Updated config

2024-09-24 16:40:14 -07:00
parent 2714f646af
commit aabb7ae551
2 changed files with 33 additions and 12 deletions
--- a/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java
+++ b/src/main/java/net/gepafin/tendermanagement/config/SecurityConfig.java
@@ -263,26 +263,35 @@ public class SecurityConfig {
    
    @Bean
    public RelyingPartyRegistrationRepository relyingPartyRegistrationRepository() {
-    	
-         String entityId = baseUrl + "/v1/saml/gw/metadata";
-         String acsUrl = baseUrl + "/login/saml2/sso/loginumbria";
+
+        String entityId = baseUrl + "/v1/saml/gw/metadata";
+        String acsUrl = baseUrl + "/login/saml2/sso/loginumbria";
+
        RelyingPartyRegistration registration = RelyingPartyRegistration.withRegistrationId("loginumbria")
                .entityId(entityId)
-                 .signingX509Credentials(credentials -> {
+                .signingX509Credentials(credentials -> {
+                    try {
+                        credentials.add(Saml2X509Credential.signing(readPrivateKey(), readCertificate()));
+                    } catch (Exception e) {
+                        e.printStackTrace();
+                    }
+                })
+                .assertionConsumerServiceLocation(acsUrl)
+                .assertingPartyDetails(details -> details.entityId("https://federatest.umbriadigitale.it/gw/metadata")
+                    .singleSignOnServiceLocation("https://federatest.umbriadigitale.it/gw/SSOProxy/SAML2")
+                    .singleSignOnServiceBinding(Saml2MessageBinding.POST)
+                    .wantAuthnRequestsSigned(true)
+                    .verificationX509Credentials(credentials -> {
                        try {
-                            credentials.add(Saml2X509Credential.signing(readPrivateKey(), readCertificate()));
-                           // AuthnRequest signedAuthnRequest = createSignedAuthnRequest(readPrivateKey(), readCertificate());
-                            //logger.info("Signed SAML AuthnRequest: " + SamlRequestLogger.convertSAMLObjectToString(signedAuthnRequest));
+                            // Load the IDP's public certificate for verifying the SAML response signature
+                            credentials.add(Saml2X509Credential.verification(readIdpCertificate()));
                        } catch (Exception e) {
                            e.printStackTrace();
                        }
                    })
-                .assertionConsumerServiceLocation(acsUrl)
-                .assertingPartyDetails(details -> details.entityId("https://federatest.umbriadigitale.it/gw/metadata")
-                         .singleSignOnServiceLocation("https://federatest.umbriadigitale.it/gw/SSOProxy/SAML2")
-                        .singleSignOnServiceBinding(Saml2MessageBinding.POST).wantAuthnRequestsSigned(true).build()
-                        )
+                )
                .build();
+
        return new InMemoryRelyingPartyRegistrationRepository(registration);
    }
    
@@ -378,6 +387,15 @@ private RequestedAuthnContext buildRequestedAuthnContext() {
        }
    }
    
+    public X509Certificate readIdpCertificate() throws Exception {
+        // Path to your IDP public certificate PEM file
+        try (InputStream inStream = readKey("dev/saml/idp-certificate.pem")) {
+            CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+            return (X509Certificate) certFactory.generateCertificate(inStream);
+        }
+    }
+
+    
    public InputStream readKey(String path) throws IOException {
        ClassLoader classLoader = getClass().getClassLoader();
        InputStream inputStream = classLoader.getResourceAsStream(path);
--- a/src/main/resources/dev/saml/idp-certificate.pem
+++ b/src/main/resources/dev/saml/idp-certificate.pem
@@ -0,0 +1,3 @@
+-----BEGIN CERTIFICATE-----
+MIIDJDCCAgygAwIBAgIVAIq/MUgxPKO0cuX/GtD7YUvk87GtMA0GCSqGSIb3DQEBBQUAMBkxFzAVBgNVBAMTDmlkcC5tYWNoaW5lLml0MB4XDTA5MDMyNTEwNTM1OFoXDTI5MDMyNTA5NTM1OFowGTEXMBUGA1UEAxMOaWRwLm1hY2hpbmUuaXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClXV18x0/yhZ+D3pHlmhrK4paA+xdJKAT7U7R9DeaTQygwtCjKmCrJbzdohckLz5pax7eaGeA53pPCY+JdiU0Uq4ES8nG2DCZgCtl4QGLUcTuUtJdPq+DbYD1cWBwEeeffsiClVyuhgLRPO1OQLl/TJp4slfoYTi0aONgQp03uG+ixL48myL7GrINHYXtDUDqo2BimyU0yrOe6ZmvxJchZ8nBuWKy0J8wsO/Mnasbvo79/c8gcn0HTst0QDlHXQlzwZ4Suq2os9qKjXAYOzA1VqmTyzJIge/ynHiJ0Fkw0HNxBaVFTJRNL8RvwJsMuBT7YZKRoNK7gjT5/6bGagYM/AgMBAAGjYzBhMEAGA1UdEQQ5MDeCDmlkcC5tYWNoaW5lLml0hiVodHRwczovL2lkcC5tYWNoaW5lLml0L2lkcC9zaGliYm9sZXRoMB0GA1UdDgQWBBSBOsPZiWZRXFqNINIguHfv7jnidDANBgkqhkiG9w0BAQUFAAOCAQEAeVLN9jczRINuPUvpXbgibL2c99dUReMcl47nSVtYeYEBkPPZrSz0h3AyVZyar2Vo+/fC3fRNmaOJvfiVSm+bo1069iROI1+dGGq2gAwWuQI1q0F7PNPX4zooY+LbZI0oUhuoyH81xed0WtMlpJ1aRSBMpR6oV3rguAkH6pdr725yv6m5WxKcOM/LzdD5Xt9fQRL7ino4HfiPPJNDG3UOKhoAWkVn/Y/CuMLcBPWh/3LxIv4A1bQbnkpdty+Qtwfp4QUKkisv7gufQP91aLqUvvRE6Uz8r51VH13e4mEJjJGxLKXWzlP50gp7b27AXCTKSS6fW6iBpfA14PGcWvDiPQ==
+-----END CERTIFICATE-----