sso response解析

import java.io.ByteArrayInputStream;

import java.io.InputStream;

import java.security.KeyFactory;

import java.security.PublicKey;

import java.security.cert.CertificateFactory;

import java.security.cert.X509Certificate;

import java.security.spec.X509EncodedKeySpec;

public class SSoTest {

    private static final String certificateS = "MIIDNDCCAhygAwIBAgIGAWEpyv9pMA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNVBAYTAlVTMR4wHAYD\n" +

            "VQQKExVFbGkgTGlsbHkgYW5kIENvbXBhbnkxLDAqBgNVBAMTI0VsaSBMaWxseSBGZWRlcmF0aW9u\n" +

            "IFNlcnZpY2UgKDIwMTgpMB4XDTE4MDEyNDIwMTAyNFoXDTIzMDEyMzIwMTAyNFowWzELMAkGA1UE\n" +

            "BhMCVVMxHjAcBgNVBAoTFUVsaSBMaWxseSBhbmQgQ29tcGFueTEsMCoGA1UEAxMjRWxpIExpbGx5\n" +

            "IEZlZGVyYXRpb24gU2VydmljZSAoMjAxOCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\n" +

            "AQDJXGwSK5MIXKbJ3AvVVi6EfzTIZdKeHHfGsmvMYdfqvdWzRgiMGBcQDowny7tIsDXsiCskV4yC\n" +

            "FnBFttlzy3vfHe4k3QG2dLEyHkDZcucm3ofyDdWYRXlFfJJKbscgN4elxiLj1xeTKBMHeZYfNlAY\n" +

            "hLs0GC6GJYnjyEFip3feHybJV2AUgZzX2hXUCoBMpaTMV9RyjM/mMSKEdG6sK4bgxr9cQ1OTqX4x\n" +

            "1NDJ0woVW9v/54MjZL4aN8arOfEV4+pLRI9Ulvs3nd2qzP9NeAbdFzzAGgUH4cv5Q089n9EZ/9Tx\n" +

            "VX8/7wrw6zZqJcQBg0KxULXodmgOr4VQNL/7gDZBAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGh+\n" +

            "Sdo+VMPv+98DlRTLZcn/6Gys64NGjyhxLA4EEkigoLgFkv1nfZ0alovUkCYZCrccTW/3OfN4znc0\n" +

            "VoRcXZuo2a1it5/35EtZIReXx+CjYKHztvxGT5+mm88ThYenssOUAcO4plgmu15XKFoftZB/JLhF\n" +

            "mxl2PiM8t6RHpYIZJsN+M7FZxAnhOGZynib0xtdJr1K2s9XmA2GMxFG2I2vKfAhCAq46Bu6VkLq2\n" +

            "2/oPigaQCdAg9YKZ1Ll8VmzIYKmkPT3Y/ZuVAcZ1B89JTdZtJIF9tvJUTikJrUhNw6pkCAEmVnWt\n" +

            "nP54drzwbUdA/1fTXXgDIlbI61DXhErGwXI=";

    static{

        try{

            DefaultBootstrap.bootstrap ();

        }catch (Exception ex){

            ex.printStackTrace ();

        }

    }

    public static void main(String[] args) throws Exception{

        String SAMLResponse="PHNhbWxwOlJlc3BvbnNlIFZlcnNpb249IjIuMCIgSUQ9ImwzeUpCQm1zRlN1NkNaSS05SU1WMzZKdWstdSIgSXNzdWVJbnN0YW50PSIyMDE5LTAyLTI3VDAzOjQ2OjA0LjIwN1oiIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiPjxzYW1sOklzc3VlciB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5sbHktcWE6c2FtbDI6aWRwPC9zYW1sOklzc3Vlcj48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24gSUQ9InlQV0Qwc01WZUtJcmUzUjQ1UTlGTGdQUF9jNCIgSXNzdWVJbnN0YW50PSIyMDE5LTAyLTI3VDAzOjQ2OjA0LjQyNVoiIFZlcnNpb249IjIuMCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PHNhbWw6SXNzdWVyPmxseS1xYTpzYW1sMjppZHA8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgo8ZHM6U2lnbmVkSW5mbz4KPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz4KPGRzOlJlZmVyZW5jZSBVUkk9IiN5UFdEMHNNVmVLSXJlM1I0NVE5RkxnUFBfYzQiPgo8ZHM6VHJhbnNmb3Jtcz4KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+CjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KPC9kczpUcmFuc2Zvcm1zPgo8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+CjxkczpEaWdlc3RWYWx1ZT5iNmYzb2VwT3VPYndlVk1rdEswUDhrdG5VTlY1M1NLY09tekc3L0pnVUVjPTwvZHM6RGlnZXN0VmFsdWU+CjwvZHM6UmVmZXJlbmNlPgo8L2RzOlNpZ25lZEluZm8+CjxkczpTaWduYXR1cmVWYWx1ZT4KdHpqQmF6LzhtRm5jU1p5MTczL1dJSllRbHo2UVBJQVQrbkxEWXhXTFAwdTVaWmFBMDM0Z0RTMm5mNGJBekFIMXh5MVZNMU9KV2lyVQpyTnRQN29kemtRU2ZOUXhmbFU3OXp5SUdTNVhrR3k5dDN3WkY2V3dpWUhwVy9Wb2xwNVFGeGpUeFlaK3FiYU5uZG1NL1l3UE5EdWJ3CnBjWU1yTUhGM0tkY09DME9HQnhCeVhVNFZaeGZBR0dadjhST0g1TjdqMHUxSmd4a0cwN2xZbW81MWVyTmVXVDM2Zkx2dmp0Y3ZWQjEKN3U0Z3AyS0pIa293YllaRUlLTCtDcVFoMWdmZXVJcTV2RUZoYURKRnJzNWhFdVViRkM2c2trUGNCZ3FkRVR4RGZud09sUkZhVDdneQpNdDZhZUdDVGd3cUFKbm5tM1pPU0dKQVF6TWN2QnpJei9jd0daUT09CjwvZHM6U2lnbmF0dXJlVmFsdWU+CjxkczpLZXlJbmZvPgo8ZHM6WDUwOURhdGE+CjxkczpYNTA5Q2VydGlmaWNhdGU+Ck1JSURORENDQWh5Z0F3SUJBZ0lHQVdFcHl2OXBNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1Gc3hDekFKQmdOVkJBWVRBbFZUTVI0d0hBWUQKVlFRS0V4VkZiR2tnVEdsc2JIa2dZVzVrSUVOdmJYQmhibmt4TERBcUJnTlZCQU1USTBWc2FTQk1hV3hzZVNCR1pXUmxjbUYwYVc5dQpJRk5sY25acFkyVWdLREl3TVRncE1CNFhEVEU0TURFeU5ESXdNVEF5TkZvWERUSXpNREV5TXpJd01UQXlORm93V3pFTE1Ba0dBMVVFCkJoTUNWVk14SGpBY0JnTlZCQW9URlVWc2FTQk1hV3hzZVNCaGJtUWdRMjl0Y0dGdWVURXNNQ29HQTFVRUF4TWpSV3hwSUV4cGJHeDUKSUVabFpHVnlZWFJwYjI0Z1UyVnlkbWxqWlNBb01qQXhPQ2t3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQgpBUURKWEd3U0s1TUlYS2JKM0F2VlZpNkVmelRJWmRLZUhIZkdzbXZNWWRmcXZkV3pSZ2lNR0JjUURvd255N3RJc0RYc2lDc2tWNHlDCkZuQkZ0dGx6eTN2ZkhlNGszUUcyZExFeUhrRFpjdWNtM29meURkV1lSWGxGZkpKS2JzY2dONGVseGlMajF4ZVRLQk1IZVpZZk5sQVkKaExzMEdDNkdKWW5qeUVGaXAzZmVIeWJKVjJBVWdaelgyaFhVQ29CTXBhVE1WOVJ5ak0vbU1TS0VkRzZzSzRiZ3hyOWNRMU9UcVg0eAoxTkRKMHdvVlc5di81NE1qWkw0YU44YXJPZkVWNCtwTFJJOVVsdnMzbmQycXpQOU5lQWJkRnp6QUdnVUg0Y3Y1UTA4OW45RVovOVR4ClZYOC83d3J3NnpacUpjUUJnMEt4VUxYb2RtZ09yNFZRTkwvN2dEWkJBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFHaCsKU2RvK1ZNUHYrOThEbFJUTFpjbi82R3lzNjROR2p5aHhMQTRFRWtpZ29MZ0ZrdjFuZlowYWxvdlVrQ1laQ3JjY1RXLzNPZk40em5jMApWb1JjWFp1bzJhMWl0NS8zNUV0WklSZVh4K0NqWUtIenR2eEdUNSttbTg4VGhZZW5zc09VQWNPNHBsZ211MTVYS0ZvZnRaQi9KTGhGCm14bDJQaU04dDZSSHBZSVpKc04rTTdGWnhBbmhPR1p5bmliMHh0ZEpyMUsyczlYbUEyR014RkcySTJ2S2ZBaENBcTQ2QnU2VmtMcTIKMi9vUGlnYVFDZEFnOVlLWjFMbDhWbXpJWUtta1BUM1kvWnVWQWNaMUI4OUpUZFp0SklGOXR2SlVUaWtKclVoTnc2cGtDQUVtVm5XdApuUDU0ZHJ6d2JVZEEvMWZUWFhnRElsYkk2MURYaEVyR3dYST0KPC9kczpYNTA5Q2VydGlmaWNhdGU+CjwvZHM6WDUwOURhdGE+CjwvZHM6S2V5SW5mbz4KPC9kczpTaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDp1bnNwZWNpZmllZCI+QzI3MDAzNjwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIFJlY2lwaWVudD0iaHR0cHM6Ly90ZXN0c2VydmljZS50cHAudHA5NTU4OS5jb20vdHBwc2VydmljZS9jYXMvbGlsbHktc2FtbDIiIE5vdE9uT3JBZnRlcj0iMjAxOS0wMi0yN1QwMzo0ODowNC40MjVaIi8+PC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+PC9zYW1sOlN1YmplY3Q+PHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTktMDItMjdUMDM6NDQ6MDQuNDI1WiIgTm90T25PckFmdGVyPSIyMDE5LTAyLTI3VDAzOjQ4OjA0LjQyNVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+dGFpcGluZ3BlbnNpb25oYWxsPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOkF1dGhuU3RhdGVtZW50IFNlc3Npb25JbmRleD0ieVBXRDBzTVZlS0lyZTNSNDVROUZMZ1BQX2M0IiBBdXRobkluc3RhbnQ9IjIwMTktMDItMjdUMDM6NDY6MDQuNDEwWiI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlRlbGVwaG9ueTwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+";

        byte[] byteResponse = new Base64().decode(SAMLResponse.getBytes("utf-8"));

//        String gg=new String(byteResponse,"utf-8");

//        System.out.println(gg);

        // Read certificate

        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");

        InputStream inputStream = new ByteArrayInputStream(Base64.decodeBase64(certificateS.getBytes("UTF-8")));

        X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(inputStream);

        inputStream.close();

        BasicX509Credential credential = new BasicX509Credential();

        KeyFactory keyFactory = KeyFactory.getInstance("RSA");

        X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(certificate.getPublicKey().getEncoded());

        PublicKey key = keyFactory.generatePublic(publicKeySpec);

        credential.setPublicKey(key);

        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteResponse);

        DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();

        documentBuilderFactory.setNamespaceAware(true);

        DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();

        Document document = documentBuilder.parse(byteArrayInputStream);

        Element element = document.getDocumentElement();

//        NodeList nodeList= element.getChildNodes();

//        Node node=nodeList.item(2);

//        NodeList assertion= node.getChildNodes();

//        Node sub=assertion.item(2);

//        NodeList as=sub.getChildNodes();

//        Node nameIdNode=as.item(0);

//       String nameId= nameIdNode.getChildNodes().item(0).getNodeValue();

//        System.out.println("====================="+nameId);

//        System.out.println("====================="+bb);

        UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();

        Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);

        XMLObject responseXmlObj = unmarshaller.unmarshall(element);

        Response responseObj = (Response) responseXmlObj;

        Assertion assertion = responseObj.getAssertions().get(0);

        String nameId = assertion.getSubject().getNameID().getValue();

        System.out.println(("nameId=" + nameId));

        //判断该消息是否被签名

        if(!assertion.isSigned()){

            throw new RuntimeException("The SAML Assertion was not signed");

        }

        //判断该签名是否符合SAML签名的标准声明,也就是是否应用了XML的规范化算法

        SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();

        profileValidator.validate(assertion.getSignature());

        org.opensaml.xml.signature.Signature sig = assertion.getSignature();

        System.out.println("sign==================="+sig.getKeyInfo());

        //再正密码学意义上的验证签名

        org.opensaml.xml.signature.SignatureValidator validator = new org.opensaml.xml.signature.SignatureValidator(credential);

        validator.validate(sig);

    }

}

SAML2.0 SP端处理的更多相关文章

  1. SAML2.0 协议初识(二)---Service Provider(SP)

    上一节,我们初步认识了 SAML 协议的概念和工作流程,这一节将介绍 SP 端的一些细节. 通常情况下,SP 端是请求发起端,即当用户访问 SP 端的受保护资源时,由 SP 端向认证中心(IDP 端) ...

  2. SAML2.0 协议初识(一)

    一.什么是 SAML 协议? SAML 即安全断言标记语言,英文全称是 Security Assertion Markup Language.它是一个基于 XML 的标准,用于在不同的安全域(secu ...

  3. Swift3.0服务端开发(一) 完整示例概述及Perfect环境搭建与配置(服务端+iOS端)

    本篇博客算是一个开头,接下来会持续更新使用Swift3.0开发服务端相关的博客.当然,我们使用目前使用Swift开发服务端较为成熟的框架Perfect来实现.Perfect框架是加拿大一个创业团队开发 ...

  4. Swift3.0服务端开发(五) 记事本的开发(iOS端+服务端)

    前边以及陆陆续续的介绍了使用Swift3.0开发的服务端应用程序的Perfect框架.本篇博客就做一个阶段性的总结,做一个完整的实例,其实这个实例在<Swift3.0服务端开发(一)>这篇 ...

  5. Open CDN 2.0管控端和节点端安装

    原文:http://www.safecdn.cn/cdn/2018/12/opencdn-2-0/1076.html OpenCDN是一套快速部署CDN加速的工具,针对专门提供CDN加速服务的企业或对 ...

  6. 创建自己的OAuth2.0服务端(一)

    如果对OAuth2.0有任何的疑问,请先熟悉OAuth2.0基础的文章:http://www.cnblogs.com/alunchen/p/6956016.html 1. 前言 本篇文章时对 客户端的 ...

  7. Kafka设计解析(二十二)Flink + Kafka 0.11端到端精确一次处理语义的实现

    转载自 huxihx,原文链接 [译]Flink + Kafka 0.11端到端精确一次处理语义的实现 本文是翻译作品,作者是Piotr Nowojski和Michael Winters.前者是该方案 ...

  8. oauth2.0服务端与客户端搭建

    oauth2.0服务端与客户端搭建 - 推酷 今天搭建了oauth2.0服务端与客户端.把搭建的过程记录一下.具体实现的功能是:client.ruanwenwu.cn的用户能够通过 server.ru ...

  9. vue2.0 移动端,下拉刷新,上拉加载更多插件,修改版

    在[实现丰盛]的插件基础修改[vue2.0 移动端,下拉刷新,上拉加载更多 插件], 1.修改加载到尾页面,返回顶部刷新数据,无法继续加重下一页 2.修改加载完成文字提示 原文链接:http://ww ...

随机推荐

  1. opencv+qt+vtk,编程时报错'detail':ambiguous symbol

    解决办法: 把#include <vtkSmartPointer.h>放到所有头文件的最前面:

  2. 跨域访问技术CORS(Cross-Origin Resource Sharing)简介

    为什么要用CORS? CORS是一个W3C标准,全称是"跨域资源共享"(Cross-origin resource sharing). 它允许浏览器向跨源服务器,发出XMLHttp ...

  3. 20164318 毛瀚逸 Exp3 免杀原理与实践

    1实验要求 1.1 正确使用msf编码器(0.5分),msfvenom生成如jar之类的其他文件(0.5分),veil-evasion(0.5分),加壳工具(0.5分),使用shellcode编程(1 ...

  4. admin-7

    Admin07 root tmooc 还原三台虚拟机[root@room9pc13 ~]# rht-vmctl reset classroom[root@room9pc13 ~]# rht-vmctl ...

  5. w3c

    normative    adj. 规范的,标准的errata        n. 勘误表:正误表(erratum的复数)Substantive    adj. 有实质的:大量的:真实的:独立存在的i ...

  6. centos7设置rc.local开机执行命令

    在Centos7下,rc.local文件,开机默认是不执行的 它是个软链接 [root@data-1-1 ~]# ll /etc/rc.local lrwxrwxrwx. 1 root root 13 ...

  7. 第一次使用mybatis

    程序使用mybatis的步骤: 1.配置mybatis 涉及到的配置文件有conf.xml和与实体类对应的映射配置文件 (1) conf.xml:配置数据库信息和需要加载的映射文件 <confi ...

  8. FM与PM信号的表现形式

    角度调制可以写成如下形式: $u(t)=A_c cos(2\pi f_c t + \phi (t) )$ $A_c cos(2\pi f_c t)$是载波,调制信号控制$\phi (t)$. 对于PM ...

  9. MongoDB中的读写锁

    1. MongoDB 使用的锁 MongoDB 使用的是“readers-writer”锁, 可以支持并发但有很大的局限性当一个读锁存在,许多读操作可以使用这把锁,然而, 当一个写锁的存在,一个单一的 ...

  10. [UE4]Grab抓取

    一.关键函数:AttachToCompoent,将要抓取的物品附加到角色手上,让物品跟随手移动,开起来就像是抓取在手里了. 二.取消模拟物理.在开启模拟物理的情况下,AttachToCompoent是 ...