Merge pull request #2 from lucastle/master

PR challenge #1
italia · Dec 6, 2017 · a237877 · a237877
2 parents a0aa955 + 9861ba9
commit a237877
Show file tree

Hide file tree

Showing 60 changed files with 3,047 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -1,2 +1,15 @@
 # spid-spring
-SPID extension for Java Spring
+
+Questo progetto rappresenta la risposta alla issue ["Sviluppo estensione Java Spring per SPID #1"](https://github.com/italia/spid-spring/issues/1) del team hack.developers 2017 di Lecce.
+
+Il codice sorgente è suddiviso nei due seguenti moduli maven.
+1. **spid-spring-integration** è una libreria JAR che fornisce un supporto alle web application Spring che hanno la necessità di integrarsi in single sign-on con un Identity Provider SPID.
+2. **spid-spring-rest** è una applicazione Spring Boot che funge da proof of concept dell'estensione Java Spring per SPID implementata.
+
+L'applicazione Spring Boot espone tre servizi REST per un ipotetico client che consentono di conoscere la lista degli Identity Provider ufficiali, di produrre una request da inviare ad uno specifico Identity Provider e infine di recuperare il contenuto dell response finale inviata dall'Identity Provider.
+
+I dettagli dei due moduli maven sono riportati nei seguenti file README.md: [spid-spring-integration](https://github.com/lucastle/spid-spring/blob/master/spid-spring-integration/README.md) e [spid-spring-rest](https://github.com/lucastle/spid-spring/blob/master/spid-spring-rest/README.md)
+
+## TODO List
+- Completare il test della chiamata per la generazione della Authn Request.
+- Completare la chiamata per l'estrazione dei dati dell'utente dalla response dell'Identity Provider.
diff --git a/pom.xml b/pom.xml
@@ -0,0 +1,47 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<groupId>it.italia.developers.spid</groupId>
+	<artifactId>spid-spring</artifactId>
+	<version>0.0.1-SNAPSHOT</version>
+	<packaging>pom</packaging>
+	<name>SPID - Spring Integration</name>
+	<description>SPID - Spring Integration per hack.developers17</description>
+
+	<properties>
+		<spring.version>4.3.0.RELEASE</spring.version>
+	</properties>
+
+	<modules>
+		<module>spid-spring-integration</module>
+		<module>spid-spring-rest</module>
+	</modules>
+
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-compiler-plugin</artifactId>
+				<version>3.7.0</version>
+				<configuration>
+					<source>1.8</source>
+					<target>1.8</target>
+				</configuration>
+			</plugin>
+		</plugins>
+	</build>
+
+	<dependencies>
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-core</artifactId>
+			<version>${spring.version}</version>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-test</artifactId>
+			<version>${spring.version}</version>
+			<scope>test</scope>
+		</dependency>
+	</dependencies>
+</project>
diff --git a/spid-spring-integration/.classpath b/spid-spring-integration/.classpath
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" output="target/classes" path="src/main/java">
+		<attributes>
+			<attribute name="optional" value="true"/>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
+		<attributes>
+			<attribute name="optional" value="true"/>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/spid-spring-integration/.project b/spid-spring-integration/.project
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>spid-spring-integration</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.m2e.core.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.eclipse.m2e.core.maven2Nature</nature>
+	</natures>
+</projectDescription>
diff --git a/spid-spring-integration/.settings/org.eclipse.core.resources.prefs b/spid-spring-integration/.settings/org.eclipse.core.resources.prefs
@@ -0,0 +1,6 @@
+eclipse.preferences.version=1
+encoding//src/main/java=UTF-8
+encoding//src/main/resources=UTF-8
+encoding//src/test/java=UTF-8
+encoding//src/test/resources=UTF-8
+encoding/<project>=UTF-8
diff --git a/spid-spring-integration/.settings/org.eclipse.jdt.core.prefs b/spid-spring-integration/.settings/org.eclipse.jdt.core.prefs
@@ -0,0 +1,5 @@
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
+org.eclipse.jdt.core.compiler.compliance=1.8
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.source=1.8
diff --git a/spid-spring-integration/.settings/org.eclipse.m2e.core.prefs b/spid-spring-integration/.settings/org.eclipse.m2e.core.prefs
@@ -0,0 +1,4 @@
+activeProfiles=
+eclipse.preferences.version=1
+resolveWorkspaceProjects=true
+version=1
diff --git a/spid-spring-integration/README.md b/spid-spring-integration/README.md
@@ -0,0 +1,22 @@
+
+# spid-spring-integration
+
+Si tratta di una libreria sviluppata utilizzando le funzionalità di OpenSAML v3 che agevola eventuali applicazioni basate su Spring nel compito di aderire al circuito SPID e quindi di consentire ai propri utenti di autenticarsi usando le proprie credenziali SPID. La libreria è costituita da un file JAR utilizzabile come dipendenza in un'applicazione Spring. Essa espone le sue funzionalità attraverso i seguenti metodi pubblici di un'interfaccia SPIDIntegrationService.
+- `List<IdpEntry> getAllIdpEntry()`
+	 - Restituisce una lista degli Identity Provider SPID ufficiali. Di ogni provider il servizio fornisce un identificativo applicativo, l'entityID e il nome del provider, un URL da cui è possibile scaricare il logo del provider.
+- `AuthRequest buildAuthenticationRequest(String entityId, int assertionConsumerServiceIndex)`
+	 - Dati l'entityID del provider e l'indice di uno specifico consumer service fornito dal Service Provider, restituisce un oggetto contenente l’URL a cui inviare il messaggio di risposta alla richiesta di autenticazione e il contenuto del campo AuthnRequest da inviare all'Identity Provider.
+- `ResponseDecoded processAuthenticationResponse(ResponseEncoded response)`
+   - Richiede in ingresso la risposta codificata restituita dall'Identity Provider e restituisce una versione intellegibile delle informazioni in essa riportate.
+
+## Indicazioni per eventuali evoluzioni future della libreria
+In caso di evoluzione della libreria, occorre tener presente che per ogni nuovo Identity Provider da aggiungere si rendono necessari i seguenti passi:
+1. aggiungere nella directory "spid-spring/spid-spring-integration/src/main/resources/metadata/idp" il file metadata che descrive l'Identity Provider;
+2. aggiungere nel file "spid-spring/spid-spring-integration/src/main/resources/idplist.properties" quattro righe del tipo:
+
+    spid.spring.integration.idp.[IdP-id].file=[IdP]-metadata.xml
+    spid.spring.integration.idp.[IdP-id].name=[IdP-name]
+    spid.spring.integration.idp.[IdP-id].imageUrl=[IdP-logo-url]
+    spid.spring.integration.idp.[IdP-id].entityId=[IdP-entityID]
+dove [IdP-id], in particolare, deve essere sostituito con l'id applicativo che distingue il nuovo Identity Provider;
+3. aggiungere alla seguente riga una virgola e l'id applicativo che distingue il nuovo Identity Provider.
diff --git a/spid-spring-integration/pom.xml b/spid-spring-integration/pom.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0"?>
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>it.italia.developers.spid</groupId>
+		<artifactId>spid-spring</artifactId>
+		<version>0.0.1-SNAPSHOT</version>
+	</parent>
+	<artifactId>spid-spring-integration</artifactId>
+	<name>spid-spring-integration</name>
+	<url>http://maven.apache.org</url>
+	<properties>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+	</properties>
+	<dependencies>
+		<!-- https://mvnrepository.com/artifact/junit/junit -->
+		<dependency>
+			<groupId>junit</groupId>
+			<artifactId>junit</artifactId>
+			<version>4.12</version>
+			<scope>test</scope>
+		</dependency>
+
+		<!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-slf4j-impl -->
+		<dependency>
+			<groupId>org.apache.logging.log4j</groupId>
+			<artifactId>log4j-slf4j-impl</artifactId>
+			<version>2.9.1</version>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework</groupId>
+			<artifactId>spring-context</artifactId>
+			<version>${spring.version}</version>
+		</dependency>
+
+		<!-- https://mvnrepository.com/artifact/org.springframework.security.extensions/spring-security-saml2-core -->
+		<dependency>
+			<groupId>org.springframework.security.extensions</groupId>
+			<artifactId>spring-security-saml2-core</artifactId>
+			<version>1.0.2.RELEASE</version>
+		</dependency>
+
+		<dependency>
+			<groupId>javax.servlet</groupId>
+			<artifactId>javax.servlet-api</artifactId>
+			<version>4.0.0</version>
+			<scope>provided</scope>
+		</dependency>
+
+
+	</dependencies>
+</project>
diff --git a/spid-spring-integration/src/main/java/it/italia/developers/spid/integration/Application.java b/spid-spring-integration/src/main/java/it/italia/developers/spid/integration/Application.java
@@ -0,0 +1,23 @@
+/************************************************************************************
+ * Copyright (c) 2011, 2017 Link Management & Technology S.p.A. via R. Scotellaro, 55 73100 - Lecce
+ * - http://www.linksmt.it - All rights reserved.
+ *
+ * Contributors: Links Management & Technology S.p.A. - initial API and implementation
+ *************************************************************************************/
+package it.italia.developers.spid.integration;
+
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.context.annotation.PropertySources;
+
+/**
+ * @author Gianluca Pindinelli
+ *
+ */
+@Configuration
+@ComponentScan(basePackages = { "it.italia.developers.spid.integration" })
+@PropertySources({ @PropertySource("classpath:integration.properties"), @PropertySource(value = "file:${spid-spring-integration.properties.path}", ignoreResourceNotFound = true) })
+public class Application {
+
+}
diff --git a/...integration/src/main/java/it/italia/developers/spid/integration/config/IdpKeyManager.java b/...integration/src/main/java/it/italia/developers/spid/integration/config/IdpKeyManager.java
@@ -0,0 +1,76 @@
+package it.italia.developers.spid.integration.config;
+
+import java.io.UnsupportedEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.security.CriteriaSet;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.AbstractCredentialResolver;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.criteria.EntityIDCriteria;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.springframework.security.saml.key.KeyManager;
+
+public class IdpKeyManager extends AbstractCredentialResolver implements KeyManager {
+	private String entityId;
+	private Set<String> availableCredentials;
+	private X509Certificate certificate;
+	private BasicX509Credential credential;
+
+	public IdpKeyManager(final String entityId, final String certificateStr) throws MetadataProviderException, CertificateException, UnsupportedEncodingException {
+		super();
+		this.entityId = entityId;
+		availableCredentials = new HashSet<String>();
+		availableCredentials.add(entityId);
+
+		certificate = X509Utils.generateX509Certificate(certificateStr);
+
+		credential = new BasicX509Credential();
+		credential.setEntityId(entityId);
+		credential.setEntityCertificate(certificate);
+	}
+
+	@Override
+	public Credential getCredential(final String key) {
+		if (key != null && entityId != null && key.equals(entityId)) {
+			return credential;
+		} else {
+			return null;
+		}
+	}
+
+	@Override
+	public Credential getDefaultCredential() {
+		return getCredential(entityId);
+	}
+
+	@Override
+	public String getDefaultCredentialName() {
+		return entityId;
+	}
+
+	@Override
+	public Set<String> getAvailableCredentials() {
+		return availableCredentials;
+	}
+
+	@Override
+	public Iterable<Credential> resolve(final CriteriaSet criteriaSet) throws SecurityException {
+		return Arrays.asList(getCredential(criteriaSet.get(EntityIDCriteria.class).getEntityID()));
+	}
+
+	@Override
+	public X509Certificate getCertificate(final String key) {
+		if (key != null && entityId != null && key.equals(entityId)) {
+			return certificate;
+		} else {
+			return null;
+		}
+}
+
+}