sso response解析

import java.io.ByteArrayInputStream;

import java.io.InputStream;

import java.security.KeyFactory;

import java.security.PublicKey;

import java.security.cert.CertificateFactory;

import java.security.cert.X509Certificate;

import java.security.spec.X509EncodedKeySpec;

public class SSoTest {

    private static final String certificateS = "MIIDNDCCAhygAwIBAgIGAWEpyv9pMA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNVBAYTAlVTMR4wHAYD\n" +

            "VQQKExVFbGkgTGlsbHkgYW5kIENvbXBhbnkxLDAqBgNVBAMTI0VsaSBMaWxseSBGZWRlcmF0aW9u\n" +

            "IFNlcnZpY2UgKDIwMTgpMB4XDTE4MDEyNDIwMTAyNFoXDTIzMDEyMzIwMTAyNFowWzELMAkGA1UE\n" +

            "BhMCVVMxHjAcBgNVBAoTFUVsaSBMaWxseSBhbmQgQ29tcGFueTEsMCoGA1UEAxMjRWxpIExpbGx5\n" +

            "IEZlZGVyYXRpb24gU2VydmljZSAoMjAxOCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\n" +

            "AQDJXGwSK5MIXKbJ3AvVVi6EfzTIZdKeHHfGsmvMYdfqvdWzRgiMGBcQDowny7tIsDXsiCskV4yC\n" +

            "FnBFttlzy3vfHe4k3QG2dLEyHkDZcucm3ofyDdWYRXlFfJJKbscgN4elxiLj1xeTKBMHeZYfNlAY\n" +

            "hLs0GC6GJYnjyEFip3feHybJV2AUgZzX2hXUCoBMpaTMV9RyjM/mMSKEdG6sK4bgxr9cQ1OTqX4x\n" +

            "1NDJ0woVW9v/54MjZL4aN8arOfEV4+pLRI9Ulvs3nd2qzP9NeAbdFzzAGgUH4cv5Q089n9EZ/9Tx\n" +

            "VX8/7wrw6zZqJcQBg0KxULXodmgOr4VQNL/7gDZBAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGh+\n" +

            "Sdo+VMPv+98DlRTLZcn/6Gys64NGjyhxLA4EEkigoLgFkv1nfZ0alovUkCYZCrccTW/3OfN4znc0\n" +

            "VoRcXZuo2a1it5/35EtZIReXx+CjYKHztvxGT5+mm88ThYenssOUAcO4plgmu15XKFoftZB/JLhF\n" +

            "mxl2PiM8t6RHpYIZJsN+M7FZxAnhOGZynib0xtdJr1K2s9XmA2GMxFG2I2vKfAhCAq46Bu6VkLq2\n" +

            "2/oPigaQCdAg9YKZ1Ll8VmzIYKmkPT3Y/ZuVAcZ1B89JTdZtJIF9tvJUTikJrUhNw6pkCAEmVnWt\n" +

            "nP54drzwbUdA/1fTXXgDIlbI61DXhErGwXI=";

    static{

        try{

            DefaultBootstrap.bootstrap ();

        }catch (Exception ex){

            ex.printStackTrace ();

        }

    }

    public static void main(String[] args) throws Exception{

        String SAMLResponse="PHNhbWxwOlJlc3BvbnNlIFZlcnNpb249IjIuMCIgSUQ9ImwzeUpCQm1zRlN1NkNaSS05SU1WMzZKdWstdSIgSXNzdWVJbnN0YW50PSIyMDE5LTAyLTI3VDAzOjQ2OjA0LjIwN1oiIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiPjxzYW1sOklzc3VlciB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5sbHktcWE6c2FtbDI6aWRwPC9zYW1sOklzc3Vlcj48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24gSUQ9InlQV0Qwc01WZUtJcmUzUjQ1UTlGTGdQUF9jNCIgSXNzdWVJbnN0YW50PSIyMDE5LTAyLTI3VDAzOjQ2OjA0LjQyNVoiIFZlcnNpb249IjIuMCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PHNhbWw6SXNzdWVyPmxseS1xYTpzYW1sMjppZHA8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgo8ZHM6U2lnbmVkSW5mbz4KPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz4KPGRzOlJlZmVyZW5jZSBVUkk9IiN5UFdEMHNNVmVLSXJlM1I0NVE5RkxnUFBfYzQiPgo8ZHM6VHJhbnNmb3Jtcz4KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+CjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KPC9kczpUcmFuc2Zvcm1zPgo8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+CjxkczpEaWdlc3RWYWx1ZT5iNmYzb2VwT3VPYndlVk1rdEswUDhrdG5VTlY1M1NLY09tekc3L0pnVUVjPTwvZHM6RGlnZXN0VmFsdWU+CjwvZHM6UmVmZXJlbmNlPgo8L2RzOlNpZ25lZEluZm8+CjxkczpTaWduYXR1cmVWYWx1ZT4KdHpqQmF6LzhtRm5jU1p5MTczL1dJSllRbHo2UVBJQVQrbkxEWXhXTFAwdTVaWmFBMDM0Z0RTMm5mNGJBekFIMXh5MVZNMU9KV2lyVQpyTnRQN29kemtRU2ZOUXhmbFU3OXp5SUdTNVhrR3k5dDN3WkY2V3dpWUhwVy9Wb2xwNVFGeGpUeFlaK3FiYU5uZG1NL1l3UE5EdWJ3CnBjWU1yTUhGM0tkY09DME9HQnhCeVhVNFZaeGZBR0dadjhST0g1TjdqMHUxSmd4a0cwN2xZbW81MWVyTmVXVDM2Zkx2dmp0Y3ZWQjEKN3U0Z3AyS0pIa293YllaRUlLTCtDcVFoMWdmZXVJcTV2RUZoYURKRnJzNWhFdVViRkM2c2trUGNCZ3FkRVR4RGZud09sUkZhVDdneQpNdDZhZUdDVGd3cUFKbm5tM1pPU0dKQVF6TWN2QnpJei9jd0daUT09CjwvZHM6U2lnbmF0dXJlVmFsdWU+CjxkczpLZXlJbmZvPgo8ZHM6WDUwOURhdGE+CjxkczpYNTA5Q2VydGlmaWNhdGU+Ck1JSURORENDQWh5Z0F3SUJBZ0lHQVdFcHl2OXBNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1Gc3hDekFKQmdOVkJBWVRBbFZUTVI0d0hBWUQKVlFRS0V4VkZiR2tnVEdsc2JIa2dZVzVrSUVOdmJYQmhibmt4TERBcUJnTlZCQU1USTBWc2FTQk1hV3hzZVNCR1pXUmxjbUYwYVc5dQpJRk5sY25acFkyVWdLREl3TVRncE1CNFhEVEU0TURFeU5ESXdNVEF5TkZvWERUSXpNREV5TXpJd01UQXlORm93V3pFTE1Ba0dBMVVFCkJoTUNWVk14SGpBY0JnTlZCQW9URlVWc2FTQk1hV3hzZVNCaGJtUWdRMjl0Y0dGdWVURXNNQ29HQTFVRUF4TWpSV3hwSUV4cGJHeDUKSUVabFpHVnlZWFJwYjI0Z1UyVnlkbWxqWlNBb01qQXhPQ2t3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQgpBUURKWEd3U0s1TUlYS2JKM0F2VlZpNkVmelRJWmRLZUhIZkdzbXZNWWRmcXZkV3pSZ2lNR0JjUURvd255N3RJc0RYc2lDc2tWNHlDCkZuQkZ0dGx6eTN2ZkhlNGszUUcyZExFeUhrRFpjdWNtM29meURkV1lSWGxGZkpKS2JzY2dONGVseGlMajF4ZVRLQk1IZVpZZk5sQVkKaExzMEdDNkdKWW5qeUVGaXAzZmVIeWJKVjJBVWdaelgyaFhVQ29CTXBhVE1WOVJ5ak0vbU1TS0VkRzZzSzRiZ3hyOWNRMU9UcVg0eAoxTkRKMHdvVlc5di81NE1qWkw0YU44YXJPZkVWNCtwTFJJOVVsdnMzbmQycXpQOU5lQWJkRnp6QUdnVUg0Y3Y1UTA4OW45RVovOVR4ClZYOC83d3J3NnpacUpjUUJnMEt4VUxYb2RtZ09yNFZRTkwvN2dEWkJBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFHaCsKU2RvK1ZNUHYrOThEbFJUTFpjbi82R3lzNjROR2p5aHhMQTRFRWtpZ29MZ0ZrdjFuZlowYWxvdlVrQ1laQ3JjY1RXLzNPZk40em5jMApWb1JjWFp1bzJhMWl0NS8zNUV0WklSZVh4K0NqWUtIenR2eEdUNSttbTg4VGhZZW5zc09VQWNPNHBsZ211MTVYS0ZvZnRaQi9KTGhGCm14bDJQaU04dDZSSHBZSVpKc04rTTdGWnhBbmhPR1p5bmliMHh0ZEpyMUsyczlYbUEyR014RkcySTJ2S2ZBaENBcTQ2QnU2VmtMcTIKMi9vUGlnYVFDZEFnOVlLWjFMbDhWbXpJWUtta1BUM1kvWnVWQWNaMUI4OUpUZFp0SklGOXR2SlVUaWtKclVoTnc2cGtDQUVtVm5XdApuUDU0ZHJ6d2JVZEEvMWZUWFhnRElsYkk2MURYaEVyR3dYST0KPC9kczpYNTA5Q2VydGlmaWNhdGU+CjwvZHM6WDUwOURhdGE+CjwvZHM6S2V5SW5mbz4KPC9kczpTaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDp1bnNwZWNpZmllZCI+QzI3MDAzNjwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIFJlY2lwaWVudD0iaHR0cHM6Ly90ZXN0c2VydmljZS50cHAudHA5NTU4OS5jb20vdHBwc2VydmljZS9jYXMvbGlsbHktc2FtbDIiIE5vdE9uT3JBZnRlcj0iMjAxOS0wMi0yN1QwMzo0ODowNC40MjVaIi8+PC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+PC9zYW1sOlN1YmplY3Q+PHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTktMDItMjdUMDM6NDQ6MDQuNDI1WiIgTm90T25PckFmdGVyPSIyMDE5LTAyLTI3VDAzOjQ4OjA0LjQyNVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+dGFpcGluZ3BlbnNpb25oYWxsPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOkF1dGhuU3RhdGVtZW50IFNlc3Npb25JbmRleD0ieVBXRDBzTVZlS0lyZTNSNDVROUZMZ1BQX2M0IiBBdXRobkluc3RhbnQ9IjIwMTktMDItMjdUMDM6NDY6MDQuNDEwWiI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlRlbGVwaG9ueTwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+";

        byte[] byteResponse = new Base64().decode(SAMLResponse.getBytes("utf-8"));

//        String gg=new String(byteResponse,"utf-8");

//        System.out.println(gg);

        // Read certificate

        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");

        InputStream inputStream = new ByteArrayInputStream(Base64.decodeBase64(certificateS.getBytes("UTF-8")));

        X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(inputStream);

        inputStream.close();

        BasicX509Credential credential = new BasicX509Credential();

        KeyFactory keyFactory = KeyFactory.getInstance("RSA");

        X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(certificate.getPublicKey().getEncoded());

        PublicKey key = keyFactory.generatePublic(publicKeySpec);

        credential.setPublicKey(key);

        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteResponse);

        DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();

        documentBuilderFactory.setNamespaceAware(true);

        DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();

        Document document = documentBuilder.parse(byteArrayInputStream);

        Element element = document.getDocumentElement();

//        NodeList nodeList= element.getChildNodes();

//        Node node=nodeList.item(2);

//        NodeList assertion= node.getChildNodes();

//        Node sub=assertion.item(2);

//        NodeList as=sub.getChildNodes();

//        Node nameIdNode=as.item(0);

//       String nameId= nameIdNode.getChildNodes().item(0).getNodeValue();

//        System.out.println("====================="+nameId);

//        System.out.println("====================="+bb);

        UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();

        Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);

        XMLObject responseXmlObj = unmarshaller.unmarshall(element);

        Response responseObj = (Response) responseXmlObj;

        Assertion assertion = responseObj.getAssertions().get(0);

        String nameId = assertion.getSubject().getNameID().getValue();

        System.out.println(("nameId=" + nameId));

        //判断该消息是否被签名

        if(!assertion.isSigned()){

            throw new RuntimeException("The SAML Assertion was not signed");

        }

        //判断该签名是否符合SAML签名的标准声明,也就是是否应用了XML的规范化算法

        SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();

        profileValidator.validate(assertion.getSignature());

        org.opensaml.xml.signature.Signature sig = assertion.getSignature();

        System.out.println("sign==================="+sig.getKeyInfo());

        //再正密码学意义上的验证签名

        org.opensaml.xml.signature.SignatureValidator validator = new org.opensaml.xml.signature.SignatureValidator(credential);

        validator.validate(sig);

    }

}

SAML2.0 SP端处理的更多相关文章

  1. SAML2.0 协议初识(二)---Service Provider(SP)

    上一节,我们初步认识了 SAML 协议的概念和工作流程,这一节将介绍 SP 端的一些细节. 通常情况下,SP 端是请求发起端,即当用户访问 SP 端的受保护资源时,由 SP 端向认证中心(IDP 端) ...

  2. SAML2.0 协议初识(一)

    一.什么是 SAML 协议? SAML 即安全断言标记语言,英文全称是 Security Assertion Markup Language.它是一个基于 XML 的标准,用于在不同的安全域(secu ...

  3. Swift3.0服务端开发(一) 完整示例概述及Perfect环境搭建与配置(服务端+iOS端)

    本篇博客算是一个开头,接下来会持续更新使用Swift3.0开发服务端相关的博客.当然,我们使用目前使用Swift开发服务端较为成熟的框架Perfect来实现.Perfect框架是加拿大一个创业团队开发 ...

  4. Swift3.0服务端开发(五) 记事本的开发(iOS端+服务端)

    前边以及陆陆续续的介绍了使用Swift3.0开发的服务端应用程序的Perfect框架.本篇博客就做一个阶段性的总结,做一个完整的实例,其实这个实例在<Swift3.0服务端开发(一)>这篇 ...

  5. Open CDN 2.0管控端和节点端安装

    原文:http://www.safecdn.cn/cdn/2018/12/opencdn-2-0/1076.html OpenCDN是一套快速部署CDN加速的工具,针对专门提供CDN加速服务的企业或对 ...

  6. 创建自己的OAuth2.0服务端(一)

    如果对OAuth2.0有任何的疑问,请先熟悉OAuth2.0基础的文章:http://www.cnblogs.com/alunchen/p/6956016.html 1. 前言 本篇文章时对 客户端的 ...

  7. Kafka设计解析(二十二)Flink + Kafka 0.11端到端精确一次处理语义的实现

    转载自 huxihx,原文链接 [译]Flink + Kafka 0.11端到端精确一次处理语义的实现 本文是翻译作品,作者是Piotr Nowojski和Michael Winters.前者是该方案 ...

  8. oauth2.0服务端与客户端搭建

    oauth2.0服务端与客户端搭建 - 推酷 今天搭建了oauth2.0服务端与客户端.把搭建的过程记录一下.具体实现的功能是:client.ruanwenwu.cn的用户能够通过 server.ru ...

  9. vue2.0 移动端,下拉刷新,上拉加载更多插件,修改版

    在[实现丰盛]的插件基础修改[vue2.0 移动端,下拉刷新,上拉加载更多 插件], 1.修改加载到尾页面,返回顶部刷新数据,无法继续加重下一页 2.修改加载完成文字提示 原文链接:http://ww ...

随机推荐

  1. python 使用pip安装使用国内镜像加速下载安装包的方法

    清华大学提供开源镜像站:https://mirrors.tuna.tsinghua.edu.cn/help/pypi/ pypi 镜像每 5 分钟同步一次. pip install 包的名字 == 版 ...

  2. No matching authentication protocol

    java 连接oracle数据库: 之前连接公司的oracle数据库没有问题,但客户提供的是oracle12C版本的,连接就报 :No matching authentication protocol ...

  3. lua 匹配空白符

    lua 支持的所有字符类: .     任意字符%s 空白符 空白字符一般包括空格.换行符\n.制表符\t以及回到行首符\r%p 标点字符%c 控制字符%d 数字%x 十六进制数字%z 代表0的字符% ...

  4. C++ Object实体类

    *暂未完成,因为无尽BUG滚滚来. 好长时间没写完,一是能力不够,二是我还得给老板写WEB的代码.可是我不会WEB!js和PHP简直就是世界上最好的语言,因为它们能够让人更快地进入极乐世界. 让我写一 ...

  5. Vue.js 父子组件之间通信的方式

    Vue 父子组件之间的同学有一下几种方式: 1. props 2. $emit -- 组件封装用的比较多 3. .sync -- 语法糖 4. $attrs 和 $listeners -- 组件封装用 ...

  6. py-day4-3 python 内置函数 man和mix的高级使用

    ### man和mix的高级使用 age_dic={'xiaoma':18,'zhangfei':20,'xiaowang':36,'lihao':13,} print(max(age_dic.val ...

  7. JavaScript的定时器如何先触发一次再延时

    var data3=0; (function count3(){ console.log("count3:",data3++); setTimeout(count3,1000); ...

  8. Sql case when 示例

    SELECT       单元编号,年,月,   项目编号='11111',   sum(case  when 项目编号= 'ZB010201' then [当月额] else 0 end ) 医疗收 ...

  9. 前端-JavaScript2-1——JavaScript基础复习及上次作业答案

    昨天讲解的JS是编程最最简单的一些基础知识,复习一下: JavaScript书写环境,<script>标签 1    <script type=”text/javascript”&g ...

  10. ARC085E MUL

    https://atcoder.jp/contests/arc085/tasks/arc085_c 题目大意 略 解法 最小割即可. 直接建图有负边,但是因为我们知道最后在割上的边数一定为 \(N\) ...