use of com.sun.identity.wsfederation.jaxb.wsfederation.TokenSigningKeyInfoElement in project OpenAM by OpenRock.
the class WSFederationMetaSecurityUtils method updateKeyDescriptor.
private static void updateKeyDescriptor(FederationElement desp, TokenSigningKeyInfoElement newKey) {
// NOTE : we only support one signing and one encryption key right now
// the code need to be change if we need to support multiple signing
// and/or encryption keys in one entity
List objList = desp.getAny();
for (Iterator iter = objList.iterator(); iter.hasNext(); ) {
Object o = iter.next();
if (o instanceof TokenSigningKeyInfoElement) {
iter.remove();
}
}
desp.getAny().add(0, newKey);
}
use of com.sun.identity.wsfederation.jaxb.wsfederation.TokenSigningKeyInfoElement in project OpenAM by OpenRock.
the class WSFederationMetaSecurityUtils method updateProviderKeyInfo.
/**
* Updates signing or encryption key info for SP or IDP.
* This will update both signing/encryption alias on extended metadata and
* certificates in standard metadata.
* @param realm Realm the entity resides.
* @param entityID ID of the entity to be updated.
* @param certAlias Alias of the certificate to be set to the entity. If
* null, will remove existing key information from the SP or IDP.
* @param isIDP true if this is for IDP signing/encryption alias, false
* if this is for SP signing/encryption alias
* @throws WSFederationMetaException if failed to update the certificate
* alias for the entity.
*/
public static void updateProviderKeyInfo(String realm, String entityID, String certAlias, boolean isIDP) throws WSFederationMetaException {
WSFederationMetaManager metaManager = new WSFederationMetaManager();
FederationConfigElement config = metaManager.getEntityConfig(realm, entityID);
if (!config.isHosted()) {
String[] args = { entityID, realm };
throw new WSFederationMetaException("entityNotHosted", args);
}
FederationElement desp = metaManager.getEntityDescriptor(realm, entityID);
if (isIDP) {
IDPSSOConfigElement idpConfig = metaManager.getIDPSSOConfig(realm, entityID);
if ((idpConfig == null) || (desp == null)) {
String[] args = { entityID, realm };
throw new WSFederationMetaException("entityNotIDP", args);
}
// update standard metadata
if ((certAlias == null) || (certAlias.length() == 0)) {
// remove key info
removeKeyDescriptor(desp);
setExtendedAttributeValue(idpConfig, SAML2Constants.SIGNING_CERT_ALIAS, null);
} else {
TokenSigningKeyInfoElement kde = getKeyDescriptor(certAlias);
updateKeyDescriptor(desp, kde);
// update extended metadata
Set value = new HashSet();
value.add(certAlias);
setExtendedAttributeValue(idpConfig, SAML2Constants.SIGNING_CERT_ALIAS, value);
}
} else {
SPSSOConfigElement spConfig = metaManager.getSPSSOConfig(realm, entityID);
if ((spConfig == null) || (desp == null)) {
String[] args = { entityID, realm };
throw new WSFederationMetaException("entityNotSP", args);
}
// update standard metadata
if ((certAlias == null) || (certAlias.length() == 0)) {
// remove key info
removeKeyDescriptor(desp);
setExtendedAttributeValue(spConfig, SAML2Constants.SIGNING_CERT_ALIAS, null);
} else {
TokenSigningKeyInfoElement kde = getKeyDescriptor(certAlias);
updateKeyDescriptor(desp, kde);
// update extended metadata
Set value = new HashSet();
value.add(certAlias);
setExtendedAttributeValue(spConfig, SAML2Constants.SIGNING_CERT_ALIAS, value);
}
}
metaManager.setFederation(realm, desp);
metaManager.setEntityConfig(realm, config);
}
use of com.sun.identity.wsfederation.jaxb.wsfederation.TokenSigningKeyInfoElement in project OpenAM by OpenRock.
the class CreateWSFedMetaDataTemplate method addWSFedIdentityProviderTemplate.
private static void addWSFedIdentityProviderTemplate(String entityId, com.sun.identity.wsfederation.jaxb.wsfederation.ObjectFactory objFactory, FederationElement fed, Map mapParams, String url) throws JAXBException, CertificateEncodingException {
if (url == null) {
url = getHostURL();
}
String idpAlias = (String) mapParams.get(MetaTemplateParameters.P_IDP);
String idpSCertAlias = (String) mapParams.get(MetaTemplateParameters.P_IDP_S_CERT);
String maStr = buildMetaAliasInURI(idpAlias);
if ((idpSCertAlias != null) && idpSCertAlias.length() > 0) {
com.sun.identity.wsfederation.jaxb.wsse.ObjectFactory secextObjFactory = new com.sun.identity.wsfederation.jaxb.wsse.ObjectFactory();
com.sun.identity.wsfederation.jaxb.xmlsig.ObjectFactory dsObjectFactory = new com.sun.identity.wsfederation.jaxb.xmlsig.ObjectFactory();
TokenSigningKeyInfoElement tski = objFactory.createTokenSigningKeyInfoElement();
SecurityTokenReferenceElement str = secextObjFactory.createSecurityTokenReferenceElement();
X509DataElement x509Data = dsObjectFactory.createX509DataElement();
X509Certificate x509Cert = dsObjectFactory.createX509DataTypeX509Certificate();
x509Cert.setValue(KeyUtil.getKeyProviderInstance().getX509Certificate(idpSCertAlias).getEncoded());
x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(x509Cert);
str.getAny().add(x509Data);
tski.setSecurityTokenReference(str);
fed.getAny().add(tski);
}
TokenIssuerNameElement tin = objFactory.createTokenIssuerNameElement();
tin.setValue(entityId);
fed.getAny().add(tin);
TokenIssuerEndpointElement tie = objFactory.createTokenIssuerEndpointElement();
com.sun.identity.wsfederation.jaxb.wsaddr.ObjectFactory addrObjFactory = new com.sun.identity.wsfederation.jaxb.wsaddr.ObjectFactory();
AttributedURIType auri = addrObjFactory.createAttributedURIType();
auri.setValue(url + "/WSFederationServlet" + maStr);
tie.setAddress(auri);
fed.getAny().add(tie);
TokenTypesOfferedElement tto = objFactory.createTokenTypesOfferedElement();
TokenType tt = objFactory.createTokenType();
tt.setUri(WSFederationConstants.URN_OASIS_NAMES_TC_SAML_11);
tto.getTokenType().add(tt);
fed.getAny().add(tto);
UriNamedClaimTypesOfferedElement uncto = objFactory.createUriNamedClaimTypesOfferedElement();
ClaimType ct = objFactory.createClaimType();
ct.setUri(WSFederationConstants.NAMED_CLAIM_TYPES[WSFederationConstants.NAMED_CLAIM_UPN]);
DisplayNameType dnt = objFactory.createDisplayNameType();
dnt.setValue(WSFederationConstants.NAMED_CLAIM_DISPLAY_NAMES[WSFederationConstants.NAMED_CLAIM_UPN]);
ct.setDisplayName(dnt);
uncto.getClaimType().add(ct);
fed.getAny().add(uncto);
}
Aggregations