GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Use Base64 encoder with no CRLF in output for SAML 2.0 messages 

Closes gh-11262
pull/11291/head
Juny Tse 4 years ago committed by Josh Cummings
parent
bcd104763e
commit
f2d6ead398
7 changed files with 9 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
  2. 2
      saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
  3. 2
      saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/Saml2Utils.java
  4. 2
      saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2Utils.java
  5. 2
      saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2Utils.java
  6. 7
      saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
  7. 6
      saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java

2
config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
Unescape View File

@ -260,7 +260,7 @@ public class Saml2LoginConfigurerTests {
public void authenticateWithInvalidDeflatedSAMLResponseThenFailureHandlerUses() throws Exception { public void authenticateWithInvalidDeflatedSAMLResponseThenFailureHandlerUses() throws Exception {
this.spring.register(CustomAuthenticationFailureHandler.class).autowire(); this.spring.register(CustomAuthenticationFailureHandler.class).autowire();
byte[] invalidDeflated = "invalid".getBytes(); byte[] invalidDeflated = "invalid".getBytes();
String encoded = Saml2Utils.samlEncodeNotRfc2045(invalidDeflated); String encoded = Saml2Utils.samlEncode(invalidDeflated);
MockHttpServletRequestBuilder request = get("/login/saml2/sso/registration-id").queryParam("SAMLResponse", MockHttpServletRequestBuilder request = get("/login/saml2/sso/registration-id").queryParam("SAMLResponse",
encoded); encoded);
this.mvc.perform(request); this.mvc.perform(request);

2
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
Unescape View File

@ -36,7 +36,7 @@ final class Saml2Utils {
} }
static String samlEncode(byte[] b) { static String samlEncode(byte[] b) {
return Base64.getMimeEncoder().encodeToString(b); return Base64.getEncoder().encodeToString(b);
} }
static byte[] samlDecode(String s) { static byte[] samlDecode(String s) {

2
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/Saml2Utils.java
Unescape View File

@ -40,7 +40,7 @@ final class Saml2Utils {
} }
static String samlEncode(byte[] b) { static String samlEncode(byte[] b) {
return Base64.getMimeEncoder().encodeToString(b); return Base64.getEncoder().encodeToString(b);
} }
static byte[] samlDecode(String s) { static byte[] samlDecode(String s) {

2
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/Saml2Utils.java
Unescape View File

@ -40,7 +40,7 @@ final class Saml2Utils {
} }
static String samlEncode(byte[] b) { static String samlEncode(byte[] b) {
return Base64.getMimeEncoder().encodeToString(b); return Base64.getEncoder().encodeToString(b);
} }
static byte[] samlDecode(String s) { static byte[] samlDecode(String s) {

2
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2Utils.java
Unescape View File

@ -40,7 +40,7 @@ final class Saml2Utils {
} }
static String samlEncode(byte[] b) { static String samlEncode(byte[] b) {
return Base64.getMimeEncoder().encodeToString(b); return Base64.getEncoder().encodeToString(b);
} }
static byte[] samlDecode(String s) { static byte[] samlDecode(String s) {

7
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
Unescape View File

@ -32,13 +32,8 @@ public final class Saml2Utils {
private Saml2Utils() { private Saml2Utils() {
} }
@Deprecated
public static String samlEncodeNotRfc2045(byte[] b) {
return Base64.getEncoder().encodeToString(b);
}
public static String samlEncode(byte[] b) { public static String samlEncode(byte[] b) {
return Base64.getMimeEncoder().encodeToString(b); return Base64.getEncoder().encodeToString(b);
} }
public static byte[] samlDecode(String s) { public static byte[] samlDecode(String s) {

6
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
Unescape View File

@ -65,7 +65,7 @@ public class Saml2AuthenticationTokenConverterTests {
.willReturn(this.relyingPartyRegistration); .willReturn(this.relyingPartyRegistration);
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setParameter(Saml2ParameterNames.SAML_RESPONSE, request.setParameter(Saml2ParameterNames.SAML_RESPONSE,
Saml2Utils.samlEncodeNotRfc2045("response".getBytes(StandardCharsets.UTF_8))); Saml2Utils.samlEncode("response".getBytes(StandardCharsets.UTF_8)));
Saml2AuthenticationToken token = converter.convert(request); Saml2AuthenticationToken token = converter.convert(request);
assertThat(token.getSaml2Response()).isEqualTo("response"); assertThat(token.getSaml2Response()).isEqualTo("response");
assertThat(token.getRelyingPartyRegistration().getRegistrationId()) assertThat(token.getRelyingPartyRegistration().getRegistrationId())
@ -79,7 +79,7 @@ public class Saml2AuthenticationTokenConverterTests {
given(resolver.resolve(any(HttpServletRequest.class), any())).willReturn(this.relyingPartyRegistration); given(resolver.resolve(any(HttpServletRequest.class), any())).willReturn(this.relyingPartyRegistration);
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setParameter(Saml2ParameterNames.SAML_RESPONSE, request.setParameter(Saml2ParameterNames.SAML_RESPONSE,
Saml2Utils.samlEncodeNotRfc2045("response".getBytes(StandardCharsets.UTF_8))); Saml2Utils.samlEncode("response".getBytes(StandardCharsets.UTF_8)));
Saml2AuthenticationToken token = converter.convert(request); Saml2AuthenticationToken token = converter.convert(request);
assertThat(token.getSaml2Response()).isEqualTo("response"); assertThat(token.getSaml2Response()).isEqualTo("response");
assertThat(token.getRelyingPartyRegistration().getRegistrationId()) assertThat(token.getRelyingPartyRegistration().getRegistrationId())
@ -131,7 +131,7 @@ public class Saml2AuthenticationTokenConverterTests {
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setMethod("GET"); request.setMethod("GET");
byte[] deflated = Saml2Utils.samlDeflate("response"); byte[] deflated = Saml2Utils.samlDeflate("response");
String encoded = Saml2Utils.samlEncodeNotRfc2045(deflated); String encoded = Saml2Utils.samlEncode(deflated);
request.setParameter(Saml2ParameterNames.SAML_RESPONSE, encoded); request.setParameter(Saml2ParameterNames.SAML_RESPONSE, encoded);
Saml2AuthenticationToken token = converter.convert(request); Saml2AuthenticationToken token = converter.convert(request);
assertThat(token.getSaml2Response()).isEqualTo("response"); assertThat(token.getSaml2Response()).isEqualTo("response");

Write Preview
Loading…
Cancel
Save