use of com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType in project OpenAM by OpenRock.
the class KeyUtil method getVerificationCerts.
/**
* Returns the partner entity's signature verification certificate.
*
* @param roleDescriptor <code>RoleDescriptor</code> for the partner entity.
* @param entityID Partner entity's ID.
* @param role Entity's role.
* @return The set of signing {@link X509Certificate} for verifying the partner entity's signature.
*/
public static Set<X509Certificate> getVerificationCerts(RoleDescriptorType roleDescriptor, String entityID, String role) {
String classMethod = "KeyUtil.getVerificationCerts: ";
// first try to get it from cache
String index = entityID.trim() + "|" + role;
Set<X509Certificate> certificates = sigHash.get(index);
if (certificates != null) {
return certificates;
}
certificates = new LinkedHashSet<>(3);
// else get it from meta
if (roleDescriptor == null) {
SAML2SDKUtils.debug.error(classMethod + "Null RoleDescriptorType input for entityID=" + entityID + " in " + role + " role.");
return null;
}
List<KeyDescriptorType> keyDescriptors = getKeyDescriptors(roleDescriptor, SAML2Constants.SIGNING);
if (keyDescriptors.isEmpty()) {
SAML2SDKUtils.debug.error(classMethod + "No signing KeyDescriptor for entityID=" + entityID + " in " + role + " role.");
return certificates;
}
for (KeyDescriptorType keyDescriptor : keyDescriptors) {
certificates.add(getCert(keyDescriptor));
}
if (certificates.isEmpty()) {
SAML2SDKUtils.debug.error(classMethod + "No signing cert for entityID=" + entityID + " in " + role + " role.");
return null;
}
sigHash.put(index, certificates);
return certificates;
}
use of com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType in project OpenAM by OpenRock.
the class KeyUtil method getEncInfo.
/**
* Returns the encryption information which will be used in
* encrypting messages intended for the partner entity.
* @param roled <code>RoleDescriptor</code> for the partner entity
* @param entityID partner entity's ID
* @param role entity's role
* @return <code>EncInfo</code> which includes partner entity's
* public key for wrapping the secret key, data encryption algorithm,
* and data encryption strength
*/
public static EncInfo getEncInfo(RoleDescriptorType roled, String entityID, String role) {
String classMethod = "KeyUtil.getEncInfo: ";
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message(classMethod + "Entering... \nEntityID=" + entityID + "\nRole=" + role);
}
// first try to get it from cache
String index = entityID.trim() + "|" + role;
EncInfo encInfo = (EncInfo) encHash.get(index);
if (encInfo != null) {
return encInfo;
}
// else get it from meta
if (roled == null) {
SAML2SDKUtils.debug.error(classMethod + "Null RoleDescriptorType input for entityID=" + entityID + " in " + role + " role.");
return null;
}
KeyDescriptorType kd = getKeyDescriptor(roled, SAML2Constants.ENCRYPTION);
if (kd == null) {
SAML2SDKUtils.debug.error(classMethod + "No encryption KeyDescriptor for entityID=" + entityID + " in " + role + " role.");
return null;
}
java.security.cert.X509Certificate cert = getCert(kd);
if (cert == null) {
SAML2SDKUtils.debug.error(classMethod + "No encryption cert for entityID=" + entityID + " in " + role + " role.");
return null;
}
List emList = kd.getEncryptionMethod();
EncryptionMethodType em = null;
String algorithm = null;
int keySize = 0;
if (emList != null && !emList.isEmpty()) {
em = (EncryptionMethodType) emList.get(0);
if (em != null) {
algorithm = em.getAlgorithm();
List cList = em.getContent();
if (cList != null) {
Iterator cIter = cList.iterator();
while (cIter.hasNext()) {
Object cObject = cIter.next();
if (cObject instanceof EncryptionMethodType.KeySize) {
keySize = ((EncryptionMethodType.KeySize) (cList.get(0))).getValue().intValue();
break;
}
}
}
}
}
if (algorithm == null || algorithm.length() == 0) {
algorithm = XMLCipher.AES_128;
keySize = 128;
}
PublicKey pk = cert.getPublicKey();
if (pk != null) {
encInfo = new EncInfo(pk, algorithm, keySize);
}
if (encInfo != null) {
encHash.put(index, encInfo);
}
return encInfo;
}
use of com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType in project OpenAM by OpenRock.
the class KeyUtil method getKeyDescriptors.
/**
* Returns the {@link KeyDescriptorType}s from {@link RoleDescriptorType} that matches the requested usage.
* KeyDescriptors without usage defined are also included in this list, as by definition they should be suitable for
* any purposes.
*
* @param roleDescriptor {@link RoleDescriptorType} which contains {@link KeyDescriptorType}s.
* @param usage Type of the {@link KeyDescriptorType}s to be retrieved. Its value is "encryption" or "signing".
* @return {@link KeyDescriptorType}s in {@link RoleDescriptorType} that matched the usage type.
*/
public static List<KeyDescriptorType> getKeyDescriptors(RoleDescriptorType roleDescriptor, String usage) {
List<KeyDescriptorType> keyDescriptors = roleDescriptor.getKeyDescriptor();
List<KeyDescriptorType> matches = new ArrayList<>(keyDescriptors.size());
List<KeyDescriptorType> keyDescriptorsWithoutUsage = new ArrayList<>(keyDescriptors.size());
for (KeyDescriptorType keyDescriptor : keyDescriptors) {
String use = keyDescriptor.getUse();
if (StringUtils.isBlank(use)) {
keyDescriptorsWithoutUsage.add(keyDescriptor);
} else if (use.trim().toLowerCase().equals(usage)) {
matches.add(keyDescriptor);
}
}
matches.addAll(keyDescriptorsWithoutUsage);
return matches;
}
use of com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType in project OpenAM by OpenRock.
the class SAML2MetaSecurityUtils method removeKeyDescriptor.
private static void removeKeyDescriptor(RoleDescriptorType desp, boolean isSigningUse) {
List keys = desp.getKeyDescriptor();
for (Iterator iter = keys.iterator(); iter.hasNext(); ) {
KeyDescriptorElement key = (KeyDescriptorElement) iter.next();
String keyUse = "encryption";
if (isSigningUse) {
keyUse = "signing";
}
if ((key.getUse() != null) && key.getUse().equalsIgnoreCase(keyUse)) {
iter.remove();
}
}
}
use of com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType in project OpenAM by OpenRock.
the class AssertionIDRequestUtil method getRoleDescriptorAndLocation.
private static RoleDescriptorType getRoleDescriptorAndLocation(String samlAuthorityEntityID, String role, String realm, String binding, StringBuffer location) throws SAML2Exception {
List aIDReqServices = null;
RoleDescriptorType roled = null;
try {
if (role == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedRole"));
} else if (role.equals(SAML2Constants.IDP_ROLE)) {
IDPSSODescriptorElement idpd = metaManager.getIDPSSODescriptor(realm, samlAuthorityEntityID);
if (idpd == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("idpNotFound"));
}
aIDReqServices = idpd.getAssertionIDRequestService();
roled = idpd;
} else if (role.equals(SAML2Constants.AUTHN_AUTH_ROLE)) {
AuthnAuthorityDescriptorElement attrd = metaManager.getAuthnAuthorityDescriptor(realm, samlAuthorityEntityID);
if (attrd == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("authnAuthorityNotFound"));
}
aIDReqServices = attrd.getAssertionIDRequestService();
roled = attrd;
} else if (role.equals(SAML2Constants.ATTR_AUTH_ROLE)) {
AttributeAuthorityDescriptorElement aad = metaManager.getAttributeAuthorityDescriptor(realm, samlAuthorityEntityID);
if (aad == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("attrAuthorityNotFound"));
}
aIDReqServices = aad.getAssertionIDRequestService();
roled = aad;
} else {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedRole"));
}
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error("AssertionIDRequest.getRoleDescriptorAndLocation:", sme);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
if (binding == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
if ((aIDReqServices == null) || (aIDReqServices.isEmpty())) {
throw new SAML2Exception(SAML2Utils.bundle.getString("aIDReqServiceNotFound"));
}
for (Iterator iter = aIDReqServices.iterator(); iter.hasNext(); ) {
AssertionIDRequestServiceElement aIDReqService = (AssertionIDRequestServiceElement) iter.next();
if (binding.equalsIgnoreCase(aIDReqService.getBinding())) {
location.append(aIDReqService.getLocation());
break;
}
}
if (location.length() == 0) {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
return roled;
}
Aggregations