Search in sources :

Example 6 with SAMLResponderException

use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.

the class FSNameIdentifierMappingRequest method signXML.

/**
     * Signs the XML document representing
     * <code>NameIdentifierMappingRequest</code> using the specified
     * certificate.
     *
     * @param certAlias the alias (name) of the certificate used for signing
     *                   the XML document
     * @throws SAMLException it there is an error.
     */
public void signXML(String certAlias) throws SAMLException {
    FSUtils.debug.message("FSNameIdentifierMappingRequest.signXML");
    if (signed) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSNameIdentifierMappingRequest.signXML: " + "the request is already signed.");
        }
        throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "alreadySigned", null);
    }
    if (certAlias == null || certAlias.length() == 0) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSNameIdentifierMappingRequest.signXML: " + "null certAlias");
        }
        throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "cannotFindCertAlias", null);
    }
    try {
        XMLSignatureManager manager = XMLSignatureManager.getInstance();
        signatureString = manager.signXML(this.toXMLString(true, true), certAlias, (String) null, IFSConstants.REQUEST_ID, this.getRequestID(), false);
        signature = XMLUtils.toDOMDocument(signatureString, FSUtils.debug).getDocumentElement();
        signed = true;
    } catch (Exception e) {
        FSUtils.debug.error("FSNameIdentifierMappingRequest.signXML: " + "unable to sign", e);
        throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "signFailed", null);
    }
}
Also used : XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SAMLException(com.sun.identity.saml.common.SAMLException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)

Example 7 with SAMLResponderException

use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.

the class FSNameIdentifierMappingResponse method signXML.

/**
     * Signs the <code>XML</code> document representing
     * <code>NameIdentifierMappingResponse</code> using the specified
     * certificate.
     *
     * @param certAlias the alias/name of the certificate used for signing
     *                   the XML document
     * @throws SAMLException if there is an error signing
     *            the <code>XML</code> string or if the message is already
     *            signed.
     */
public void signXML(String certAlias) throws SAMLException {
    FSUtils.debug.message("FSNameIdentifierMappingResponse.signXML");
    if (signed) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSNameIdentifierMappingResponse.signXML:" + " the response is already signed.");
        }
        throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "alreadySigned", null);
    }
    if (certAlias == null || certAlias.length() < 1) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSNameIdentifierMappingResponse.signXML:" + " null certAlias");
        }
        throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "cannotFindCertAlias", null);
    }
    try {
        XMLSignatureManager manager = XMLSignatureManager.getInstance();
        signatureString = manager.signXML(this.toXMLString(true, true), certAlias, (String) null, IFSConstants.RESPONSE_ID, this.getResponseID(), false);
        signature = XMLUtils.toDOMDocument(signatureString, FSUtils.debug).getDocumentElement();
        signed = true;
    } catch (Exception e) {
        FSUtils.debug.error("FSNameIdentifierMappingResponse.signXML: " + "unable to sign", e);
        throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "signFailed", null);
    }
}
Also used : XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SAMLException(com.sun.identity.saml.common.SAMLException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)

Example 8 with SAMLResponderException

use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.

the class FSBrowserArtifactConsumerHandler method signSAMLRequest.

protected FSRequest signSAMLRequest(FSRequest samlRequest) throws SAMLException {
    FSUtils.debug.message("FSBrowserArtifactConsumerHandler.signSAMLRequest: Called");
    if (samlRequest.isSigned()) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "signSAMLRequest: the request is already signed.");
        }
        throw new SAMLException(FSUtils.bundle.getString("alreadySigned"));
    }
    String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.SIGNING_CERT_ALIAS);
    if (certAlias == null || certAlias.length() == 0) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "signSAMLRequest: couldn't obtain this site's cert alias.");
        }
        throw new SAMLResponderException(FSUtils.bundle.getString("cannotFindCertAlias"));
    }
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "signSAMLRequest: Provider's certAlias is found: " + certAlias);
    }
    XMLSignatureManager manager = XMLSignatureManager.getInstance();
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "signSAMLRequest: XMLString to be signed: " + samlRequest.toString(true, true));
    }
    String signatureString = manager.signXML(samlRequest.toString(true, true), certAlias);
    Element signature = XMLUtils.toDOMDocument(signatureString, FSUtils.debug).getDocumentElement();
    samlRequest.setSignature(signature);
    return samlRequest;
}
Also used : Element(org.w3c.dom.Element) XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager) SAMLException(com.sun.identity.saml.common.SAMLException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)

Example 9 with SAMLResponderException

use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.

the class FSAssertionArtifactHandler method verifyAssertionSignature.

protected boolean verifyAssertionSignature(FSAssertion assertion) {
    FSUtils.debug.message("FSAssertionArtifactHandler.verifyAssertionSignature: Called");
    try {
        if (!assertion.isSigned()) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler." + "verifyAssertionSignature: Assertion is not signed");
            }
            return false;
        }
        X509Certificate cert = KeyUtil.getVerificationCert(idpDescriptor, idpEntityId, true);
        if (cert == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler." + "verifyAssertionSignature: couldn't obtain " + "this site's cert.");
            }
            throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT));
        }
        XMLSignatureManager manager = XMLSignatureManager.getInstance();
        if (authnResponse != null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHander." + "verifyAssertionSignature:  xml string to be verified:" + XMLUtils.print((Node) authnResponse.getDOMElement().getOwnerDocument()));
            }
            return manager.verifyXMLSignature(authnResponse.getDOMElement().getOwnerDocument(), cert);
        } else if (samlResponseElt != null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHander." + "verifyAssertionSignature:  xml string to be verified:" + XMLUtils.print((Node) samlResponseElt.getOwnerDocument()));
            }
            return manager.verifyXMLSignature(samlResponseElt.getOwnerDocument(), cert);
        } else {
            return false;
        }
    } catch (Exception e) {
        FSUtils.debug.error("FSAssertionArtifactHandler." + "verifyAssertionSignature: " + "Exception occured while verifying IDP's signature:", e);
        return false;
    }
}
Also used : Node(org.w3c.dom.Node) XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager) X509Certificate(java.security.cert.X509Certificate) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)

Example 10 with SAMLResponderException

use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.

the class FSNameRegistrationHandler method signRegistrationRequest.

/** 
     * Signs the Name registration request before sending it to the IDP.
     * @param msg the request message to be sent to IDP
     * @param idAttrName name of the id attribute to be signed
     * @param id the value of the id attribute to be signed
     * @return signed Name registration request
     * @exception SAMLException, FSMsgException if error occurred.
     */
protected SOAPMessage signRegistrationRequest(SOAPMessage msg, String idAttrName, String id) throws SAMLException, FSMsgException {
    FSUtils.debug.message("Entered FSNameRegistrationHandler::signRegistrationRequest");
    String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
    if (certAlias == null || certAlias.length() == 0) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSNameRegistrationHandler::" + "signRegistrationRequest: couldn't obtain " + "this site's cert alias.");
        }
        throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
    }
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSNameRegistrationHandler.signRegistration" + "Request Provider's certAlias is found: " + certAlias);
    }
    XMLSignatureManager manager = XMLSignatureManager.getInstance();
    Document doc = (Document) FSServiceUtils.createSOAPDOM(msg);
    String xpath = "//*[local-name()=\'ProviderID\']";
    manager.signXML(doc, certAlias, SystemConfigurationUtil.getProperty(SAMLConstants.XMLSIG_ALGORITHM), idAttrName, id, false, xpath);
    return FSServiceUtils.convertDOMToSOAP(doc);
}
Also used : XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager) Document(org.w3c.dom.Document) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)

Aggregations

SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)34 SAMLException (com.sun.identity.saml.common.SAMLException)22 XMLSignatureManager (com.sun.identity.saml.xmlsig.XMLSignatureManager)21 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)15 IOException (java.io.IOException)9 X509Certificate (java.security.cert.X509Certificate)9 ParseException (java.text.ParseException)9 Document (org.w3c.dom.Document)8 SessionException (com.sun.identity.plugin.session.SessionException)7 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)6 SAMLVersionMismatchException (com.sun.identity.saml.common.SAMLVersionMismatchException)5 Element (org.w3c.dom.Element)5 FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)4 FSLogoutResponse (com.sun.identity.federation.message.FSLogoutResponse)4 HashMap (java.util.HashMap)4 ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)3 FSException (com.sun.identity.federation.common.FSException)2 FSSOAPService (com.sun.identity.federation.services.FSSOAPService)2 SAMLRequesterException (com.sun.identity.saml.common.SAMLRequesterException)2 List (java.util.List)2