Example 1 with FSSignatureManager
use of com.sun.identity.federation.services.util.FSSignatureManager in project OpenAM by OpenRock.
the class FSSSOAndFedHandler method verifyRequestSignature.
protected boolean verifyRequestSignature(FSAuthnRequest authnRequest) {
FSUtils.debug.message("FSSSOAndFedHandler.verifyRequestSignature: Called");
try {
X509Certificate cert = KeyUtil.getVerificationCert(spDescriptor, spEntityId, false);
if (cert == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.verifyRequestSignature: " + "couldn't obtain this site's cert.");
}
throw new FSException(IFSConstants.NO_CERT, null);
}
if (request.getMethod().equals("GET")) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.verifyRequestSignature: " + "Request is sent by GET");
}
String sigAlg = request.getParameter("SigAlg");
String encSig = request.getParameter("Signature");
if (sigAlg == null || sigAlg.length() == 0 || encSig == null || encSig.length() == 0) {
return false;
}
String algoId = null;
if (sigAlg.equals(IFSConstants.ALGO_ID_SIGNATURE_DSA)) {
algoId = IFSConstants.ALGO_ID_SIGNATURE_DSA_JCA;
} else if (sigAlg.equals(IFSConstants.ALGO_ID_SIGNATURE_RSA)) {
algoId = IFSConstants.ALGO_ID_SIGNATURE_RSA_JCA;
} else {
FSUtils.debug.error("FSSSOAndFedHandler.signAndReturnQueryString: " + "Invalid signature algorithim");
return false;
}
String queryString = request.getQueryString();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.verifyRequest" + "Signature: queryString:" + queryString);
}
int sigIndex = queryString.indexOf("&Signature");
String newQueryString = queryString.substring(0, sigIndex);
byte[] signature = null;
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.verifyRequestSignature: " + "Signature: " + encSig + "Algorithm: " + algoId);
}
signature = Base64.decode(encSig);
FSSignatureManager fsmanager = FSSignatureManager.getInstance();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.verifyRequestSignature: " + "String to be verified: " + newQueryString);
}
return fsmanager.verifySignature(newQueryString, signature, algoId, cert);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.verifyRequestSignature: " + "Request is sent by POST ");
}
int minorVersion = authnRequest.getMinorVersion();
if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
return SigManager.getSigInstance().verify(authnRequest.getSignedXMLString(), IFSConstants.ID, Collections.singleton(cert));
} else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
return SigManager.getSigInstance().verify(authnRequest.getSignedXMLString(), IFSConstants.REQUEST_ID, Collections.singleton(cert));
} else {
FSUtils.debug.message("invalid minor version.");
return false;
}
}
} catch (Exception e) {
FSUtils.debug.error("FSSSOAndFedHandler.verifyRequestSignature: " + "Exception occured while verifying SP's signature:", e);
return false;
}
}
Also used :
FSException(com.sun.identity.federation.common.FSException)
X509Certificate(java.security.cert.X509Certificate)
FSSignatureManager(com.sun.identity.federation.services.util.FSSignatureManager)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
Example 2 with FSSignatureManager
use of com.sun.identity.federation.services.util.FSSignatureManager in project OpenAM by OpenRock.
the class FSIntersiteTransferService method signAndReturnQueryString.
private String signAndReturnQueryString(String queryString, String certAlias) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService." + "signAndReturnQueryString: Called");
}
if (queryString == null || queryString.length() == 0) {
FSUtils.debug.error("FSIntersiteTransferService." + "signAndReturnQueryString: " + FSUtils.bundle.getString("nullInput"));
return null;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService." + "signAndReturnQueryString: certAlias: " + certAlias);
}
}
if (queryString == null || queryString.length() == 0) {
FSUtils.debug.error("FSIntersiteTransferService." + "signAndReturnQueryString: " + FSUtils.bundle.getString("nullInput"));
return null;
}
FSSignatureManager manager = FSSignatureManager.getInstance();
String sigAlg = IFSConstants.ALGO_ID_SIGNATURE_RSA_JCA;
if (manager.getKeyProvider().getPrivateKey(certAlias).getAlgorithm().equals(IFSConstants.KEY_ALG_RSA)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.signAndReturnQueryString: " + "private key algorithm is: RSA");
}
sigAlg = IFSConstants.ALGO_ID_SIGNATURE_RSA_JCA;
} else if (manager.getKeyProvider().getPrivateKey(certAlias).getAlgorithm().equals(IFSConstants.KEY_ALG_DSA)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.signAndReturnQueryString: " + "private key algorithm is: DSA");
}
sigAlg = IFSConstants.ALGO_ID_SIGNATURE_DSA_JCA;
} else {
FSUtils.debug.error("FSIntersiteTransferService.signAndReturnQueryString: " + "private key algorithm is not supported");
return null;
}
byte[] signature = null;
if (sigAlg == null || sigAlg.length() == 0) {
sigAlg = IFSConstants.DEF_SIG_ALGO_JCA;
}
if (queryString.charAt(queryString.length() - 1) != '&') {
queryString = queryString + "&";
}
String algoId = null;
if (sigAlg.equals(IFSConstants.ALGO_ID_SIGNATURE_DSA_JCA)) {
algoId = IFSConstants.ALGO_ID_SIGNATURE_DSA;
} else if (sigAlg.equals(IFSConstants.ALGO_ID_SIGNATURE_RSA_JCA)) {
algoId = IFSConstants.ALGO_ID_SIGNATURE_RSA;
} else {
FSUtils.debug.error("FSIntersiteTransferService.signAndReturnQueryString: " + "Invalid signature algorithim");
return null;
}
queryString = queryString + "SigAlg=" + URLEncDec.encode(algoId);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.signAndReturnQueryString: " + "Querystring to be signed: " + queryString);
}
try {
signature = manager.signBuffer(queryString, certAlias, sigAlg);
} catch (FSSignatureException se) {
FSUtils.debug.error("FSIntersiteTransferService." + "signAndReturnQueryString: FSSignatureException occured " + "while signing query string: " + se.getMessage());
return null;
}
if (signature == null) {
FSUtils.debug.error("FSIntersiteTransferService." + "signAndReturnQueryString: Signature generated is null");
return null;
}
String encodedSig = Base64.encode(signature);
queryString = queryString + "&" + "Signature=" + URLEncDec.encode(encodedSig);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService." + "signAndReturnQueryString:Signed Querystring: " + queryString);
}
return queryString;
}
Also used :
FSSignatureManager(com.sun.identity.federation.services.util.FSSignatureManager)
FSSignatureException(com.sun.identity.federation.services.util.FSSignatureException)
Aggregations
FSSignatureManager (com.sun.identity.federation.services.util.FSSignatureManager)2
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)1
FSException (com.sun.identity.federation.common.FSException)1
FSRedirectException (com.sun.identity.federation.common.FSRedirectException)1
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)1
FSSignatureException (com.sun.identity.federation.services.util.FSSignatureException)1
SessionException (com.sun.identity.plugin.session.SessionException)1
SAMLException (com.sun.identity.saml.common.SAMLException)1
IOException (java.io.IOException)1
X509Certificate (java.security.cert.X509Certificate)1
