use of com.sun.identity.saml.xmlsig.KeyProvider in project OpenAM by OpenRock.
the class AssertionGen method getAssertion.
/**
*Generate SAML arrestion and return Assertion object
*
*/
private Assertion getAssertion(String[] attrName, String[] attrValue) {
Assertion assertion = AssertionFactory.getInstance().createAssertion();
MetaDataParser lparser = new MetaDataParser();
String IDPEntityID = lparser.getIDPEntityID();
String SPEntityID = lparser.getSPEntityID();
String SPBaseUrl = lparser.getSPbaseUrl();
try {
assertion.setID(SAML2Utils.generateID());
assertion.setVersion(SAML2Constants.VERSION_2_0);
assertion.setIssueInstant(new Date());
Issuer issuer = AssertionFactory.getInstance().createIssuer();
issuer.setValue(IDPEntityID);
assertion.setIssuer(issuer);
assertion.setAuthnStatements(getAuthStatementList());
assertion.setSubject(getSubject(SPEntityID, SPBaseUrl, IDPEntityID));
assertion.setConditions(getCondition(SPEntityID));
if (attrName.length > 0 && !attrName[0].equals("null"))
assertion.setAttributeStatements(getAttributeList(attrName, attrValue));
KeyProvider kp = KeyUtil.getKeyProviderInstance();
assertion.sign(kp.getPrivateKey("test"), kp.getX509Certificate("test"));
return assertion;
} catch (SAML2Exception ex) {
Logger.getLogger(AssertionGen.class.getName()).log(Level.SEVERE, null, ex);
}
return assertion;
}
use of com.sun.identity.saml.xmlsig.KeyProvider in project OpenAM by OpenRock.
the class IDPSSOUtil method signAssertion.
/**
* Signs an <code>Assertion</code>
*
* @param realm the realm name of the identity provider
* @param idpEntityID the entity id of the identity provider
* @param assertion The <code>Assertion</code> to be signed
*/
static void signAssertion(String realm, String idpEntityID, Assertion assertion) throws SAML2Exception {
String classMethod = "IDPSSOUtil.signAssertion: ";
KeyProvider kp = KeyUtil.getKeyProviderInstance();
if (kp == null) {
SAML2Utils.debug.error(classMethod + "Unable to get a key provider instance.");
throw new SAML2Exception(SAML2Utils.bundle.getString("nullKeyProvider"));
}
String idpSignCertAlias = SAML2Utils.getSigningCertAlias(realm, idpEntityID, SAML2Constants.IDP_ROLE);
if (idpSignCertAlias == null) {
SAML2Utils.debug.error(classMethod + "Unable to get the hosted IDP signing certificate alias.");
throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
}
String encryptedKeyPass = SAML2Utils.getSigningCertEncryptedKeyPass(realm, idpEntityID, SAML2Constants.IDP_ROLE);
PrivateKey key;
if (encryptedKeyPass == null || encryptedKeyPass.isEmpty()) {
key = kp.getPrivateKey(idpSignCertAlias);
} else {
key = kp.getPrivateKey(idpSignCertAlias, encryptedKeyPass);
}
assertion.sign(key, kp.getX509Certificate(idpSignCertAlias));
}
use of com.sun.identity.saml.xmlsig.KeyProvider in project OpenAM by OpenRock.
the class QueryHandlerServlet method signResponse.
/**
* Signs the <code>Response</code>.
*
* @param response the <code>Response<code> object.
* @param realm the realm of the entity.
* @param pepEntityID Policy Enforcement Point Entity Identitifer.
* @param pdpEntityID Policy Decision Point Entity Identifier.
* @exception <code>SAML2Exception</code> if there is an exception.
*/
static void signResponse(Response response, String realm, String pepEntityID, String pdpEntityID) throws SAML2Exception {
String classMethod = "signResponse : ";
String attrName = "wantXACMLAuthzDecisionResponseSigned";
String wantResponseSigned = SAML2Utils.getAttributeValueFromXACMLConfig(realm, SAML2Constants.PEP_ROLE, pepEntityID, attrName);
if (wantResponseSigned == null || wantResponseSigned.equalsIgnoreCase("false")) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Response doesn't need to be signed.");
}
} else {
String pdpSignCertAlias = SAML2Utils.getAttributeValueFromXACMLConfig(realm, SAML2Constants.PDP_ROLE, pdpEntityID, SAML2Constants.SIGNING_CERT_ALIAS);
if (pdpSignCertAlias == null) {
debug.error(classMethod + "PDP certificate alias is null.");
String[] data = { realm, pdpEntityID };
LogUtil.error(Level.INFO, LogUtil.NULL_PDP_SIGN_CERT_ALIAS, data);
throw new SAML2Exception("missingSigningCertAlias");
}
if (debug.messageEnabled()) {
debug.message(classMethod + "realm is : " + realm);
debug.message(classMethod + "pepEntityID is :" + pepEntityID);
debug.message(classMethod + "pdpEntityID : " + pdpEntityID);
debug.message(classMethod + "wantResponseSigned" + wantResponseSigned);
debug.message(classMethod + "Cert Alias:" + pdpSignCertAlias);
}
// Don't load the KeyProvider object in static block as it can
// cause issues when doing a container shutdown/restart.
KeyProvider keyProvider = KeyUtil.getKeyProviderInstance();
if (keyProvider == null) {
debug.error(classMethod + "Unable to get a key provider instance.");
throw new SAML2Exception("nullKeyProvider");
}
PrivateKey signingKey = keyProvider.getPrivateKey(pdpSignCertAlias);
X509Certificate signingCert = keyProvider.getX509Certificate(pdpSignCertAlias);
if (signingKey != null) {
response.sign(signingKey, signingCert);
} else {
debug.error("Incorrect configuration for Signing Certificate.");
throw new SAML2Exception("metaDataError");
}
}
}
use of com.sun.identity.saml.xmlsig.KeyProvider in project OpenAM by OpenRock.
the class QueryHandlerServlet method signAssertion.
/**
* Signs an <code>Assertion</code>.
*
* @param realm the realm name of the Policy Decision Point (PDP).
* @param pdpEntityID the entity id of the policy decision provider.
* @param assertion the <code>Assertion</code> to be signed.
* @exception <code>SAML2Exception</code> it there is an error signing
* the assertion.
*/
static void signAssertion(String realm, String pdpEntityID, Assertion assertion) throws SAML2Exception {
String classMethod = "QueryHandlerServlet.signAssertion: ";
// Don't load the KeyProvider object in static block as it can
// cause issues when doing a container shutdown/restart.
KeyProvider keyProvider = KeyUtil.getKeyProviderInstance();
if (keyProvider == null) {
debug.error(classMethod + "Unable to get a key provider instance.");
throw new SAML2Exception("nullKeyProvider");
}
String pdpSignCertAlias = SAML2Utils.getAttributeValueFromXACMLConfig(realm, SAML2Constants.PDP_ROLE, pdpEntityID, SAML2Constants.SIGNING_CERT_ALIAS);
if (pdpSignCertAlias == null) {
debug.error(classMethod + "Unable to get the hosted PDP signing certificate alias.");
String[] data = { realm, pdpEntityID };
LogUtil.error(Level.INFO, LogUtil.NULL_PDP_SIGN_CERT_ALIAS, data);
throw new SAML2Exception("missingSigningCertAlias");
}
assertion.sign(keyProvider.getPrivateKey(pdpSignCertAlias), keyProvider.getX509Certificate(pdpSignCertAlias));
}
use of com.sun.identity.saml.xmlsig.KeyProvider in project OpenAM by OpenRock.
the class DoManageNameID method signMNIRequest.
public static void signMNIRequest(String certAlias, ManageNameIDRequest mniRequest) throws SAML2Exception {
KeyProvider kp = KeyUtil.getKeyProviderInstance();
if (kp == null) {
SAML2Utils.debug.error("DoManageNameID.signMNIRequest: " + "Unable to get a key provider instance.");
throw new SAML2Exception(SAML2Utils.bundle.getString("nullKeyProvider"));
}
mniRequest.sign(kp.getPrivateKey(certAlias), kp.getX509Certificate(certAlias));
}
Aggregations