Example 31 with XMLSignatureManager
use of com.sun.identity.saml.xmlsig.XMLSignatureManager in project OpenAM by OpenRock.
the class SAMLUtils method checkSignatureValid.
/**
* Return whether the signature on the object is valid or not.
* @param xmlString input XML String
* @param idAttribute ASSERTION_ID_ATTRIBUTE or RESPONSE_ID_ATTRIBUTE
* @param issuer the issuer of the Assertion
* @return true if the signature on the object is valid; false otherwise.
*/
public static boolean checkSignatureValid(String xmlString, String idAttribute, String issuer) {
String certAlias = null;
boolean valid = true;
Map entries = (Map) SAMLServiceManager.getAttribute(SAMLConstants.PARTNER_URLS);
if (entries != null) {
SAMLServiceManager.SOAPEntry srcSite = (SAMLServiceManager.SOAPEntry) entries.get(issuer);
if (srcSite != null) {
certAlias = srcSite.getCertAlias();
}
}
try {
XMLSignatureManager manager = XMLSignatureManager.getInstance();
valid = manager.verifyXMLSignature(xmlString, idAttribute, certAlias);
} catch (Exception e) {
SAMLUtils.debug.warning("SAMLUtils.checkSignatureValid:" + " signature validation exception", e);
valid = false;
}
if (!valid) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SAMLUtils.checkSignatureValid:" + " Couldn't verify signature.");
}
}
return valid;
}
Also used :
XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager)
Map(java.util.Map)
HashMap(java.util.HashMap)
ServletException(javax.servlet.ServletException)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
SessionException(com.sun.identity.plugin.session.SessionException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
Example 32 with XMLSignatureManager
use of com.sun.identity.saml.xmlsig.XMLSignatureManager in project OpenAM by OpenRock.
the class Request method signXML.
/**
* Method to sign the Request.
* @exception SAMLException if could not sign the Request.
*/
public void signXML() throws SAMLException {
if (signed) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("Request.signXML: the request is " + "already signed.");
}
throw new SAMLException(SAMLUtils.bundle.getString("alreadySigned"));
}
String certAlias = SystemConfigurationUtil.getProperty("com.sun.identity.saml.xmlsig.certalias");
if (certAlias == null) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("Request.signXML: couldn't obtain " + "this site's cert Alias.");
}
throw new SAMLResponderException(SAMLUtils.bundle.getString("cannotFindCertAlias"));
}
XMLSignatureManager manager = XMLSignatureManager.getInstance();
if ((majorVersion == 1) && (minorVersion == 0)) {
SAMLUtils.debug.message("Request.signXML: sign with version 1.0");
signatureString = manager.signXML(this.toString(true, true), certAlias);
// this block is used for later return of signature element by
// getSignature() method
signature = XMLUtils.toDOMDocument(signatureString, SAMLUtils.debug).getDocumentElement();
} else {
Document doc = XMLUtils.toDOMDocument(this.toString(true, true), SAMLUtils.debug);
// sign with SAML 1.1 spec & include cert in KeyInfo
signature = manager.signXML(doc, certAlias, null, REQUEST_ID_ATTRIBUTE, getRequestID(), true, null);
signatureString = XMLUtils.print(signature);
}
signed = true;
xmlString = this.toString(true, true);
}
Also used :
XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager)
Document(org.w3c.dom.Document)
SAMLException(com.sun.identity.saml.common.SAMLException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Example 33 with XMLSignatureManager
use of com.sun.identity.saml.xmlsig.XMLSignatureManager in project OpenAM by OpenRock.
the class Response method signXML.
/**
* Method that signs the Response.
*
* @exception SAMLException if could not sign the Response.
*/
public void signXML() throws SAMLException {
if (signed) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("Response.signXML: the response is " + "already signed.");
}
throw new SAMLException(SAMLUtils.bundle.getString("alreadySigned"));
}
String certAlias = SystemConfigurationUtil.getProperty("com.sun.identity.saml.xmlsig.certalias");
if (certAlias == null) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("Response.signXML: couldn't obtain " + "this site's cert alias.");
}
throw new SAMLResponderException(SAMLUtils.bundle.getString("cannotFindCertAlias"));
}
XMLSignatureManager manager = XMLSignatureManager.getInstance();
if ((majorVersion == 1) && (minorVersion == 0)) {
SAMLUtils.debug.message("Request.signXML: sign with version 1.0");
signatureString = manager.signXML(this.toString(true, true), certAlias);
// this block is used for later return of signature element by
// getSignature() method
signature = XMLUtils.toDOMDocument(signatureString, SAMLUtils.debug).getDocumentElement();
} else {
Document doc = XMLUtils.toDOMDocument(this.toString(true, true), SAMLUtils.debug);
// sign with SAML 1.1 spec & include cert in KeyInfo
signature = manager.signXML(doc, certAlias, null, RESPONSE_ID_ATTRIBUTE, getResponseID(), true, null);
signatureString = XMLUtils.print(signature);
}
signed = true;
xmlString = this.toString(true, true);
}
Also used :
XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager)
Document(org.w3c.dom.Document)
SAMLException(com.sun.identity.saml.common.SAMLException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Example 34 with XMLSignatureManager
use of com.sun.identity.saml.xmlsig.XMLSignatureManager in project OpenAM by OpenRock.
the class SAML2MetaSecurityUtils method sign.
/**
* Signs the entity descriptor root element by the following rules:
* <ul>
* <li>Hosted Entity</li>
* <ul>
* <li>If there is a signature already on the EntityDescriptor, removes it, then signs the EntityDescriptor.
* </li>
* <li>Simply signs the EntityDescriptor otherwise.</li>
* </ul>
* <li>Remote Entity</li>
* <ul>
* <li>If there is a signature already on the EntityDescriptor, then does not change it, but returns the
* Document with the original signature.
* </li>
* <li>Simply signs the EntityDescriptor otherwise</li>
* </ul>
* </ul>
* If there is no extended metadata for the entity, the entity is considered as remote.
*
* @param realm The realm where the EntityDescriptor belongs to.
* @param descriptor The entity descriptor.
* @return Signed <code>Document</code> for the entity descriptor or null if no metadata signing key is found in
* the configuration.
* @throws SAML2MetaException if unable to sign the entity descriptor.
* @throws JAXBException if the entity descriptor is invalid.
*/
public static Document sign(String realm, EntityDescriptorElement descriptor) throws JAXBException, SAML2MetaException {
if (descriptor == null) {
throw new SAML2MetaException("Unable to sign null descriptor");
}
SAML2MetaManager metaManager = new SAML2MetaManager();
EntityConfigElement cfgElem = metaManager.getEntityConfig(realm, descriptor.getEntityID());
boolean isHosted;
if (cfgElem == null) {
//if there is no EntityConfig, this is considered as a remote entity
isHosted = false;
} else {
isHosted = cfgElem.isHosted();
}
String signingCert = getRealmSetting(METADATA_SIGNING_KEY, realm);
if (signingCert == null) {
return null;
}
initializeKeyStore();
String xmlstr = SAML2MetaUtils.convertJAXBToString(descriptor);
xmlstr = formatBase64BinaryElement(xmlstr);
Document doc = XMLUtils.toDOMDocument(xmlstr, debug);
NodeList childNodes = doc.getDocumentElement().getChildNodes();
for (int i = 0; i < childNodes.getLength(); i++) {
Node node = childNodes.item(i);
if (node.getLocalName() != null && node.getLocalName().equals("Signature") && node.getNamespaceURI().equals(NS_XMLSIG)) {
if (isHosted) {
node.getParentNode().removeChild(node);
break;
} else {
//as that may be judged more accurately
return doc;
}
}
}
//we need to sign or re-sign the document, let's generate a new ID
String descriptorId = SAMLUtils.generateID();
doc.getDocumentElement().setAttribute(ATTR_ID, descriptorId);
XMLSignatureManager sigManager = XMLSignatureManager.getInstance();
try {
String xpath = "//*[local-name()=\"" + TAG_ENTITY_DESCRIPTOR + "\" and namespace-uri()=\"" + NS_META + "\"]/*[1]";
sigManager.signXMLUsingKeyPass(doc, signingCert, getRealmSetting(METADATA_SIGNING_KEY_PASS, realm), null, SAML2Constants.ID, descriptorId, true, xpath);
} catch (XMLSignatureException xmlse) {
if (debug.messageEnabled()) {
debug.message("SAML2MetaSecurityUtils.sign:", xmlse);
}
}
return doc;
}
Also used :
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager)
Document(org.w3c.dom.Document)
XMLSignatureException(com.sun.identity.saml.xmlsig.XMLSignatureException)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
Aggregations
XMLSignatureManager (com.sun.identity.saml.xmlsig.XMLSignatureManager)34
SAMLException (com.sun.identity.saml.common.SAMLException)22
SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)22
Document (org.w3c.dom.Document)17
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)15
ParseException (java.text.ParseException)10
FSException (com.sun.identity.federation.common.FSException)7
X509Certificate (java.security.cert.X509Certificate)7
SAMLVersionMismatchException (com.sun.identity.saml.common.SAMLVersionMismatchException)5
IOException (java.io.IOException)5
FSAssertion (com.sun.identity.federation.message.FSAssertion)4
SystemConfigurationException (com.sun.identity.common.SystemConfigurationException)3
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)3
SessionException (com.sun.identity.plugin.session.SessionException)3
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)2
FSNameIdentifierMappingResponse (com.sun.identity.federation.message.FSNameIdentifierMappingResponse)2
FSResponse (com.sun.identity.federation.message.FSResponse)2
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)2
PrintWriter (java.io.PrintWriter)2
Iterator (java.util.Iterator)2
