Added skew time test

mujina-common/pom.xml

@@ -14,7 +14,8 @@
   limitations under the License.
   -->
 
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
   <modelVersion>4.0.0</modelVersion>
 
   <parent>

mujina-common/src/main/java/mujina/api/ErrorController.java

@@ -1,12 +1,10 @@
 package mujina.api;
 
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.web.ErrorAttributes;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.util.Assert;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.context.request.RequestAttributes;
 import org.springframework.web.context.request.ServletRequestAttributes;
 

mujina-common/src/main/java/mujina/api/SharedController.java

@@ -2,7 +2,6 @@
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;

mujina-common/src/main/java/mujina/saml/SAMLBuilder.java

@@ -2,7 +2,26 @@
 
 import org.joda.time.DateTime;
 import org.opensaml.Configuration;
-import org.opensaml.saml2.core.*;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeStatement;
+import org.opensaml.saml2.core.AttributeValue;
+import org.opensaml.saml2.core.Audience;
+import org.opensaml.saml2.core.AudienceRestriction;
+import org.opensaml.saml2.core.AuthenticatingAuthority;
+import org.opensaml.saml2.core.AuthnContext;
+import org.opensaml.saml2.core.AuthnContextClassRef;
+import org.opensaml.saml2.core.AuthnStatement;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.core.Status;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.core.StatusMessage;
+import org.opensaml.saml2.core.Subject;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.XMLObjectBuilderFactory;
 import org.opensaml.xml.io.MarshallingException;

mujina-idp/pom.xml

@@ -14,7 +14,8 @@
   limitations under the License.
   -->
 
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
   <modelVersion>4.0.0</modelVersion>
 
   <parent>

mujina-idp/src/main/java/mujina/api/User.java

@@ -7,8 +7,6 @@
 
 import java.io.Serializable;
 import java.util.List;
-import java.util.Map;
-import java.util.TreeMap;
 
 @Getter
 @ToString

mujina-idp/src/main/java/mujina/idp/ForceAuthnFilter.java

@@ -2,16 +2,11 @@
 
 import org.opensaml.common.binding.SAMLMessageContext;
 import org.opensaml.saml2.core.AuthnRequest;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
-import org.opensaml.ws.message.decoder.MessageDecodingException;
-import org.opensaml.xml.security.SecurityException;
-import org.opensaml.xml.validation.ValidationException;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.filter.GenericFilterBean;
 import org.springframework.web.filter.OncePerRequestFilter;
 
-import javax.servlet.*;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;

mujina-idp/src/main/java/mujina/idp/MetadataController.java

@@ -34,7 +34,6 @@
 
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.TransformerException;
-import java.util.UUID;
 
 import static mujina.saml.SAMLBuilder.buildSAMLObject;
 
@@ -78,7 +77,7 @@ public String metadata() throws SecurityException, ParserConfigurationException,
     idpssoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
 
     String localPort = environment.getProperty("local.server.port");
-    
+
     SingleSignOnService singleSignOnService = buildSAMLObject(SingleSignOnService.class, SingleSignOnService.DEFAULT_ELEMENT_NAME);
     singleSignOnService.setLocation("http://localhost:" + localPort + "/SingleSignOnService");
     singleSignOnService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);

mujina-idp/src/main/java/mujina/idp/SAMLAttributeAuthenticationFilter.java

@@ -4,7 +4,6 @@
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
 import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 import java.util.Map;
 import java.util.stream.Collectors;
 

mujina-idp/src/main/java/mujina/idp/SAMLMessageHandler.java

@@ -22,7 +22,6 @@
 import org.opensaml.ws.message.decoder.MessageDecodingException;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.ws.security.SecurityPolicyResolver;
-import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
 import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
 import org.opensaml.xml.io.MarshallingException;
 import org.opensaml.xml.security.CriteriaSet;
@@ -41,7 +40,6 @@
 import java.net.URISyntaxException;
 import java.util.Collection;
 import java.util.List;
-import java.util.UUID;
 
 import static java.util.Arrays.asList;
 import static mujina.saml.SAMLBuilder.buildAssertion;

mujina-idp/src/main/java/mujina/idp/SsoController.java

@@ -15,8 +15,6 @@
 import org.opensaml.xml.validation.ValidationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -27,7 +25,6 @@
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.Arrays;
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;

mujina-idp/src/main/java/mujina/idp/UserController.java

@@ -1,7 +1,6 @@
 package mujina.idp;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import org.apache.commons.io.IOUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.security.core.Authentication;
@@ -10,8 +9,6 @@
 import org.springframework.web.bind.annotation.GetMapping;
 
 import java.io.IOException;
-import java.nio.charset.Charset;
-import java.util.Arrays;
 import java.util.List;
 import java.util.Map;
 

mujina-idp/src/main/java/mujina/idp/WebSecurityConfigurer.java

@@ -2,17 +2,12 @@
 
 import mujina.api.IdpConfiguration;
 import mujina.saml.KeyStoreLocator;
-import mujina.saml.ProxiedSAMLContextProviderLB;
 import mujina.saml.UpgradedSAMLBootstrap;
 import org.opensaml.common.binding.decoding.URIComparator;
 import org.opensaml.common.binding.security.IssueInstantRule;
-import org.opensaml.common.binding.security.MessageReplayRule;
 import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
 import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
 import org.opensaml.saml2.binding.encoding.HTTPPostSimpleSignEncoder;
-import org.opensaml.util.storage.MapBasedStorageService;
-import org.opensaml.util.storage.ReplayCache;
-import org.opensaml.util.storage.StorageService;
 import org.opensaml.ws.security.provider.BasicSecurityPolicy;
 import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
 import org.opensaml.xml.parse.StaticBasicParserPool;
@@ -31,17 +26,14 @@
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.saml.SAMLBootstrap;
-import org.springframework.security.saml.context.SAMLContextProvider;
 import org.springframework.security.saml.key.JKSKeyManager;
 import org.springframework.security.saml.util.VelocityFactory;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
 
 import javax.xml.stream.XMLStreamException;
 import java.io.IOException;
-import java.net.URI;
 import java.net.URISyntaxException;
 import java.security.KeyStore;
 import java.security.KeyStoreException;

mujina-idp/src/main/resources/public/main.css

@@ -61,9 +61,11 @@ p.error {
     display: inline-block;
     transition: all 0.1s linear;
 }
+
 .button:hover {
     background-color: #4fa9c5;
 }
+
 a.powered-by {
     position: absolute;
     margin: 10px;
@@ -134,13 +136,16 @@ span.remove-attribute-value {
     right: 0;
     font-size: 16px;
 }
+
 div.attribute-value label {
     font-size: 13px;
 }
+
 div.attribute-value input {
     margin-top: 2px;
     font-size: 16px;
 }
+
 .explain {
     position: fixed;
     top: 0;
@@ -170,9 +175,11 @@ span.explain-link {
     color: white;
     padding: 5px 13px;
 }
+
 span.explain-link:hover {
     background-color: #4fa9c5;
 }
+
 .container {
     overflow-y: scroll;
     height: 99%;

mujina-idp/src/main/resources/public/main.js

@@ -1,72 +1,73 @@
 function guid() {
-    function s4() {
-        return Math.floor((1 + Math.random()) * 0x10000)
-            .toString(16)
-            .substring(1);
-    }
-    return s4() + s4() + '-' + s4() + '-' + s4() + '-' + s4() + '-' + s4() + s4() + s4();
+  function s4() {
+    return Math.floor((1 + Math.random()) * 0x10000)
+      .toString(16)
+      .substring(1);
+  }
+
+  return s4() + s4() + '-' + s4() + '-' + s4() + '-' + s4() + '-' + s4() + s4() + s4();
 }
 
 document.addEventListener("DOMContentLoaded", function () {
-    [].forEach.call(document.querySelectorAll(".help,.close"), function (el) {
-        el.addEventListener("click", function (e) {
-            e.stopPropagation();
-            e.preventDefault();
-            var explanation = document.getElementById("explanation");
-            explanation.classList.toggle("hide");
-            if (!explanation.classList.contains("hide")) {
-                setTimeout(function () {
-                    document.getElementById("close").focus();
-                }, 25);
-            }
-        });
+  [].forEach.call(document.querySelectorAll(".help,.close"), function (el) {
+    el.addEventListener("click", function (e) {
+      e.stopPropagation();
+      e.preventDefault();
+      var explanation = document.getElementById("explanation");
+      explanation.classList.toggle("hide");
+      if (!explanation.classList.contains("hide")) {
+        setTimeout(function () {
+          document.getElementById("close").focus();
+        }, 25);
+      }
     });
+  });
 
-    document.getElementById("close").addEventListener("blur", function () {
-        document.getElementById("explanation").classList.add("hide");
-    });
+  document.getElementById("close").addEventListener("blur", function () {
+    document.getElementById("explanation").classList.add("hide");
+  });
 
-    document.querySelector(".attribute-select").addEventListener("change", function (e) {
-        var selectedOption = e.target.selectedOptions[0];
-        var val = selectedOption.value;
-        var text = selectedOption.text;
-        var multiplicity = selectedOption.dataset.multiplicity === "true";
-        var newElement = document.createElement("div");
-        newElement.setAttribute("class", "attribute-value");
-        var mainId = guid();
-        newElement.setAttribute("id", mainId);
-        var spanId = guid();
-        var inputId = guid();
-        newElement.innerHTML = "<label>" + val + "</label>" +
-            "<input class='input-attribute-value' type='text' id='" + inputId + "' name='" + val + "'></input>" +
-            "<span id='" + spanId + "' class='remove-attribute-value'>🗑</span>";
-        document.getElementById("attribute-list").appendChild(newElement);
-        document.getElementById(spanId).addEventListener("click", function () {
-            var element = document.getElementById(mainId);
-            element.parentNode.removeChild(element);
-            if (!multiplicity) {
-                var select = document.getElementById("add-attribute");
-                var option = document.createElement("option");
-                option.text = text;
-                option.value = val;
-                select.add(option);
-            }
-        });
+  document.querySelector(".attribute-select").addEventListener("change", function (e) {
+    var selectedOption = e.target.selectedOptions[0];
+    var val = selectedOption.value;
+    var text = selectedOption.text;
+    var multiplicity = selectedOption.dataset.multiplicity === "true";
+    var newElement = document.createElement("div");
+    newElement.setAttribute("class", "attribute-value");
+    var mainId = guid();
+    newElement.setAttribute("id", mainId);
+    var spanId = guid();
+    var inputId = guid();
+    newElement.innerHTML = "<label>" + val + "</label>" +
+      "<input class='input-attribute-value' type='text' id='" + inputId + "' name='" + val + "'></input>" +
+      "<span id='" + spanId + "' class='remove-attribute-value'>🗑</span>";
+    document.getElementById("attribute-list").appendChild(newElement);
+    document.getElementById(spanId).addEventListener("click", function () {
+      var element = document.getElementById(mainId);
+      element.parentNode.removeChild(element);
+      if (!multiplicity) {
         var select = document.getElementById("add-attribute");
-        if (!multiplicity) {
-            select.remove(select.selectedIndex);
-        }
-        select.value = "Add attribute...";
-        setTimeout(function () {
-            var inputElement = document.getElementById(inputId);
-            inputElement.focus();
-            inputElement.addEventListener("keypress", function(e){
-                if (e.code === "Enter") {
-                    e.stopPropagation();
-                    e.preventDefault();
-                    select.focus();
-                }
-            });
-        }, 25);
+        var option = document.createElement("option");
+        option.text = text;
+        option.value = val;
+        select.add(option);
+      }
     });
+    var select = document.getElementById("add-attribute");
+    if (!multiplicity) {
+      select.remove(select.selectedIndex);
+    }
+    select.value = "Add attribute...";
+    setTimeout(function () {
+      var inputElement = document.getElementById(inputId);
+      inputElement.focus();
+      inputElement.addEventListener("keypress", function (e) {
+        if (e.code === "Enter") {
+          e.stopPropagation();
+          e.preventDefault();
+          select.focus();
+        }
+      });
+    }, 25);
+  });
 });