Search in sources :

Example 1 with SAMLObjectContentReference

use of org.opensaml.saml.common.SAMLObjectContentReference in project ddf by codice.

the class SimpleSign method signSamlObject.

public void signSamlObject(SignableSAMLObject samlObject) throws SignatureException {
    X509Certificate[] certificates = getSignatureCertificates();
    String sigAlgo = getSignatureAlgorithm(certificates[0]);
    PrivateKey privateKey = getSignaturePrivateKey();
    // Create the signature
    Signature signature = OpenSAMLUtil.buildSignature();
    if (signature == null) {
        throw new SignatureException("Unable to build signature.");
    }
    signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
    signature.setSignatureAlgorithm(sigAlgo);
    BasicX509Credential signingCredential = new BasicX509Credential(certificates[0]);
    signingCredential.setPrivateKey(privateKey);
    signature.setSigningCredential(signingCredential);
    X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
    x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
    try {
        KeyInfo keyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential);
        signature.setKeyInfo(keyInfo);
    } catch (org.opensaml.security.SecurityException e) {
        throw new SignatureException("Error generating KeyInfo from signing credential", e);
    }
    if (samlObject instanceof Response) {
        List<Assertion> assertions = ((Response) samlObject).getAssertions();
        for (Assertion assertion : assertions) {
            assertion.getSignature().setSigningCredential(signingCredential);
        }
    }
    samlObject.setSignature(signature);
    SAMLObjectContentReference contentRef = (SAMLObjectContentReference) signature.getContentReferences().get(0);
    contentRef.setDigestAlgorithm(SignatureConstants.ALGO_ID_DIGEST_SHA1);
    samlObject.releaseDOM();
    samlObject.releaseChildrenDOM(true);
}
Also used : PrivateKey(java.security.PrivateKey) Assertion(org.opensaml.saml.saml2.core.Assertion) X509Certificate(java.security.cert.X509Certificate) Response(org.opensaml.saml.saml2.core.Response) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo) Signature(org.opensaml.xmlsec.signature.Signature) SAMLObjectContentReference(org.opensaml.saml.common.SAMLObjectContentReference) X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)

Example 2 with SAMLObjectContentReference

use of org.opensaml.saml.common.SAMLObjectContentReference in project ddf by codice.

the class SimpleSign method signSamlObject.

private void signSamlObject(SignableSAMLObject samlObject, String sigAlgo, String canonAlgo, String digestAlgo) throws SignatureException {
    X509Certificate[] certificates = getSignatureCertificates();
    PrivateKey privateKey = getSignaturePrivateKey();
    // Create the signature
    Signature signature = OpenSAMLUtil.buildSignature();
    if (signature == null) {
        throw new SignatureException("Unable to build signature.");
    }
    signature.setCanonicalizationAlgorithm(canonAlgo);
    signature.setSignatureAlgorithm(sigAlgo);
    BasicX509Credential signingCredential = new BasicX509Credential(certificates[0]);
    signingCredential.setPrivateKey(privateKey);
    signature.setSigningCredential(signingCredential);
    X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
    x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
    try {
        KeyInfo keyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential);
        signature.setKeyInfo(keyInfo);
    } catch (org.opensaml.security.SecurityException e) {
        throw new SignatureException("Error generating KeyInfo from signing credential", e);
    }
    if (samlObject instanceof Response) {
        List<Assertion> assertions = ((Response) samlObject).getAssertions();
        for (Assertion assertion : assertions) {
            assertion.getSignature().setSigningCredential(signingCredential);
        }
    }
    samlObject.setSignature(signature);
    SAMLObjectContentReference contentRef = (SAMLObjectContentReference) signature.getContentReferences().get(0);
    contentRef.setDigestAlgorithm(digestAlgo);
    samlObject.releaseDOM();
    samlObject.releaseChildrenDOM(true);
}
Also used : PrivateKey(java.security.PrivateKey) Assertion(org.opensaml.saml.saml2.core.Assertion) SignatureException(ddf.security.samlp.SignatureException) X509Certificate(java.security.cert.X509Certificate) Response(org.opensaml.saml.saml2.core.Response) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo) Signature(org.opensaml.xmlsec.signature.Signature) SAMLObjectContentReference(org.opensaml.saml.common.SAMLObjectContentReference) X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)

Example 3 with SAMLObjectContentReference

use of org.opensaml.saml.common.SAMLObjectContentReference in project ddf by codice.

the class SimpleSign method resignAssertion.

public void resignAssertion(Assertion assertion) throws SignatureException {
    final Signature signature = assertion.getSignature();
    if (signature == null) {
        signSamlObject(assertion);
        return;
    }
    final String digestAlgorithm = ((SAMLObjectContentReference) signature.getContentReferences().get(0)).getDigestAlgorithm();
    signSamlObject(assertion, signature.getSignatureAlgorithm(), signature.getCanonicalizationAlgorithm(), digestAlgorithm);
}
Also used : Signature(org.opensaml.xmlsec.signature.Signature) SAMLObjectContentReference(org.opensaml.saml.common.SAMLObjectContentReference)

Aggregations

SAMLObjectContentReference (org.opensaml.saml.common.SAMLObjectContentReference)3 Signature (org.opensaml.xmlsec.signature.Signature)3 PrivateKey (java.security.PrivateKey)2 X509Certificate (java.security.cert.X509Certificate)2 SAMLKeyInfo (org.apache.wss4j.common.saml.SAMLKeyInfo)2 Assertion (org.opensaml.saml.saml2.core.Assertion)2 Response (org.opensaml.saml.saml2.core.Response)2 BasicX509Credential (org.opensaml.security.x509.BasicX509Credential)2 X509KeyInfoGeneratorFactory (org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)2 KeyInfo (org.opensaml.xmlsec.signature.KeyInfo)2 SignatureException (ddf.security.samlp.SignatureException)1