Example 1 with CryptoType
use of org.apache.wss4j.common.crypto.CryptoType in project ddf by codice.
the class IdpEndpoint method retrieveMetadata.
@GET
@Path("/login/metadata")
@Produces("application/xml")
public Response retrieveMetadata() throws WSSecurityException, CertificateEncodingException {
List<String> nameIdFormats = new ArrayList<>();
nameIdFormats.add(SAML2Constants.NAMEID_FORMAT_PERSISTENT);
nameIdFormats.add(SAML2Constants.NAMEID_FORMAT_UNSPECIFIED);
nameIdFormats.add(SAML2Constants.NAMEID_FORMAT_X509_SUBJECT_NAME);
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(systemCrypto.getSignatureCrypto().getDefaultX509Identifier());
X509Certificate[] certs = systemCrypto.getSignatureCrypto().getX509Certificates(cryptoType);
X509Certificate issuerCert = null;
if (certs != null && certs.length > 0) {
issuerCert = certs[0];
}
cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(systemCrypto.getEncryptionCrypto().getDefaultX509Identifier());
certs = systemCrypto.getEncryptionCrypto().getX509Certificates(cryptoType);
X509Certificate encryptionCert = null;
if (certs != null && certs.length > 0) {
encryptionCert = certs[0];
}
EntityDescriptor entityDescriptor = SamlProtocol.createIdpMetadata(SystemBaseUrl.constructUrl("/idp/login", true), Base64.getEncoder().encodeToString(issuerCert != null ? issuerCert.getEncoded() : new byte[0]), Base64.getEncoder().encodeToString(encryptionCert != null ? encryptionCert.getEncoded() : new byte[0]), nameIdFormats, SystemBaseUrl.constructUrl("/idp/login", true), SystemBaseUrl.constructUrl("/idp/login", true), SystemBaseUrl.constructUrl("/idp/logout", true));
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
return Response.ok(DOM2Writer.nodeToString(OpenSAMLUtil.toDom(entityDescriptor, doc, false))).build();
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
ArrayList(java.util.ArrayList)
CryptoType(org.apache.wss4j.common.crypto.CryptoType)
Document(org.w3c.dom.Document)
X509Certificate(java.security.cert.X509Certificate)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
Example 2 with CryptoType
use of org.apache.wss4j.common.crypto.CryptoType in project ddf by codice.
the class StsIssueTest method testBearerPkiTokenSaml2.
/**
* Test the User PKI Token
*/
public void testBearerPkiTokenSaml2(StsPortTypes portType) throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = StsIssueTest.class.getResource("/cxf-client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = factory.newDocumentBuilder();
Document doc = builder.newDocument();
// Build the Claims object
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement(WST, CLAIMS, STSUtils.WST_NS_05_12);
writer.writeNamespace(WST, STSUtils.WST_NS_05_12);
writer.writeNamespace(IC, IDENTITY_URI);
writer.writeAttribute(DIALECT, IDENTITY_URI);
// Add the Role claim
writer.writeStartElement(IC, CLAIM_TYPE, IDENTITY_URI);
writer.writeAttribute("URI", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
writer.writeEndElement();
Element claims = writer.getDocument().getDocumentElement();
// Alerternatively we can use a certificate to request a SAML
X509Security oboToken = new X509Security(doc);
Crypto crypto = CryptoFactory.getInstance("clientKeystore.properties");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("client");
X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
if (null != certs) {
oboToken.setX509Certificate(certs[0]);
// Get a token
SecurityToken token = requestSecurityToken(SAML2_TOKEN_TYPE, BEARER_KEYTYPE, oboToken.getElement(), bus, StsAddresses.valueOf(portType.toString()).toString(), WsdlLocations.valueOf(portType.toString()).toString(), EndPoints.valueOf(portType.toString()).toString(), claims);
if (token != null) {
validateSecurityToken(token);
}
}
bus.shutdown(true);
}
Also used :
Bus(org.apache.cxf.Bus)
W3CDOMStreamWriter(org.apache.cxf.staxutils.W3CDOMStreamWriter)
DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory)
Element(org.w3c.dom.Element)
CryptoType(org.apache.wss4j.common.crypto.CryptoType)
Document(org.w3c.dom.Document)
URL(java.net.URL)
X509Certificate(java.security.cert.X509Certificate)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Crypto(org.apache.wss4j.common.crypto.Crypto)
SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
X509Security(org.apache.wss4j.common.token.X509Security)
Example 3 with CryptoType
use of org.apache.wss4j.common.crypto.CryptoType in project ddf by codice.
the class AssertionConsumerService method findCertificate.
private X509Certificate findCertificate(String alias, Crypto crypto) throws WSSecurityException {
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(alias);
X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
if (certs == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR, "Unable to retrieve certificate");
}
return certs[0];
}
Also used :
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
CryptoType(org.apache.wss4j.common.crypto.CryptoType)
X509Certificate(java.security.cert.X509Certificate)
Example 4 with CryptoType
use of org.apache.wss4j.common.crypto.CryptoType in project ddf by codice.
the class SimpleSign method getSignatureCertificates.
private X509Certificate[] getSignatureCertificates() throws SignatureException {
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(crypto.getSignatureAlias());
X509Certificate[] issuerCerts;
try {
issuerCerts = crypto.getSignatureCrypto().getX509Certificates(cryptoType);
} catch (WSSecurityException e) {
throw new SignatureException(e);
}
if (issuerCerts == null) {
throw new SignatureException("No certs were found to sign the request using name: " + crypto.getSignatureAlias());
}
return issuerCerts;
}
Also used :
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
CryptoType(org.apache.wss4j.common.crypto.CryptoType)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
X509Certificate (java.security.cert.X509Certificate)4
CryptoType (org.apache.wss4j.common.crypto.CryptoType)4
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)2
Document (org.w3c.dom.Document)2
URL (java.net.URL)1
ArrayList (java.util.ArrayList)1
GET (javax.ws.rs.GET)1
Path (javax.ws.rs.Path)1
Produces (javax.ws.rs.Produces)1
DocumentBuilder (javax.xml.parsers.DocumentBuilder)1
DocumentBuilderFactory (javax.xml.parsers.DocumentBuilderFactory)1
Bus (org.apache.cxf.Bus)1
SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)1
W3CDOMStreamWriter (org.apache.cxf.staxutils.W3CDOMStreamWriter)1
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)1
Crypto (org.apache.wss4j.common.crypto.Crypto)1
X509Security (org.apache.wss4j.common.token.X509Security)1
EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)1
Element (org.w3c.dom.Element)1
