Search in sources :

Example 31 with Credential

use of org.opensaml.security.credential.Credential in project spring-security by spring-projects.

the class OpenSamlSigningUtils method resolveSigningParameters.

private static SignatureSigningParameters resolveSigningParameters(RelyingPartyRegistration relyingPartyRegistration) {
    List<Credential> credentials = resolveSigningCredentials(relyingPartyRegistration);
    List<String> algorithms = relyingPartyRegistration.getAssertingPartyDetails().getSigningAlgorithms();
    List<String> digests = Collections.singletonList(SignatureConstants.ALGO_ID_DIGEST_SHA256);
    String canonicalization = SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
    SignatureSigningParametersResolver resolver = new SAMLMetadataSignatureSigningParametersResolver();
    CriteriaSet criteria = new CriteriaSet();
    BasicSignatureSigningConfiguration signingConfiguration = new BasicSignatureSigningConfiguration();
    signingConfiguration.setSigningCredentials(credentials);
    signingConfiguration.setSignatureAlgorithms(algorithms);
    signingConfiguration.setSignatureReferenceDigestMethods(digests);
    signingConfiguration.setSignatureCanonicalizationAlgorithm(canonicalization);
    criteria.add(new SignatureSigningConfigurationCriterion(signingConfiguration));
    try {
        SignatureSigningParameters parameters = resolver.resolveSingle(criteria);
        Assert.notNull(parameters, "Failed to resolve any signing credential");
        return parameters;
    } catch (Exception ex) {
        throw new Saml2Exception(ex);
    }
}
Also used : BasicCredential(org.opensaml.security.credential.BasicCredential) Credential(org.opensaml.security.credential.Credential) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) SAMLMetadataSignatureSigningParametersResolver(org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver) SignatureSigningParametersResolver(org.opensaml.xmlsec.SignatureSigningParametersResolver) SignatureSigningParameters(org.opensaml.xmlsec.SignatureSigningParameters) SAMLMetadataSignatureSigningParametersResolver(org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) SignatureSigningConfigurationCriterion(org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion) Saml2Exception(org.springframework.security.saml2.Saml2Exception) BasicSignatureSigningConfiguration(org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration) MarshallingException(org.opensaml.core.xml.io.MarshallingException) SecurityException(org.opensaml.security.SecurityException) Saml2Exception(org.springframework.security.saml2.Saml2Exception)

Example 32 with Credential

use of org.opensaml.security.credential.Credential in project spring-security by spring-projects.

the class OpenSamlSigningUtils method resolveSigningCredentials.

private static List<Credential> resolveSigningCredentials(RelyingPartyRegistration relyingPartyRegistration) {
    List<Credential> credentials = new ArrayList<>();
    for (Saml2X509Credential x509Credential : relyingPartyRegistration.getSigningX509Credentials()) {
        X509Certificate certificate = x509Credential.getCertificate();
        PrivateKey privateKey = x509Credential.getPrivateKey();
        BasicCredential credential = CredentialSupport.getSimpleCredential(certificate, privateKey);
        credential.setEntityId(relyingPartyRegistration.getEntityId());
        credential.setUsageType(UsageType.SIGNING);
        credentials.add(credential);
    }
    return credentials;
}
Also used : BasicCredential(org.opensaml.security.credential.BasicCredential) Credential(org.opensaml.security.credential.Credential) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) PrivateKey(java.security.PrivateKey) ArrayList(java.util.ArrayList) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) X509Certificate(java.security.cert.X509Certificate) BasicCredential(org.opensaml.security.credential.BasicCredential)

Example 33 with Credential

use of org.opensaml.security.credential.Credential in project spring-security by spring-projects.

the class OpenSamlVerificationUtils method trustEngine.

static SignatureTrustEngine trustEngine(RelyingPartyRegistration registration) {
    Set<Credential> credentials = new HashSet<>();
    Collection<Saml2X509Credential> keys = registration.getAssertingPartyDetails().getVerificationX509Credentials();
    for (Saml2X509Credential key : keys) {
        BasicX509Credential cred = new BasicX509Credential(key.getCertificate());
        cred.setUsageType(UsageType.SIGNING);
        cred.setEntityId(registration.getAssertingPartyDetails().getEntityId());
        credentials.add(cred);
    }
    CredentialResolver credentialsResolver = new CollectionCredentialResolver(credentials);
    return new ExplicitKeySignatureTrustEngine(credentialsResolver, DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver());
}
Also used : Credential(org.opensaml.security.credential.Credential) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) ExplicitKeySignatureTrustEngine(org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) CollectionCredentialResolver(org.opensaml.security.credential.impl.CollectionCredentialResolver) CredentialResolver(org.opensaml.security.credential.CredentialResolver) CollectionCredentialResolver(org.opensaml.security.credential.impl.CollectionCredentialResolver) HashSet(java.util.HashSet)

Example 34 with Credential

use of org.opensaml.security.credential.Credential in project spring-security by spring-projects.

the class OpenSamlSigningUtils method resolveSigningParameters.

private static SignatureSigningParameters resolveSigningParameters(RelyingPartyRegistration relyingPartyRegistration) {
    List<Credential> credentials = resolveSigningCredentials(relyingPartyRegistration);
    List<String> algorithms = relyingPartyRegistration.getAssertingPartyDetails().getSigningAlgorithms();
    List<String> digests = Collections.singletonList(SignatureConstants.ALGO_ID_DIGEST_SHA256);
    String canonicalization = SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
    SignatureSigningParametersResolver resolver = new SAMLMetadataSignatureSigningParametersResolver();
    CriteriaSet criteria = new CriteriaSet();
    BasicSignatureSigningConfiguration signingConfiguration = new BasicSignatureSigningConfiguration();
    signingConfiguration.setSigningCredentials(credentials);
    signingConfiguration.setSignatureAlgorithms(algorithms);
    signingConfiguration.setSignatureReferenceDigestMethods(digests);
    signingConfiguration.setSignatureCanonicalizationAlgorithm(canonicalization);
    signingConfiguration.setKeyInfoGeneratorManager(buildSignatureKeyInfoGeneratorManager());
    criteria.add(new SignatureSigningConfigurationCriterion(signingConfiguration));
    try {
        SignatureSigningParameters parameters = resolver.resolveSingle(criteria);
        Assert.notNull(parameters, "Failed to resolve any signing credential");
        return parameters;
    } catch (Exception ex) {
        throw new Saml2Exception(ex);
    }
}
Also used : BasicCredential(org.opensaml.security.credential.BasicCredential) Credential(org.opensaml.security.credential.Credential) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) SAMLMetadataSignatureSigningParametersResolver(org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver) SignatureSigningParametersResolver(org.opensaml.xmlsec.SignatureSigningParametersResolver) SignatureSigningParameters(org.opensaml.xmlsec.SignatureSigningParameters) SAMLMetadataSignatureSigningParametersResolver(org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) SignatureSigningConfigurationCriterion(org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion) Saml2Exception(org.springframework.security.saml2.Saml2Exception) BasicSignatureSigningConfiguration(org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration) MarshallingException(org.opensaml.core.xml.io.MarshallingException) SecurityException(org.opensaml.security.SecurityException) Saml2Exception(org.springframework.security.saml2.Saml2Exception)

Example 35 with Credential

use of org.opensaml.security.credential.Credential in project spring-security by spring-projects.

the class OpenSamlSigningUtils method resolveSigningParameters.

private static SignatureSigningParameters resolveSigningParameters(RelyingPartyRegistration relyingPartyRegistration) {
    List<Credential> credentials = resolveSigningCredentials(relyingPartyRegistration);
    List<String> algorithms = relyingPartyRegistration.getAssertingPartyDetails().getSigningAlgorithms();
    List<String> digests = Collections.singletonList(SignatureConstants.ALGO_ID_DIGEST_SHA256);
    String canonicalization = SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
    SignatureSigningParametersResolver resolver = new SAMLMetadataSignatureSigningParametersResolver();
    CriteriaSet criteria = new CriteriaSet();
    BasicSignatureSigningConfiguration signingConfiguration = new BasicSignatureSigningConfiguration();
    signingConfiguration.setSigningCredentials(credentials);
    signingConfiguration.setSignatureAlgorithms(algorithms);
    signingConfiguration.setSignatureReferenceDigestMethods(digests);
    signingConfiguration.setSignatureCanonicalizationAlgorithm(canonicalization);
    signingConfiguration.setKeyInfoGeneratorManager(buildSignatureKeyInfoGeneratorManager());
    criteria.add(new SignatureSigningConfigurationCriterion(signingConfiguration));
    try {
        SignatureSigningParameters parameters = resolver.resolveSingle(criteria);
        Assert.notNull(parameters, "Failed to resolve any signing credential");
        return parameters;
    } catch (Exception ex) {
        throw new Saml2Exception(ex);
    }
}
Also used : BasicCredential(org.opensaml.security.credential.BasicCredential) Credential(org.opensaml.security.credential.Credential) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) SAMLMetadataSignatureSigningParametersResolver(org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver) SignatureSigningParametersResolver(org.opensaml.xmlsec.SignatureSigningParametersResolver) SignatureSigningParameters(org.opensaml.xmlsec.SignatureSigningParameters) SAMLMetadataSignatureSigningParametersResolver(org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) SignatureSigningConfigurationCriterion(org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion) Saml2Exception(org.springframework.security.saml2.Saml2Exception) BasicSignatureSigningConfiguration(org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration) MarshallingException(org.opensaml.core.xml.io.MarshallingException) SecurityException(org.opensaml.security.SecurityException) Saml2Exception(org.springframework.security.saml2.Saml2Exception)

Aggregations

Credential (org.opensaml.security.credential.Credential)35 BasicCredential (org.opensaml.security.credential.BasicCredential)14 Saml2X509Credential (org.springframework.security.saml2.core.Saml2X509Credential)13 ArrayList (java.util.ArrayList)12 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)8 BasicSignatureSigningConfiguration (org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration)8 PrivateKey (java.security.PrivateKey)7 X509Certificate (java.security.cert.X509Certificate)6 BasicX509Credential (org.opensaml.security.x509.BasicX509Credential)6 SignatureSigningParameters (org.opensaml.xmlsec.SignatureSigningParameters)6 MarshallingException (org.opensaml.core.xml.io.MarshallingException)5 SignatureSigningConfigurationCriterion (org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion)5 Decrypter (org.opensaml.saml.saml2.encryption.Decrypter)4 SAMLMetadataSignatureSigningParametersResolver (org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver)4 SecurityException (org.opensaml.security.SecurityException)4 SignatureSigningParametersResolver (org.opensaml.xmlsec.SignatureSigningParametersResolver)4 Saml2Exception (org.springframework.security.saml2.Saml2Exception)4 SneakyThrows (lombok.SneakyThrows)3 SamlException (org.apereo.cas.support.saml.SamlException)3 Test (org.junit.jupiter.api.Test)3