Examples with KeyInfo javax.xml.crypto.dsig.keyinfo.KeyInfo used on opensource projects

Example 21 with KeyInfo

use of javax.xml.crypto.dsig.keyinfo.KeyInfo in project santuario-java by apache.

the class KeyInfoTest method testgetId.

@org.junit.Test
public void testgetId() {
    KeyInfo ki = fac.newKeyInfo(Collections.singletonList(fac.newKeyName("foo")), "skeleton");
    assertNotNull(ki.getId());
}

Example 22 with KeyInfo

use of javax.xml.crypto.dsig.keyinfo.KeyInfo in project keycloak by keycloak.

the class HttpAdapterUtils method downloadKeysFromSamlDescriptor.

public static MultivaluedHashMap<String, KeyInfo> downloadKeysFromSamlDescriptor(HttpClient client, String descriptorUrl) throws HttpClientAdapterException {
    try {
        HttpGet httpRequest = new HttpGet(descriptorUrl);
        HttpResponse response = client.execute(httpRequest);
        int status = response.getStatusLine().getStatusCode();
        if (status != HttpStatus.SC_OK) {
            EntityUtils.consumeQuietly(response.getEntity());
            throw new HttpClientAdapterException("Unexpected status = " + status);
        }
        HttpEntity entity = response.getEntity();
        if (entity == null) {
            throw new HttpClientAdapterException("There was no entity.");
        }
        MultivaluedHashMap<String, KeyInfo> res;
        try (InputStream is = entity.getContent()) {
            res = extractKeysFromSamlDescriptor(is);
        }
        EntityUtils.consumeQuietly(entity);
        return res;
    } catch (IOException | ParsingException e) {
        throw new HttpClientAdapterException("IO error", e);
    }
}

Example 23 with KeyInfo

use of javax.xml.crypto.dsig.keyinfo.KeyInfo in project keycloak by keycloak.

the class SamlDescriptorPublicKeyLocator method refreshCertificateCacheAndGet.

private synchronized PublicKey refreshCertificateCacheAndGet(String kid) {
    if (this.descriptorUrl == null) {
        return null;
    }
    this.lastRequestTime = Time.currentTime();
    LOG.debugf("Refreshing public key cache from %s", this.descriptorUrl);
    List<KeyInfo> signingCerts;
    try {
        MultivaluedHashMap<String, KeyInfo> certs = HttpAdapterUtils.downloadKeysFromSamlDescriptor(client, this.descriptorUrl);
        signingCerts = certs.get(KeyTypes.SIGNING.value());
    } catch (HttpClientAdapterException ex) {
        LOG.error("Could not refresh certificates from the server", ex);
        return null;
    }
    if (signingCerts == null) {
        return null;
    }
    LOG.debugf("Certificates retrieved from server, filling public key cache");
    // Only clear cache after it is certain that the SAML descriptor has been read successfully
    this.publicKeyCache.clear();
    for (KeyInfo ki : signingCerts) {
        KeyName keyName = KeyInfoTools.getKeyName(ki);
        X509Certificate x509certificate = KeyInfoTools.getX509Certificate(ki);
        if (x509certificate == null) {
            continue;
        }
        try {
            x509certificate.checkValidity();
        } catch (CertificateException ex) {
            continue;
        }
        if (keyName != null) {
            LOG.tracef("Registering signing certificate %s", keyName.getName());
            this.publicKeyCache.put(keyName.getName(), x509certificate.getPublicKey());
        } else {
            final X500Principal principal = x509certificate.getSubjectX500Principal();
            String name = (principal == null ? "unnamed" : principal.getName()) + "@" + x509certificate.getSerialNumber() + "$" + UUID.randomUUID();
            this.publicKeyCache.put(name, x509certificate.getPublicKey());
            LOG.tracef("Adding certificate %s without a specific key name: %s", name, x509certificate);
        }
    }
    return (kid == null ? null : this.publicKeyCache.get(kid));
}

Example 24 with KeyInfo

use of javax.xml.crypto.dsig.keyinfo.KeyInfo in project keycloak by keycloak.

the class XMLSignatureUtil method signImpl.

private static void signImpl(DOMSignContext dsc, String digestMethod, String signatureMethod, String referenceURI, String keyName, PublicKey publicKey, X509Certificate x509Certificate, String canonicalizationMethodType) throws GeneralSecurityException, MarshalException, XMLSignatureException {
    dsc.setDefaultNamespacePrefix("dsig");
    DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null);
    Transform transform1 = fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
    Transform transform2 = fac.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (TransformParameterSpec) null);
    List<Transform> transformList = new ArrayList<>();
    transformList.add(transform1);
    transformList.add(transform2);
    Reference ref = fac.newReference(referenceURI, digestMethodObj, transformList, null, null);
    CanonicalizationMethod canonicalizationMethod = fac.newCanonicalizationMethod(canonicalizationMethodType, (C14NMethodParameterSpec) null);
    List<Reference> referenceList = Collections.singletonList(ref);
    SignatureMethod signatureMethodObj = fac.newSignatureMethod(signatureMethod, null);
    SignedInfo si = fac.newSignedInfo(canonicalizationMethod, signatureMethodObj, referenceList);
    KeyInfo ki;
    if (includeKeyInfoInSignature) {
        ki = createKeyInfo(keyName, publicKey, x509Certificate);
    } else {
        ki = createKeyInfo(keyName, null, null);
    }
    XMLSignature signature = fac.newXMLSignature(si, ki);
    signature.sign(dsc);
}