use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.
the class FSNameIdentifierMappingRequest method signXML.
/**
* Signs the XML document representing
* <code>NameIdentifierMappingRequest</code> using the specified
* certificate.
*
* @param certAlias the alias (name) of the certificate used for signing
* the XML document
* @throws SAMLException it there is an error.
*/
public void signXML(String certAlias) throws SAMLException {
FSUtils.debug.message("FSNameIdentifierMappingRequest.signXML");
if (signed) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameIdentifierMappingRequest.signXML: " + "the request is already signed.");
}
throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "alreadySigned", null);
}
if (certAlias == null || certAlias.length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameIdentifierMappingRequest.signXML: " + "null certAlias");
}
throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "cannotFindCertAlias", null);
}
try {
XMLSignatureManager manager = XMLSignatureManager.getInstance();
signatureString = manager.signXML(this.toXMLString(true, true), certAlias, (String) null, IFSConstants.REQUEST_ID, this.getRequestID(), false);
signature = XMLUtils.toDOMDocument(signatureString, FSUtils.debug).getDocumentElement();
signed = true;
} catch (Exception e) {
FSUtils.debug.error("FSNameIdentifierMappingRequest.signXML: " + "unable to sign", e);
throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "signFailed", null);
}
}
use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.
the class FSNameIdentifierMappingResponse method signXML.
/**
* Signs the <code>XML</code> document representing
* <code>NameIdentifierMappingResponse</code> using the specified
* certificate.
*
* @param certAlias the alias/name of the certificate used for signing
* the XML document
* @throws SAMLException if there is an error signing
* the <code>XML</code> string or if the message is already
* signed.
*/
public void signXML(String certAlias) throws SAMLException {
FSUtils.debug.message("FSNameIdentifierMappingResponse.signXML");
if (signed) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameIdentifierMappingResponse.signXML:" + " the response is already signed.");
}
throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "alreadySigned", null);
}
if (certAlias == null || certAlias.length() < 1) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameIdentifierMappingResponse.signXML:" + " null certAlias");
}
throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "cannotFindCertAlias", null);
}
try {
XMLSignatureManager manager = XMLSignatureManager.getInstance();
signatureString = manager.signXML(this.toXMLString(true, true), certAlias, (String) null, IFSConstants.RESPONSE_ID, this.getResponseID(), false);
signature = XMLUtils.toDOMDocument(signatureString, FSUtils.debug).getDocumentElement();
signed = true;
} catch (Exception e) {
FSUtils.debug.error("FSNameIdentifierMappingResponse.signXML: " + "unable to sign", e);
throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "signFailed", null);
}
}
use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.
the class FSBrowserArtifactConsumerHandler method signSAMLRequest.
protected FSRequest signSAMLRequest(FSRequest samlRequest) throws SAMLException {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler.signSAMLRequest: Called");
if (samlRequest.isSigned()) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "signSAMLRequest: the request is already signed.");
}
throw new SAMLException(FSUtils.bundle.getString("alreadySigned"));
}
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null || certAlias.length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "signSAMLRequest: couldn't obtain this site's cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString("cannotFindCertAlias"));
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "signSAMLRequest: Provider's certAlias is found: " + certAlias);
}
XMLSignatureManager manager = XMLSignatureManager.getInstance();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "signSAMLRequest: XMLString to be signed: " + samlRequest.toString(true, true));
}
String signatureString = manager.signXML(samlRequest.toString(true, true), certAlias);
Element signature = XMLUtils.toDOMDocument(signatureString, FSUtils.debug).getDocumentElement();
samlRequest.setSignature(signature);
return samlRequest;
}
use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.
the class FSAssertionArtifactHandler method verifyAssertionSignature.
protected boolean verifyAssertionSignature(FSAssertion assertion) {
FSUtils.debug.message("FSAssertionArtifactHandler.verifyAssertionSignature: Called");
try {
if (!assertion.isSigned()) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "verifyAssertionSignature: Assertion is not signed");
}
return false;
}
X509Certificate cert = KeyUtil.getVerificationCert(idpDescriptor, idpEntityId, true);
if (cert == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "verifyAssertionSignature: couldn't obtain " + "this site's cert.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT));
}
XMLSignatureManager manager = XMLSignatureManager.getInstance();
if (authnResponse != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHander." + "verifyAssertionSignature: xml string to be verified:" + XMLUtils.print((Node) authnResponse.getDOMElement().getOwnerDocument()));
}
return manager.verifyXMLSignature(authnResponse.getDOMElement().getOwnerDocument(), cert);
} else if (samlResponseElt != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHander." + "verifyAssertionSignature: xml string to be verified:" + XMLUtils.print((Node) samlResponseElt.getOwnerDocument()));
}
return manager.verifyXMLSignature(samlResponseElt.getOwnerDocument(), cert);
} else {
return false;
}
} catch (Exception e) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "verifyAssertionSignature: " + "Exception occured while verifying IDP's signature:", e);
return false;
}
}
use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.
the class FSNameRegistrationHandler method signRegistrationRequest.
/**
* Signs the Name registration request before sending it to the IDP.
* @param msg the request message to be sent to IDP
* @param idAttrName name of the id attribute to be signed
* @param id the value of the id attribute to be signed
* @return signed Name registration request
* @exception SAMLException, FSMsgException if error occurred.
*/
protected SOAPMessage signRegistrationRequest(SOAPMessage msg, String idAttrName, String id) throws SAMLException, FSMsgException {
FSUtils.debug.message("Entered FSNameRegistrationHandler::signRegistrationRequest");
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null || certAlias.length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::" + "signRegistrationRequest: couldn't obtain " + "this site's cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler.signRegistration" + "Request Provider's certAlias is found: " + certAlias);
}
XMLSignatureManager manager = XMLSignatureManager.getInstance();
Document doc = (Document) FSServiceUtils.createSOAPDOM(msg);
String xpath = "//*[local-name()=\'ProviderID\']";
manager.signXML(doc, certAlias, SystemConfigurationUtil.getProperty(SAMLConstants.XMLSIG_ALGORITHM), idAttrName, id, false, xpath);
return FSServiceUtils.convertDOMToSOAP(doc);
}
Aggregations