Skip to content

Commit 5e947e2

Browse files
yadvryadvr
committed
SAML2AuthManagerImpl: create or load keystore dao
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
1 parent aaa4b60 commit 5e947e2

1 file changed

Lines changed: 23 additions & 14 deletions

File tree

plugins/user-authenticators/saml2/src/org/apache/cloudstack/saml/SAML2AuthManagerImpl.java

Lines changed: 23 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -50,12 +50,11 @@
5050
import java.security.NoSuchAlgorithmException;
5151
import java.security.NoSuchProviderException;
5252
import java.security.PrivateKey;
53+
import java.security.PublicKey;
5354
import java.security.SignatureException;
5455
import java.security.cert.CertificateEncodingException;
5556
import java.security.cert.CertificateException;
5657
import java.security.cert.X509Certificate;
57-
import java.security.interfaces.RSAPrivateKey;
58-
import java.security.spec.RSAPrivateKeySpec;
5958
import java.util.ArrayList;
6059
import java.util.List;
6160

@@ -69,6 +68,8 @@ public class SAML2AuthManagerImpl extends AdapterBase implements SAML2AuthManage
6968

7069
private X509Certificate idpSigningKey;
7170
private X509Certificate idpEncryptionKey;
71+
private X509Certificate spX509Key;
72+
private KeyPair spKeyPair;
7273

7374
private String spSingleSignOnUrl;
7475
private String idpSingleSignOnUrl;
@@ -93,29 +94,28 @@ public boolean start() {
9394
}
9495

9596
private boolean setup() {
96-
// TODO: In future if need added logic to get SP X509 cert for Idps that need signed requests
97-
9897
KeystoreVO keyStoreVO = _ksDao.findByName(SAMLUtils.CERTIFICATE_NAME);
9998
if (keyStoreVO == null) {
10099
try {
101100
KeyPair keyPair = SAMLUtils.generateRandomKeyPair();
102-
_ksDao.save(SAMLUtils.CERTIFICATE_NAME, keyPair.getPrivate().getEncoded().toString(), keyPair.getPublic().getEncoded().toString(), "saml-sp");
101+
_ksDao.save(SAMLUtils.CERTIFICATE_NAME, SAMLUtils.savePrivateKey(keyPair.getPrivate()), SAMLUtils.savePublicKey(keyPair.getPublic()), "saml-sp");
103102
keyStoreVO = _ksDao.findByName(SAMLUtils.CERTIFICATE_NAME);
104103
} catch (NoSuchProviderException | NoSuchAlgorithmException e) {
105104
s_logger.error("Unable to create and save SAML keypair");
106105
}
107106
}
108107

109108
if (keyStoreVO != null) {
110-
PrivateKey privateKey = new RSAPrivateKeySpec();
111-
KeyPair keyPair = new KeyPair();
112-
}
113-
114-
try {
115-
116-
X509Certificate spCert = SAMLUtils.generateRandomX509Certificate();
117-
} catch (NoSuchAlgorithmException | NoSuchProviderException | CertificateEncodingException | SignatureException | InvalidKeyException e) {
118-
e.printStackTrace();
109+
PrivateKey privateKey = SAMLUtils.loadPrivateKey(keyStoreVO.getCertificate());
110+
PublicKey publicKey = SAMLUtils.loadPublicKey(keyStoreVO.getKey());
111+
if (privateKey != null && publicKey != null) {
112+
spKeyPair = new KeyPair(publicKey, privateKey);
113+
try {
114+
spX509Key = SAMLUtils.generateRandomX509Certificate(spKeyPair);
115+
} catch (NoSuchAlgorithmException | NoSuchProviderException | CertificateEncodingException | SignatureException | InvalidKeyException e) {
116+
s_logger.error("SAML Plugin won't be able to use X509 signed authentication");
117+
}
118+
}
119119
}
120120

121121
this.serviceProviderId = _configDao.getValue(Config.SAMLServiceProviderID.key());
@@ -233,4 +233,13 @@ public X509Certificate getIdpEncryptionKey() {
233233
public Boolean isSAMLPluginEnabled() {
234234
return Boolean.valueOf(_configDao.getValue(Config.SAMLIsPluginEnabled.key()));
235235
}
236+
237+
public X509Certificate getSpX509Key() {
238+
return spX509Key;
239+
}
240+
241+
@Override
242+
public KeyPair getSpKeyPair() {
243+
return spKeyPair;
244+
}
236245
}

0 commit comments

Comments
 (0)