Examples with KeyDescriptorType com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType used on opensource projects

Search in sources :

Example 6 with KeyDescriptorType

use of com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType in project OpenAM by OpenRock.

the class SAML2MetaSecurityUtils method updateProviderKeyInfo.

/**
     * Updates signing or encryption key info for SP or IDP. 
     * This will update both signing/encryption alias on extended metadata and
     * certificates in standard metadata. 
     * @param realm Realm the entity resides.
     * @param entityID ID of the entity to be updated.  
     * @param certAliases The set of certificate aliases to be set for the entity. If null or empty, existing key
     *                    information will be removed from the SP or IDP.
     * @param isSigning true if this is signing certificate alias, false if 
     *        this is encryption certification alias.
     * @param isIDP true if this is for IDP signing/encryption alias, false
     *        if this is for SP signing/encryption alias
     * @param encAlgo Encryption algorithm URI, this is applicable for
     *        encryption cert only.
     * @param keySize Encryption key size, this is applicable for
     *        encryption cert only. 
     * @throws SAML2MetaException if failed to update the certificate alias 
     *        for the entity.
     */
public static void updateProviderKeyInfo(String realm, String entityID, Set<String> certAliases, boolean isSigning, boolean isIDP, String encAlgo, int keySize) throws SAML2MetaException {
    SAML2MetaManager metaManager = new SAML2MetaManager();
    EntityConfigElement config = metaManager.getEntityConfig(realm, entityID);
    if (!config.isHosted()) {
        String[] args = { entityID, realm };
        throw new SAML2MetaException("entityNotHosted", args);
    }
    EntityDescriptorElement desp = metaManager.getEntityDescriptor(realm, entityID);
    BaseConfigType baseConfig;
    RoleDescriptorType descriptor;
    if (isIDP) {
        baseConfig = SAML2MetaUtils.getIDPSSOConfig(config);
        descriptor = SAML2MetaUtils.getIDPSSODescriptor(desp);
        if (baseConfig == null || descriptor == null) {
            String[] args = { entityID, realm };
            throw new SAML2MetaException("entityNotIDP", args);
        }
    } else {
        baseConfig = SAML2MetaUtils.getSPSSOConfig(config);
        descriptor = SAML2MetaUtils.getSPSSODescriptor(desp);
        if (baseConfig == null || descriptor == null) {
            String[] args = { entityID, realm };
            throw new SAML2MetaException("entityNotSP", args);
        }
    }
    // update standard metadata
    if (CollectionUtils.isEmpty(certAliases)) {
        // remove key info
        removeKeyDescriptor(descriptor, isSigning);
        if (isSigning) {
            setExtendedAttributeValue(baseConfig, SAML2Constants.SIGNING_CERT_ALIAS, null);
        } else {
            setExtendedAttributeValue(baseConfig, SAML2Constants.ENCRYPTION_CERT_ALIAS, null);
        }
    } else {
        Set<KeyDescriptorType> keyDescriptors = new LinkedHashSet<>(certAliases.size());
        for (String certAlias : certAliases) {
            keyDescriptors.add(getKeyDescriptor(certAlias, isSigning, encAlgo, keySize));
        }
        updateKeyDescriptor(descriptor, keyDescriptors);
        // update extended metadata
        if (isSigning) {
            setExtendedAttributeValue(baseConfig, SAML2Constants.SIGNING_CERT_ALIAS, certAliases);
        } else {
            setExtendedAttributeValue(baseConfig, SAML2Constants.ENCRYPTION_CERT_ALIAS, certAliases);
        }
    }
    metaManager.setEntityDescriptor(realm, desp);
    metaManager.setEntityConfig(realm, config);
}
Also used : BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType) LinkedHashSet(java.util.LinkedHashSet) RoleDescriptorType(com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType) KeyDescriptorType(com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)

Example 7 with KeyDescriptorType

use of com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType in project OpenAM by OpenRock.

the class SAML2MetaSecurityUtils method updateKeyDescriptor.

private static void updateKeyDescriptor(RoleDescriptorType desp, Set<KeyDescriptorType> keyDescriptors) {
    String use = keyDescriptors.iterator().next().getUse();
    List<KeyDescriptorType> keys = desp.getKeyDescriptor();
    Iterator<KeyDescriptorType> iterator = keys.iterator();
    while (iterator.hasNext()) {
        final KeyDescriptorType keyDescriptor = iterator.next();
        if (keyDescriptor.getUse().equalsIgnoreCase(use)) {
            iterator.remove();
        }
    }
    desp.getKeyDescriptor().addAll(keyDescriptors);
}
Also used : KeyDescriptorType(com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType)

Example 8 with KeyDescriptorType

use of com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType in project OpenAM by OpenRock.

the class LogoutUtil method setNameIDForSLORequest.

public static void setNameIDForSLORequest(LogoutRequest request, NameID nameID, String realm, String hostEntity, String hostEntityRole, String remoteEntity) throws SAML2Exception, SessionException {
    String method = "setNameIDForSLORequest: ";
    boolean needEncryptIt = false;
    if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
        needEncryptIt = SAML2Utils.getWantNameIDEncrypted(realm, remoteEntity, SAML2Constants.SP_ROLE);
    } else {
        needEncryptIt = SAML2Utils.getWantNameIDEncrypted(realm, remoteEntity, SAML2Constants.IDP_ROLE);
    }
    if (needEncryptIt == false) {
        if (debug.messageEnabled()) {
            debug.message(method + "NamID doesn't need to be encrypted.");
        }
        request.setNameID(nameID);
        return;
    }
    EncInfo encryptInfo = null;
    KeyDescriptorType keyDescriptor = null;
    if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
        SPSSODescriptorElement spSSODesc = metaManager.getSPSSODescriptor(realm, remoteEntity);
        keyDescriptor = KeyUtil.getKeyDescriptor(spSSODesc, "encryption");
        encryptInfo = KeyUtil.getEncInfo(spSSODesc, remoteEntity, SAML2Constants.SP_ROLE);
    } else {
        IDPSSODescriptorElement idpSSODesc = metaManager.getIDPSSODescriptor(realm, remoteEntity);
        keyDescriptor = KeyUtil.getKeyDescriptor(idpSSODesc, "encryption");
        encryptInfo = KeyUtil.getEncInfo(idpSSODesc, remoteEntity, SAML2Constants.IDP_ROLE);
    }
    if (debug.messageEnabled()) {
        debug.message(method + "realm is : " + realm);
        debug.message(method + "hostEntity is : " + hostEntity);
        debug.message(method + "Host Entity role is : " + hostEntityRole);
        debug.message(method + "remoteEntity is : " + remoteEntity);
    }
    if (encryptInfo == null) {
        debug.error("NO meta data for encrypt Info.");
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }
    X509Certificate certificate = KeyUtil.getCert(keyDescriptor);
    PublicKey recipientPublicKey = certificate.getPublicKey();
    EncryptedID encryptedID = nameID.encrypt(recipientPublicKey, encryptInfo.getDataEncAlgorithm(), encryptInfo.getDataEncStrength(), remoteEntity);
    request.setEncryptedID(encryptedID);
}
Also used : EncInfo(com.sun.identity.saml2.key.EncInfo) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) PublicKey(java.security.PublicKey) KeyDescriptorType(com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType) EncryptedID(com.sun.identity.saml2.assertion.EncryptedID) X509Certificate(java.security.cert.X509Certificate) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)

Aggregations

KeyDescriptorType (com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType)7 X509Certificate (java.security.cert.X509Certificate)4 PublicKey (java.security.PublicKey)2 ArrayList (java.util.ArrayList)2 Iterator (java.util.Iterator)2 EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)1 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)1 BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)1 EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)1 EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)1 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)1 RoleDescriptorType (com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType)1 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)1 com.sun.identity.saml2.jaxb.xmlsig (com.sun.identity.saml2.jaxb.xmlsig)1 EncInfo (com.sun.identity.saml2.key.EncInfo)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 CertificateFactory (java.security.cert.CertificateFactory)1 LinkedHashSet (java.util.LinkedHashSet)1 List (java.util.List)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial