Examples with KeyDescriptor org.opensaml.saml2.metadata.KeyDescriptor used on opensource projects

Search in sources :

Example 11 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.

the class HubIdentityProviderMetadataDtoToEntityDescriptorTransformer method doTransform.

public EntityDescriptor doTransform(HubIdentityProviderMetadataDto dto) {
    EntityDescriptor entityDescriptor = openSamlXmlObjectFactory.createEntityDescriptor();
    entityDescriptor.setID(idGenerator.getId());
    entityDescriptor.setEntityID(dto.getEntityId());
    entityDescriptor.setValidUntil(dto.getValidUntil());
    IDPSSODescriptor idpSsoDescriptor = openSamlXmlObjectFactory.createIDPSSODescriptor();
    idpSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
    transformSingleSignOnServiceEndpoints(idpSsoDescriptor, dto);
    List<KeyDescriptor> signingKeyDescriptors = keyDescriptorsUnmarshaller.fromCertificates(List.copyOf(dto.getSigningCertificates()));
    idpSsoDescriptor.getKeyDescriptors().addAll(signingKeyDescriptors);
    entityDescriptor.getRoleDescriptors().add(idpSsoDescriptor);
    return entityDescriptor;
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)

Example 12 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.

the class HubAsIdpMetadataHandler method getHubEncryptionCertificate.

private Certificate getHubEncryptionCertificate(EntityDescriptor entityDescriptor) {
    KeyDescriptor hubEncryptionKey = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS).getKeyDescriptors().stream().filter(// there should only be one and only one hub encryption key
    input1 -> input1.getUse() == UsageType.ENCRYPTION).findFirst().get();
    X509Certificate x509Certificate = hubEncryptionKey.getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0);
    return new Certificate(entityDescriptor.getEntityID(), x509Certificate.getValue(), Certificate.KeyUse.Encryption);
}
Also used : KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate) Certificate(uk.gov.ida.common.shared.security.Certificate)

Example 13 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project ddf by codice.

the class SamlProtocol method createIdpMetadata.

public static EntityDescriptor createIdpMetadata(String entityId, String signingCert, String encryptionCert, List<String> nameIds, String singleSignOnLocationRedirect, String singleSignOnLocationPost, String singleLogOutLocation) {
    EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
    entityDescriptor.setEntityID(entityId);
    IDPSSODescriptor idpssoDescriptor = idpssoDescriptorBuilder.buildObject();
    //signing
    KeyDescriptor signingKeyDescriptor = keyDescriptorBuilder.buildObject();
    signingKeyDescriptor.setUse(UsageType.SIGNING);
    KeyInfo signingKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    X509Data signingX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
    X509Certificate signingX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
    signingX509Certificate.setValue(signingCert);
    signingX509Data.getX509Certificates().add(signingX509Certificate);
    signingKeyInfo.getX509Datas().add(signingX509Data);
    signingKeyDescriptor.setKeyInfo(signingKeyInfo);
    idpssoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);
    //encryption
    KeyDescriptor encKeyDescriptor = keyDescriptorBuilder.buildObject();
    encKeyDescriptor.setUse(UsageType.ENCRYPTION);
    KeyInfo encKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    X509Data encX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
    X509Certificate encX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
    encX509Certificate.setValue(encryptionCert);
    encX509Data.getX509Certificates().add(encX509Certificate);
    encKeyInfo.getX509Datas().add(encX509Data);
    encKeyDescriptor.setKeyInfo(encKeyInfo);
    idpssoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
    for (String nameId : nameIds) {
        NameIDFormat nameIDFormat = nameIdFormatBuilder.buildObject();
        nameIDFormat.setFormat(nameId);
        idpssoDescriptor.getNameIDFormats().add(nameIDFormat);
    }
    if (StringUtils.isNotBlank(singleSignOnLocationRedirect)) {
        SingleSignOnService singleSignOnServiceRedirect = singleSignOnServiceBuilder.buildObject();
        singleSignOnServiceRedirect.setBinding(REDIRECT_BINDING);
        singleSignOnServiceRedirect.setLocation(singleSignOnLocationRedirect);
        idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServiceRedirect);
    }
    if (StringUtils.isNotBlank(singleSignOnLocationPost)) {
        SingleSignOnService singleSignOnServicePost = singleSignOnServiceBuilder.buildObject();
        singleSignOnServicePost.setBinding(POST_BINDING);
        singleSignOnServicePost.setLocation(singleSignOnLocationPost);
        idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServicePost);
    }
    if (StringUtils.isNotBlank(singleLogOutLocation)) {
        SingleLogoutService singleLogoutServiceRedir = singleLogOutServiceBuilder.buildObject();
        singleLogoutServiceRedir.setBinding(REDIRECT_BINDING);
        singleLogoutServiceRedir.setLocation(singleLogOutLocation);
        idpssoDescriptor.getSingleLogoutServices().add(singleLogoutServiceRedir);
        SingleLogoutService singleLogoutServicePost = singleLogOutServiceBuilder.buildObject();
        singleLogoutServicePost.setBinding(POST_BINDING);
        singleLogoutServicePost.setLocation(singleLogOutLocation);
        idpssoDescriptor.getSingleLogoutServices().add(singleLogoutServicePost);
    }
    idpssoDescriptor.setWantAuthnRequestsSigned(true);
    idpssoDescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
    entityDescriptor.getRoleDescriptors().add(idpssoDescriptor);
    return entityDescriptor;
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) NameIDFormat(org.opensaml.saml.saml2.metadata.NameIDFormat) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService) X509Data(org.opensaml.xmlsec.signature.X509Data) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)

Example 14 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project ddf by codice.

the class SamlProtocol method createSpMetadata.

public static EntityDescriptor createSpMetadata(String entityId, String signingCert, String encryptionCert, String singleLogOutLocation, String assertionConsumerServiceLocationRedirect, String assertionConsumerServiceLocationPost) {
    EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
    entityDescriptor.setEntityID(entityId);
    SPSSODescriptor spSsoDescriptor = spSsoDescriptorBuilder.buildObject();
    //signing
    KeyDescriptor signingKeyDescriptor = keyDescriptorBuilder.buildObject();
    signingKeyDescriptor.setUse(UsageType.SIGNING);
    KeyInfo signingKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    X509Data signingX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
    X509Certificate signingX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
    signingX509Certificate.setValue(signingCert);
    signingX509Data.getX509Certificates().add(signingX509Certificate);
    signingKeyInfo.getX509Datas().add(signingX509Data);
    signingKeyDescriptor.setKeyInfo(signingKeyInfo);
    spSsoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);
    //encryption
    KeyDescriptor encKeyDescriptor = keyDescriptorBuilder.buildObject();
    encKeyDescriptor.setUse(UsageType.ENCRYPTION);
    KeyInfo encKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    X509Data encX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
    X509Certificate encX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
    encX509Certificate.setValue(encryptionCert);
    encX509Data.getX509Certificates().add(encX509Certificate);
    encKeyInfo.getX509Datas().add(encX509Data);
    encKeyDescriptor.setKeyInfo(encKeyInfo);
    spSsoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
    if (StringUtils.isNotBlank(singleLogOutLocation)) {
        SingleLogoutService singleLogoutServiceRedirect = singleLogOutServiceBuilder.buildObject();
        singleLogoutServiceRedirect.setBinding(REDIRECT_BINDING);
        singleLogoutServiceRedirect.setLocation(singleLogOutLocation);
        spSsoDescriptor.getSingleLogoutServices().add(singleLogoutServiceRedirect);
        SingleLogoutService singleLogoutServicePost = singleLogOutServiceBuilder.buildObject();
        singleLogoutServicePost.setBinding(POST_BINDING);
        singleLogoutServicePost.setLocation(singleLogOutLocation);
        spSsoDescriptor.getSingleLogoutServices().add(singleLogoutServicePost);
    }
    int acsIndex = 0;
    if (StringUtils.isNotBlank(assertionConsumerServiceLocationRedirect)) {
        AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject();
        assertionConsumerService.setBinding(REDIRECT_BINDING);
        assertionConsumerService.setIndex(acsIndex++);
        assertionConsumerService.setLocation(assertionConsumerServiceLocationRedirect);
        spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService);
    }
    if (StringUtils.isNotBlank(assertionConsumerServiceLocationPost)) {
        AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject();
        assertionConsumerService.setBinding(POST_BINDING);
        assertionConsumerService.setIndex(acsIndex++);
        assertionConsumerService.setLocation(assertionConsumerServiceLocationPost);
        spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService);
    }
    spSsoDescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
    entityDescriptor.getRoleDescriptors().add(spSsoDescriptor);
    return entityDescriptor;
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService) X509Data(org.opensaml.xmlsec.signature.X509Data) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)

Example 15 with KeyDescriptor

use of org.opensaml.saml2.metadata.KeyDescriptor in project verify-hub by alphagov.

the class NodeMetadataFactory method createCountryEntityDescriptor.

public static EntityDescriptor createCountryEntityDescriptor(String entityID) {
    Signature entityDescriptorSignature = createSignature();
    KeyDescriptor keyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withX509ForSigning(TEST_PUBLIC_CERT).build();
    IDPSSODescriptor idpssoDescriptor = IdpSsoDescriptorBuilder.anIdpSsoDescriptor().addKeyDescriptor(keyDescriptor).build();
    try {
        return getEntityDescriptor(entityID, idpssoDescriptor, entityDescriptorSignature);
    } catch (MarshallingException | SignatureException e) {
        throw Throwables.propagate(e);
    }
}
Also used : IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) MarshallingException(org.opensaml.core.xml.io.MarshallingException) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) Signature(org.opensaml.xmlsec.signature.Signature) SignatureException(org.opensaml.xmlsec.signature.support.SignatureException)

Aggregations

KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)27 EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)11 Test (org.junit.jupiter.api.Test)9 IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)8 X509Certificate (org.opensaml.xmlsec.signature.X509Certificate)8 KeyInfo (org.opensaml.xmlsec.signature.KeyInfo)5 X509Data (org.opensaml.xmlsec.signature.X509Data)5 SingleLogoutService (org.opensaml.saml.saml2.metadata.SingleLogoutService)4 MarshallingException (org.opensaml.core.xml.io.MarshallingException)3 NameIDFormat (org.opensaml.saml.saml2.metadata.NameIDFormat)3 SingleSignOnService (org.opensaml.saml.saml2.metadata.SingleSignOnService)3 SignatureException (org.opensaml.xmlsec.signature.support.SignatureException)3 CertificateException (java.security.cert.CertificateException)2 X509Certificate (java.security.cert.X509Certificate)2 ArrayList (java.util.ArrayList)2 AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)2 SPSSODescriptor (org.opensaml.saml.saml2.metadata.SPSSODescriptor)2 Signature (org.opensaml.xmlsec.signature.Signature)2 Saml2Exception (org.springframework.security.saml2.Saml2Exception)2 Saml2X509Credential (org.springframework.security.saml2.core.Saml2X509Credential)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial