Example 1 with Credential
use of org.opensaml.security.credential.Credential in project cas by apereo.
the class WsFederationHelperTests method verifyValidateSignatureBadKey.
@Test
@DirtiesContext
public void verifyValidateSignatureBadKey() throws Exception {
final List<Credential> signingWallet = new ArrayList<>();
final WsFederationConfiguration cfg = new WsFederationConfiguration();
cfg.setSigningCertificateResources(ctx.getResource("classpath:bad-signing.crt"));
signingWallet.addAll(cfg.getSigningCertificates());
final String wresult = testTokens.get(GOOD_TOKEN);
final Assertion assertion = wsFederationHelper.parseTokenFromString(wresult, wsFedConfig);
wsFedConfig.getSigningCertificates().clear();
wsFedConfig.getSigningCertificates().addAll(signingWallet);
final boolean result = wsFederationHelper.validateSignature(assertion, wsFedConfig);
assertFalse("testValidateSignatureModifiedKey() - False", result);
}
Also used :
Credential(org.opensaml.security.credential.Credential)
WsFederationCredential(org.apereo.cas.support.wsfederation.authentication.principal.WsFederationCredential)
ArrayList(java.util.ArrayList)
Assertion(org.opensaml.saml.saml1.core.Assertion)
Test(org.junit.Test)
DirtiesContext(org.springframework.test.annotation.DirtiesContext)
Example 2 with Credential
use of org.opensaml.security.credential.Credential in project cas by apereo.
the class BaseSamlObjectSigner method getSignatureSigningConfiguration.
/**
* Gets signature signing configuration.
*
* @return the signature signing configuration
* @throws Exception the exception
*/
protected SignatureSigningConfiguration getSignatureSigningConfiguration() throws Exception {
final BasicSignatureSigningConfiguration config = DefaultSecurityConfigurationBootstrap.buildDefaultSignatureSigningConfiguration();
final SamlIdPProperties samlIdp = casProperties.getAuthn().getSamlIdp();
if (this.overrideBlackListedSignatureAlgorithms != null && !samlIdp.getAlgs().getOverrideBlackListedSignatureSigningAlgorithms().isEmpty()) {
config.setBlacklistedAlgorithms(this.overrideBlackListedSignatureAlgorithms);
}
if (this.overrideSignatureAlgorithms != null && !this.overrideSignatureAlgorithms.isEmpty()) {
config.setSignatureAlgorithms(this.overrideSignatureAlgorithms);
}
if (this.overrideSignatureReferenceDigestMethods != null && !this.overrideSignatureReferenceDigestMethods.isEmpty()) {
config.setSignatureReferenceDigestMethods(this.overrideSignatureReferenceDigestMethods);
}
if (this.overrideWhiteListedAlgorithms != null && !this.overrideWhiteListedAlgorithms.isEmpty()) {
config.setWhitelistedAlgorithms(this.overrideWhiteListedAlgorithms);
}
if (StringUtils.isNotBlank(samlIdp.getAlgs().getOverrideSignatureCanonicalizationAlgorithm())) {
config.setSignatureCanonicalizationAlgorithm(samlIdp.getAlgs().getOverrideSignatureCanonicalizationAlgorithm());
}
LOGGER.debug("Signature signing blacklisted algorithms: [{}]", config.getBlacklistedAlgorithms());
LOGGER.debug("Signature signing signature algorithms: [{}]", config.getSignatureAlgorithms());
LOGGER.debug("Signature signing signature canonicalization algorithm: [{}]", config.getSignatureCanonicalizationAlgorithm());
LOGGER.debug("Signature signing whitelisted algorithms: [{}]", config.getWhitelistedAlgorithms());
LOGGER.debug("Signature signing reference digest methods: [{}]", config.getSignatureReferenceDigestMethods());
final PrivateKey privateKey = getSigningPrivateKey();
final X509Certificate certificate = getSigningCertificate();
final List<Credential> creds = new ArrayList<>();
creds.add(new BasicX509Credential(certificate, privateKey));
config.setSigningCredentials(creds);
LOGGER.debug("Signature signing credentials configured");
return config;
}
Also used :
Credential(org.opensaml.security.credential.Credential)
BasicX509Credential(org.opensaml.security.x509.BasicX509Credential)
PrivateKey(java.security.PrivateKey)
SamlIdPProperties(org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties)
BasicX509Credential(org.opensaml.security.x509.BasicX509Credential)
ArrayList(java.util.ArrayList)
BasicSignatureSigningConfiguration(org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration)
X509Certificate(java.security.cert.X509Certificate)
Example 3 with Credential
use of org.opensaml.security.credential.Credential in project verify-hub by alphagov.
the class NodeMetadataFactory method createSignature.
private static Signature createSignature() {
String metadataSigningCert = METADATA_SIGNING_A_PUBLIC_CERT;
String metadataSigningKey = METADATA_SIGNING_A_PRIVATE_KEY;
TestCredentialFactory testCredentialFactory = new TestCredentialFactory(metadataSigningCert, metadataSigningKey);
Credential credential = testCredentialFactory.getSigningCredential();
return SignatureBuilder.aSignature().withSigningCredential(credential).withX509Data(metadataSigningCert).build();
}
Also used :
TestCredentialFactory(uk.gov.ida.saml.core.test.TestCredentialFactory)
Credential(org.opensaml.security.credential.Credential)
Example 4 with Credential
use of org.opensaml.security.credential.Credential in project verify-hub by alphagov.
the class NodeMetadataFactory method createSignature.
private static Signature createSignature() {
TestCredentialFactory testCredentialFactory = new TestCredentialFactory(METADATA_SIGNING_A_PUBLIC_CERT, METADATA_SIGNING_A_PRIVATE_KEY);
Credential credential = testCredentialFactory.getSigningCredential();
return SignatureBuilder.aSignature().withSigningCredential(credential).withX509Data(METADATA_SIGNING_A_PUBLIC_CERT).build();
}
Also used :
TestCredentialFactory(uk.gov.ida.saml.core.test.TestCredentialFactory)
Credential(org.opensaml.security.credential.Credential)
Example 5 with Credential
use of org.opensaml.security.credential.Credential in project pac4j by pac4j.
the class KeyStoreDecryptionProvider method build.
@Override
public final Decrypter build() {
final Credential encryptionCredential = this.credentialProvider.getCredential();
final KeyInfoCredentialResolver resolver = new StaticKeyInfoCredentialResolver(encryptionCredential);
final Decrypter decrypter = new Decrypter(null, resolver, encryptedKeyResolver);
decrypter.setRootInNewDocument(true);
return decrypter;
}
Also used :
Credential(org.opensaml.security.credential.Credential)
StaticKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver)
Decrypter(org.opensaml.saml.saml2.encryption.Decrypter)
KeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver)
StaticKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver)
Aggregations
Credential (org.opensaml.security.credential.Credential)35
BasicCredential (org.opensaml.security.credential.BasicCredential)14
Saml2X509Credential (org.springframework.security.saml2.core.Saml2X509Credential)13
ArrayList (java.util.ArrayList)12
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)8
BasicSignatureSigningConfiguration (org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration)8
PrivateKey (java.security.PrivateKey)7
X509Certificate (java.security.cert.X509Certificate)6
BasicX509Credential (org.opensaml.security.x509.BasicX509Credential)6
SignatureSigningParameters (org.opensaml.xmlsec.SignatureSigningParameters)6
MarshallingException (org.opensaml.core.xml.io.MarshallingException)5
SignatureSigningConfigurationCriterion (org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion)5
Decrypter (org.opensaml.saml.saml2.encryption.Decrypter)4
SAMLMetadataSignatureSigningParametersResolver (org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver)4
SecurityException (org.opensaml.security.SecurityException)4
SignatureSigningParametersResolver (org.opensaml.xmlsec.SignatureSigningParametersResolver)4
Saml2Exception (org.springframework.security.saml2.Saml2Exception)4
SneakyThrows (lombok.SneakyThrows)3
SamlException (org.apereo.cas.support.saml.SamlException)3
Test (org.junit.jupiter.api.Test)3
