/** * Generate secure random id string. * * @return the string */ public static String generateSecureRandomId() { val generator = getNativeInstance(); val charMappings = new char[]{ 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p'}; val bytes = new byte[SECURE_ID_BYTES_LENGTH]; generator.nextBytes(bytes); val chars = new char[SECURE_ID_CHARS_LENGTH]; IntStream.range(0, bytes.length).forEach(i -> { val left = bytes[i] >> SECURE_ID_SHIFT_LENGTH & HEX_HIGH_BITS_BITWISE_FLAG; val right = bytes[i] & HEX_HIGH_BITS_BITWISE_FLAG; chars[i * 2] = charMappings[left]; chars[i * 2 + 1] = charMappings[right]; }); return String.valueOf(chars); } }
@Override public boolean storeConsentDecision(final ConsentDecision decision) { val consent = getConsentDecisions() .stream() .filter(d -> d.getId() == decision.getId()) .findFirst() .orElse(null); if (consent != null) { getConsentDecisions().remove(decision); } else { decision.setId(RandomUtils.getNativeInstance().nextInt()); } getConsentDecisions().add(decision); return true; }
private X509Certificate generateCertificate(final KeyPair keypair) throws Exception { val dn = new X500Name("CN=" + hostname); val notBefore = new GregorianCalendar(); val notOnOrAfter = new GregorianCalendar(); notOnOrAfter.set(GregorianCalendar.YEAR, notOnOrAfter.get(GregorianCalendar.YEAR) + certificateLifetimeInYears); val builder = new JcaX509v3CertificateBuilder( dn, new BigInteger(X509_CERT_BITS_SIZE, RandomUtils.getNativeInstance()), notBefore.getTime(), notOnOrAfter.getTime(), dn, keypair.getPublic() ); val extUtils = new JcaX509ExtensionUtils(); builder.addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(keypair.getPublic())); builder.addExtension(Extension.subjectAlternativeName, false, GeneralNames.getInstance(new DERSequence(buildSubjectAltNames()))); val certHldr = builder.build(new JcaContentSignerBuilder(certificateAlgorithm).build(keypair.getPrivate())); val cert = new JcaX509CertificateConverter().getCertificate(certHldr); cert.checkValidity(new Date()); cert.verify(keypair.getPublic()); return cert; }
@Override public void configureServiceRegistry(final ServiceRegistryExecutionPlan plan) { val callbackService = samlIdPCallbackService().getId().concat(".*"); LOGGER.debug("Initializing SAML IdP callback service [{}]", callbackService); val service = new RegexRegisteredService(); service.setId(RandomUtils.getNativeInstance().nextLong()); service.setEvaluationOrder(Ordered.HIGHEST_PRECEDENCE); service.setName(service.getClass().getSimpleName()); service.setDescription("SAML Authentication Request Callback"); service.setServiceId(callbackService); plan.registerServiceRegistry(new SamlIdPServiceRegistry(eventPublisher, service)); } };
@Override public void configureServiceRegistry(final ServiceRegistryExecutionPlan plan) { val service = new RegexRegisteredService(); service.setId(RandomUtils.getNativeInstance().nextLong()); service.setEvaluationOrder(Ordered.HIGHEST_PRECEDENCE); service.setName(service.getClass().getSimpleName()); service.setDescription("OAuth Authentication Callback Request URL"); service.setServiceId(oauthCallbackService().getId()); service.setAttributeReleasePolicy(new DenyAllAttributeReleasePolicy()); plan.registerServiceRegistry(new OAuth20ServiceRegistry(eventPublisher, service)); } };
return new BCryptPasswordEncoder(properties.getStrength(), RandomUtils.getNativeInstance()); case SCRYPT: LOGGER.debug("Creating SCRYPT encoder");
val id = '_' + String.valueOf(RandomUtils.getNativeInstance().nextLong()); val assertion = newAssertion(statements, casProperties.getAuthn().getSamlIdp().getEntityId(), ZonedDateTime.now(ZoneOffset.UTC), id);
if (StringUtils.isBlank(id)) { LOGGER.warn("Unable to locate service ticket as the session index; Generating random identifier instead..."); id = '_' + String.valueOf(RandomUtils.getNativeInstance().nextLong());
final String binding, final MessageContext messageContext) throws SamlException { val id = '_' + String.valueOf(RandomUtils.getNativeInstance().nextLong()); val samlResponse = newResponse(id, ZonedDateTime.now(ZoneOffset.UTC), authnRequest.getID(), null); samlResponse.setVersion(SAMLVersion.VERSION_20);
@Override @SneakyThrows public SingleLogoutMessage create(final SingleLogoutRequest request) { val id = '_' + String.valueOf(RandomUtils.getNativeInstance().nextLong()); val issueInstant = DateTime.now(DateTimeZone.UTC).plusSeconds(samlIdPProperties.getResponse().getSkewAllowance());
response.setStatus(this.samlObjectBuilder.newStatus(StatusCode.SUCCESS, null)); val sessionIndex = '_' + String.valueOf(RandomUtils.getNativeInstance().nextLong()); val authnStatement = this.samlObjectBuilder.newAuthnStatement(AuthnContext.PASSWORD_AUTHN_CTX, currentDateTime, sessionIndex); val assertion = this.samlObjectBuilder.newAssertion(authnStatement, casServerPrefix,