use of org.opensaml.security.credential.Credential in project cas by apereo.
the class WsFederationHelperTests method verifyValidateSignatureBadKey.
@Test
@DirtiesContext
public void verifyValidateSignatureBadKey() throws Exception {
final List<Credential> signingWallet = new ArrayList<>();
final WsFederationConfiguration cfg = new WsFederationConfiguration();
cfg.setSigningCertificateResources(ctx.getResource("classpath:bad-signing.crt"));
signingWallet.addAll(cfg.getSigningCertificates());
final String wresult = testTokens.get(GOOD_TOKEN);
final Assertion assertion = wsFederationHelper.parseTokenFromString(wresult, wsFedConfig);
wsFedConfig.getSigningCertificates().clear();
wsFedConfig.getSigningCertificates().addAll(signingWallet);
final boolean result = wsFederationHelper.validateSignature(assertion, wsFedConfig);
assertFalse("testValidateSignatureModifiedKey() - False", result);
}
use of org.opensaml.security.credential.Credential in project cas by apereo.
the class BaseSamlObjectSigner method getSignatureSigningConfiguration.
/**
* Gets signature signing configuration.
*
* @return the signature signing configuration
* @throws Exception the exception
*/
protected SignatureSigningConfiguration getSignatureSigningConfiguration() throws Exception {
final BasicSignatureSigningConfiguration config = DefaultSecurityConfigurationBootstrap.buildDefaultSignatureSigningConfiguration();
final SamlIdPProperties samlIdp = casProperties.getAuthn().getSamlIdp();
if (this.overrideBlackListedSignatureAlgorithms != null && !samlIdp.getAlgs().getOverrideBlackListedSignatureSigningAlgorithms().isEmpty()) {
config.setBlacklistedAlgorithms(this.overrideBlackListedSignatureAlgorithms);
}
if (this.overrideSignatureAlgorithms != null && !this.overrideSignatureAlgorithms.isEmpty()) {
config.setSignatureAlgorithms(this.overrideSignatureAlgorithms);
}
if (this.overrideSignatureReferenceDigestMethods != null && !this.overrideSignatureReferenceDigestMethods.isEmpty()) {
config.setSignatureReferenceDigestMethods(this.overrideSignatureReferenceDigestMethods);
}
if (this.overrideWhiteListedAlgorithms != null && !this.overrideWhiteListedAlgorithms.isEmpty()) {
config.setWhitelistedAlgorithms(this.overrideWhiteListedAlgorithms);
}
if (StringUtils.isNotBlank(samlIdp.getAlgs().getOverrideSignatureCanonicalizationAlgorithm())) {
config.setSignatureCanonicalizationAlgorithm(samlIdp.getAlgs().getOverrideSignatureCanonicalizationAlgorithm());
}
LOGGER.debug("Signature signing blacklisted algorithms: [{}]", config.getBlacklistedAlgorithms());
LOGGER.debug("Signature signing signature algorithms: [{}]", config.getSignatureAlgorithms());
LOGGER.debug("Signature signing signature canonicalization algorithm: [{}]", config.getSignatureCanonicalizationAlgorithm());
LOGGER.debug("Signature signing whitelisted algorithms: [{}]", config.getWhitelistedAlgorithms());
LOGGER.debug("Signature signing reference digest methods: [{}]", config.getSignatureReferenceDigestMethods());
final PrivateKey privateKey = getSigningPrivateKey();
final X509Certificate certificate = getSigningCertificate();
final List<Credential> creds = new ArrayList<>();
creds.add(new BasicX509Credential(certificate, privateKey));
config.setSigningCredentials(creds);
LOGGER.debug("Signature signing credentials configured");
return config;
}
use of org.opensaml.security.credential.Credential in project verify-hub by alphagov.
the class NodeMetadataFactory method createSignature.
private static Signature createSignature() {
String metadataSigningCert = METADATA_SIGNING_A_PUBLIC_CERT;
String metadataSigningKey = METADATA_SIGNING_A_PRIVATE_KEY;
TestCredentialFactory testCredentialFactory = new TestCredentialFactory(metadataSigningCert, metadataSigningKey);
Credential credential = testCredentialFactory.getSigningCredential();
return SignatureBuilder.aSignature().withSigningCredential(credential).withX509Data(metadataSigningCert).build();
}
use of org.opensaml.security.credential.Credential in project verify-hub by alphagov.
the class NodeMetadataFactory method createSignature.
private static Signature createSignature() {
TestCredentialFactory testCredentialFactory = new TestCredentialFactory(METADATA_SIGNING_A_PUBLIC_CERT, METADATA_SIGNING_A_PRIVATE_KEY);
Credential credential = testCredentialFactory.getSigningCredential();
return SignatureBuilder.aSignature().withSigningCredential(credential).withX509Data(METADATA_SIGNING_A_PUBLIC_CERT).build();
}
use of org.opensaml.security.credential.Credential in project pac4j by pac4j.
the class KeyStoreDecryptionProvider method build.
@Override
public final Decrypter build() {
final Credential encryptionCredential = this.credentialProvider.getCredential();
final KeyInfoCredentialResolver resolver = new StaticKeyInfoCredentialResolver(encryptionCredential);
final Decrypter decrypter = new Decrypter(null, resolver, encryptedKeyResolver);
decrypter.setRootInNewDocument(true);
return decrypter;
}
Aggregations