Merge pull request #7 from CompassSecurity/master

Release v2.0.2

Author: Hannah-PortSwigger

BappManifest.bmf

@@ -2,12 +2,12 @@ Uuid: c61cfa893bb14db4b01775554f7b802e
 ExtensionType: 1
 Name: SAML Raider
 RepoName: saml-raider
-ScreenVersion: 2.0.0
-SerialVersion: 15
+ScreenVersion: 2.0.2
+SerialVersion: 16
 MinPlatformVersion: 0
 ProOnly: False
 Author: Roland Bischofberger / Emanuel Duss / Tobias Hort-Giess
 ShortDescription: Provides a SAML message editor and a certificate management tool to help with testing SAML infrastructures.
-EntryPoint: build/libs/saml-raider-2.0.0.jar
+EntryPoint: build/libs/saml-raider-2.0.2.jar
 BuildCommand: ./gradlew jar
 SupportedProducts: Pro, Community

README.md

@@ -79,7 +79,7 @@ Don't forget to rate our extension with as many stars you like :smile:.
 ### Manual Installation
 
 First, download the latest SAML Raider version:
-[saml-raider-2.0.0.jar](https://github.com/SAMLRaider/SAMLRaider/releases/download/v2.0.0/saml-raider-2.0.0.jar).
+[saml-raider-2.0.2.jar](https://github.com/SAMLRaider/SAMLRaider/releases/download/v2.0.2/saml-raider-2.0.2.jar).
 Then, start Burp Suite and click in the `Extensions` tab on `Add`. Choose the
 SAML Raider JAR file to install it and you are ready to go.
 

build.gradle

@@ -2,7 +2,7 @@ plugins {
 	id "java-library"
 }
 
-version = "2.0.0"
+version = "2.0.2"
 
 repositories {
 	mavenCentral()
@@ -46,4 +46,4 @@ jar {
 
 test {
 	useJUnitPlatform()
-}
+}

gradle/libs.versions.toml

@@ -2,7 +2,7 @@
 com-google-guava = "33.2.1-jre"
 com-miglayout = "3.7.4"
 com-sun-xml-security-xml-security-impl = "1.0"
-net-portswigger-burp-extensions-montoya-api = "2023.12.1"
+net-portswigger-burp-extensions-montoya-api = "2024.7"
 org-apache-santuario-xmlsec = "2.1.7"
 org-bouncycastle-bcpkix-jdk15on = "1.52"
 org-junit-jupiter = "5.10.2"

src/main/java/application/SamlTabController.java

@@ -277,11 +277,13 @@ public void setRequestResponse(HttpRequestResponse requestResponse) {
     }
 
     private void setInformationDisplay() {
+        samlGUI.getTextEditorInformation().setContents(ByteArray.byteArray(""));
         SamlPanelInfo infoPanel = samlGUI.getInfoPanel();
         infoPanel.clearAll();
 
         try {
             Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(samlMessage);
+            textEditorInformation.setContents(ByteArray.byteArray(xmlHelpers.getStringOfDocument(xmlHelpers.getXMLDocumentOfSAMLMessage(samlMessage), 2, true).getBytes()));
             NodeList assertions = xmlHelpers.getAssertions(document);
             if (assertions.getLength() > 0) {
                 Node assertion = assertions.item(0);
@@ -292,7 +294,6 @@ private void setInformationDisplay() {
                 infoPanel.setSubjectConfNotAfter(xmlHelpers.getSubjectConfNotAfter(assertion));
                 infoPanel.setSignatureAlgorithm(xmlHelpers.getSignatureAlgorithm(assertion));
                 infoPanel.setDigestAlgorithm(xmlHelpers.getDigestAlgorithm(assertion));
-                textEditorInformation.setContents(ByteArray.byteArray(xmlHelpers.getStringOfDocument(xmlHelpers.getXMLDocumentOfSAMLMessage(samlMessage), 2, true).getBytes()));
             } else {
                 assertions = xmlHelpers.getEncryptedAssertions(document);
                 Node assertion = assertions.item(0);

src/main/java/gui/CertificateTab.java

@@ -1,18 +1,15 @@
 package gui;
 
-import burp.BurpExtender;
-import javax.swing.tree.TreeSelectionModel;
-import model.BurpCertificateBuilder;
 import application.CertificateTabController;
 import model.BurpCertificate;
+import model.BurpCertificateBuilder;
 import model.ObjectIdentifier;
 import net.miginfocom.swing.MigLayout;
 
 import javax.swing.*;
-import javax.swing.event.TreeSelectionEvent;
-import javax.swing.event.TreeSelectionListener;
 import javax.swing.tree.DefaultMutableTreeNode;
 import javax.swing.tree.DefaultTreeModel;
+import javax.swing.tree.TreeSelectionModel;
 import java.awt.*;
 import java.awt.event.ActionEvent;
 import java.awt.event.ActionListener;
@@ -150,16 +147,34 @@ public void actionPerformed(ActionEvent e) {
         certificateTreeModel = new DefaultTreeModel(new DefaultMutableTreeNode("root"));
         certificateTree = new JTree(certificateTreeModel);
         certificateTree.setRootVisible(false);
+        certificateTree.setShowsRootHandles(true);
+        certificateTree.setCellRenderer((tree, value, selected, expanded, leaf, row, hasFocus) -> {
+            var label = new JLabel();
+            label.setText(value.toString());
+            if (leaf) {
+                label.setIcon(UIManager.getIcon("Tree.leafIcon"));
+            } else if (expanded) {
+                label.setIcon(UIManager.getIcon("Tree.openIcon"));
+            } else {
+                label.setIcon(UIManager.getIcon("Tree.closedIcon"));
+            }
+            if (selected) {
+                label.setForeground(UIManager.getColor("Tree.selectionForeground"));
+                label.setBackground(UIManager.getColor("Tree.selectionBackground"));
+            } else {
+                label.setForeground(UIManager.getColor("Tree.textForeground"));
+                label.setBackground(UIManager.getColor("Tree.textBackground"));
+            }
+            return label;
+        });
         certificateTree.getSelectionModel().setSelectionMode(TreeSelectionModel.SINGLE_TREE_SELECTION);
-        certificateTree.addTreeSelectionListener(new TreeSelectionListener() {
-            public void valueChanged(TreeSelectionEvent e) {
-                DefaultMutableTreeNode node = (DefaultMutableTreeNode) certificateTree.getLastSelectedPathComponent();
-                if (node == null || node.getUserObject() instanceof String) {
-                    return;
-                }
-                BurpCertificate burpCertificate = (BurpCertificate) node.getUserObject();
-                certificateTabController.setCertificateDetails(burpCertificate);
+        certificateTree.addTreeSelectionListener(event -> {
+            DefaultMutableTreeNode node = (DefaultMutableTreeNode) certificateTree.getLastSelectedPathComponent();
+            if (node == null || node.getUserObject() instanceof String) {
+                return;
             }
+            BurpCertificate burpCertificate = (BurpCertificate) node.getUserObject();
+            certificateTabController.setCertificateDetails(burpCertificate);
         });
 
         txtStatus = new JTextPane();
@@ -500,19 +515,6 @@ public void actionPerformed(ActionEvent e) {
         this.setLayout(new MigLayout());
         this.add(topPanel, "wrap");
         this.add(scrollableBottomPanel, "width 100%");
-
-        // In the default look and feel the JTree component does not render correctly.
-        // Icons are missing and tree notes are not correctly indented.
-        // This workaround should changes the look and feel of the JTree only.
-        // https://forum.portswigger.net/thread/jtree-not-rendering-correctly-with-burpsuite-s-look-and-feel-2a164857?CategoryId=bug-reports
-        try {
-            var lookAndFeel = UIManager.getLookAndFeel();
-            UIManager.setLookAndFeel(UIManager.getCrossPlatformLookAndFeelClassName());
-            SwingUtilities.updateComponentTreeUI(certificateTree);
-            UIManager.setLookAndFeel(lookAndFeel);
-        } catch (Exception exc) {
-            BurpExtender.api.logging().logToError(exc);
-        }
     }
 
     public void setCertificateTabController(CertificateTabController certificateTabController) {
@@ -763,7 +765,6 @@ public boolean isAutoSubjectKeyIdentifier() {
 
     public void setCertificateRootNode(DefaultMutableTreeNode rootNode) {
         this.certificateTreeModel.setRoot(rootNode);
-        certificateTree.setModel(certificateTreeModel);
     }
 
     public void setAllExtensions(List<String> allExtensions) {

src/main/java/gui/SamlMain.java

@@ -44,6 +44,7 @@ private void initializeUI() {
         panelActionBottom.setLayout(new BorderLayout(0, 0));
         textEditorAction = BurpExtender.api.userInterface().createRawEditor();
         textEditorAction.setContents(ByteArray.byteArray("<SAMLRaiderFailureInInitialization></SAMLRaiderFailureInInitialization>"));
+        textEditorAction.setEditable(false);
         panelActionBottom.add(textEditorAction.uiComponent(), BorderLayout.CENTER);
 
         JSplitPane splitPaneInformation = new JSplitPane();
@@ -62,7 +63,6 @@ private void initializeUI() {
         panelInformationBottom.setLayout(new BorderLayout(0, 0));
         textEditorInformation = BurpExtender.api.userInterface().createRawEditor();
         textEditorInformation.setContents(ByteArray.byteArray(""));
-        textEditorAction.setEditable(false);
         panelInformationBottom.add(textEditorInformation.uiComponent(), BorderLayout.CENTER);
 
         JTabbedPane tabbedPane = new JTabbedPane();

src/test/java/application/ImportReadExportCertificateTest.java

@@ -196,12 +196,10 @@ public void signatureValueIsCorrect() throws IOException, ParseException, Certif
     @Test
     public void exportedCertificateHashIsCorrect(@TempDir Path tempDir) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
         String outputFile = tempDir.resolve("exported.pem").toString();
-
+        this.certificateTabController.exportCertificate(this.certificate, outputFile);
         String outputExpected = "-----BEGIN CERTIFICATE-----MIIGJjCCBQ6gAwIBAgIUTWsBgOGCuRA3PeIxfJJ1lHAuiTUwDQYJKoZIhvcNAQEFBQAwazELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHzAdBgNVBAsTFnd3dy5xdW92YWRpc2dsb2JhbC5jb20xIDAeBgNVBAMTF1F1b1ZhZGlzIEdsb2JhbCBTU0wgSUNBMB4XDTEyMDgxNTEwNTY0OVoXDTE1MDgxNTEwNTY0OVowgYExCzAJBgNVBAYTAkNIMRMwEQYDVQQIEwpTdC4gR2FsbGVuMRMwEQYDVQQHEwpSYXBwZXJzd2lsMR4wHAYDVQQKExVIb2Noc2NodWxlIFJhcHBlcnN3aWwxEzARBgNVBAsTCklULVN5c3RlbXMxEzARBgNVBAMTCnd3dy5oc3IuY2gwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCZOGior5F+1mhwqlBiIn3IAdURR1XxLYjr1vqwj+o+hrDG6RIbECaA/RGziVDbiVs6LGti8B/64cwHXZRHGUkCp+Gw7vpEfPDBuFpgHwbapU6WtvIDDRnOAg6G1u62Sgly2WHb3JWegr4NtWvQqLVS19Q3GmkmgiobLMkju116kHPdzrd4GqDSjBa23t5dwuX1mfG9uD/5lU3wu/u2dV+5IhihKlGblTMSOVL9kRdq3CRqMo7+bwilpYa7cyEn5iMQaMuD5CzLOfPe/iRJzZ2693ek9/rt3S1LwtGUHqKS+KY6j4CalQwx5LeQqHw8B9dgLvuRUAquw9geHgmANpjvAYsbN7r/rJ8FxV/sCOZ+80u7R5s/aSaWfrunf4UrSLZC3QGeRva0+jSUmqnQ5w/COQPscZO1BT6ClOzOGmeMJt1Qa09JjpjToTBujEjE1HXBR/BRyMpq0sajxQpdLm53TbzPnfPxZsyGxQZU7hR1Q+Z7JxytGqyuCp2FSn/vZ0cDPCjUm4n9WzWL93vz0VAKDUUdO2gqWiDPdk7tmYRULoMUId/xUnkWpm+/Smk1akAlXMeKjURLXX+P6BBhuAz/0crdWj1Fvi9V7631m06U3QsYNg6qEUKfKAwwN1eZpoU41AknDEE7Ep65TyPwrWkMcf0SMd9n01W+5W1euEcILwIDAQABo4IBqTCCAaUwdAYIKwYBBQUHAQEEaDBmMCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5xdW92YWRpc2dsb2JhbC5jb20wOAYIKwYBBQUHMAKGLGh0dHA6Ly90cnVzdC5xdW92YWRpc2dsb2JhbC5jb20vcXZzc2xpY2EuY3J0MC4GA1UdEQQnMCWCCnd3dy5oc3IuY2iCCmxvZy5oc3IuY2iBC3Jvb3RAaHNyLmNoMFEGA1UdIARKMEgwRgYMKwYBBAG+WAACZAEBMDYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL3JlcG9zaXRvcnkwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBQyTaFP6vCumbbumwcshAgRUIvifjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnF1b3ZhZGlzZ2xvYmFsLmNvbS9xdnNzbGljYS5jcmwwHQYDVR0OBBYEFHjRxyuQCYIPx1gmApOod9ESOMCrMA0GCSqGSIb3DQEBBQUAA4IBAQB07i+XiQxFzCH8BCy7Ri2bR9bnZ4LWXfHScAoxip8s0r396J2DuGSxC1umprjDFOJALDq5cAh/C7h3/EiNGH0xyRk+tHsTv6zRsPuajR1H4oSGTpsQ2tRXUPU22QP+sbdEdV/Wc66j6o0k4vTJltp4Rhk7ger0xZZKPsRYbOag3cO12H8xFGBVvtsqpSb0dQsApDGEo4tldwEb3DDoZb9Xb4fIMFrYKbOGuL0UG3Nb3urnNDeM6199F1n/tiEcXtzMiQR0fJ32IvGtCMthyfH5Qhz1lLTv1B3vHsb1ggI1ggh//jNgmZOLVsx1hw2KEtlcIKZ9I03MsuwQiLHejIy+-----END CERTIFICATE-----";
-
         byte[] outputData = Files.readAllBytes(Paths.get(outputFile));
         String outputString = CertificateHelper.byteArrayToString(outputData).replaceAll("\r", "").replace("\n", "");
-
         assertEquals(outputExpected, outputString);
     }