Search in sources :

Example 11 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.

the class HubIdentityProviderMetadataDtoToEntityDescriptorTransformer method doTransform.

public EntityDescriptor doTransform(HubIdentityProviderMetadataDto dto) {
    EntityDescriptor entityDescriptor = openSamlXmlObjectFactory.createEntityDescriptor();
    entityDescriptor.setID(idGenerator.getId());
    entityDescriptor.setEntityID(dto.getEntityId());
    entityDescriptor.setValidUntil(dto.getValidUntil());
    IDPSSODescriptor idpSsoDescriptor = openSamlXmlObjectFactory.createIDPSSODescriptor();
    idpSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
    transformSingleSignOnServiceEndpoints(idpSsoDescriptor, dto);
    List<KeyDescriptor> signingKeyDescriptors = keyDescriptorsUnmarshaller.fromCertificates(List.copyOf(dto.getSigningCertificates()));
    idpSsoDescriptor.getKeyDescriptors().addAll(signingKeyDescriptors);
    entityDescriptor.getRoleDescriptors().add(idpSsoDescriptor);
    return entityDescriptor;
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)

Example 12 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.

the class HubAsIdpMetadataHandler method getHubEncryptionCertificate.

private Certificate getHubEncryptionCertificate(EntityDescriptor entityDescriptor) {
    KeyDescriptor hubEncryptionKey = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS).getKeyDescriptors().stream().filter(// there should only be one and only one hub encryption key
    input1 -> input1.getUse() == UsageType.ENCRYPTION).findFirst().get();
    X509Certificate x509Certificate = hubEncryptionKey.getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0);
    return new Certificate(entityDescriptor.getEntityID(), x509Certificate.getValue(), Certificate.KeyUse.Encryption);
}
Also used : KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate) Certificate(uk.gov.ida.common.shared.security.Certificate)

Example 13 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project ddf by codice.

the class SamlProtocol method createIdpMetadata.

public static EntityDescriptor createIdpMetadata(String entityId, String signingCert, String encryptionCert, List<String> nameIds, String singleSignOnLocationRedirect, String singleSignOnLocationPost, String singleLogOutLocation) {
    EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
    entityDescriptor.setEntityID(entityId);
    IDPSSODescriptor idpssoDescriptor = idpssoDescriptorBuilder.buildObject();
    //signing
    KeyDescriptor signingKeyDescriptor = keyDescriptorBuilder.buildObject();
    signingKeyDescriptor.setUse(UsageType.SIGNING);
    KeyInfo signingKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    X509Data signingX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
    X509Certificate signingX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
    signingX509Certificate.setValue(signingCert);
    signingX509Data.getX509Certificates().add(signingX509Certificate);
    signingKeyInfo.getX509Datas().add(signingX509Data);
    signingKeyDescriptor.setKeyInfo(signingKeyInfo);
    idpssoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);
    //encryption
    KeyDescriptor encKeyDescriptor = keyDescriptorBuilder.buildObject();
    encKeyDescriptor.setUse(UsageType.ENCRYPTION);
    KeyInfo encKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    X509Data encX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
    X509Certificate encX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
    encX509Certificate.setValue(encryptionCert);
    encX509Data.getX509Certificates().add(encX509Certificate);
    encKeyInfo.getX509Datas().add(encX509Data);
    encKeyDescriptor.setKeyInfo(encKeyInfo);
    idpssoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
    for (String nameId : nameIds) {
        NameIDFormat nameIDFormat = nameIdFormatBuilder.buildObject();
        nameIDFormat.setFormat(nameId);
        idpssoDescriptor.getNameIDFormats().add(nameIDFormat);
    }
    if (StringUtils.isNotBlank(singleSignOnLocationRedirect)) {
        SingleSignOnService singleSignOnServiceRedirect = singleSignOnServiceBuilder.buildObject();
        singleSignOnServiceRedirect.setBinding(REDIRECT_BINDING);
        singleSignOnServiceRedirect.setLocation(singleSignOnLocationRedirect);
        idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServiceRedirect);
    }
    if (StringUtils.isNotBlank(singleSignOnLocationPost)) {
        SingleSignOnService singleSignOnServicePost = singleSignOnServiceBuilder.buildObject();
        singleSignOnServicePost.setBinding(POST_BINDING);
        singleSignOnServicePost.setLocation(singleSignOnLocationPost);
        idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServicePost);
    }
    if (StringUtils.isNotBlank(singleLogOutLocation)) {
        SingleLogoutService singleLogoutServiceRedir = singleLogOutServiceBuilder.buildObject();
        singleLogoutServiceRedir.setBinding(REDIRECT_BINDING);
        singleLogoutServiceRedir.setLocation(singleLogOutLocation);
        idpssoDescriptor.getSingleLogoutServices().add(singleLogoutServiceRedir);
        SingleLogoutService singleLogoutServicePost = singleLogOutServiceBuilder.buildObject();
        singleLogoutServicePost.setBinding(POST_BINDING);
        singleLogoutServicePost.setLocation(singleLogOutLocation);
        idpssoDescriptor.getSingleLogoutServices().add(singleLogoutServicePost);
    }
    idpssoDescriptor.setWantAuthnRequestsSigned(true);
    idpssoDescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
    entityDescriptor.getRoleDescriptors().add(idpssoDescriptor);
    return entityDescriptor;
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) NameIDFormat(org.opensaml.saml.saml2.metadata.NameIDFormat) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService) X509Data(org.opensaml.xmlsec.signature.X509Data) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)

Example 14 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project ddf by codice.

the class SamlProtocol method createSpMetadata.

public static EntityDescriptor createSpMetadata(String entityId, String signingCert, String encryptionCert, String singleLogOutLocation, String assertionConsumerServiceLocationRedirect, String assertionConsumerServiceLocationPost) {
    EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
    entityDescriptor.setEntityID(entityId);
    SPSSODescriptor spSsoDescriptor = spSsoDescriptorBuilder.buildObject();
    //signing
    KeyDescriptor signingKeyDescriptor = keyDescriptorBuilder.buildObject();
    signingKeyDescriptor.setUse(UsageType.SIGNING);
    KeyInfo signingKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    X509Data signingX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
    X509Certificate signingX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
    signingX509Certificate.setValue(signingCert);
    signingX509Data.getX509Certificates().add(signingX509Certificate);
    signingKeyInfo.getX509Datas().add(signingX509Data);
    signingKeyDescriptor.setKeyInfo(signingKeyInfo);
    spSsoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);
    //encryption
    KeyDescriptor encKeyDescriptor = keyDescriptorBuilder.buildObject();
    encKeyDescriptor.setUse(UsageType.ENCRYPTION);
    KeyInfo encKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    X509Data encX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
    X509Certificate encX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
    encX509Certificate.setValue(encryptionCert);
    encX509Data.getX509Certificates().add(encX509Certificate);
    encKeyInfo.getX509Datas().add(encX509Data);
    encKeyDescriptor.setKeyInfo(encKeyInfo);
    spSsoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
    if (StringUtils.isNotBlank(singleLogOutLocation)) {
        SingleLogoutService singleLogoutServiceRedirect = singleLogOutServiceBuilder.buildObject();
        singleLogoutServiceRedirect.setBinding(REDIRECT_BINDING);
        singleLogoutServiceRedirect.setLocation(singleLogOutLocation);
        spSsoDescriptor.getSingleLogoutServices().add(singleLogoutServiceRedirect);
        SingleLogoutService singleLogoutServicePost = singleLogOutServiceBuilder.buildObject();
        singleLogoutServicePost.setBinding(POST_BINDING);
        singleLogoutServicePost.setLocation(singleLogOutLocation);
        spSsoDescriptor.getSingleLogoutServices().add(singleLogoutServicePost);
    }
    int acsIndex = 0;
    if (StringUtils.isNotBlank(assertionConsumerServiceLocationRedirect)) {
        AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject();
        assertionConsumerService.setBinding(REDIRECT_BINDING);
        assertionConsumerService.setIndex(acsIndex++);
        assertionConsumerService.setLocation(assertionConsumerServiceLocationRedirect);
        spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService);
    }
    if (StringUtils.isNotBlank(assertionConsumerServiceLocationPost)) {
        AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject();
        assertionConsumerService.setBinding(POST_BINDING);
        assertionConsumerService.setIndex(acsIndex++);
        assertionConsumerService.setLocation(assertionConsumerServiceLocationPost);
        spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService);
    }
    spSsoDescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
    entityDescriptor.getRoleDescriptors().add(spSsoDescriptor);
    return entityDescriptor;
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService) X509Data(org.opensaml.xmlsec.signature.X509Data) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)

Example 15 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.

the class NodeMetadataFactory method createCountryEntityDescriptor.

public static EntityDescriptor createCountryEntityDescriptor(String entityID) {
    Signature entityDescriptorSignature = createSignature();
    KeyDescriptor keyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withX509ForSigning(TEST_PUBLIC_CERT).build();
    IDPSSODescriptor idpssoDescriptor = IdpSsoDescriptorBuilder.anIdpSsoDescriptor().addKeyDescriptor(keyDescriptor).build();
    try {
        return getEntityDescriptor(entityID, idpssoDescriptor, entityDescriptorSignature);
    } catch (MarshallingException | SignatureException e) {
        throw Throwables.propagate(e);
    }
}
Also used : IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) MarshallingException(org.opensaml.core.xml.io.MarshallingException) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) Signature(org.opensaml.xmlsec.signature.Signature) SignatureException(org.opensaml.xmlsec.signature.support.SignatureException)

Aggregations

KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)27 EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)11 Test (org.junit.jupiter.api.Test)9 IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)8 X509Certificate (org.opensaml.xmlsec.signature.X509Certificate)8 KeyInfo (org.opensaml.xmlsec.signature.KeyInfo)5 X509Data (org.opensaml.xmlsec.signature.X509Data)5 SingleLogoutService (org.opensaml.saml.saml2.metadata.SingleLogoutService)4 MarshallingException (org.opensaml.core.xml.io.MarshallingException)3 NameIDFormat (org.opensaml.saml.saml2.metadata.NameIDFormat)3 SingleSignOnService (org.opensaml.saml.saml2.metadata.SingleSignOnService)3 SignatureException (org.opensaml.xmlsec.signature.support.SignatureException)3 CertificateException (java.security.cert.CertificateException)2 X509Certificate (java.security.cert.X509Certificate)2 ArrayList (java.util.ArrayList)2 AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)2 SPSSODescriptor (org.opensaml.saml.saml2.metadata.SPSSODescriptor)2 Signature (org.opensaml.xmlsec.signature.Signature)2 Saml2Exception (org.springframework.security.saml2.Saml2Exception)2 Saml2X509Credential (org.springframework.security.saml2.core.Saml2X509Credential)2