use of com.sun.identity.saml2.protocol.LogoutRequest in project OpenAM by OpenRock.
the class LogoutUtil method setNameIDForSLORequest.
public static void setNameIDForSLORequest(LogoutRequest request, NameID nameID, String realm, String hostEntity, String hostEntityRole, String remoteEntity) throws SAML2Exception, SessionException {
String method = "setNameIDForSLORequest: ";
boolean needEncryptIt = false;
if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
needEncryptIt = SAML2Utils.getWantNameIDEncrypted(realm, remoteEntity, SAML2Constants.SP_ROLE);
} else {
needEncryptIt = SAML2Utils.getWantNameIDEncrypted(realm, remoteEntity, SAML2Constants.IDP_ROLE);
}
if (needEncryptIt == false) {
if (debug.messageEnabled()) {
debug.message(method + "NamID doesn't need to be encrypted.");
}
request.setNameID(nameID);
return;
}
EncInfo encryptInfo = null;
KeyDescriptorType keyDescriptor = null;
if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
SPSSODescriptorElement spSSODesc = metaManager.getSPSSODescriptor(realm, remoteEntity);
keyDescriptor = KeyUtil.getKeyDescriptor(spSSODesc, "encryption");
encryptInfo = KeyUtil.getEncInfo(spSSODesc, remoteEntity, SAML2Constants.SP_ROLE);
} else {
IDPSSODescriptorElement idpSSODesc = metaManager.getIDPSSODescriptor(realm, remoteEntity);
keyDescriptor = KeyUtil.getKeyDescriptor(idpSSODesc, "encryption");
encryptInfo = KeyUtil.getEncInfo(idpSSODesc, remoteEntity, SAML2Constants.IDP_ROLE);
}
if (debug.messageEnabled()) {
debug.message(method + "realm is : " + realm);
debug.message(method + "hostEntity is : " + hostEntity);
debug.message(method + "Host Entity role is : " + hostEntityRole);
debug.message(method + "remoteEntity is : " + remoteEntity);
}
if (encryptInfo == null) {
debug.error("NO meta data for encrypt Info.");
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
X509Certificate certificate = KeyUtil.getCert(keyDescriptor);
PublicKey recipientPublicKey = certificate.getPublicKey();
EncryptedID encryptedID = nameID.encrypt(recipientPublicKey, encryptInfo.getDataEncAlgorithm(), encryptInfo.getDataEncStrength(), remoteEntity);
request.setEncryptedID(encryptedID);
}
use of com.sun.identity.saml2.protocol.LogoutRequest in project OpenAM by OpenRock.
the class LogoutUtil method forwardToRemoteServer.
static LogoutResponse forwardToRemoteServer(LogoutRequest logoutReq, String remoteLogoutURL) {
if (debug.messageEnabled()) {
debug.message("LogoutUtil.forwardToRemoteServer: " + "remoteLogoutURL = " + remoteLogoutURL);
}
try {
SOAPMessage resMsg = SOAPCommunicator.getInstance().sendSOAPMessage(logoutReq.toXMLString(true, true), remoteLogoutURL, true);
// get the LogoutResponse element from SOAP message
Element respElem = SOAPCommunicator.getInstance().getSamlpElement(resMsg, "LogoutResponse");
return ProtocolFactory.getInstance().createLogoutResponse(respElem);
} catch (Exception ex) {
if (debug.messageEnabled()) {
debug.message("LogoutUtil.forwardToRemoteServer:", ex);
}
}
return null;
}
use of com.sun.identity.saml2.protocol.LogoutRequest in project OpenAM by OpenRock.
the class LogoutUtil method getLogoutRequestFromPost.
static LogoutRequest getLogoutRequestFromPost(String samlRequest, HttpServletResponse response) throws SAML2Exception {
if (samlRequest == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("missingLogoutRequest"));
}
LogoutRequest req = null;
ByteArrayInputStream bis = null;
try {
byte[] raw = Base64.decode(samlRequest);
if (raw != null) {
bis = new ByteArrayInputStream(raw);
Document doc = XMLUtils.toDOMDocument(bis, debug);
if (doc != null) {
req = ProtocolFactory.getInstance().createLogoutRequest(doc.getDocumentElement());
}
}
} catch (Exception e) {
debug.error("LogoutUtil.getLogoutRequestFromPost:", e);
} finally {
if (bis != null) {
try {
bis.close();
} catch (Exception ie) {
if (debug.messageEnabled()) {
debug.message("LogoutUtil.getLogoutRequestFromPost:", ie);
}
}
}
}
if (req == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("errorGettingLogoutRequest"));
}
return req;
}
use of com.sun.identity.saml2.protocol.LogoutRequest in project OpenAM by OpenRock.
the class LogoutUtil method getNameIDFromSLORequest.
static NameID getNameIDFromSLORequest(LogoutRequest request, String realm, String hostEntity, String hostEntityRole) throws SAML2Exception {
String method = "getNameIDFromSLORequest: ";
boolean needDecryptIt = SAML2Utils.getWantNameIDEncrypted(realm, hostEntity, hostEntityRole);
if (needDecryptIt == false) {
if (debug.messageEnabled()) {
debug.message(method + "NamID doesn't need to be decrypted.");
}
return request.getNameID();
}
if (debug.messageEnabled()) {
debug.message(method + "realm is : " + realm);
debug.message(method + "hostEntity is : " + hostEntity);
debug.message(method + "Host Entity role is : " + hostEntityRole);
}
EncryptedID encryptedID = request.getEncryptedID();
return encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, hostEntity, hostEntityRole));
}
use of com.sun.identity.saml2.protocol.LogoutRequest in project OpenAM by OpenRock.
the class LogoutUtil method signSLORequest.
static void signSLORequest(LogoutRequest sloRequest, String realm, String hostEntity, String hostEntityRole, String remoteEntity, boolean includeCert) throws SAML2Exception {
String method = "signSLORequest : ";
boolean needRequestSign = false;
if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
needRequestSign = SAML2Utils.getWantLogoutRequestSigned(realm, remoteEntity, SAML2Constants.SP_ROLE);
} else {
needRequestSign = SAML2Utils.getWantLogoutRequestSigned(realm, remoteEntity, SAML2Constants.IDP_ROLE);
}
if (needRequestSign == false) {
if (debug.messageEnabled()) {
debug.message(method + "SLORequest doesn't need to be signed.");
}
return;
}
String alias = SAML2Utils.getSigningCertAlias(realm, hostEntity, hostEntityRole);
String encryptedKeyPass = SAML2Utils.getSigningCertEncryptedKeyPass(realm, hostEntity, hostEntityRole);
if (debug.messageEnabled()) {
debug.message(method + "realm is : " + realm);
debug.message(method + "hostEntity is : " + hostEntity);
debug.message(method + "Host Entity role is : " + hostEntityRole);
debug.message(method + "Cert Alias is : " + alias);
debug.message(method + "SLO Request before sign : " + sloRequest.toXMLString(true, true));
if (encryptedKeyPass != null && !encryptedKeyPass.isEmpty()) {
debug.message(method + "Using provided Cert KeyPass");
}
}
PrivateKey signingKey;
if (encryptedKeyPass == null || encryptedKeyPass.isEmpty()) {
signingKey = keyProvider.getPrivateKey(alias);
} else {
signingKey = keyProvider.getPrivateKey(alias, encryptedKeyPass);
}
X509Certificate signingCert = null;
if (includeCert) {
signingCert = keyProvider.getX509Certificate(alias);
}
if (signingKey != null) {
sloRequest.sign(signingKey, signingCert);
} else {
debug.error("Incorrect configuration for Signing Certificate.");
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
if (debug.messageEnabled()) {
debug.message(method + "SLO Request after sign : " + sloRequest.toXMLString(true, true));
}
}
Aggregations