.saml.saml2.core.NameIDType;
+
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.xml.BasicParserPool;
+import net.shibboleth.utilities.java.support.xml.ParserPool;
+
+public class AuthNRequestGenerator {
+    public static String generateAuthNRequest(String issuerId, String requestId)
+            throws InitializationException, ComponentInitializationException {
+        initOpenSAML();
+        AuthnRequest authnRequest = buildAuthnRequest(issuerId, requestId);
+        return OpenSAMLUtils.stringifySAMLObject(authnRequest);
+    }
+
+    private static void initOpenSAML() throws InitializationException, ComponentInitializationException {
+        XMLObjectProviderRegistry registry = new XMLObjectProviderRegistry();
+        ConfigurationService.register(XMLObjectProviderRegistry.class, registry);
+
+        registry.setParserPool(getParserPool());
+        InitializationService.initialize();
+    }
+
+    private static ParserPool getParserPool() throws ComponentInitializationException {
+        BasicParserPool parserPool = new BasicParserPool();
+        parserPool.setMaxPoolSize(100);
+        parserPool.setCoalescing(true);
+        parserPool.setIgnoreComments(true);
+        parserPool.setIgnoreElementContentWhitespace(true);
+        parserPool.setNamespaceAware(true);
+        parserPool.setExpandEntityReferences(false);
+        parserPool.setXincludeAware(false);
+
+        final Map<String, Boolean> features = new HashMap<String, Boolean>();
+        features.put("http://xml.org/sax/features/external-general-entities", Boolean.FALSE);
+        features.put("http://xml.org/sax/features/external-parameter-entities", Boolean.FALSE);
+        features.put("http://apache.org/xml/features/disallow-doctype-decl", Boolean.TRUE);
+        features.put("http://apache.org/xml/features/validation/schema/normalized-value", Boolean.FALSE);
+        features.put("http://javax.xml.XMLConstants/feature/secure-processing", Boolean.TRUE);
+
+        parserPool.setBuilderFeatures(features);
+
+        parserPool.setBuilderAttributes(new HashMap<String, Object>());
+
+        parserPool.initialize();
+
+        return parserPool;
+    }
+
+    private static AuthnRequest buildAuthnRequest(String issuerId, String requestId) {
+        AuthnRequest authnRequest = OpenSAMLUtils.buildSAMLObject(AuthnRequest.class);
+        authnRequest.setIssueInstant(Instant.now());
+        // authnRequest.setDestination(IPD_SSO_DESTINATION);
+        // authnRequest.setProtocolBinding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI);
+        // authnRequest.setAssertionConsumerServiceURL(SP_ASSERTION_CONSUMER_SERVICE_URL);
+        authnRequest.setID(requestId);
+        authnRequest.setIssuer(buildIssuer(issuerId));
+        authnRequest.setNameIDPolicy(buildNameIdPolicy());
+
+        return authnRequest;
+    }
+
+    private static NameIDPolicy buildNameIdPolicy() {
+        NameIDPolicy nameIDPolicy = OpenSAMLUtils.buildSAMLObject(NameIDPolicy.class);
+        nameIDPolicy.setAllowCreate(true);
+        nameIDPolicy.setFormat(NameIDType.TRANSIENT);
+
+        return nameIDPolicy;
+    }
+
+    private static Issuer buildIssuer(String issuerId) {
+        Issuer issuer = OpenSAMLUtils.buildSAMLObject(Issuer.class);
+        issuer.setValue(issuerId);
+
+        return issuer;
+    }
+}

java/cbsso-opensaml/app/src/main/java/cbsso/opensaml/OpenSAMLUtils.java

@@ -0,0 +1,87 @@
+package cbsso.opensaml;
+
+import javax.xml.namespace.QName;
+
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.core.xml.XMLObjectBuilderFactory;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.Marshaller;
+import org.opensaml.core.xml.io.MarshallingException;
+import org.opensaml.saml.common.SignableSAMLObject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.w3c.dom.Element;
+
+import net.shibboleth.utilities.java.support.security.impl.RandomIdentifierGenerationStrategy;
+import net.shibboleth.utilities.java.support.xml.SerializeSupport;
+
+public class OpenSAMLUtils {
+    private static Logger logger = LoggerFactory.getLogger(OpenSAMLUtils.class);
+    private static RandomIdentifierGenerationStrategy secureRandomIdGenerator;
+
+    static {
+        secureRandomIdGenerator = new RandomIdentifierGenerationStrategy();
+
+    }
+
+    public static <T> T buildSAMLObject(final Class<T> clazz) {
+        T object = null;
+        try {
+            XMLObjectBuilderFactory builderFactory = XMLObjectProviderRegistrySupport.getBuilderFactory();
+            QName defaultElementName = (QName) clazz.getDeclaredField("DEFAULT_ELEMENT_NAME").get(null);
+            object = (T) builderFactory.getBuilder(defaultElementName).buildObject(defaultElementName);
+        } catch (IllegalAccessException e) {
+            throw new IllegalArgumentException("Could not create SAML object");
+        } catch (NoSuchFieldException e) {
+            throw new IllegalArgumentException("Could not create SAML object");
+        }
+
+        return object;
+    }
+
+    public static String generateSecureRandomId() {
+        return secureRandomIdGenerator.generateIdentifier();
+    }
+
+    public static void logSAMLObject(final XMLObject object) {
+        Element element = null;
+
+        if (object instanceof SignableSAMLObject && ((SignableSAMLObject) object).isSigned()
+                && object.getDOM() != null) {
+            element = object.getDOM();
+        } else {
+            try {
+                Marshaller out = XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(object);
+                out.marshall(object);
+                element = object.getDOM();
+
+            } catch (MarshallingException e) {
+                logger.error(e.getMessage(), e);
+            }
+        }
+        String xmlString = SerializeSupport.prettyPrintXML(element);
+
+        logger.info(xmlString);
+
+    }
+
+    public static String stringifySAMLObject(final XMLObject object) {
+        Element element = null;
+
+        if (object instanceof SignableSAMLObject && ((SignableSAMLObject) object).isSigned()
+                && object.getDOM() != null) {
+            element = object.getDOM();
+        } else {
+            try {
+                Marshaller out = XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(object);
+                out.marshall(object);
+                element = object.getDOM();
+
+            } catch (MarshallingException e) {
+                logger.error(e.getMessage(), e);
+            }
+        }
+
+        return SerializeSupport.prettyPrintXML(element);
+    }
+}

java/cbsso-opensaml/app/src/test/java/cbsso/opensaml/AppTest.java

@@ -0,0 +1,14 @@
+/*
+ * This source file was generated by the Gradle 'init' task
+ */
+package cbsso.opensaml;
+
+import org.junit.jupiter.api.Test;
+import static org.junit.jupiter.api.Assertions.*;
+
+class AppTest {
+    @Test void appHasAGreeting() {
+        App classUnderTest = new App();
+        assertNotNull(classUnderTest.getGreeting(), "app should have a greeting");
+    }
+}

java/cbsso-opensaml/gradle/libs.versions.toml

@@ -0,0 +1,10 @@
+# This file was generated by the Gradle 'init' task.
+# https://docs.gradle.org/current/userguide/platforms.html#sub::toml-dependencies-format
+
+[versions]
+guava = "33.0.0-jre"
+junit-jupiter = "5.10.2"
+
+[libraries]
+guava = { module = "com.google.guava:guava", version.ref = "guava" }
+junit-jupiter = { module = "org.junit.jupiter:junit-jupiter", version.ref = "junit-jupiter" }