Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use Base64 encoder with no CRLF in output for SAML 2.0 messages 

Closes gh-11262
This commit is contained in:
Juny Tse 2022-05-21 23:58:37 +08:00 committed by Josh Cummings
parent 0355e960d7
commit 649428b49a
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
6 changed files with 7 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java
View File

@ -253,7 +253,7 @@ public class Saml2LoginConfigurerTests {
public void authenticateWithInvalidDeflatedSAMLResponseThenFailureHandlerUses() throws Exception { public void authenticateWithInvalidDeflatedSAMLResponseThenFailureHandlerUses() throws Exception {
this.spring.register(CustomAuthenticationFailureHandler.class).autowire(); this.spring.register(CustomAuthenticationFailureHandler.class).autowire();
byte[] invalidDeflated = "invalid".getBytes(); byte[] invalidDeflated = "invalid".getBytes();
String encoded = Saml2Utils.samlEncodeNotRfc2045(invalidDeflated); String encoded = Saml2Utils.samlEncode(invalidDeflated);
MockHttpServletRequestBuilder request = get("/login/saml2/sso/registration-id").queryParam("SAMLResponse", MockHttpServletRequestBuilder request = get("/login/saml2/sso/registration-id").queryParam("SAMLResponse",
encoded); encoded);
this.mvc.perform(request); this.mvc.perform(request);

2
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Utils.java
View File

@ -36,7 +36,7 @@ final class Saml2Utils {
} }
static String samlEncode(byte[] b) { static String samlEncode(byte[] b) {
return Base64.getMimeEncoder().encodeToString(b); return Base64.getEncoder().encodeToString(b);
} }
static byte[] samlDecode(String s) { static byte[] samlDecode(String s) {

2
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/Saml2Utils.java
View File

@ -40,7 +40,7 @@ final class Saml2Utils {
} }
static String samlEncode(byte[] b) { static String samlEncode(byte[] b) {
return Base64.getMimeEncoder().encodeToString(b); return Base64.getEncoder().encodeToString(b);
} }
static byte[] samlDecode(String s) { static byte[] samlDecode(String s) {

2
saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/web/authentication/logout/Saml2Utils.java
View File

@ -40,7 +40,7 @@ final class Saml2Utils {
} }
static String samlEncode(byte[] b) { static String samlEncode(byte[] b) {
return Base64.getMimeEncoder().encodeToString(b); return Base64.getEncoder().encodeToString(b);
} }
static byte[] samlDecode(String s) { static byte[] samlDecode(String s) {

7
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/core/Saml2Utils.java
View File

@ -32,13 +32,8 @@ public final class Saml2Utils {
private Saml2Utils() { private Saml2Utils() {
} }
@Deprecated
public static String samlEncodeNotRfc2045(byte[] b) {
return Base64.getEncoder().encodeToString(b);
}
public static String samlEncode(byte[] b) { public static String samlEncode(byte[] b) {
return Base64.getMimeEncoder().encodeToString(b); return Base64.getEncoder().encodeToString(b);
} }
public static byte[] samlDecode(String s) { public static byte[] samlDecode(String s) {

4
saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/web/Saml2AuthenticationTokenConverterTests.java
View File

@ -64,7 +64,7 @@ public class Saml2AuthenticationTokenConverterTests {
.willReturn(this.relyingPartyRegistration); .willReturn(this.relyingPartyRegistration);
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setParameter(Saml2ParameterNames.SAML_RESPONSE, request.setParameter(Saml2ParameterNames.SAML_RESPONSE,
Saml2Utils.samlEncodeNotRfc2045("response".getBytes(StandardCharsets.UTF_8))); Saml2Utils.samlEncode("response".getBytes(StandardCharsets.UTF_8)));
Saml2AuthenticationToken token = converter.convert(request); Saml2AuthenticationToken token = converter.convert(request);
assertThat(token.getSaml2Response()).isEqualTo("response"); assertThat(token.getSaml2Response()).isEqualTo("response");
assertThat(token.getRelyingPartyRegistration().getRegistrationId()) assertThat(token.getRelyingPartyRegistration().getRegistrationId())
@ -115,7 +115,7 @@ public class Saml2AuthenticationTokenConverterTests {
MockHttpServletRequest request = new MockHttpServletRequest(); MockHttpServletRequest request = new MockHttpServletRequest();
request.setMethod("GET"); request.setMethod("GET");
byte[] deflated = Saml2Utils.samlDeflate("response"); byte[] deflated = Saml2Utils.samlDeflate("response");
String encoded = Saml2Utils.samlEncodeNotRfc2045(deflated); String encoded = Saml2Utils.samlEncode(deflated);
request.setParameter(Saml2ParameterNames.SAML_RESPONSE, encoded); request.setParameter(Saml2ParameterNames.SAML_RESPONSE, encoded);
Saml2AuthenticationToken token = converter.convert(request); Saml2AuthenticationToken token = converter.convert(request);
assertThat(token.getSaml2Response()).isEqualTo("response"); assertThat(token.getSaml2Response()).isEqualTo("response");