use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class HubIdentityProviderMetadataDtoToEntityDescriptorTransformer method doTransform.
public EntityDescriptor doTransform(HubIdentityProviderMetadataDto dto) {
EntityDescriptor entityDescriptor = openSamlXmlObjectFactory.createEntityDescriptor();
entityDescriptor.setID(idGenerator.getId());
entityDescriptor.setEntityID(dto.getEntityId());
entityDescriptor.setValidUntil(dto.getValidUntil());
IDPSSODescriptor idpSsoDescriptor = openSamlXmlObjectFactory.createIDPSSODescriptor();
idpSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
transformSingleSignOnServiceEndpoints(idpSsoDescriptor, dto);
List<KeyDescriptor> signingKeyDescriptors = keyDescriptorsUnmarshaller.fromCertificates(List.copyOf(dto.getSigningCertificates()));
idpSsoDescriptor.getKeyDescriptors().addAll(signingKeyDescriptors);
entityDescriptor.getRoleDescriptors().add(idpSsoDescriptor);
return entityDescriptor;
}
use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class HubAsIdpMetadataHandler method getHubEncryptionCertificate.
private Certificate getHubEncryptionCertificate(EntityDescriptor entityDescriptor) {
KeyDescriptor hubEncryptionKey = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS).getKeyDescriptors().stream().filter(// there should only be one and only one hub encryption key
input1 -> input1.getUse() == UsageType.ENCRYPTION).findFirst().get();
X509Certificate x509Certificate = hubEncryptionKey.getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0);
return new Certificate(entityDescriptor.getEntityID(), x509Certificate.getValue(), Certificate.KeyUse.Encryption);
}
use of org.opensaml.saml2.metadata.KeyDescriptor in project ddf by codice.
the class SamlProtocol method createIdpMetadata.
public static EntityDescriptor createIdpMetadata(String entityId, String signingCert, String encryptionCert, List<String> nameIds, String singleSignOnLocationRedirect, String singleSignOnLocationPost, String singleLogOutLocation) {
EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
entityDescriptor.setEntityID(entityId);
IDPSSODescriptor idpssoDescriptor = idpssoDescriptorBuilder.buildObject();
//signing
KeyDescriptor signingKeyDescriptor = keyDescriptorBuilder.buildObject();
signingKeyDescriptor.setUse(UsageType.SIGNING);
KeyInfo signingKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data signingX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate signingX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
signingX509Certificate.setValue(signingCert);
signingX509Data.getX509Certificates().add(signingX509Certificate);
signingKeyInfo.getX509Datas().add(signingX509Data);
signingKeyDescriptor.setKeyInfo(signingKeyInfo);
idpssoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);
//encryption
KeyDescriptor encKeyDescriptor = keyDescriptorBuilder.buildObject();
encKeyDescriptor.setUse(UsageType.ENCRYPTION);
KeyInfo encKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data encX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate encX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
encX509Certificate.setValue(encryptionCert);
encX509Data.getX509Certificates().add(encX509Certificate);
encKeyInfo.getX509Datas().add(encX509Data);
encKeyDescriptor.setKeyInfo(encKeyInfo);
idpssoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
for (String nameId : nameIds) {
NameIDFormat nameIDFormat = nameIdFormatBuilder.buildObject();
nameIDFormat.setFormat(nameId);
idpssoDescriptor.getNameIDFormats().add(nameIDFormat);
}
if (StringUtils.isNotBlank(singleSignOnLocationRedirect)) {
SingleSignOnService singleSignOnServiceRedirect = singleSignOnServiceBuilder.buildObject();
singleSignOnServiceRedirect.setBinding(REDIRECT_BINDING);
singleSignOnServiceRedirect.setLocation(singleSignOnLocationRedirect);
idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServiceRedirect);
}
if (StringUtils.isNotBlank(singleSignOnLocationPost)) {
SingleSignOnService singleSignOnServicePost = singleSignOnServiceBuilder.buildObject();
singleSignOnServicePost.setBinding(POST_BINDING);
singleSignOnServicePost.setLocation(singleSignOnLocationPost);
idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServicePost);
}
if (StringUtils.isNotBlank(singleLogOutLocation)) {
SingleLogoutService singleLogoutServiceRedir = singleLogOutServiceBuilder.buildObject();
singleLogoutServiceRedir.setBinding(REDIRECT_BINDING);
singleLogoutServiceRedir.setLocation(singleLogOutLocation);
idpssoDescriptor.getSingleLogoutServices().add(singleLogoutServiceRedir);
SingleLogoutService singleLogoutServicePost = singleLogOutServiceBuilder.buildObject();
singleLogoutServicePost.setBinding(POST_BINDING);
singleLogoutServicePost.setLocation(singleLogOutLocation);
idpssoDescriptor.getSingleLogoutServices().add(singleLogoutServicePost);
}
idpssoDescriptor.setWantAuthnRequestsSigned(true);
idpssoDescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
entityDescriptor.getRoleDescriptors().add(idpssoDescriptor);
return entityDescriptor;
}
use of org.opensaml.saml2.metadata.KeyDescriptor in project ddf by codice.
the class SamlProtocol method createSpMetadata.
public static EntityDescriptor createSpMetadata(String entityId, String signingCert, String encryptionCert, String singleLogOutLocation, String assertionConsumerServiceLocationRedirect, String assertionConsumerServiceLocationPost) {
EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
entityDescriptor.setEntityID(entityId);
SPSSODescriptor spSsoDescriptor = spSsoDescriptorBuilder.buildObject();
//signing
KeyDescriptor signingKeyDescriptor = keyDescriptorBuilder.buildObject();
signingKeyDescriptor.setUse(UsageType.SIGNING);
KeyInfo signingKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data signingX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate signingX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
signingX509Certificate.setValue(signingCert);
signingX509Data.getX509Certificates().add(signingX509Certificate);
signingKeyInfo.getX509Datas().add(signingX509Data);
signingKeyDescriptor.setKeyInfo(signingKeyInfo);
spSsoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);
//encryption
KeyDescriptor encKeyDescriptor = keyDescriptorBuilder.buildObject();
encKeyDescriptor.setUse(UsageType.ENCRYPTION);
KeyInfo encKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data encX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate encX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
encX509Certificate.setValue(encryptionCert);
encX509Data.getX509Certificates().add(encX509Certificate);
encKeyInfo.getX509Datas().add(encX509Data);
encKeyDescriptor.setKeyInfo(encKeyInfo);
spSsoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
if (StringUtils.isNotBlank(singleLogOutLocation)) {
SingleLogoutService singleLogoutServiceRedirect = singleLogOutServiceBuilder.buildObject();
singleLogoutServiceRedirect.setBinding(REDIRECT_BINDING);
singleLogoutServiceRedirect.setLocation(singleLogOutLocation);
spSsoDescriptor.getSingleLogoutServices().add(singleLogoutServiceRedirect);
SingleLogoutService singleLogoutServicePost = singleLogOutServiceBuilder.buildObject();
singleLogoutServicePost.setBinding(POST_BINDING);
singleLogoutServicePost.setLocation(singleLogOutLocation);
spSsoDescriptor.getSingleLogoutServices().add(singleLogoutServicePost);
}
int acsIndex = 0;
if (StringUtils.isNotBlank(assertionConsumerServiceLocationRedirect)) {
AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject();
assertionConsumerService.setBinding(REDIRECT_BINDING);
assertionConsumerService.setIndex(acsIndex++);
assertionConsumerService.setLocation(assertionConsumerServiceLocationRedirect);
spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService);
}
if (StringUtils.isNotBlank(assertionConsumerServiceLocationPost)) {
AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject();
assertionConsumerService.setBinding(POST_BINDING);
assertionConsumerService.setIndex(acsIndex++);
assertionConsumerService.setLocation(assertionConsumerServiceLocationPost);
spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService);
}
spSsoDescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
entityDescriptor.getRoleDescriptors().add(spSsoDescriptor);
return entityDescriptor;
}
use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.
the class NodeMetadataFactory method createCountryEntityDescriptor.
public static EntityDescriptor createCountryEntityDescriptor(String entityID) {
Signature entityDescriptorSignature = createSignature();
KeyDescriptor keyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withX509ForSigning(TEST_PUBLIC_CERT).build();
IDPSSODescriptor idpssoDescriptor = IdpSsoDescriptorBuilder.anIdpSsoDescriptor().addKeyDescriptor(keyDescriptor).build();
try {
return getEntityDescriptor(entityID, idpssoDescriptor, entityDescriptorSignature);
} catch (MarshallingException | SignatureException e) {
throw Throwables.propagate(e);
}
}
Aggregations