Search in sources :

Example 6 with KeyProvider

use of com.sun.identity.saml.xmlsig.KeyProvider in project OpenAM by OpenRock.

the class AssertionGen method getAssertion.

/**
 *Generate SAML arrestion and return Assertion object
 *
 */
private Assertion getAssertion(String[] attrName, String[] attrValue) {
    Assertion assertion = AssertionFactory.getInstance().createAssertion();
    MetaDataParser lparser = new MetaDataParser();
    String IDPEntityID = lparser.getIDPEntityID();
    String SPEntityID = lparser.getSPEntityID();
    String SPBaseUrl = lparser.getSPbaseUrl();
    try {
        assertion.setID(SAML2Utils.generateID());
        assertion.setVersion(SAML2Constants.VERSION_2_0);
        assertion.setIssueInstant(new Date());
        Issuer issuer = AssertionFactory.getInstance().createIssuer();
        issuer.setValue(IDPEntityID);
        assertion.setIssuer(issuer);
        assertion.setAuthnStatements(getAuthStatementList());
        assertion.setSubject(getSubject(SPEntityID, SPBaseUrl, IDPEntityID));
        assertion.setConditions(getCondition(SPEntityID));
        if (attrName.length > 0 && !attrName[0].equals("null"))
            assertion.setAttributeStatements(getAttributeList(attrName, attrValue));
        KeyProvider kp = KeyUtil.getKeyProviderInstance();
        assertion.sign(kp.getPrivateKey("test"), kp.getX509Certificate("test"));
        return assertion;
    } catch (SAML2Exception ex) {
        Logger.getLogger(AssertionGen.class.getName()).log(Level.SEVERE, null, ex);
    }
    return assertion;
}
Also used : KeyProvider(com.sun.identity.saml.xmlsig.KeyProvider) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Date(java.util.Date)

Example 7 with KeyProvider

use of com.sun.identity.saml.xmlsig.KeyProvider in project OpenAM by OpenRock.

the class IDPSSOUtil method signAssertion.

/**
     * Signs an <code>Assertion</code>
     *
     * @param realm       the realm name of the identity provider
     * @param idpEntityID the entity id of the identity provider
     * @param assertion   The <code>Assertion</code> to be signed
     */
static void signAssertion(String realm, String idpEntityID, Assertion assertion) throws SAML2Exception {
    String classMethod = "IDPSSOUtil.signAssertion: ";
    KeyProvider kp = KeyUtil.getKeyProviderInstance();
    if (kp == null) {
        SAML2Utils.debug.error(classMethod + "Unable to get a key provider instance.");
        throw new SAML2Exception(SAML2Utils.bundle.getString("nullKeyProvider"));
    }
    String idpSignCertAlias = SAML2Utils.getSigningCertAlias(realm, idpEntityID, SAML2Constants.IDP_ROLE);
    if (idpSignCertAlias == null) {
        SAML2Utils.debug.error(classMethod + "Unable to get the hosted IDP signing certificate alias.");
        throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
    }
    String encryptedKeyPass = SAML2Utils.getSigningCertEncryptedKeyPass(realm, idpEntityID, SAML2Constants.IDP_ROLE);
    PrivateKey key;
    if (encryptedKeyPass == null || encryptedKeyPass.isEmpty()) {
        key = kp.getPrivateKey(idpSignCertAlias);
    } else {
        key = kp.getPrivateKey(idpSignCertAlias, encryptedKeyPass);
    }
    assertion.sign(key, kp.getX509Certificate(idpSignCertAlias));
}
Also used : KeyProvider(com.sun.identity.saml.xmlsig.KeyProvider) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) PrivateKey(java.security.PrivateKey)

Example 8 with KeyProvider

use of com.sun.identity.saml.xmlsig.KeyProvider in project OpenAM by OpenRock.

the class QueryHandlerServlet method signResponse.

/**
     * Signs the <code>Response</code>.
     *
     * @param response the <code>Response<code> object.
     * @param realm the realm of the entity.
     * @param pepEntityID Policy Enforcement Point Entity Identitifer.
     * @param pdpEntityID Policy Decision Point Entity Identifier.
     * @exception <code>SAML2Exception</code> if there is an exception.
     */
static void signResponse(Response response, String realm, String pepEntityID, String pdpEntityID) throws SAML2Exception {
    String classMethod = "signResponse : ";
    String attrName = "wantXACMLAuthzDecisionResponseSigned";
    String wantResponseSigned = SAML2Utils.getAttributeValueFromXACMLConfig(realm, SAML2Constants.PEP_ROLE, pepEntityID, attrName);
    if (wantResponseSigned == null || wantResponseSigned.equalsIgnoreCase("false")) {
        if (debug.messageEnabled()) {
            debug.message(classMethod + "Response doesn't need to be signed.");
        }
    } else {
        String pdpSignCertAlias = SAML2Utils.getAttributeValueFromXACMLConfig(realm, SAML2Constants.PDP_ROLE, pdpEntityID, SAML2Constants.SIGNING_CERT_ALIAS);
        if (pdpSignCertAlias == null) {
            debug.error(classMethod + "PDP certificate alias is null.");
            String[] data = { realm, pdpEntityID };
            LogUtil.error(Level.INFO, LogUtil.NULL_PDP_SIGN_CERT_ALIAS, data);
            throw new SAML2Exception("missingSigningCertAlias");
        }
        if (debug.messageEnabled()) {
            debug.message(classMethod + "realm is : " + realm);
            debug.message(classMethod + "pepEntityID is :" + pepEntityID);
            debug.message(classMethod + "pdpEntityID : " + pdpEntityID);
            debug.message(classMethod + "wantResponseSigned" + wantResponseSigned);
            debug.message(classMethod + "Cert Alias:" + pdpSignCertAlias);
        }
        // Don't load the KeyProvider object in static block as it can
        // cause issues when doing a container shutdown/restart.
        KeyProvider keyProvider = KeyUtil.getKeyProviderInstance();
        if (keyProvider == null) {
            debug.error(classMethod + "Unable to get a key provider instance.");
            throw new SAML2Exception("nullKeyProvider");
        }
        PrivateKey signingKey = keyProvider.getPrivateKey(pdpSignCertAlias);
        X509Certificate signingCert = keyProvider.getX509Certificate(pdpSignCertAlias);
        if (signingKey != null) {
            response.sign(signingKey, signingCert);
        } else {
            debug.error("Incorrect configuration for Signing Certificate.");
            throw new SAML2Exception("metaDataError");
        }
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) KeyProvider(com.sun.identity.saml.xmlsig.KeyProvider) PrivateKey(java.security.PrivateKey) X509Certificate(java.security.cert.X509Certificate)

Example 9 with KeyProvider

use of com.sun.identity.saml.xmlsig.KeyProvider in project OpenAM by OpenRock.

the class QueryHandlerServlet method signAssertion.

/**
     * Signs an <code>Assertion</code>.
     *
     * @param realm the realm name of the Policy Decision Point (PDP).
     * @param pdpEntityID the entity id of the policy decision provider.
     * @param assertion the <code>Assertion</code> to be signed.
     * @exception <code>SAML2Exception</code> it there is an error signing
     *            the assertion.
     */
static void signAssertion(String realm, String pdpEntityID, Assertion assertion) throws SAML2Exception {
    String classMethod = "QueryHandlerServlet.signAssertion: ";
    // Don't load the KeyProvider object in static block as it can
    // cause issues when doing a container shutdown/restart.
    KeyProvider keyProvider = KeyUtil.getKeyProviderInstance();
    if (keyProvider == null) {
        debug.error(classMethod + "Unable to get a key provider instance.");
        throw new SAML2Exception("nullKeyProvider");
    }
    String pdpSignCertAlias = SAML2Utils.getAttributeValueFromXACMLConfig(realm, SAML2Constants.PDP_ROLE, pdpEntityID, SAML2Constants.SIGNING_CERT_ALIAS);
    if (pdpSignCertAlias == null) {
        debug.error(classMethod + "Unable to get the hosted PDP signing certificate alias.");
        String[] data = { realm, pdpEntityID };
        LogUtil.error(Level.INFO, LogUtil.NULL_PDP_SIGN_CERT_ALIAS, data);
        throw new SAML2Exception("missingSigningCertAlias");
    }
    assertion.sign(keyProvider.getPrivateKey(pdpSignCertAlias), keyProvider.getX509Certificate(pdpSignCertAlias));
}
Also used : KeyProvider(com.sun.identity.saml.xmlsig.KeyProvider) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)

Example 10 with KeyProvider

use of com.sun.identity.saml.xmlsig.KeyProvider in project OpenAM by OpenRock.

the class DoManageNameID method signMNIRequest.

public static void signMNIRequest(String certAlias, ManageNameIDRequest mniRequest) throws SAML2Exception {
    KeyProvider kp = KeyUtil.getKeyProviderInstance();
    if (kp == null) {
        SAML2Utils.debug.error("DoManageNameID.signMNIRequest: " + "Unable to get a key provider instance.");
        throw new SAML2Exception(SAML2Utils.bundle.getString("nullKeyProvider"));
    }
    mniRequest.sign(kp.getPrivateKey(certAlias), kp.getX509Certificate(certAlias));
}
Also used : KeyProvider(com.sun.identity.saml.xmlsig.KeyProvider) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)

Aggregations

KeyProvider (com.sun.identity.saml.xmlsig.KeyProvider)12 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)10 PrivateKey (java.security.PrivateKey)6 X509Certificate (java.security.cert.X509Certificate)4 Date (java.util.Date)3 Issuer (com.sun.identity.saml2.assertion.Issuer)2 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)2 Artifact (com.sun.identity.saml2.protocol.Artifact)2 ArtifactResolve (com.sun.identity.saml2.protocol.ArtifactResolve)2 ArtifactResponse (com.sun.identity.saml2.protocol.ArtifactResponse)2 Response (com.sun.identity.saml2.protocol.Response)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 SOAPConnection (javax.xml.soap.SOAPConnection)2 SOAPException (javax.xml.soap.SOAPException)2 SOAPMessage (javax.xml.soap.SOAPMessage)2 PolicyException (com.sun.identity.policy.PolicyException)1 ValidValues (com.sun.identity.policy.ValidValues)1 IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)1 XACMLAuthzDecisionQueryConfigElement (com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement)1 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)1