Example 6 with SAMLResponderException
use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.
the class FSNameIdentifierMappingRequest method signXML.
/**
* Signs the XML document representing
* <code>NameIdentifierMappingRequest</code> using the specified
* certificate.
*
* @param certAlias the alias (name) of the certificate used for signing
* the XML document
* @throws SAMLException it there is an error.
*/
public void signXML(String certAlias) throws SAMLException {
FSUtils.debug.message("FSNameIdentifierMappingRequest.signXML");
if (signed) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameIdentifierMappingRequest.signXML: " + "the request is already signed.");
}
throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "alreadySigned", null);
}
if (certAlias == null || certAlias.length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameIdentifierMappingRequest.signXML: " + "null certAlias");
}
throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "cannotFindCertAlias", null);
}
try {
XMLSignatureManager manager = XMLSignatureManager.getInstance();
signatureString = manager.signXML(this.toXMLString(true, true), certAlias, (String) null, IFSConstants.REQUEST_ID, this.getRequestID(), false);
signature = XMLUtils.toDOMDocument(signatureString, FSUtils.debug).getDocumentElement();
signed = true;
} catch (Exception e) {
FSUtils.debug.error("FSNameIdentifierMappingRequest.signXML: " + "unable to sign", e);
throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "signFailed", null);
}
}
Also used :
XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Example 7 with SAMLResponderException
use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.
the class FSNameIdentifierMappingResponse method signXML.
/**
* Signs the <code>XML</code> document representing
* <code>NameIdentifierMappingResponse</code> using the specified
* certificate.
*
* @param certAlias the alias/name of the certificate used for signing
* the XML document
* @throws SAMLException if there is an error signing
* the <code>XML</code> string or if the message is already
* signed.
*/
public void signXML(String certAlias) throws SAMLException {
FSUtils.debug.message("FSNameIdentifierMappingResponse.signXML");
if (signed) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameIdentifierMappingResponse.signXML:" + " the response is already signed.");
}
throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "alreadySigned", null);
}
if (certAlias == null || certAlias.length() < 1) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameIdentifierMappingResponse.signXML:" + " null certAlias");
}
throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "cannotFindCertAlias", null);
}
try {
XMLSignatureManager manager = XMLSignatureManager.getInstance();
signatureString = manager.signXML(this.toXMLString(true, true), certAlias, (String) null, IFSConstants.RESPONSE_ID, this.getResponseID(), false);
signature = XMLUtils.toDOMDocument(signatureString, FSUtils.debug).getDocumentElement();
signed = true;
} catch (Exception e) {
FSUtils.debug.error("FSNameIdentifierMappingResponse.signXML: " + "unable to sign", e);
throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "signFailed", null);
}
}
Also used :
XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Example 8 with SAMLResponderException
use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.
the class FSBrowserArtifactConsumerHandler method signSAMLRequest.
protected FSRequest signSAMLRequest(FSRequest samlRequest) throws SAMLException {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler.signSAMLRequest: Called");
if (samlRequest.isSigned()) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "signSAMLRequest: the request is already signed.");
}
throw new SAMLException(FSUtils.bundle.getString("alreadySigned"));
}
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null || certAlias.length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "signSAMLRequest: couldn't obtain this site's cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString("cannotFindCertAlias"));
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "signSAMLRequest: Provider's certAlias is found: " + certAlias);
}
XMLSignatureManager manager = XMLSignatureManager.getInstance();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "signSAMLRequest: XMLString to be signed: " + samlRequest.toString(true, true));
}
String signatureString = manager.signXML(samlRequest.toString(true, true), certAlias);
Element signature = XMLUtils.toDOMDocument(signatureString, FSUtils.debug).getDocumentElement();
samlRequest.setSignature(signature);
return samlRequest;
}
Also used :
Element(org.w3c.dom.Element)
XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager)
SAMLException(com.sun.identity.saml.common.SAMLException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Example 9 with SAMLResponderException
use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.
the class FSAssertionArtifactHandler method verifyAssertionSignature.
protected boolean verifyAssertionSignature(FSAssertion assertion) {
FSUtils.debug.message("FSAssertionArtifactHandler.verifyAssertionSignature: Called");
try {
if (!assertion.isSigned()) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "verifyAssertionSignature: Assertion is not signed");
}
return false;
}
X509Certificate cert = KeyUtil.getVerificationCert(idpDescriptor, idpEntityId, true);
if (cert == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "verifyAssertionSignature: couldn't obtain " + "this site's cert.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT));
}
XMLSignatureManager manager = XMLSignatureManager.getInstance();
if (authnResponse != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHander." + "verifyAssertionSignature: xml string to be verified:" + XMLUtils.print((Node) authnResponse.getDOMElement().getOwnerDocument()));
}
return manager.verifyXMLSignature(authnResponse.getDOMElement().getOwnerDocument(), cert);
} else if (samlResponseElt != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHander." + "verifyAssertionSignature: xml string to be verified:" + XMLUtils.print((Node) samlResponseElt.getOwnerDocument()));
}
return manager.verifyXMLSignature(samlResponseElt.getOwnerDocument(), cert);
} else {
return false;
}
} catch (Exception e) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "verifyAssertionSignature: " + "Exception occured while verifying IDP's signature:", e);
return false;
}
}
Also used :
Node(org.w3c.dom.Node)
XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager)
X509Certificate(java.security.cert.X509Certificate)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Example 10 with SAMLResponderException
use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.
the class FSNameRegistrationHandler method signRegistrationRequest.
/**
* Signs the Name registration request before sending it to the IDP.
* @param msg the request message to be sent to IDP
* @param idAttrName name of the id attribute to be signed
* @param id the value of the id attribute to be signed
* @return signed Name registration request
* @exception SAMLException, FSMsgException if error occurred.
*/
protected SOAPMessage signRegistrationRequest(SOAPMessage msg, String idAttrName, String id) throws SAMLException, FSMsgException {
FSUtils.debug.message("Entered FSNameRegistrationHandler::signRegistrationRequest");
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null || certAlias.length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::" + "signRegistrationRequest: couldn't obtain " + "this site's cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler.signRegistration" + "Request Provider's certAlias is found: " + certAlias);
}
XMLSignatureManager manager = XMLSignatureManager.getInstance();
Document doc = (Document) FSServiceUtils.createSOAPDOM(msg);
String xpath = "//*[local-name()=\'ProviderID\']";
manager.signXML(doc, certAlias, SystemConfigurationUtil.getProperty(SAMLConstants.XMLSIG_ALGORITHM), idAttrName, id, false, xpath);
return FSServiceUtils.convertDOMToSOAP(doc);
}
Also used :
XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager)
Document(org.w3c.dom.Document)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Aggregations
SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)34
SAMLException (com.sun.identity.saml.common.SAMLException)22
XMLSignatureManager (com.sun.identity.saml.xmlsig.XMLSignatureManager)21
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)15
IOException (java.io.IOException)9
X509Certificate (java.security.cert.X509Certificate)9
ParseException (java.text.ParseException)9
Document (org.w3c.dom.Document)8
SessionException (com.sun.identity.plugin.session.SessionException)7
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)6
SAMLVersionMismatchException (com.sun.identity.saml.common.SAMLVersionMismatchException)5
Element (org.w3c.dom.Element)5
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)4
FSLogoutResponse (com.sun.identity.federation.message.FSLogoutResponse)4
HashMap (java.util.HashMap)4
ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)3
FSException (com.sun.identity.federation.common.FSException)2
FSSOAPService (com.sun.identity.federation.services.FSSOAPService)2
SAMLRequesterException (com.sun.identity.saml.common.SAMLRequesterException)2
List (java.util.List)2
