Example 6 with BasicX509Credential
use of org.opensaml.security.x509.BasicX509Credential in project ddf by codice.
the class SimpleSign method validateSignatureAndSamlKey.
private void validateSignatureAndSamlKey(Signature signature, SAMLKeyInfo samlKeyInfo) throws SignatureException {
SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator();
try {
validator.validate(signature);
} catch (org.opensaml.xmlsec.signature.support.SignatureException e) {
throw new SignatureException("Error validating the SAMLKey signature", e);
}
BasicX509Credential credential = null;
if (samlKeyInfo.getCerts() != null) {
credential = new BasicX509Credential(samlKeyInfo.getCerts()[0]);
} else {
throw new SignatureException("Can't get X509Certificate or PublicKey to verify signature.");
}
ClassLoader threadLoader = null;
try {
threadLoader = Thread.currentThread().getContextClassLoader();
Thread.currentThread().setContextClassLoader(ApacheSantuarioSignatureValidationProviderImpl.class.getClassLoader());
SignatureValidator.validate(signature, credential);
} catch (org.opensaml.xmlsec.signature.support.SignatureException e) {
throw new SignatureException("Error validating the XML signature", e);
} finally {
if (threadLoader != null) {
Thread.currentThread().setContextClassLoader(threadLoader);
}
}
}
Also used :
BasicX509Credential(org.opensaml.security.x509.BasicX509Credential)
SAMLSignatureProfileValidator(org.opensaml.saml.security.impl.SAMLSignatureProfileValidator)
ApacheSantuarioSignatureValidationProviderImpl(org.opensaml.xmlsec.signature.support.provider.ApacheSantuarioSignatureValidationProviderImpl)
Example 7 with BasicX509Credential
use of org.opensaml.security.x509.BasicX509Credential in project ddf by codice.
the class SimpleSign method signSamlObject.
public void signSamlObject(SignableSAMLObject samlObject) throws SignatureException {
X509Certificate[] certificates = getSignatureCertificates();
String sigAlgo = getSignatureAlgorithm(certificates[0]);
PrivateKey privateKey = getSignaturePrivateKey();
// Create the signature
Signature signature = OpenSAMLUtil.buildSignature();
if (signature == null) {
throw new SignatureException("Unable to build signature.");
}
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
signature.setSignatureAlgorithm(sigAlgo);
BasicX509Credential signingCredential = new BasicX509Credential(certificates[0]);
signingCredential.setPrivateKey(privateKey);
signature.setSigningCredential(signingCredential);
X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
try {
KeyInfo keyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential);
signature.setKeyInfo(keyInfo);
} catch (org.opensaml.security.SecurityException e) {
throw new SignatureException("Error generating KeyInfo from signing credential", e);
}
if (samlObject instanceof Response) {
List<Assertion> assertions = ((Response) samlObject).getAssertions();
for (Assertion assertion : assertions) {
assertion.getSignature().setSigningCredential(signingCredential);
}
}
samlObject.setSignature(signature);
SAMLObjectContentReference contentRef = (SAMLObjectContentReference) signature.getContentReferences().get(0);
contentRef.setDigestAlgorithm(SignatureConstants.ALGO_ID_DIGEST_SHA1);
samlObject.releaseDOM();
samlObject.releaseChildrenDOM(true);
}
Also used :
PrivateKey(java.security.PrivateKey)
Assertion(org.opensaml.saml.saml2.core.Assertion)
X509Certificate(java.security.cert.X509Certificate)
Response(org.opensaml.saml.saml2.core.Response)
BasicX509Credential(org.opensaml.security.x509.BasicX509Credential)
KeyInfo(org.opensaml.xmlsec.signature.KeyInfo)
SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo)
Signature(org.opensaml.xmlsec.signature.Signature)
SAMLObjectContentReference(org.opensaml.saml.common.SAMLObjectContentReference)
X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)
Aggregations
BasicX509Credential (org.opensaml.security.x509.BasicX509Credential)5
X509Certificate (java.security.cert.X509Certificate)3
IOException (java.io.IOException)2
PrivateKey (java.security.PrivateKey)2
ServerApiException (org.apache.cloudstack.api.ServerApiException)2
SAMLProviderMetadata (org.apache.cloudstack.saml.SAMLProviderMetadata)2
CloudAuthenticationException (com.cloud.exception.CloudAuthenticationException)1
UserAccount (com.cloud.user.UserAccount)1
UserAccountVO (com.cloud.user.UserAccountVO)1
BufferedReader (java.io.BufferedReader)1
InputStream (java.io.InputStream)1
InputStreamReader (java.io.InputStreamReader)1
StringWriter (java.io.StringWriter)1
KeyPair (java.security.KeyPair)1
CertificateFactory (java.security.cert.CertificateFactory)1
ArrayList (java.util.ArrayList)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
DocumentBuilder (javax.xml.parsers.DocumentBuilder)1
DocumentBuilderFactory (javax.xml.parsers.DocumentBuilderFactory)1
ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)1
