sso response解析

import java.io.ByteArrayInputStream;

import java.io.InputStream;

import java.security.KeyFactory;

import java.security.PublicKey;

import java.security.cert.CertificateFactory;

import java.security.cert.X509Certificate;

import java.security.spec.X509EncodedKeySpec;

public class SSoTest {

    private static final String certificateS = "MIIDNDCCAhygAwIBAgIGAWEpyv9pMA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNVBAYTAlVTMR4wHAYD\n" +

            "VQQKExVFbGkgTGlsbHkgYW5kIENvbXBhbnkxLDAqBgNVBAMTI0VsaSBMaWxseSBGZWRlcmF0aW9u\n" +

            "IFNlcnZpY2UgKDIwMTgpMB4XDTE4MDEyNDIwMTAyNFoXDTIzMDEyMzIwMTAyNFowWzELMAkGA1UE\n" +

            "BhMCVVMxHjAcBgNVBAoTFUVsaSBMaWxseSBhbmQgQ29tcGFueTEsMCoGA1UEAxMjRWxpIExpbGx5\n" +

            "IEZlZGVyYXRpb24gU2VydmljZSAoMjAxOCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\n" +

            "AQDJXGwSK5MIXKbJ3AvVVi6EfzTIZdKeHHfGsmvMYdfqvdWzRgiMGBcQDowny7tIsDXsiCskV4yC\n" +

            "FnBFttlzy3vfHe4k3QG2dLEyHkDZcucm3ofyDdWYRXlFfJJKbscgN4elxiLj1xeTKBMHeZYfNlAY\n" +

            "hLs0GC6GJYnjyEFip3feHybJV2AUgZzX2hXUCoBMpaTMV9RyjM/mMSKEdG6sK4bgxr9cQ1OTqX4x\n" +

            "1NDJ0woVW9v/54MjZL4aN8arOfEV4+pLRI9Ulvs3nd2qzP9NeAbdFzzAGgUH4cv5Q089n9EZ/9Tx\n" +

            "VX8/7wrw6zZqJcQBg0KxULXodmgOr4VQNL/7gDZBAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGh+\n" +

            "Sdo+VMPv+98DlRTLZcn/6Gys64NGjyhxLA4EEkigoLgFkv1nfZ0alovUkCYZCrccTW/3OfN4znc0\n" +

            "VoRcXZuo2a1it5/35EtZIReXx+CjYKHztvxGT5+mm88ThYenssOUAcO4plgmu15XKFoftZB/JLhF\n" +

            "mxl2PiM8t6RHpYIZJsN+M7FZxAnhOGZynib0xtdJr1K2s9XmA2GMxFG2I2vKfAhCAq46Bu6VkLq2\n" +

            "2/oPigaQCdAg9YKZ1Ll8VmzIYKmkPT3Y/ZuVAcZ1B89JTdZtJIF9tvJUTikJrUhNw6pkCAEmVnWt\n" +

            "nP54drzwbUdA/1fTXXgDIlbI61DXhErGwXI=";

    static{

        try{

            DefaultBootstrap.bootstrap ();

        }catch (Exception ex){

            ex.printStackTrace ();

        }

    }

    public static void main(String[] args) throws Exception{

        String SAMLResponse="PHNhbWxwOlJlc3BvbnNlIFZlcnNpb249IjIuMCIgSUQ9ImwzeUpCQm1zRlN1NkNaSS05SU1WMzZKdWstdSIgSXNzdWVJbnN0YW50PSIyMDE5LTAyLTI3VDAzOjQ2OjA0LjIwN1oiIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiPjxzYW1sOklzc3VlciB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5sbHktcWE6c2FtbDI6aWRwPC9zYW1sOklzc3Vlcj48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24gSUQ9InlQV0Qwc01WZUtJcmUzUjQ1UTlGTGdQUF9jNCIgSXNzdWVJbnN0YW50PSIyMDE5LTAyLTI3VDAzOjQ2OjA0LjQyNVoiIFZlcnNpb249IjIuMCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PHNhbWw6SXNzdWVyPmxseS1xYTpzYW1sMjppZHA8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgo8ZHM6U2lnbmVkSW5mbz4KPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz4KPGRzOlJlZmVyZW5jZSBVUkk9IiN5UFdEMHNNVmVLSXJlM1I0NVE5RkxnUFBfYzQiPgo8ZHM6VHJhbnNmb3Jtcz4KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+CjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KPC9kczpUcmFuc2Zvcm1zPgo8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+CjxkczpEaWdlc3RWYWx1ZT5iNmYzb2VwT3VPYndlVk1rdEswUDhrdG5VTlY1M1NLY09tekc3L0pnVUVjPTwvZHM6RGlnZXN0VmFsdWU+CjwvZHM6UmVmZXJlbmNlPgo8L2RzOlNpZ25lZEluZm8+CjxkczpTaWduYXR1cmVWYWx1ZT4KdHpqQmF6LzhtRm5jU1p5MTczL1dJSllRbHo2UVBJQVQrbkxEWXhXTFAwdTVaWmFBMDM0Z0RTMm5mNGJBekFIMXh5MVZNMU9KV2lyVQpyTnRQN29kemtRU2ZOUXhmbFU3OXp5SUdTNVhrR3k5dDN3WkY2V3dpWUhwVy9Wb2xwNVFGeGpUeFlaK3FiYU5uZG1NL1l3UE5EdWJ3CnBjWU1yTUhGM0tkY09DME9HQnhCeVhVNFZaeGZBR0dadjhST0g1TjdqMHUxSmd4a0cwN2xZbW81MWVyTmVXVDM2Zkx2dmp0Y3ZWQjEKN3U0Z3AyS0pIa293YllaRUlLTCtDcVFoMWdmZXVJcTV2RUZoYURKRnJzNWhFdVViRkM2c2trUGNCZ3FkRVR4RGZud09sUkZhVDdneQpNdDZhZUdDVGd3cUFKbm5tM1pPU0dKQVF6TWN2QnpJei9jd0daUT09CjwvZHM6U2lnbmF0dXJlVmFsdWU+CjxkczpLZXlJbmZvPgo8ZHM6WDUwOURhdGE+CjxkczpYNTA5Q2VydGlmaWNhdGU+Ck1JSURORENDQWh5Z0F3SUJBZ0lHQVdFcHl2OXBNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1Gc3hDekFKQmdOVkJBWVRBbFZUTVI0d0hBWUQKVlFRS0V4VkZiR2tnVEdsc2JIa2dZVzVrSUVOdmJYQmhibmt4TERBcUJnTlZCQU1USTBWc2FTQk1hV3hzZVNCR1pXUmxjbUYwYVc5dQpJRk5sY25acFkyVWdLREl3TVRncE1CNFhEVEU0TURFeU5ESXdNVEF5TkZvWERUSXpNREV5TXpJd01UQXlORm93V3pFTE1Ba0dBMVVFCkJoTUNWVk14SGpBY0JnTlZCQW9URlVWc2FTQk1hV3hzZVNCaGJtUWdRMjl0Y0dGdWVURXNNQ29HQTFVRUF4TWpSV3hwSUV4cGJHeDUKSUVabFpHVnlZWFJwYjI0Z1UyVnlkbWxqWlNBb01qQXhPQ2t3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQgpBUURKWEd3U0s1TUlYS2JKM0F2VlZpNkVmelRJWmRLZUhIZkdzbXZNWWRmcXZkV3pSZ2lNR0JjUURvd255N3RJc0RYc2lDc2tWNHlDCkZuQkZ0dGx6eTN2ZkhlNGszUUcyZExFeUhrRFpjdWNtM29meURkV1lSWGxGZkpKS2JzY2dONGVseGlMajF4ZVRLQk1IZVpZZk5sQVkKaExzMEdDNkdKWW5qeUVGaXAzZmVIeWJKVjJBVWdaelgyaFhVQ29CTXBhVE1WOVJ5ak0vbU1TS0VkRzZzSzRiZ3hyOWNRMU9UcVg0eAoxTkRKMHdvVlc5di81NE1qWkw0YU44YXJPZkVWNCtwTFJJOVVsdnMzbmQycXpQOU5lQWJkRnp6QUdnVUg0Y3Y1UTA4OW45RVovOVR4ClZYOC83d3J3NnpacUpjUUJnMEt4VUxYb2RtZ09yNFZRTkwvN2dEWkJBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFHaCsKU2RvK1ZNUHYrOThEbFJUTFpjbi82R3lzNjROR2p5aHhMQTRFRWtpZ29MZ0ZrdjFuZlowYWxvdlVrQ1laQ3JjY1RXLzNPZk40em5jMApWb1JjWFp1bzJhMWl0NS8zNUV0WklSZVh4K0NqWUtIenR2eEdUNSttbTg4VGhZZW5zc09VQWNPNHBsZ211MTVYS0ZvZnRaQi9KTGhGCm14bDJQaU04dDZSSHBZSVpKc04rTTdGWnhBbmhPR1p5bmliMHh0ZEpyMUsyczlYbUEyR014RkcySTJ2S2ZBaENBcTQ2QnU2VmtMcTIKMi9vUGlnYVFDZEFnOVlLWjFMbDhWbXpJWUtta1BUM1kvWnVWQWNaMUI4OUpUZFp0SklGOXR2SlVUaWtKclVoTnc2cGtDQUVtVm5XdApuUDU0ZHJ6d2JVZEEvMWZUWFhnRElsYkk2MURYaEVyR3dYST0KPC9kczpYNTA5Q2VydGlmaWNhdGU+CjwvZHM6WDUwOURhdGE+CjwvZHM6S2V5SW5mbz4KPC9kczpTaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDp1bnNwZWNpZmllZCI+QzI3MDAzNjwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIFJlY2lwaWVudD0iaHR0cHM6Ly90ZXN0c2VydmljZS50cHAudHA5NTU4OS5jb20vdHBwc2VydmljZS9jYXMvbGlsbHktc2FtbDIiIE5vdE9uT3JBZnRlcj0iMjAxOS0wMi0yN1QwMzo0ODowNC40MjVaIi8+PC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+PC9zYW1sOlN1YmplY3Q+PHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTktMDItMjdUMDM6NDQ6MDQuNDI1WiIgTm90T25PckFmdGVyPSIyMDE5LTAyLTI3VDAzOjQ4OjA0LjQyNVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+dGFpcGluZ3BlbnNpb25oYWxsPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOkF1dGhuU3RhdGVtZW50IFNlc3Npb25JbmRleD0ieVBXRDBzTVZlS0lyZTNSNDVROUZMZ1BQX2M0IiBBdXRobkluc3RhbnQ9IjIwMTktMDItMjdUMDM6NDY6MDQuNDEwWiI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlRlbGVwaG9ueTwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+";

        byte[] byteResponse = new Base64().decode(SAMLResponse.getBytes("utf-8"));

//        String gg=new String(byteResponse,"utf-8");

//        System.out.println(gg);

        // Read certificate

        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");

        InputStream inputStream = new ByteArrayInputStream(Base64.decodeBase64(certificateS.getBytes("UTF-8")));

        X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(inputStream);

        inputStream.close();

        BasicX509Credential credential = new BasicX509Credential();

        KeyFactory keyFactory = KeyFactory.getInstance("RSA");

        X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(certificate.getPublicKey().getEncoded());

        PublicKey key = keyFactory.generatePublic(publicKeySpec);

        credential.setPublicKey(key);

        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteResponse);

        DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();

        documentBuilderFactory.setNamespaceAware(true);

        DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();

        Document document = documentBuilder.parse(byteArrayInputStream);

        Element element = document.getDocumentElement();

//        NodeList nodeList= element.getChildNodes();

//        Node node=nodeList.item(2);

//        NodeList assertion= node.getChildNodes();

//        Node sub=assertion.item(2);

//        NodeList as=sub.getChildNodes();

//        Node nameIdNode=as.item(0);

//       String nameId= nameIdNode.getChildNodes().item(0).getNodeValue();

//        System.out.println("====================="+nameId);

//        System.out.println("====================="+bb);

        UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();

        Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);

        XMLObject responseXmlObj = unmarshaller.unmarshall(element);

        Response responseObj = (Response) responseXmlObj;

        Assertion assertion = responseObj.getAssertions().get(0);

        String nameId = assertion.getSubject().getNameID().getValue();

        System.out.println(("nameId=" + nameId));

        //判断该消息是否被签名

        if(!assertion.isSigned()){

            throw new RuntimeException("The SAML Assertion was not signed");

        }

        //判断该签名是否符合SAML签名的标准声明,也就是是否应用了XML的规范化算法

        SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();

        profileValidator.validate(assertion.getSignature());

        org.opensaml.xml.signature.Signature sig = assertion.getSignature();

        System.out.println("sign==================="+sig.getKeyInfo());

        //再正密码学意义上的验证签名

        org.opensaml.xml.signature.SignatureValidator validator = new org.opensaml.xml.signature.SignatureValidator(credential);

        validator.validate(sig);

    }

}

SAML2.0 SP端处理的更多相关文章

  1. SAML2.0 协议初识(二)---Service Provider(SP)

    上一节,我们初步认识了 SAML 协议的概念和工作流程,这一节将介绍 SP 端的一些细节. 通常情况下,SP 端是请求发起端,即当用户访问 SP 端的受保护资源时,由 SP 端向认证中心(IDP 端) ...

  2. SAML2.0 协议初识(一)

    一.什么是 SAML 协议? SAML 即安全断言标记语言,英文全称是 Security Assertion Markup Language.它是一个基于 XML 的标准,用于在不同的安全域(secu ...

  3. Swift3.0服务端开发(一) 完整示例概述及Perfect环境搭建与配置(服务端+iOS端)

    本篇博客算是一个开头,接下来会持续更新使用Swift3.0开发服务端相关的博客.当然,我们使用目前使用Swift开发服务端较为成熟的框架Perfect来实现.Perfect框架是加拿大一个创业团队开发 ...

  4. Swift3.0服务端开发(五) 记事本的开发(iOS端+服务端)

    前边以及陆陆续续的介绍了使用Swift3.0开发的服务端应用程序的Perfect框架.本篇博客就做一个阶段性的总结,做一个完整的实例,其实这个实例在<Swift3.0服务端开发(一)>这篇 ...

  5. Open CDN 2.0管控端和节点端安装

    原文:http://www.safecdn.cn/cdn/2018/12/opencdn-2-0/1076.html OpenCDN是一套快速部署CDN加速的工具,针对专门提供CDN加速服务的企业或对 ...

  6. 创建自己的OAuth2.0服务端(一)

    如果对OAuth2.0有任何的疑问,请先熟悉OAuth2.0基础的文章:http://www.cnblogs.com/alunchen/p/6956016.html 1. 前言 本篇文章时对 客户端的 ...

  7. Kafka设计解析(二十二)Flink + Kafka 0.11端到端精确一次处理语义的实现

    转载自 huxihx,原文链接 [译]Flink + Kafka 0.11端到端精确一次处理语义的实现 本文是翻译作品,作者是Piotr Nowojski和Michael Winters.前者是该方案 ...

  8. oauth2.0服务端与客户端搭建

    oauth2.0服务端与客户端搭建 - 推酷 今天搭建了oauth2.0服务端与客户端.把搭建的过程记录一下.具体实现的功能是:client.ruanwenwu.cn的用户能够通过 server.ru ...

  9. vue2.0 移动端,下拉刷新,上拉加载更多插件,修改版

    在[实现丰盛]的插件基础修改[vue2.0 移动端,下拉刷新,上拉加载更多 插件], 1.修改加载到尾页面,返回顶部刷新数据,无法继续加重下一页 2.修改加载完成文字提示 原文链接:http://ww ...

随机推荐

  1. Javascrip基础

    术语解释 Javascript是一种由Netscape的LiveScript发展而来的原型化继承的面向对象的动态类型的区分大小写的客户端脚本语言,主要目的是为了解决服务器端语言,比如Perl,遗留的速 ...

  2. Networked Graphics: Building Networked Games and Virtual Environments (Anthony Steed / Manuel Fradinho Oliveira 著)

    PART I GROUNDWORK CHAPTER 1 Introduction CHAPTER 2 One on One (101) CHAPTER 3 Overview of the Intern ...

  3. 网络工具之chisel + openvpn混合

    目的: 访问内网的shared folder 内网可以无缝访问internet而不需要设置代理(因为有些软件没办法支持代理,比如rustup) 解决方案: 基本思路 家里 设置chisel服务开放44 ...

  4. EasyTouch和NGUI的使用心得

    今天来写一写Unity3D中两个比较常用插件:EasyTouch和NGUI的学习心得.我用的版本分别是EasyTouch 3.1.1和NGUI 3.6.0,下面也是对这两个版本的学习心得. 1. Ea ...

  5. GitHub下载单个文件

    1. 点击某个文件. 2. 右键点击RAW. 3. 另存为

  6. 黄聪:Mysql主从配置,实现读写分离

    大型网站为了软解大量的并发访问,除了在网站实现分布式负载均衡,远远不够.到了数据业务层.数据访问层,如果还是传统的数据结构,或者只是单单靠一台服务器扛,如此多的数据库连接操作,数据库必然会崩溃,数据丢 ...

  7. HTML5 新的 Input 类型

    Input 类型: color(拾色器) color 类型用在input字段主要用于选取颜色,如下所示: 支持浏览器 实例 从拾色器中选择一个颜色: 选择你喜欢的颜色: <input type= ...

  8. ES - es为什么要移除type?

    1.index.type的初衷 之前es将index.type类比于关系型数据库(例如mysql)中database.table,这么考虑的目的是“方便管理数据之间的关系”. 2.为什么现在要移除ty ...

  9. @Async异步注解与SpringBoot结合使用

    当你在service层需要启动异步线程去执行某些分支任务,又不希望显式使用Thread等线程相关类,只想专注于实现业务逻辑代码开发,可以使用@Async异步注解. 1. 使用@Async 异步注解 C ...

  10. NodeJs Fs模块

    和前面的Http.Url模块一样,Fs模块也是node的核心模块之一,主要用于对系统文件及目录进行读写操作. 基本方法 fs.stat fs.stat可以用来判断是文件还是目录:stats.isFil ...