Search in sources :

Example 1 with KeyInfo

use of org.opensaml.xml.signature.KeyInfo in project product-is by wso2.

the class SAML2SSOTestBase method setSignature.

/**
 * Add Signature to SAML POST request
 *
 * @param request SAML authentication request.
 * @param signatureAlgorithm Signature Algorithm.
 * @param digestAlgorithm Digest algorithm to be used while digesting message.
 * @param includeCert Whether to include certificate in request or not.
 * @throws Exception
 */
protected void setSignature(RequestAbstractType request, String signatureAlgorithm, String digestAlgorithm, boolean includeCert, X509Credential x509Credential) throws Exception {
    doBootstrap();
    if (StringUtils.isEmpty(signatureAlgorithm)) {
        signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_RSA;
    }
    if (StringUtils.isEmpty(digestAlgorithm)) {
        digestAlgorithm = XML_DIGEST_ALGORITHM_SHA1;
    }
    Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
    signature.setSigningCredential(x509Credential);
    signature.setSignatureAlgorithm(signatureAlgorithm);
    signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
    if (includeCert) {
        KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
        org.opensaml.xml.signature.X509Certificate cert = (org.opensaml.xml.signature.X509Certificate) buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
        String value = null;
        value = org.apache.xml.security.utils.Base64.encode(x509Credential.getEntityCertificate().getEncoded());
        cert.setValue(value);
        data.getX509Certificates().add(cert);
        keyInfo.getX509Datas().add(data);
        signature.setKeyInfo(keyInfo);
    }
    request.setSignature(signature);
    ((SAMLObjectContentReference) signature.getContentReferences().get(0)).setDigestAlgorithm(digestAlgorithm);
    List<Signature> signatureList = new ArrayList<Signature>();
    signatureList.add(signature);
    // Marshall and Sign
    MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
    Marshaller marshaller = marshallerFactory.getMarshaller(request);
    marshaller.marshall(request);
    org.apache.xml.security.Init.init();
    Signer.signObjects(signatureList);
}
Also used : Marshaller(org.opensaml.xml.io.Marshaller) ArrayList(java.util.ArrayList) X509Data(org.opensaml.xml.signature.X509Data) MarshallerFactory(org.opensaml.xml.io.MarshallerFactory) KeyInfo(org.opensaml.xml.signature.KeyInfo) XMLSignature(org.apache.xml.security.signature.XMLSignature) Signature(org.opensaml.xml.signature.Signature) SAMLObjectContentReference(org.opensaml.common.impl.SAMLObjectContentReference)

Example 2 with KeyInfo

use of org.opensaml.xml.signature.KeyInfo in project entcore by opendigitaleducation.

the class SamlValidator method createSignature.

private Signature createSignature(boolean addKeyInfo) throws Throwable {
    SignatureBuilder builder = new SignatureBuilder();
    Signature signature = builder.buildObject();
    // create public key (cert) portion of credential
    String publicKeyPath = config.getString("saml-public-key");
    FileInputStream inStream = new FileInputStream(publicKeyPath);
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cer = (X509Certificate) cf.generateCertificate(inStream);
    inStream.close();
    // create credential and initialize
    BasicX509Credential credential = new BasicX509Credential();
    credential.setEntityCertificate(cer);
    // credential.setPublicKey(cer.getPublicKey());
    credential.setPrivateKey(privateKey);
    signature.setSigningCredential(credential);
    signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
    signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
    if (addKeyInfo) {
        KeyInfo keyInfo = SamlUtils.buildSAMLObjectWithDefaultName(KeyInfo.class);
        X509Data data = SamlUtils.buildSAMLObjectWithDefaultName(X509Data.class);
        org.opensaml.xml.signature.X509Certificate cert = SamlUtils.buildSAMLObjectWithDefaultName(org.opensaml.xml.signature.X509Certificate.class);
        String value = org.apache.xml.security.utils.Base64.encode(credential.getEntityCertificate().getEncoded());
        cert.setValue(value);
        data.getX509Certificates().add(cert);
        keyInfo.getX509Datas().add(data);
        signature.setKeyInfo(keyInfo);
    }
    return signature;
}
Also used : SignatureBuilder(org.opensaml.xml.signature.impl.SignatureBuilder) BasicX509Credential(org.opensaml.xml.security.x509.BasicX509Credential) KeyInfo(org.opensaml.xml.signature.KeyInfo) Signature(org.opensaml.xml.signature.Signature) XSString(org.opensaml.xml.schema.XSString) CertificateFactory(java.security.cert.CertificateFactory) X509Data(org.opensaml.xml.signature.X509Data) X509Certificate(java.security.cert.X509Certificate)

Example 3 with KeyInfo

use of org.opensaml.xml.signature.KeyInfo in project MaxKey by dromara.

the class WebServicePostEncoder method buildKeyInfo.

/**
 * Build the {@link KeyInfo} from the signing credential.
 *
 * @param signingCredential
 *            the credential used for signing
 * @param kiGenerator
 *            the generator for the KeyInfo
 * @throws MessageEncodingException
 *             thrown if there is an error generating or marshalling the
 *             KeyInfo
 * @return the marshalled, serialized and base64-encoded KeyInfo, or null if
 *         none was generated
 */
protected String buildKeyInfo(Credential signingCredential, KeyInfoGenerator kiGenerator) throws MessageEncodingException {
    try {
        KeyInfo keyInfo = kiGenerator.generate(signingCredential);
        if (keyInfo != null) {
            Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(keyInfo);
            if (marshaller == null) {
                log.error("No KeyInfo marshaller available from configuration");
                throw new MessageEncodingException("No KeyInfo marshaller was configured");
            }
            String kiXML = XMLHelper.nodeToString(marshaller.marshall(keyInfo));
            String kiBase64 = Base64.encodeBytes(kiXML.getBytes(), Base64.DONT_BREAK_LINES);
            return kiBase64;
        } else {
            return null;
        }
    } catch (SecurityException e) {
        log.error("Error generating KeyInfo from signing credential", e);
        throw new MessageEncodingException("Error generating KeyInfo from signing credential", e);
    } catch (MarshallingException e) {
        log.error("Error marshalling KeyInfo based on signing credential", e);
        throw new MessageEncodingException("Error marshalling KeyInfo based on signing credential", e);
    }
}
Also used : Marshaller(org.opensaml.xml.io.Marshaller) MarshallingException(org.opensaml.xml.io.MarshallingException) KeyInfo(org.opensaml.xml.signature.KeyInfo) SecurityException(org.opensaml.xml.security.SecurityException) MessageEncodingException(org.opensaml.ws.message.encoder.MessageEncodingException)

Aggregations

KeyInfo (org.opensaml.xml.signature.KeyInfo)3 Marshaller (org.opensaml.xml.io.Marshaller)2 Signature (org.opensaml.xml.signature.Signature)2 X509Data (org.opensaml.xml.signature.X509Data)2 CertificateFactory (java.security.cert.CertificateFactory)1 X509Certificate (java.security.cert.X509Certificate)1 ArrayList (java.util.ArrayList)1 XMLSignature (org.apache.xml.security.signature.XMLSignature)1 SAMLObjectContentReference (org.opensaml.common.impl.SAMLObjectContentReference)1 MessageEncodingException (org.opensaml.ws.message.encoder.MessageEncodingException)1 MarshallerFactory (org.opensaml.xml.io.MarshallerFactory)1 MarshallingException (org.opensaml.xml.io.MarshallingException)1 XSString (org.opensaml.xml.schema.XSString)1 SecurityException (org.opensaml.xml.security.SecurityException)1 BasicX509Credential (org.opensaml.xml.security.x509.BasicX509Credential)1 SignatureBuilder (org.opensaml.xml.signature.impl.SignatureBuilder)1