sso response解析

import java.io.ByteArrayInputStream;

import java.io.InputStream;

import java.security.KeyFactory;

import java.security.PublicKey;

import java.security.cert.CertificateFactory;

import java.security.cert.X509Certificate;

import java.security.spec.X509EncodedKeySpec;

public class SSoTest {

    private static final String certificateS = "MIIDNDCCAhygAwIBAgIGAWEpyv9pMA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNVBAYTAlVTMR4wHAYD\n" +

            "VQQKExVFbGkgTGlsbHkgYW5kIENvbXBhbnkxLDAqBgNVBAMTI0VsaSBMaWxseSBGZWRlcmF0aW9u\n" +

            "IFNlcnZpY2UgKDIwMTgpMB4XDTE4MDEyNDIwMTAyNFoXDTIzMDEyMzIwMTAyNFowWzELMAkGA1UE\n" +

            "BhMCVVMxHjAcBgNVBAoTFUVsaSBMaWxseSBhbmQgQ29tcGFueTEsMCoGA1UEAxMjRWxpIExpbGx5\n" +

            "IEZlZGVyYXRpb24gU2VydmljZSAoMjAxOCkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\n" +

            "AQDJXGwSK5MIXKbJ3AvVVi6EfzTIZdKeHHfGsmvMYdfqvdWzRgiMGBcQDowny7tIsDXsiCskV4yC\n" +

            "FnBFttlzy3vfHe4k3QG2dLEyHkDZcucm3ofyDdWYRXlFfJJKbscgN4elxiLj1xeTKBMHeZYfNlAY\n" +

            "hLs0GC6GJYnjyEFip3feHybJV2AUgZzX2hXUCoBMpaTMV9RyjM/mMSKEdG6sK4bgxr9cQ1OTqX4x\n" +

            "1NDJ0woVW9v/54MjZL4aN8arOfEV4+pLRI9Ulvs3nd2qzP9NeAbdFzzAGgUH4cv5Q089n9EZ/9Tx\n" +

            "VX8/7wrw6zZqJcQBg0KxULXodmgOr4VQNL/7gDZBAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGh+\n" +

            "Sdo+VMPv+98DlRTLZcn/6Gys64NGjyhxLA4EEkigoLgFkv1nfZ0alovUkCYZCrccTW/3OfN4znc0\n" +

            "VoRcXZuo2a1it5/35EtZIReXx+CjYKHztvxGT5+mm88ThYenssOUAcO4plgmu15XKFoftZB/JLhF\n" +

            "mxl2PiM8t6RHpYIZJsN+M7FZxAnhOGZynib0xtdJr1K2s9XmA2GMxFG2I2vKfAhCAq46Bu6VkLq2\n" +

            "2/oPigaQCdAg9YKZ1Ll8VmzIYKmkPT3Y/ZuVAcZ1B89JTdZtJIF9tvJUTikJrUhNw6pkCAEmVnWt\n" +

            "nP54drzwbUdA/1fTXXgDIlbI61DXhErGwXI=";

    static{

        try{

            DefaultBootstrap.bootstrap ();

        }catch (Exception ex){

            ex.printStackTrace ();

        }

    }

    public static void main(String[] args) throws Exception{

        String SAMLResponse="PHNhbWxwOlJlc3BvbnNlIFZlcnNpb249IjIuMCIgSUQ9ImwzeUpCQm1zRlN1NkNaSS05SU1WMzZKdWstdSIgSXNzdWVJbnN0YW50PSIyMDE5LTAyLTI3VDAzOjQ2OjA0LjIwN1oiIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiPjxzYW1sOklzc3VlciB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5sbHktcWE6c2FtbDI6aWRwPC9zYW1sOklzc3Vlcj48c2FtbHA6U3RhdHVzPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOlN1Y2Nlc3MiLz48L3NhbWxwOlN0YXR1cz48c2FtbDpBc3NlcnRpb24gSUQ9InlQV0Qwc01WZUtJcmUzUjQ1UTlGTGdQUF9jNCIgSXNzdWVJbnN0YW50PSIyMDE5LTAyLTI3VDAzOjQ2OjA0LjQyNVoiIFZlcnNpb249IjIuMCIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PHNhbWw6SXNzdWVyPmxseS1xYTpzYW1sMjppZHA8L3NhbWw6SXNzdWVyPjxkczpTaWduYXR1cmUgeG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgo8ZHM6U2lnbmVkSW5mbz4KPGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz4KPGRzOlJlZmVyZW5jZSBVUkk9IiN5UFdEMHNNVmVLSXJlM1I0NVE5RkxnUFBfYzQiPgo8ZHM6VHJhbnNmb3Jtcz4KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+CjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz4KPC9kczpUcmFuc2Zvcm1zPgo8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+CjxkczpEaWdlc3RWYWx1ZT5iNmYzb2VwT3VPYndlVk1rdEswUDhrdG5VTlY1M1NLY09tekc3L0pnVUVjPTwvZHM6RGlnZXN0VmFsdWU+CjwvZHM6UmVmZXJlbmNlPgo8L2RzOlNpZ25lZEluZm8+CjxkczpTaWduYXR1cmVWYWx1ZT4KdHpqQmF6LzhtRm5jU1p5MTczL1dJSllRbHo2UVBJQVQrbkxEWXhXTFAwdTVaWmFBMDM0Z0RTMm5mNGJBekFIMXh5MVZNMU9KV2lyVQpyTnRQN29kemtRU2ZOUXhmbFU3OXp5SUdTNVhrR3k5dDN3WkY2V3dpWUhwVy9Wb2xwNVFGeGpUeFlaK3FiYU5uZG1NL1l3UE5EdWJ3CnBjWU1yTUhGM0tkY09DME9HQnhCeVhVNFZaeGZBR0dadjhST0g1TjdqMHUxSmd4a0cwN2xZbW81MWVyTmVXVDM2Zkx2dmp0Y3ZWQjEKN3U0Z3AyS0pIa293YllaRUlLTCtDcVFoMWdmZXVJcTV2RUZoYURKRnJzNWhFdVViRkM2c2trUGNCZ3FkRVR4RGZud09sUkZhVDdneQpNdDZhZUdDVGd3cUFKbm5tM1pPU0dKQVF6TWN2QnpJei9jd0daUT09CjwvZHM6U2lnbmF0dXJlVmFsdWU+CjxkczpLZXlJbmZvPgo8ZHM6WDUwOURhdGE+CjxkczpYNTA5Q2VydGlmaWNhdGU+Ck1JSURORENDQWh5Z0F3SUJBZ0lHQVdFcHl2OXBNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1Gc3hDekFKQmdOVkJBWVRBbFZUTVI0d0hBWUQKVlFRS0V4VkZiR2tnVEdsc2JIa2dZVzVrSUVOdmJYQmhibmt4TERBcUJnTlZCQU1USTBWc2FTQk1hV3hzZVNCR1pXUmxjbUYwYVc5dQpJRk5sY25acFkyVWdLREl3TVRncE1CNFhEVEU0TURFeU5ESXdNVEF5TkZvWERUSXpNREV5TXpJd01UQXlORm93V3pFTE1Ba0dBMVVFCkJoTUNWVk14SGpBY0JnTlZCQW9URlVWc2FTQk1hV3hzZVNCaGJtUWdRMjl0Y0dGdWVURXNNQ29HQTFVRUF4TWpSV3hwSUV4cGJHeDUKSUVabFpHVnlZWFJwYjI0Z1UyVnlkbWxqWlNBb01qQXhPQ2t3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQgpBUURKWEd3U0s1TUlYS2JKM0F2VlZpNkVmelRJWmRLZUhIZkdzbXZNWWRmcXZkV3pSZ2lNR0JjUURvd255N3RJc0RYc2lDc2tWNHlDCkZuQkZ0dGx6eTN2ZkhlNGszUUcyZExFeUhrRFpjdWNtM29meURkV1lSWGxGZkpKS2JzY2dONGVseGlMajF4ZVRLQk1IZVpZZk5sQVkKaExzMEdDNkdKWW5qeUVGaXAzZmVIeWJKVjJBVWdaelgyaFhVQ29CTXBhVE1WOVJ5ak0vbU1TS0VkRzZzSzRiZ3hyOWNRMU9UcVg0eAoxTkRKMHdvVlc5di81NE1qWkw0YU44YXJPZkVWNCtwTFJJOVVsdnMzbmQycXpQOU5lQWJkRnp6QUdnVUg0Y3Y1UTA4OW45RVovOVR4ClZYOC83d3J3NnpacUpjUUJnMEt4VUxYb2RtZ09yNFZRTkwvN2dEWkJBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFHaCsKU2RvK1ZNUHYrOThEbFJUTFpjbi82R3lzNjROR2p5aHhMQTRFRWtpZ29MZ0ZrdjFuZlowYWxvdlVrQ1laQ3JjY1RXLzNPZk40em5jMApWb1JjWFp1bzJhMWl0NS8zNUV0WklSZVh4K0NqWUtIenR2eEdUNSttbTg4VGhZZW5zc09VQWNPNHBsZ211MTVYS0ZvZnRaQi9KTGhGCm14bDJQaU04dDZSSHBZSVpKc04rTTdGWnhBbmhPR1p5bmliMHh0ZEpyMUsyczlYbUEyR014RkcySTJ2S2ZBaENBcTQ2QnU2VmtMcTIKMi9vUGlnYVFDZEFnOVlLWjFMbDhWbXpJWUtta1BUM1kvWnVWQWNaMUI4OUpUZFp0SklGOXR2SlVUaWtKclVoTnc2cGtDQUVtVm5XdApuUDU0ZHJ6d2JVZEEvMWZUWFhnRElsYkk2MURYaEVyR3dYST0KPC9kczpYNTA5Q2VydGlmaWNhdGU+CjwvZHM6WDUwOURhdGE+CjwvZHM6S2V5SW5mbz4KPC9kczpTaWduYXR1cmU+PHNhbWw6U3ViamVjdD48c2FtbDpOYW1lSUQgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjE6bmFtZWlkLWZvcm1hdDp1bnNwZWNpZmllZCI+QzI3MDAzNjwvc2FtbDpOYW1lSUQ+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIFJlY2lwaWVudD0iaHR0cHM6Ly90ZXN0c2VydmljZS50cHAudHA5NTU4OS5jb20vdHBwc2VydmljZS9jYXMvbGlsbHktc2FtbDIiIE5vdE9uT3JBZnRlcj0iMjAxOS0wMi0yN1QwMzo0ODowNC40MjVaIi8+PC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+PC9zYW1sOlN1YmplY3Q+PHNhbWw6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTktMDItMjdUMDM6NDQ6MDQuNDI1WiIgTm90T25PckFmdGVyPSIyMDE5LTAyLTI3VDAzOjQ4OjA0LjQyNVoiPjxzYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWw6QXVkaWVuY2U+dGFpcGluZ3BlbnNpb25oYWxsPC9zYW1sOkF1ZGllbmNlPjwvc2FtbDpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDpDb25kaXRpb25zPjxzYW1sOkF1dGhuU3RhdGVtZW50IFNlc3Npb25JbmRleD0ieVBXRDBzTVZlS0lyZTNSNDVROUZMZ1BQX2M0IiBBdXRobkluc3RhbnQ9IjIwMTktMDItMjdUMDM6NDY6MDQuNDEwWiI+PHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlRlbGVwaG9ueTwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWw6QXV0aG5Db250ZXh0Pjwvc2FtbDpBdXRoblN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+";

        byte[] byteResponse = new Base64().decode(SAMLResponse.getBytes("utf-8"));

//        String gg=new String(byteResponse,"utf-8");

//        System.out.println(gg);

        // Read certificate

        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");

        InputStream inputStream = new ByteArrayInputStream(Base64.decodeBase64(certificateS.getBytes("UTF-8")));

        X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(inputStream);

        inputStream.close();

        BasicX509Credential credential = new BasicX509Credential();

        KeyFactory keyFactory = KeyFactory.getInstance("RSA");

        X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(certificate.getPublicKey().getEncoded());

        PublicKey key = keyFactory.generatePublic(publicKeySpec);

        credential.setPublicKey(key);

        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteResponse);

        DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();

        documentBuilderFactory.setNamespaceAware(true);

        DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();

        Document document = documentBuilder.parse(byteArrayInputStream);

        Element element = document.getDocumentElement();

//        NodeList nodeList= element.getChildNodes();

//        Node node=nodeList.item(2);

//        NodeList assertion= node.getChildNodes();

//        Node sub=assertion.item(2);

//        NodeList as=sub.getChildNodes();

//        Node nameIdNode=as.item(0);

//       String nameId= nameIdNode.getChildNodes().item(0).getNodeValue();

//        System.out.println("====================="+nameId);

//        System.out.println("====================="+bb);

        UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();

        Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);

        XMLObject responseXmlObj = unmarshaller.unmarshall(element);

        Response responseObj = (Response) responseXmlObj;

        Assertion assertion = responseObj.getAssertions().get(0);

        String nameId = assertion.getSubject().getNameID().getValue();

        System.out.println(("nameId=" + nameId));

        //判断该消息是否被签名

        if(!assertion.isSigned()){

            throw new RuntimeException("The SAML Assertion was not signed");

        }

        //判断该签名是否符合SAML签名的标准声明,也就是是否应用了XML的规范化算法

        SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();

        profileValidator.validate(assertion.getSignature());

        org.opensaml.xml.signature.Signature sig = assertion.getSignature();

        System.out.println("sign==================="+sig.getKeyInfo());

        //再正密码学意义上的验证签名

        org.opensaml.xml.signature.SignatureValidator validator = new org.opensaml.xml.signature.SignatureValidator(credential);

        validator.validate(sig);

    }

}

SAML2.0 SP端处理的更多相关文章

  1. SAML2.0 协议初识(二)---Service Provider(SP)

    上一节,我们初步认识了 SAML 协议的概念和工作流程,这一节将介绍 SP 端的一些细节. 通常情况下,SP 端是请求发起端,即当用户访问 SP 端的受保护资源时,由 SP 端向认证中心(IDP 端) ...

  2. SAML2.0 协议初识(一)

    一.什么是 SAML 协议? SAML 即安全断言标记语言,英文全称是 Security Assertion Markup Language.它是一个基于 XML 的标准,用于在不同的安全域(secu ...

  3. Swift3.0服务端开发(一) 完整示例概述及Perfect环境搭建与配置(服务端+iOS端)

    本篇博客算是一个开头,接下来会持续更新使用Swift3.0开发服务端相关的博客.当然,我们使用目前使用Swift开发服务端较为成熟的框架Perfect来实现.Perfect框架是加拿大一个创业团队开发 ...

  4. Swift3.0服务端开发(五) 记事本的开发(iOS端+服务端)

    前边以及陆陆续续的介绍了使用Swift3.0开发的服务端应用程序的Perfect框架.本篇博客就做一个阶段性的总结,做一个完整的实例,其实这个实例在<Swift3.0服务端开发(一)>这篇 ...

  5. Open CDN 2.0管控端和节点端安装

    原文:http://www.safecdn.cn/cdn/2018/12/opencdn-2-0/1076.html OpenCDN是一套快速部署CDN加速的工具,针对专门提供CDN加速服务的企业或对 ...

  6. 创建自己的OAuth2.0服务端(一)

    如果对OAuth2.0有任何的疑问,请先熟悉OAuth2.0基础的文章:http://www.cnblogs.com/alunchen/p/6956016.html 1. 前言 本篇文章时对 客户端的 ...

  7. Kafka设计解析(二十二)Flink + Kafka 0.11端到端精确一次处理语义的实现

    转载自 huxihx,原文链接 [译]Flink + Kafka 0.11端到端精确一次处理语义的实现 本文是翻译作品,作者是Piotr Nowojski和Michael Winters.前者是该方案 ...

  8. oauth2.0服务端与客户端搭建

    oauth2.0服务端与客户端搭建 - 推酷 今天搭建了oauth2.0服务端与客户端.把搭建的过程记录一下.具体实现的功能是:client.ruanwenwu.cn的用户能够通过 server.ru ...

  9. vue2.0 移动端,下拉刷新,上拉加载更多插件,修改版

    在[实现丰盛]的插件基础修改[vue2.0 移动端,下拉刷新,上拉加载更多 插件], 1.修改加载到尾页面,返回顶部刷新数据,无法继续加重下一页 2.修改加载完成文字提示 原文链接:http://ww ...

随机推荐

  1. 一次奇妙的http请求之旅

    TCP/IP不是一个协议,而是一个协议族的统称.里面包括IP协议.IMCP协议.TCP协议. 这里有几个需要注意的知识点: 互联网地址:也就是IP地址,一般为网络号+子网号+主机号 域名系统:通俗的来 ...

  2. H5 实现图片上传预览

    <!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <title&g ...

  3. Spark参数详解 一(Spark1.6)

    Spark参数详解 (Spark1.6) 参考文档:Spark官网 在Spark的web UI在"Environment"选项卡中列出Spark属性.这是一个很有用的地方,可以检查 ...

  4. Poj2688cleaningrobot

    这道题让我们求一个地图上的各个点之间的最短路径说白了旅行商问题. 那么我们先用一个裸的BFS求出各个点之间的最短距离,然后我们再枚举各个点的全排列即可 这道题的细节很多,详见注释 上代码~ #incl ...

  5. docker应用实例——httpd

    docker可以用来创建虚拟环境跑应用,各个应用能起到隔离作用. 步骤也很简单,就是获取(下拉镜像)应用,然后进行安装就可以了 1.搜索镜像,比如我想虚拟一个httpd应用,可以看到,有httpd这个 ...

  6. tf.Variable() 与tf.get_variable()的区别

    每次调用 tf.Variable() 都会产生一个新的变量,变量名称是一个可选参数,运行命名相同,如果命名冲突会根据命名先后对名字进行处理, tf.get_variable()的变量名称是必填参数,t ...

  7. Linux csplit命令详解

    Linux csplit命令 Linux csplit命令用于分割文件.拆解文件主要是split和csplit命令,如果说split是按大小来拆分的话,那么csplit则可按匹配来拆分: 将文件依照指 ...

  8. layui select 选完其他选项, 手工清空选项 又恢复最初的选项?

    启用layui的select  下拉搜索项: lay-search <div class="layui-inline"> <label class="l ...

  9. Oracle 动态SQL 注意细节 ORA-00911: 无效字符

    随笔 - 46  文章 - 92  评论 - 5   lv_sql:='  insert into ETL_SUCESS_AMOUNT  select SEQ_OS_ETL_AMOUNTID.NEXT ...

  10. [例子]Ubuntu虚拟机设置固定IP上网

    宿主机器     win7 linux            Ubuntu 14.04 LTS 参考: Linux系列:Ubuntu虚拟机设置固定IP上网(配置IP.网关.DNS.防止resolv.c ...