use of com.sun.identity.saml2.jaxb.xmlsig in project OpenAM by OpenRock.
the class UpdateMetadataKeyInfo method handleSAML2Request.
private void handleSAML2Request(RequestContext rc) throws CLIException {
try {
SAML2MetaManager metaManager = new SAML2MetaManager(ssoToken);
com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement descriptor = metaManager.getEntityDescriptor(realm, entityID);
if (descriptor == null) {
Object[] objs2 = { entityID, realm };
throw new CLIException(MessageFormat.format(getResourceString("update-meta-keyinfo-exception-entity-not-exist"), objs2), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
if (!isEmpty(spSigningAliases)) {
if (NULL_ALIAS.equals(getFirstItem(spSigningAliases))) {
SAML2MetaSecurityUtils.updateProviderKeyInfo(realm, entityID, null, true, false, null, 0);
} else {
SAML2MetaSecurityUtils.updateProviderKeyInfo(realm, entityID, new LinkedHashSet<>(spSigningAliases), true, false, null, 0);
}
}
if (!isEmpty(idpSigningAliases)) {
if (NULL_ALIAS.equals(getFirstItem(idpSigningAliases))) {
SAML2MetaSecurityUtils.updateProviderKeyInfo(realm, entityID, null, true, true, null, 0);
} else {
SAML2MetaSecurityUtils.updateProviderKeyInfo(realm, entityID, new LinkedHashSet<>(idpSigningAliases), true, true, null, 0);
}
}
if (!isEmpty(spEncryptionAliases)) {
if (NULL_ALIAS.equals(getFirstItem(spEncryptionAliases))) {
SAML2MetaSecurityUtils.updateProviderKeyInfo(realm, entityID, null, false, false, XMLCipher.AES_128, 128);
} else {
SAML2MetaSecurityUtils.updateProviderKeyInfo(realm, entityID, new LinkedHashSet<>(spEncryptionAliases), false, false, XMLCipher.AES_128, 128);
}
}
if (!isEmpty(idpEncryptionAliases)) {
if (NULL_ALIAS.equals(getFirstItem(idpEncryptionAliases))) {
SAML2MetaSecurityUtils.updateProviderKeyInfo(realm, entityID, null, false, true, XMLCipher.AES_128, 128);
} else {
SAML2MetaSecurityUtils.updateProviderKeyInfo(realm, entityID, new LinkedHashSet<>(idpEncryptionAliases), false, true, XMLCipher.AES_128, 128);
}
}
Object[] objs = { entityID };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("update-keyinfo-succeeded"), objs));
} catch (SAML2Exception e) {
SAML2MetaUtils.debug.error("UpdateMetaKey.handleSAML2Request", e);
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
use of com.sun.identity.saml2.jaxb.xmlsig in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method savesoapMni.
/**
* Saves the Soap ManageNameID Service.
*
* @param mnisoapLocation is the location url.
* @param manageNameIdList the live list to be updated.
* @param objFact the Object Factory class.
* @throws JAXBException if save fails.
*/
private void savesoapMni(String mnisoapLocation, List manageNameIdList, com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact) throws JAXBException {
if (mnisoapLocation != null && mnisoapLocation.length() > 0) {
ManageNameIDServiceElement slsElemSoap = objFact.createManageNameIDServiceElement();
slsElemSoap.setBinding(soapBinding);
slsElemSoap.setLocation(mnisoapLocation);
manageNameIdList.add(slsElemSoap);
}
}
use of com.sun.identity.saml2.jaxb.xmlsig in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method savesoapLogout.
/**
* Saves the Soap Single Logout Service.
*
* @param losoapLocation is the location url.
* @param logList the live list to be updated.
* @param objFact the Object Factory class.
* @throws JAXBException if save fails.
*/
private void savesoapLogout(String losoapLocation, List logList, com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact) throws JAXBException {
if (losoapLocation != null && losoapLocation.length() > 0) {
SingleLogoutServiceElement slsElemSoap = objFact.createSingleLogoutServiceElement();
slsElemSoap.setBinding(soapBinding);
slsElemSoap.setLocation(losoapLocation);
logList.add(slsElemSoap);
}
}
use of com.sun.identity.saml2.jaxb.xmlsig in project OpenAM by OpenRock.
the class XACMLAuthzDecisionQueryHandler method createSamlpResponse.
private com.sun.identity.saml2.protocol.Response createSamlpResponse(XACMLAuthzDecisionStatement statement, String statusCodeValue) throws XACMLException, SAML2Exception {
com.sun.identity.saml2.protocol.Response samlpResponse = ProtocolFactory.getInstance().createResponse();
samlpResponse.setID("response-id:1");
samlpResponse.setVersion("2.0");
samlpResponse.setIssueInstant(new Date());
com.sun.identity.saml2.protocol.StatusCode samlStatusCode = ProtocolFactory.getInstance().createStatusCode();
samlStatusCode.setValue(statusCodeValue);
com.sun.identity.saml2.protocol.Status samlStatus = ProtocolFactory.getInstance().createStatus();
samlStatus.setStatusCode(samlStatusCode);
samlpResponse.setStatus(samlStatus);
Assertion assertion = AssertionFactory.getInstance().createAssertion();
assertion.setVersion("2.0");
assertion.setID("response-id:1");
assertion.setIssueInstant(new Date());
Issuer issuer = AssertionFactory.getInstance().createIssuer();
issuer.setValue("issuer-1");
assertion.setIssuer(issuer);
List statements = new ArrayList();
statements.add(//add decisionstatement
statement.toXMLString(true, true));
assertion.setStatements(statements);
List assertions = new ArrayList();
assertions.add(assertion);
samlpResponse.setAssertion(assertions);
return samlpResponse;
}
use of com.sun.identity.saml2.jaxb.xmlsig in project OpenAM by OpenRock.
the class KeyUtil method getCert.
/**
* Returns certificate stored in <code>KeyDescriptorType</code>.
* @param kd <code>KeyDescriptorType</code> which contains certificate info
* @return X509Certificate contained in <code>KeyDescriptorType</code>; or
* <code>null</code> if no certificate is included.
*/
public static java.security.cert.X509Certificate getCert(KeyDescriptorType kd) {
String classMethod = "KeyUtil.getCert: ";
KeyInfoType ki = kd.getKeyInfo();
if (ki == null) {
SAML2SDKUtils.debug.error(classMethod + "No KeyInfo.");
return null;
}
//iterate and search the X509DataElement node
Iterator it = ki.getContent().iterator();
X509DataElement data = null;
while ((data == null) && it.hasNext()) {
Object content = it.next();
if (content instanceof X509DataElement) {
data = (X509DataElement) content;
}
}
if (data == null) {
SAML2SDKUtils.debug.error(classMethod + "No X509DataElement.");
return null;
}
//iterate and search the X509Certificate node
it = data.getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator();
com.sun.identity.saml2.jaxb.xmlsig.X509DataType.X509Certificate cert = null;
while ((cert == null) && it.hasNext()) {
Object content = it.next();
if (content instanceof com.sun.identity.saml2.jaxb.xmlsig.X509DataType.X509Certificate) {
cert = (com.sun.identity.saml2.jaxb.xmlsig.X509DataType.X509Certificate) content;
}
}
if (cert == null) {
SAML2SDKUtils.debug.error(classMethod + "No X509Certificate.");
return null;
}
byte[] bt = cert.getValue();
CertificateFactory cf = null;
try {
cf = CertificateFactory.getInstance("X.509");
} catch (java.security.cert.CertificateException ce) {
SAML2SDKUtils.debug.error(classMethod + "Unable to get CertificateFactory " + "for X.509 type", ce);
return null;
}
ByteArrayInputStream bais = new ByteArrayInputStream(bt);
java.security.cert.X509Certificate retCert = null;
try {
while (bais.available() > 0) {
retCert = (java.security.cert.X509Certificate) cf.generateCertificate(bais);
}
} catch (java.security.cert.CertificateException ce) {
SAML2SDKUtils.debug.error(classMethod + "Unable to generate certificate from byte " + "array input stream.", ce);
return null;
}
return retCert;
}
Aggregations