Examples with XMLSignatureManager com.sun.identity.saml.xmlsig.XMLSignatureManager used on opensource projects

Search in sources :

Example 16 with XMLSignatureManager

use of com.sun.identity.saml.xmlsig.XMLSignatureManager in project OpenAM by OpenRock.

the class WSFederationUtils method isSignatureValid.

/**
     * Determine the validity of the signature on the <code>Assertion</code>
     * @param assertion SAML 1.1 Assertion
     * @param realm Realm for the issuer
     * @param issuer Assertion issuer - used to retrieve certificate for 
     * signature validation.
     * @return true if the signature on the object is valid; false otherwise.
     */
public static boolean isSignatureValid(Assertion assertion, String realm, String issuer) {
    boolean valid = false;
    String signedXMLString = assertion.toString(true, true);
    String id = assertion.getAssertionID();
    try {
        FederationElement idp = metaManager.getEntityDescriptor(realm, issuer);
        X509Certificate cert = KeyUtil.getVerificationCert(idp, issuer, true);
        XMLSignatureManager manager = XMLSignatureManager.getInstance();
        valid = SigManager.getSigInstance().verify(signedXMLString, id, Collections.singleton(cert));
    } catch (WSFederationMetaException ex) {
        valid = false;
    } catch (SAML2Exception ex) {
        valid = false;
    }
    if (!valid) {
        String[] data = { LogUtil.isErrorLoggable(Level.FINER) ? signedXMLString : id, realm, issuer };
        LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE_ASSERTION, data, null);
    }
    return valid;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager) WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException) FederationElement(com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement) X509Certificate(java.security.cert.X509Certificate)

Example 17 with XMLSignatureManager

use of com.sun.identity.saml.xmlsig.XMLSignatureManager in project OpenAM by OpenRock.

the class FSAssertion method signXML.

/**
     * Signs the <code>Assertion</code>.
     *
     * @param certAlias the alias/name of the certificate.
     * @throws SAMLException if <code>FSAssertion</code>
     *            cannot be signed.
     */
public void signXML(String certAlias) throws SAMLException {
    FSUtils.debug.message("FSAssertion.signXML: Called");
    if (signed) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertion.signXML: the assertion is " + "already signed.");
        }
        throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "alreadySigned", null);
    }
    if (certAlias == null || certAlias.length() == 0) {
        throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "cannotFindCertAlias", null);
    }
    try {
        XMLSignatureManager manager = XMLSignatureManager.getInstance();
        if (minorVersion == IFSConstants.FF_11_ASSERTION_MINOR_VERSION) {
            signatureString = manager.signXML(this.toXMLString(true, true), certAlias, (String) null, IFSConstants.ID, this.id, false);
        } else if (minorVersion == IFSConstants.FF_12_POST_ASSERTION_MINOR_VERSION || minorVersion == IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION) {
            signatureString = manager.signXML(this.toXMLString(true, true), certAlias, (String) null, IFSConstants.ASSERTION_ID, this.getAssertionID(), false);
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("invalid minor version.");
            }
        }
        signature = XMLUtils.toDOMDocument(signatureString, FSUtils.debug).getDocumentElement();
        signed = true;
        xmlString = this.toXMLString(true, true);
    } catch (Exception e) {
        FSUtils.debug.message(" Exception :" + e.getMessage());
        throw new SAMLResponderException(e);
    }
}
Also used : XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SAMLException(com.sun.identity.saml.common.SAMLException) ParseException(java.text.ParseException) SAMLVersionMismatchException(com.sun.identity.saml.common.SAMLVersionMismatchException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)

Example 18 with XMLSignatureManager

use of com.sun.identity.saml.xmlsig.XMLSignatureManager in project OpenAM by OpenRock.

the class FSAuthnRequest method signXML.

/**
     * Signs the Request.
     *
     * @param certAlias the Certificate Alias.
     * @throws XMLSignatureException if <code>FSAuthnRequest</code>
     *         cannot be signed.
     */
public void signXML(String certAlias) throws SAMLException {
    FSUtils.debug.message("FSAuthnRequest.signXML: Called");
    if (signed) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAuthnRequest.signXML: " + "the assertion is " + "already signed.");
        }
        throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "alreadySigned", null);
    }
    if (certAlias == null || certAlias.length() == 0) {
        throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "cannotFindCertAlias", null);
    }
    try {
        XMLSignatureManager manager = XMLSignatureManager.getInstance();
        if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
            signatureString = manager.signXML(this.toXMLString(true, true), certAlias, (String) null, IFSConstants.ID, this.id, false);
        } else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
            signatureString = manager.signXML(this.toXMLString(true, true), certAlias, (String) null, IFSConstants.REQUEST_ID, this.getRequestID(), false);
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("invalid minor version.");
            }
        }
        signature = XMLUtils.toDOMDocument(signatureString, FSUtils.debug).getDocumentElement();
        signed = true;
        xmlString = this.toXMLString(true, true);
    } catch (Exception e) {
        throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "signFailed", null);
    }
}
Also used : XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SAMLException(com.sun.identity.saml.common.SAMLException) ParseException(java.text.ParseException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)

Example 19 with XMLSignatureManager

use of com.sun.identity.saml.xmlsig.XMLSignatureManager in project OpenAM by OpenRock.

the class FSNameRegistrationResponse method signXML.

/**
     * Signs the Name Registration Response.
     *
     * @param certAlias the Certificate Alias.
     * @throws SAMLException if this object cannot be signed.
     */
public void signXML(String certAlias) throws SAMLException {
    FSUtils.debug.message("FSNameRegistrationResponse.signXML: Called");
    if (signed) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSNameRegistrationResponse.signXML: " + "the assertion is already signed.");
        }
        throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "alreadySigned", null);
    }
    if (certAlias == null || certAlias.length() == 0) {
        throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "cannotFindCertAlias", null);
    }
    try {
        XMLSignatureManager manager = XMLSignatureManager.getInstance();
        if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
            signatureString = manager.signXML(this.toXMLString(true, true), certAlias, IFSConstants.DEF_SIG_ALGO, IFSConstants.ID, this.id, false);
        } else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
            signatureString = manager.signXML(this.toXMLString(true, true), certAlias, IFSConstants.DEF_SIG_ALGO, IFSConstants.RESPONSE_ID, this.getResponseID(), false);
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("invalid minor version.");
            }
        }
        signature = XMLUtils.toDOMDocument(signatureString, FSUtils.debug).getDocumentElement();
        signed = true;
        xmlString = this.toXMLString(true, true);
    } catch (Exception e) {
        throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "signError", null);
    }
}
Also used : XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SAMLVersionMismatchException(com.sun.identity.saml.common.SAMLVersionMismatchException) SAMLException(com.sun.identity.saml.common.SAMLException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) ParseException(java.text.ParseException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)

Example 20 with XMLSignatureManager

use of com.sun.identity.saml.xmlsig.XMLSignatureManager in project OpenAM by OpenRock.

the class FSLogoutNotification method signXML.

/**
     * Signs the <code>FSLogoutNotification</code> object.
     *
     * @param certAlias the Certificate Alias
     * @throws SAMLException if
     *         <code>FSFederationTerminationNotification</code>
     *         cannot be signed.
     */
public void signXML(String certAlias) throws SAMLException {
    FSUtils.debug.message("FSLogoutNotification.signXML: Called");
    if (signed) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSLogoutNotification.signXML: " + "the assertion is already signed.");
        }
        throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "alreadySigned", null);
    }
    if (certAlias == null || certAlias.length() == 0) {
        throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "cannotFindCertAlias", null);
    }
    try {
        XMLSignatureManager manager = XMLSignatureManager.getInstance();
        if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
            signatureString = manager.signXML(this.toXMLString(true, true), certAlias, null, IFSConstants.ID, this.id, false);
        } else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
            signatureString = manager.signXML(this.toXMLString(true, true), certAlias, null, IFSConstants.REQUEST_ID, this.getRequestID(), false);
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("invalid minor version.");
            }
        }
        signature = XMLUtils.toDOMDocument(signatureString, FSUtils.debug).getDocumentElement();
        signed = true;
        xmlString = this.toXMLString(true, true);
    } catch (Exception e) {
        throw new SAMLResponderException(FSUtils.BUNDLE_NAME, "signFailed", null);
    }
}
Also used : XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SAMLException(com.sun.identity.saml.common.SAMLException) ParseException(java.text.ParseException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)

Aggregations

XMLSignatureManager (com.sun.identity.saml.xmlsig.XMLSignatureManager)34 SAMLException (com.sun.identity.saml.common.SAMLException)22 SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)22 Document (org.w3c.dom.Document)17 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)15 ParseException (java.text.ParseException)10 FSException (com.sun.identity.federation.common.FSException)7 X509Certificate (java.security.cert.X509Certificate)7 SAMLVersionMismatchException (com.sun.identity.saml.common.SAMLVersionMismatchException)5 IOException (java.io.IOException)5 FSAssertion (com.sun.identity.federation.message.FSAssertion)4 SystemConfigurationException (com.sun.identity.common.SystemConfigurationException)3 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)3 SessionException (com.sun.identity.plugin.session.SessionException)3 FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)2 FSNameIdentifierMappingResponse (com.sun.identity.federation.message.FSNameIdentifierMappingResponse)2 FSResponse (com.sun.identity.federation.message.FSResponse)2 IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)2 PrintWriter (java.io.PrintWriter)2 Iterator (java.util.Iterator)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial