Examples with BasicCredential org.opensaml.security.credential.BasicCredential used on opensource projects

Search in sources :

Example 6 with BasicCredential

use of org.opensaml.security.credential.BasicCredential in project cas by apereo.

the class BasicResourceCredentialFactoryBean method getObject.

@Override
public BasicCredential getObject() throws Exception {
    val privateKey = getPrivateKey();
    val publicKey = getPublicKey();
    val secretKey = getSecretKey();
    var credential = (BasicCredential) null;
    if (null != publicKey) {
        if (null == privateKey) {
            credential = new BasicCredential(publicKey);
        } else {
            if (!KeySupport.matchKeyPair(publicKey, privateKey)) {
                throw new BeanCreationException("Public and private keys do not match");
            }
            credential = new BasicCredential(publicKey, privateKey);
        }
    } else if (null != secretKey) {
        credential = new BasicCredential(secretKey);
    } else {
        throw new BeanCreationException("Neither public key nor secret key specified");
    }
    if (null != getUsageType()) {
        credential.setUsageType(UsageType.valueOf(getUsageType()));
    }
    return credential;
}
Also used : lombok.val(lombok.val) BeanCreationException(org.springframework.beans.factory.BeanCreationException) BasicCredential(org.opensaml.security.credential.BasicCredential)

Example 7 with BasicCredential

use of org.opensaml.security.credential.BasicCredential in project cas by apereo.

the class SamlIdPObjectEncrypter method configureKeyDecryptionCredential.

/**
 * Configure key decryption credential credential.
 *
 * @param peerEntityId            the peer entity id
 * @param adaptor                 the adaptor
 * @param service                 the service
 * @param decryptionConfiguration the decryption configuration
 * @return the credential
 * @throws Exception the exception
 */
protected Credential configureKeyDecryptionCredential(final String peerEntityId, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service, final BasicDecryptionConfiguration decryptionConfiguration) throws Exception {
    val mdCredentialResolver = new SamlIdPMetadataCredentialResolver();
    val providers = new ArrayList<KeyInfoProvider>(5);
    providers.add(new RSAKeyValueProvider());
    providers.add(new DSAKeyValueProvider());
    providers.add(new InlineX509DataProvider());
    providers.add(new DEREncodedKeyValueProvider());
    providers.add(new KeyInfoReferenceProvider());
    val keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(providers);
    mdCredentialResolver.setKeyInfoCredentialResolver(keyInfoResolver);
    val roleDescriptorResolver = SamlIdPUtils.getRoleDescriptorResolver(adaptor, samlIdPProperties.getMetadata().getCore().isRequireValidMetadata());
    mdCredentialResolver.setRoleDescriptorResolver(roleDescriptorResolver);
    mdCredentialResolver.initialize();
    val criteriaSet = new CriteriaSet();
    criteriaSet.add(new DecryptionConfigurationCriterion(decryptionConfiguration));
    criteriaSet.add(new EntityIdCriterion(peerEntityId));
    criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
    criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION));
    criteriaSet.add(new SamlIdPSamlRegisteredServiceCriterion(service));
    LOGGER.debug("Attempting to resolve the decryption key for entity id [{}]", peerEntityId);
    val credential = Objects.requireNonNull(mdCredentialResolver.resolveSingle(criteriaSet));
    val encryptinKey = samlIdPMetadataLocator.resolveEncryptionKey(Optional.ofNullable(service));
    val bean = new PrivateKeyFactoryBean();
    bean.setSingleton(false);
    bean.setLocation(encryptinKey);
    val privateKey = Objects.requireNonNull(bean.getObject());
    val basicCredential = new BasicCredential(Objects.requireNonNull(credential.getPublicKey()), privateKey);
    decryptionConfiguration.setKEKKeyInfoCredentialResolver(new StaticKeyInfoCredentialResolver(basicCredential));
    val list = new ArrayList<EncryptedKeyResolver>(3);
    list.add(new InlineEncryptedKeyResolver());
    list.add(new EncryptedElementTypeEncryptedKeyResolver());
    list.add(new SimpleRetrievalMethodEncryptedKeyResolver());
    val encryptedKeyResolver = new ChainingEncryptedKeyResolver(list);
    decryptionConfiguration.setEncryptedKeyResolver(encryptedKeyResolver);
    return credential;
}
Also used : lombok.val(lombok.val) UsageCriterion(org.opensaml.security.criteria.UsageCriterion) RSAKeyValueProvider(org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider) SamlIdPSamlRegisteredServiceCriterion(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion) ArrayList(java.util.ArrayList) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) InlineX509DataProvider(org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider) KeyInfoReferenceProvider(org.opensaml.xmlsec.keyinfo.impl.provider.KeyInfoReferenceProvider) DecryptionConfigurationCriterion(org.opensaml.xmlsec.criterion.DecryptionConfigurationCriterion) ChainingEncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver) SamlIdPMetadataCredentialResolver(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataCredentialResolver) BasicProviderKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver) SimpleRetrievalMethodEncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver) StaticKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver) PrivateKeyFactoryBean(org.apereo.cas.util.crypto.PrivateKeyFactoryBean) EncryptedElementTypeEncryptedKeyResolver(org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) DSAKeyValueProvider(org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider) DEREncodedKeyValueProvider(org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider) InlineEncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver) BasicCredential(org.opensaml.security.credential.BasicCredential)

Example 8 with BasicCredential

use of org.opensaml.security.credential.BasicCredential in project cas by apereo.

the class DefaultSamlIdPObjectSigner method getResolvedSigningCredential.

private AbstractCredential getResolvedSigningCredential(final Credential credential, final PrivateKey privateKey, final SamlRegisteredService service) {
    try {
        val samlIdp = casProperties.getAuthn().getSamlIdp();
        val credType = SamlIdPResponseProperties.SignatureCredentialTypes.valueOf(StringUtils.defaultIfBlank(service.getSigningCredentialType(), samlIdp.getResponse().getCredentialType().name()).toUpperCase());
        LOGGER.trace("Requested credential type [{}] is found for service [{}]", credType, service.getName());
        switch(credType) {
            case BASIC:
                LOGGER.debug("Building credential signing key [{}] based on requested credential type", credType);
                if (credential.getPublicKey() == null) {
                    throw new IllegalArgumentException("Unable to identify the public key from the signing credential");
                }
                return finalizeSigningCredential(new BasicCredential(credential.getPublicKey(), privateKey), credential);
            case X509:
            default:
                if (credential instanceof BasicX509Credential) {
                    val certificate = BasicX509Credential.class.cast(credential).getEntityCertificate();
                    LOGGER.debug("Locating signature signing certificate from credential [{}]", CertUtils.toString(certificate));
                    return finalizeSigningCredential(new BasicX509Credential(certificate, privateKey), credential);
                }
                val signingCert = samlIdPMetadataLocator.resolveSigningCertificate(Optional.of(service));
                LOGGER.debug("Locating signature signing certificate file from [{}]", signingCert);
                val certificate = SamlUtils.readCertificate(signingCert);
                return finalizeSigningCredential(new BasicX509Credential(certificate, privateKey), credential);
        }
    } catch (final Exception e) {
        LoggingUtils.error(LOGGER, e);
    }
    return null;
}
Also used : lombok.val(lombok.val) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) SamlException(org.apereo.cas.support.saml.SamlException) BasicCredential(org.opensaml.security.credential.BasicCredential)

Example 9 with BasicCredential

use of org.opensaml.security.credential.BasicCredential in project verify-hub by alphagov.

the class AuthnResponseFactory method aResponseFromIdpBuilder.

public ResponseBuilder aResponseFromIdpBuilder(String idpEntityId, String ipAddressSeenByIdp, String requestId, DateTime issueInstant, String authnStatementAssertionId, String authnAssertionSubjectPid, String authnAssertionIssuer, String authnAssertionInResponseTo, String mdsStatementAssertionId, String mdsAssertionSubjectPid, String mdsAssertionIssuer, String mdsAssertionInResponseTo, Optional<BasicCredential> basicCredential) {
    TestCredentialFactory idpSigningCredentialFactory = new TestCredentialFactory(publicSigningCerts.get(idpEntityId), privateSigningKeys.get(idpEntityId));
    final Subject mdsAssertionSubject = SubjectBuilder.aSubject().withPersistentId(mdsAssertionSubjectPid).withSubjectConfirmation(SubjectConfirmationBuilder.aSubjectConfirmation().withSubjectConfirmationData(SubjectConfirmationDataBuilder.aSubjectConfirmationData().withInResponseTo(mdsAssertionInResponseTo).build()).build()).build();
    final Subject authnAssertionSubject = SubjectBuilder.aSubject().withNameId(buildNameID(authnAssertionSubjectPid)).withSubjectConfirmation(SubjectConfirmationBuilder.aSubjectConfirmation().withSubjectConfirmationData(SubjectConfirmationDataBuilder.aSubjectConfirmationData().withInResponseTo(authnAssertionInResponseTo).build()).build()).build();
    final Conditions mdsAssertionConditions = ConditionsBuilder.aConditions().validFor(new Duration(1000 * 60 * 60)).build();
    final AttributeStatement matchingDatasetAttributeStatement = MatchingDatasetAttributeStatementBuilder_1_1.aMatchingDatasetAttributeStatement_1_1().build();
    final Credential encryptingCredential;
    if (basicCredential.isPresent()) {
        encryptingCredential = basicCredential.get();
    } else {
        encryptingCredential = hubEncryptionCredentialFactory.getEncryptingCredential();
    }
    final Credential signingCredential = idpSigningCredentialFactory.getSigningCredential();
    final AssertionBuilder mdsAssertion = AssertionBuilder.anAssertion().withId(generateId()).withIssuer(IssuerBuilder.anIssuer().withIssuerId(mdsAssertionIssuer).build()).withSubject(mdsAssertionSubject).withConditions(mdsAssertionConditions).withId(mdsStatementAssertionId).addAttributeStatement(matchingDatasetAttributeStatement);
    final AssertionBuilder authnAssertion = AssertionBuilder.anAssertion().withId(generateId()).addAttributeStatement(anAttributeStatement().addAttribute(anIPAddress().withValue(ipAddressSeenByIdp).build()).build()).withIssuer(IssuerBuilder.anIssuer().withIssuerId(authnAssertionIssuer).build()).withSubject(authnAssertionSubject).withId(authnStatementAssertionId).withIssueInstant(issueInstant).addAuthnStatement(AuthnStatementBuilder.anAuthnStatement().build());
    ResponseBuilder responseBuilder = ResponseBuilder.aResponse().withId(generateId()).withIssuer(IssuerBuilder.anIssuer().withIssuerId(idpEntityId).build()).withSigningCredential(signingCredential).withInResponseTo(requestId).addEncryptedAssertion(mdsAssertion.withSignature(SignatureBuilder.aSignature().withSigningCredential(signingCredential).build()).buildWithEncrypterCredential(encryptingCredential)).addEncryptedAssertion(authnAssertion.withSignature(SignatureBuilder.aSignature().withSigningCredential(signingCredential).build()).buildWithEncrypterCredential(encryptingCredential));
    return responseBuilder;
}
Also used : TestCredentialFactory(uk.gov.ida.saml.core.test.TestCredentialFactory) BasicCredential(org.opensaml.security.credential.BasicCredential) Credential(org.opensaml.security.credential.Credential) AttributeStatementBuilder.anAttributeStatement(uk.gov.ida.saml.core.test.builders.AttributeStatementBuilder.anAttributeStatement) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Duration(org.joda.time.Duration) AssertionBuilder(uk.gov.ida.saml.core.test.builders.AssertionBuilder) ResponseBuilder(uk.gov.ida.saml.core.test.builders.ResponseBuilder) Subject(org.opensaml.saml.saml2.core.Subject) Conditions(org.opensaml.saml.saml2.core.Conditions)

Example 10 with BasicCredential

use of org.opensaml.security.credential.BasicCredential in project verify-hub by alphagov.

the class AssertionDecrypter method decrypt.

private Assertion decrypt(EncryptedAssertion encryptedAssertion) {
    Decrypter decrypter = new DecrypterFactory().createDecrypter(List.of(new BasicCredential(publicKey, privateKey)));
    decrypter.setRootInNewDocument(true);
    try {
        return decrypter.decrypt(encryptedAssertion);
    } catch (DecryptionException e) {
        throw new RuntimeException(e);
    }
}
Also used : DecrypterFactory(uk.gov.ida.saml.security.DecrypterFactory) Decrypter(org.opensaml.saml.saml2.encryption.Decrypter) DecryptionException(org.opensaml.xmlsec.encryption.support.DecryptionException) BasicCredential(org.opensaml.security.credential.BasicCredential)

Aggregations

BasicCredential (org.opensaml.security.credential.BasicCredential)19 Credential (org.opensaml.security.credential.Credential)6 PrivateKey (java.security.PrivateKey)5 X509Certificate (java.security.cert.X509Certificate)5 ArrayList (java.util.ArrayList)5 Saml2X509Credential (org.springframework.security.saml2.core.Saml2X509Credential)5 Response (javax.ws.rs.core.Response)4 Test (org.junit.jupiter.api.Test)4 lombok.val (lombok.val)3 BasicX509Credential (org.opensaml.security.x509.BasicX509Credential)3 SamlAuthnResponseTranslatorDto (uk.gov.ida.hub.samlengine.contracts.SamlAuthnResponseTranslatorDto)3 SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto (uk.gov.ida.integrationtest.hub.samlengine.builders.SamlAuthnResponseTranslatorDtoBuilder.aSamlAuthnResponseTranslatorDto)3 HardCodedKeyStore (uk.gov.ida.saml.core.test.HardCodedKeyStore)3 SamlException (org.apereo.cas.support.saml.SamlException)2 DecrypterFactory (uk.gov.ida.saml.security.DecrypterFactory)2 PublicKey (java.security.PublicKey)1 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)1 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1 SamlIdPProperties (org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties)1 SamlIdPResponseProperties (org.apereo.cas.configuration.model.support.saml.idp.SamlIdPResponseProperties)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial