Example 11 with RoleDescriptorType
use of com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType in project OpenAM by OpenRock.
the class AssertionIDRequestUtil method verifyResponse.
private static void verifyResponse(Response response, AssertionIDRequest assertionIDRequest, String samlAuthorityEntityID, String role, RoleDescriptorType roled) throws SAML2Exception {
String aIDReqID = assertionIDRequest.getID();
if ((aIDReqID != null) && (!aIDReqID.equals(response.getInResponseTo()))) {
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidInResponseToAssertionIDRequest"));
}
Issuer respIssuer = response.getIssuer();
if (respIssuer == null) {
return;
}
if (!samlAuthorityEntityID.equals(respIssuer.getValue())) {
throw new SAML2Exception(SAML2Utils.bundle.getString("responseIssuerMismatch"));
}
Set<X509Certificate> signingCerts = KeyUtil.getVerificationCerts(roled, samlAuthorityEntityID, role);
if (!signingCerts.isEmpty()) {
boolean valid = response.isSignatureValid(signingCerts);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AssertionIDRequestUtil .verifyResponse: " + "Signature validity is : " + valid);
}
if (!valid) {
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignatureOnResponse"));
}
} else {
throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Issuer(com.sun.identity.saml2.assertion.Issuer)
X509Certificate(java.security.cert.X509Certificate)
Example 12 with RoleDescriptorType
use of com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType in project OpenAM by OpenRock.
the class NameIDMapping method getEncryptedID.
static EncryptedID getEncryptedID(NameID nameID, String realm, String entityID, String role) throws SAML2Exception {
RoleDescriptorType roled = null;
if (role.equals(SAML2Constants.SP_ROLE)) {
roled = metaManager.getSPSSODescriptor(realm, entityID);
} else {
roled = metaManager.getIDPSSODescriptor(realm, entityID);
}
EncInfo encInfo = KeyUtil.getEncInfo(roled, entityID, role);
if (encInfo == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("UnableToFindEncryptKeyInfo"));
}
EncryptedID encryptedID = nameID.encrypt(encInfo.getWrappingKey(), encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength(), entityID);
return encryptedID;
}
Also used :
EncInfo(com.sun.identity.saml2.key.EncInfo)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
RoleDescriptorType(com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType)
EncryptedID(com.sun.identity.saml2.assertion.EncryptedID)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)6
KeyDescriptorType (com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType)5
RoleDescriptorType (com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType)5
ArrayList (java.util.ArrayList)4
Iterator (java.util.Iterator)4
List (java.util.List)4
X509Certificate (java.security.cert.X509Certificate)3
Issuer (com.sun.identity.saml2.assertion.Issuer)2
AssertionIDRequestServiceElement (com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement)2
AttributeAuthorityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)2
AuthnAuthorityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement)2
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)2
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)2
Response (com.sun.identity.saml2.protocol.Response)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
Assertion (com.sun.identity.saml2.assertion.Assertion)1
AssertionIDRef (com.sun.identity.saml2.assertion.AssertionIDRef)1
EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)1
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)1
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)1
