Search in sources :

Example 1 with Credential

use of org.opensaml.security.credential.Credential in project cas by apereo.

the class WsFederationHelperTests method verifyValidateSignatureBadKey.

@Test
@DirtiesContext
public void verifyValidateSignatureBadKey() throws Exception {
    final List<Credential> signingWallet = new ArrayList<>();
    final WsFederationConfiguration cfg = new WsFederationConfiguration();
    cfg.setSigningCertificateResources(ctx.getResource("classpath:bad-signing.crt"));
    signingWallet.addAll(cfg.getSigningCertificates());
    final String wresult = testTokens.get(GOOD_TOKEN);
    final Assertion assertion = wsFederationHelper.parseTokenFromString(wresult, wsFedConfig);
    wsFedConfig.getSigningCertificates().clear();
    wsFedConfig.getSigningCertificates().addAll(signingWallet);
    final boolean result = wsFederationHelper.validateSignature(assertion, wsFedConfig);
    assertFalse("testValidateSignatureModifiedKey() - False", result);
}
Also used : Credential(org.opensaml.security.credential.Credential) WsFederationCredential(org.apereo.cas.support.wsfederation.authentication.principal.WsFederationCredential) ArrayList(java.util.ArrayList) Assertion(org.opensaml.saml.saml1.core.Assertion) Test(org.junit.Test) DirtiesContext(org.springframework.test.annotation.DirtiesContext)

Example 2 with Credential

use of org.opensaml.security.credential.Credential in project cas by apereo.

the class BaseSamlObjectSigner method getSignatureSigningConfiguration.

/**
     * Gets signature signing configuration.
     *
     * @return the signature signing configuration
     * @throws Exception the exception
     */
protected SignatureSigningConfiguration getSignatureSigningConfiguration() throws Exception {
    final BasicSignatureSigningConfiguration config = DefaultSecurityConfigurationBootstrap.buildDefaultSignatureSigningConfiguration();
    final SamlIdPProperties samlIdp = casProperties.getAuthn().getSamlIdp();
    if (this.overrideBlackListedSignatureAlgorithms != null && !samlIdp.getAlgs().getOverrideBlackListedSignatureSigningAlgorithms().isEmpty()) {
        config.setBlacklistedAlgorithms(this.overrideBlackListedSignatureAlgorithms);
    }
    if (this.overrideSignatureAlgorithms != null && !this.overrideSignatureAlgorithms.isEmpty()) {
        config.setSignatureAlgorithms(this.overrideSignatureAlgorithms);
    }
    if (this.overrideSignatureReferenceDigestMethods != null && !this.overrideSignatureReferenceDigestMethods.isEmpty()) {
        config.setSignatureReferenceDigestMethods(this.overrideSignatureReferenceDigestMethods);
    }
    if (this.overrideWhiteListedAlgorithms != null && !this.overrideWhiteListedAlgorithms.isEmpty()) {
        config.setWhitelistedAlgorithms(this.overrideWhiteListedAlgorithms);
    }
    if (StringUtils.isNotBlank(samlIdp.getAlgs().getOverrideSignatureCanonicalizationAlgorithm())) {
        config.setSignatureCanonicalizationAlgorithm(samlIdp.getAlgs().getOverrideSignatureCanonicalizationAlgorithm());
    }
    LOGGER.debug("Signature signing blacklisted algorithms: [{}]", config.getBlacklistedAlgorithms());
    LOGGER.debug("Signature signing signature algorithms: [{}]", config.getSignatureAlgorithms());
    LOGGER.debug("Signature signing signature canonicalization algorithm: [{}]", config.getSignatureCanonicalizationAlgorithm());
    LOGGER.debug("Signature signing whitelisted algorithms: [{}]", config.getWhitelistedAlgorithms());
    LOGGER.debug("Signature signing reference digest methods: [{}]", config.getSignatureReferenceDigestMethods());
    final PrivateKey privateKey = getSigningPrivateKey();
    final X509Certificate certificate = getSigningCertificate();
    final List<Credential> creds = new ArrayList<>();
    creds.add(new BasicX509Credential(certificate, privateKey));
    config.setSigningCredentials(creds);
    LOGGER.debug("Signature signing credentials configured");
    return config;
}
Also used : Credential(org.opensaml.security.credential.Credential) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) PrivateKey(java.security.PrivateKey) SamlIdPProperties(org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) ArrayList(java.util.ArrayList) BasicSignatureSigningConfiguration(org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration) X509Certificate(java.security.cert.X509Certificate)

Example 3 with Credential

use of org.opensaml.security.credential.Credential in project verify-hub by alphagov.

the class NodeMetadataFactory method createSignature.

private static Signature createSignature() {
    String metadataSigningCert = METADATA_SIGNING_A_PUBLIC_CERT;
    String metadataSigningKey = METADATA_SIGNING_A_PRIVATE_KEY;
    TestCredentialFactory testCredentialFactory = new TestCredentialFactory(metadataSigningCert, metadataSigningKey);
    Credential credential = testCredentialFactory.getSigningCredential();
    return SignatureBuilder.aSignature().withSigningCredential(credential).withX509Data(metadataSigningCert).build();
}
Also used : TestCredentialFactory(uk.gov.ida.saml.core.test.TestCredentialFactory) Credential(org.opensaml.security.credential.Credential)

Example 4 with Credential

use of org.opensaml.security.credential.Credential in project verify-hub by alphagov.

the class NodeMetadataFactory method createSignature.

private static Signature createSignature() {
    TestCredentialFactory testCredentialFactory = new TestCredentialFactory(METADATA_SIGNING_A_PUBLIC_CERT, METADATA_SIGNING_A_PRIVATE_KEY);
    Credential credential = testCredentialFactory.getSigningCredential();
    return SignatureBuilder.aSignature().withSigningCredential(credential).withX509Data(METADATA_SIGNING_A_PUBLIC_CERT).build();
}
Also used : TestCredentialFactory(uk.gov.ida.saml.core.test.TestCredentialFactory) Credential(org.opensaml.security.credential.Credential)

Example 5 with Credential

use of org.opensaml.security.credential.Credential in project pac4j by pac4j.

the class KeyStoreDecryptionProvider method build.

@Override
public final Decrypter build() {
    final Credential encryptionCredential = this.credentialProvider.getCredential();
    final KeyInfoCredentialResolver resolver = new StaticKeyInfoCredentialResolver(encryptionCredential);
    final Decrypter decrypter = new Decrypter(null, resolver, encryptedKeyResolver);
    decrypter.setRootInNewDocument(true);
    return decrypter;
}
Also used : Credential(org.opensaml.security.credential.Credential) StaticKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver) Decrypter(org.opensaml.saml.saml2.encryption.Decrypter) KeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver) StaticKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver)

Aggregations

Credential (org.opensaml.security.credential.Credential)35 BasicCredential (org.opensaml.security.credential.BasicCredential)14 Saml2X509Credential (org.springframework.security.saml2.core.Saml2X509Credential)13 ArrayList (java.util.ArrayList)12 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)8 BasicSignatureSigningConfiguration (org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration)8 PrivateKey (java.security.PrivateKey)7 X509Certificate (java.security.cert.X509Certificate)6 BasicX509Credential (org.opensaml.security.x509.BasicX509Credential)6 SignatureSigningParameters (org.opensaml.xmlsec.SignatureSigningParameters)6 MarshallingException (org.opensaml.core.xml.io.MarshallingException)5 SignatureSigningConfigurationCriterion (org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion)5 Decrypter (org.opensaml.saml.saml2.encryption.Decrypter)4 SAMLMetadataSignatureSigningParametersResolver (org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver)4 SecurityException (org.opensaml.security.SecurityException)4 SignatureSigningParametersResolver (org.opensaml.xmlsec.SignatureSigningParametersResolver)4 Saml2Exception (org.springframework.security.saml2.Saml2Exception)4 SneakyThrows (lombok.SneakyThrows)3 SamlException (org.apereo.cas.support.saml.SamlException)3 Test (org.junit.jupiter.api.Test)3