Examples with DSAKeyValueProvider org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider used on opensource projects

Example 1 with DSAKeyValueProvider

use of org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider in project cas by apereo.

the class SamlObjectEncrypter method getKeyEncryptionCredential.

/**
     * Gets key encryption credential.
     *
     * @param peerEntityId the peer entity id
     * @param adaptor      the adaptor
     * @param service      the service
     * @return the key encryption credential
     * @throws Exception the exception
     */
protected Credential getKeyEncryptionCredential(final String peerEntityId, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service) throws Exception {
    final SamlIdPProperties idp = casProperties.getAuthn().getSamlIdp();
    final BasicEncryptionConfiguration config = DefaultSecurityConfigurationBootstrap.buildDefaultEncryptionConfiguration();
    if (this.overrideBlackListedEncryptionAlgorithms != null && !this.overrideBlackListedEncryptionAlgorithms.isEmpty()) {
        config.setBlacklistedAlgorithms(this.overrideBlackListedEncryptionAlgorithms);
    }
    if (this.overrideWhiteListedAlgorithms != null && !this.overrideWhiteListedAlgorithms.isEmpty()) {
        config.setWhitelistedAlgorithms(this.overrideWhiteListedAlgorithms);
    }
    if (this.overrideDataEncryptionAlgorithms != null && !this.overrideDataEncryptionAlgorithms.isEmpty()) {
        config.setDataEncryptionAlgorithms(this.overrideDataEncryptionAlgorithms);
    }
    if (this.overrideKeyEncryptionAlgorithms != null && !this.overrideKeyEncryptionAlgorithms.isEmpty()) {
        config.setKeyTransportEncryptionAlgorithms(this.overrideKeyEncryptionAlgorithms);
    }
    LOGGER.debug("Encryption blacklisted algorithms: [{}]", config.getBlacklistedAlgorithms());
    LOGGER.debug("Encryption key algorithms: [{}]", config.getKeyTransportEncryptionAlgorithms());
    LOGGER.debug("Signature data algorithms: [{}]", config.getDataEncryptionAlgorithms());
    LOGGER.debug("Encryption whitelisted algorithms: [{}]", config.getWhitelistedAlgorithms());
    final MetadataCredentialResolver kekCredentialResolver = new MetadataCredentialResolver();
    final List<KeyInfoProvider> providers = new ArrayList<>();
    providers.add(new RSAKeyValueProvider());
    providers.add(new DSAKeyValueProvider());
    providers.add(new InlineX509DataProvider());
    providers.add(new DEREncodedKeyValueProvider());
    providers.add(new KeyInfoReferenceProvider());
    final BasicProviderKeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(providers);
    kekCredentialResolver.setKeyInfoCredentialResolver(keyInfoResolver);
    final PredicateRoleDescriptorResolver roleDescriptorResolver = new PredicateRoleDescriptorResolver(adaptor.getMetadataResolver());
    roleDescriptorResolver.setSatisfyAnyPredicates(true);
    roleDescriptorResolver.setUseDefaultPredicateRegistry(true);
    roleDescriptorResolver.setRequireValidMetadata(idp.getMetadata().isRequireValidMetadata());
    roleDescriptorResolver.initialize();
    kekCredentialResolver.setRoleDescriptorResolver(roleDescriptorResolver);
    kekCredentialResolver.initialize();
    final CriteriaSet criteriaSet = new CriteriaSet();
    criteriaSet.add(new EncryptionConfigurationCriterion(config));
    criteriaSet.add(new EntityIdCriterion(peerEntityId));
    criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
    criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION));
    LOGGER.debug("Attempting to resolve the encryption key for entity id [{}]", peerEntityId);
    return kekCredentialResolver.resolveSingle(criteriaSet);
}

Example 2 with DSAKeyValueProvider

use of org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider in project cas by apereo.

the class SamlUtils method buildSignatureValidationFilter.

/**
     * Build signature validation filter if needed.
     *
     * @param signatureResourceLocation the signature resource location
     * @return the metadata filter
     * @throws Exception the exception
     */
public static SignatureValidationFilter buildSignatureValidationFilter(final Resource signatureResourceLocation) throws Exception {
    if (!ResourceUtils.doesResourceExist(signatureResourceLocation)) {
        LOGGER.warn("Resource [{}] cannot be located", signatureResourceLocation);
        return null;
    }
    final List<KeyInfoProvider> keyInfoProviderList = new ArrayList<>();
    keyInfoProviderList.add(new RSAKeyValueProvider());
    keyInfoProviderList.add(new DSAKeyValueProvider());
    keyInfoProviderList.add(new DEREncodedKeyValueProvider());
    keyInfoProviderList.add(new InlineX509DataProvider());
    LOGGER.debug("Attempting to resolve credentials from [{}]", signatureResourceLocation);
    final BasicCredential credential = buildCredentialForMetadataSignatureValidation(signatureResourceLocation);
    LOGGER.info("Successfully resolved credentials from [{}]", signatureResourceLocation);
    LOGGER.debug("Configuring credential resolver for key signature trust engine @ [{}]", credential.getCredentialType().getSimpleName());
    final StaticCredentialResolver resolver = new StaticCredentialResolver(credential);
    final BasicProviderKeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(keyInfoProviderList);
    final ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(resolver, keyInfoResolver);
    LOGGER.debug("Adding signature validation filter based on the configured trust engine");
    final SignatureValidationFilter signatureValidationFilter = new SignatureValidationFilter(trustEngine);
    signatureValidationFilter.setRequireSignedRoot(false);
    LOGGER.debug("Added metadata SignatureValidationFilter with signature from [{}]", signatureResourceLocation);
    return signatureValidationFilter;
}