Example 1 with XMLSignatureException
use of com.sun.identity.saml.xmlsig.XMLSignatureException in project OpenAM by OpenRock.
the class SAML2MetaSecurityUtils method sign.
/**
* Signs the entity descriptor root element by the following rules:
* <ul>
* <li>Hosted Entity</li>
* <ul>
* <li>If there is a signature already on the EntityDescriptor, removes it, then signs the EntityDescriptor.
* </li>
* <li>Simply signs the EntityDescriptor otherwise.</li>
* </ul>
* <li>Remote Entity</li>
* <ul>
* <li>If there is a signature already on the EntityDescriptor, then does not change it, but returns the
* Document with the original signature.
* </li>
* <li>Simply signs the EntityDescriptor otherwise</li>
* </ul>
* </ul>
* If there is no extended metadata for the entity, the entity is considered as remote.
*
* @param realm The realm where the EntityDescriptor belongs to.
* @param descriptor The entity descriptor.
* @return Signed <code>Document</code> for the entity descriptor or null if no metadata signing key is found in
* the configuration.
* @throws SAML2MetaException if unable to sign the entity descriptor.
* @throws JAXBException if the entity descriptor is invalid.
*/
public static Document sign(String realm, EntityDescriptorElement descriptor) throws JAXBException, SAML2MetaException {
if (descriptor == null) {
throw new SAML2MetaException("Unable to sign null descriptor");
}
SAML2MetaManager metaManager = new SAML2MetaManager();
EntityConfigElement cfgElem = metaManager.getEntityConfig(realm, descriptor.getEntityID());
boolean isHosted;
if (cfgElem == null) {
//if there is no EntityConfig, this is considered as a remote entity
isHosted = false;
} else {
isHosted = cfgElem.isHosted();
}
String signingCert = getRealmSetting(METADATA_SIGNING_KEY, realm);
if (signingCert == null) {
return null;
}
initializeKeyStore();
String xmlstr = SAML2MetaUtils.convertJAXBToString(descriptor);
xmlstr = formatBase64BinaryElement(xmlstr);
Document doc = XMLUtils.toDOMDocument(xmlstr, debug);
NodeList childNodes = doc.getDocumentElement().getChildNodes();
for (int i = 0; i < childNodes.getLength(); i++) {
Node node = childNodes.item(i);
if (node.getLocalName() != null && node.getLocalName().equals("Signature") && node.getNamespaceURI().equals(NS_XMLSIG)) {
if (isHosted) {
node.getParentNode().removeChild(node);
break;
} else {
//as that may be judged more accurately
return doc;
}
}
}
//we need to sign or re-sign the document, let's generate a new ID
String descriptorId = SAMLUtils.generateID();
doc.getDocumentElement().setAttribute(ATTR_ID, descriptorId);
XMLSignatureManager sigManager = XMLSignatureManager.getInstance();
try {
String xpath = "//*[local-name()=\"" + TAG_ENTITY_DESCRIPTOR + "\" and namespace-uri()=\"" + NS_META + "\"]/*[1]";
sigManager.signXMLUsingKeyPass(doc, signingCert, getRealmSetting(METADATA_SIGNING_KEY_PASS, realm), null, SAML2Constants.ID, descriptorId, true, xpath);
} catch (XMLSignatureException xmlse) {
if (debug.messageEnabled()) {
debug.message("SAML2MetaSecurityUtils.sign:", xmlse);
}
}
return doc;
}
Also used :
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager)
Document(org.w3c.dom.Document)
XMLSignatureException(com.sun.identity.saml.xmlsig.XMLSignatureException)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
Example 2 with XMLSignatureException
use of com.sun.identity.saml.xmlsig.XMLSignatureException in project OpenAM by OpenRock.
the class SecurityUtils method getPublicKey.
/**
* Returns the <code>PublicKey</code>.
*/
private static PublicKey getPublicKey(Element reference) throws XMLSignatureException {
PublicKey pubKey = null;
Document doc = reference.getOwnerDocument();
Element dsaKey = (Element) reference.getElementsByTagNameNS(Constants.SignatureSpecNS, SAMLConstants.TAG_DSAKEYVALUE).item(0);
if (dsaKey != null) {
// It's DSAKey
NodeList nodes = dsaKey.getChildNodes();
int nodeCount = nodes.getLength();
if (nodeCount > 0) {
BigInteger p = null, q = null, g = null, y = null;
for (int i = 0; i < nodeCount; i++) {
Node currentNode = nodes.item(i);
if (currentNode.getNodeType() == Node.ELEMENT_NODE) {
String tagName = currentNode.getLocalName();
Node sub = currentNode.getChildNodes().item(0);
String value = sub.getNodeValue();
value = SAMLUtils.removeNewLineChars(value);
BigInteger v = new BigInteger(Base64.decode(value));
if (tagName.equals("P")) {
p = v;
} else if (tagName.equals("Q")) {
q = v;
} else if (tagName.equals("G")) {
g = v;
} else if (tagName.equals("Y")) {
y = v;
} else {
SAMLUtils.debug.error("Wrong tag name in DSA key.");
throw new XMLSignatureException(SAMLUtils.bundle.getString("errorObtainPK"));
}
}
}
DSAKeyValue dsaKeyValue = new DSAKeyValue(doc, p, q, g, y);
try {
pubKey = dsaKeyValue.getPublicKey();
} catch (XMLSecurityException xse) {
SAMLUtils.debug.error("Could not get Public Key from" + " DSA key value.");
throw new XMLSignatureException(SAMLUtils.bundle.getString("errorObtainPK"));
}
}
} else {
Element rsaKey = (Element) reference.getElementsByTagNameNS(Constants.SignatureSpecNS, SAMLConstants.TAG_RSAKEYVALUE).item(0);
if (rsaKey != null) {
// It's RSAKey
NodeList nodes = rsaKey.getChildNodes();
int nodeCount = nodes.getLength();
BigInteger m = null, e = null;
if (nodeCount > 0) {
for (int i = 0; i < nodeCount; i++) {
Node currentNode = nodes.item(i);
if (currentNode.getNodeType() == Node.ELEMENT_NODE) {
String tagName = currentNode.getLocalName();
Node sub = currentNode.getChildNodes().item(0);
String value = sub.getNodeValue();
value = SAMLUtils.removeNewLineChars(value);
BigInteger v = new BigInteger(Base64.decode(value));
if (tagName.equals("Exponent")) {
e = v;
} else if (tagName.equals("Modulus")) {
m = v;
} else {
SAMLUtils.debug.error("Wrong tag name from " + "RSA key element.");
throw new XMLSignatureException(SAMLUtils.bundle.getString("errorObtainPK"));
}
}
}
}
RSAKeyValue rsaKeyValue = new RSAKeyValue(doc, m, e);
try {
pubKey = rsaKeyValue.getPublicKey();
} catch (XMLSecurityException ex) {
SAMLUtils.debug.error("Could not get Public Key from" + " RSA key value.");
throw new XMLSignatureException(SAMLUtils.bundle.getString("errorObtainPK"));
}
}
}
return pubKey;
}
Also used :
RSAKeyValue(org.apache.xml.security.keys.content.keyvalues.RSAKeyValue)
DSAKeyValue(org.apache.xml.security.keys.content.keyvalues.DSAKeyValue)
PublicKey(java.security.PublicKey)
Element(org.w3c.dom.Element)
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
BigInteger(java.math.BigInteger)
Document(org.w3c.dom.Document)
XMLSignatureException(com.sun.identity.saml.xmlsig.XMLSignatureException)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
Aggregations
XMLSignatureException (com.sun.identity.saml.xmlsig.XMLSignatureException)2
Document (org.w3c.dom.Document)2
Node (org.w3c.dom.Node)2
NodeList (org.w3c.dom.NodeList)2
XMLSignatureManager (com.sun.identity.saml.xmlsig.XMLSignatureManager)1
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)1
BigInteger (java.math.BigInteger)1
PublicKey (java.security.PublicKey)1
XMLSecurityException (org.apache.xml.security.exceptions.XMLSecurityException)1
DSAKeyValue (org.apache.xml.security.keys.content.keyvalues.DSAKeyValue)1
RSAKeyValue (org.apache.xml.security.keys.content.keyvalues.RSAKeyValue)1
Element (org.w3c.dom.Element)1
