Example 1 with KeyInfo
use of org.opensaml.xml.signature.KeyInfo in project product-is by wso2.
the class SAML2SSOTestBase method setSignature.
/**
* Add Signature to SAML POST request
*
* @param request SAML authentication request.
* @param signatureAlgorithm Signature Algorithm.
* @param digestAlgorithm Digest algorithm to be used while digesting message.
* @param includeCert Whether to include certificate in request or not.
* @throws Exception
*/
protected void setSignature(RequestAbstractType request, String signatureAlgorithm, String digestAlgorithm, boolean includeCert, X509Credential x509Credential) throws Exception {
doBootstrap();
if (StringUtils.isEmpty(signatureAlgorithm)) {
signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_RSA;
}
if (StringUtils.isEmpty(digestAlgorithm)) {
digestAlgorithm = XML_DIGEST_ALGORITHM_SHA1;
}
Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
signature.setSigningCredential(x509Credential);
signature.setSignatureAlgorithm(signatureAlgorithm);
signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
if (includeCert) {
KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
org.opensaml.xml.signature.X509Certificate cert = (org.opensaml.xml.signature.X509Certificate) buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
String value = null;
value = org.apache.xml.security.utils.Base64.encode(x509Credential.getEntityCertificate().getEncoded());
cert.setValue(value);
data.getX509Certificates().add(cert);
keyInfo.getX509Datas().add(data);
signature.setKeyInfo(keyInfo);
}
request.setSignature(signature);
((SAMLObjectContentReference) signature.getContentReferences().get(0)).setDigestAlgorithm(digestAlgorithm);
List<Signature> signatureList = new ArrayList<Signature>();
signatureList.add(signature);
// Marshall and Sign
MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
Marshaller marshaller = marshallerFactory.getMarshaller(request);
marshaller.marshall(request);
org.apache.xml.security.Init.init();
Signer.signObjects(signatureList);
}
Also used :
Marshaller(org.opensaml.xml.io.Marshaller)
ArrayList(java.util.ArrayList)
X509Data(org.opensaml.xml.signature.X509Data)
MarshallerFactory(org.opensaml.xml.io.MarshallerFactory)
KeyInfo(org.opensaml.xml.signature.KeyInfo)
XMLSignature(org.apache.xml.security.signature.XMLSignature)
Signature(org.opensaml.xml.signature.Signature)
SAMLObjectContentReference(org.opensaml.common.impl.SAMLObjectContentReference)
Example 2 with KeyInfo
use of org.opensaml.xml.signature.KeyInfo in project entcore by opendigitaleducation.
the class SamlValidator method createSignature.
private Signature createSignature(boolean addKeyInfo) throws Throwable {
SignatureBuilder builder = new SignatureBuilder();
Signature signature = builder.buildObject();
// create public key (cert) portion of credential
String publicKeyPath = config.getString("saml-public-key");
FileInputStream inStream = new FileInputStream(publicKeyPath);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cer = (X509Certificate) cf.generateCertificate(inStream);
inStream.close();
// create credential and initialize
BasicX509Credential credential = new BasicX509Credential();
credential.setEntityCertificate(cer);
// credential.setPublicKey(cer.getPublicKey());
credential.setPrivateKey(privateKey);
signature.setSigningCredential(credential);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
if (addKeyInfo) {
KeyInfo keyInfo = SamlUtils.buildSAMLObjectWithDefaultName(KeyInfo.class);
X509Data data = SamlUtils.buildSAMLObjectWithDefaultName(X509Data.class);
org.opensaml.xml.signature.X509Certificate cert = SamlUtils.buildSAMLObjectWithDefaultName(org.opensaml.xml.signature.X509Certificate.class);
String value = org.apache.xml.security.utils.Base64.encode(credential.getEntityCertificate().getEncoded());
cert.setValue(value);
data.getX509Certificates().add(cert);
keyInfo.getX509Datas().add(data);
signature.setKeyInfo(keyInfo);
}
return signature;
}
Also used :
SignatureBuilder(org.opensaml.xml.signature.impl.SignatureBuilder)
BasicX509Credential(org.opensaml.xml.security.x509.BasicX509Credential)
KeyInfo(org.opensaml.xml.signature.KeyInfo)
Signature(org.opensaml.xml.signature.Signature)
XSString(org.opensaml.xml.schema.XSString)
CertificateFactory(java.security.cert.CertificateFactory)
X509Data(org.opensaml.xml.signature.X509Data)
X509Certificate(java.security.cert.X509Certificate)
Example 3 with KeyInfo
use of org.opensaml.xml.signature.KeyInfo in project MaxKey by dromara.
the class WebServicePostEncoder method buildKeyInfo.
/**
* Build the {@link KeyInfo} from the signing credential.
*
* @param signingCredential
* the credential used for signing
* @param kiGenerator
* the generator for the KeyInfo
* @throws MessageEncodingException
* thrown if there is an error generating or marshalling the
* KeyInfo
* @return the marshalled, serialized and base64-encoded KeyInfo, or null if
* none was generated
*/
protected String buildKeyInfo(Credential signingCredential, KeyInfoGenerator kiGenerator) throws MessageEncodingException {
try {
KeyInfo keyInfo = kiGenerator.generate(signingCredential);
if (keyInfo != null) {
Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(keyInfo);
if (marshaller == null) {
log.error("No KeyInfo marshaller available from configuration");
throw new MessageEncodingException("No KeyInfo marshaller was configured");
}
String kiXML = XMLHelper.nodeToString(marshaller.marshall(keyInfo));
String kiBase64 = Base64.encodeBytes(kiXML.getBytes(), Base64.DONT_BREAK_LINES);
return kiBase64;
} else {
return null;
}
} catch (SecurityException e) {
log.error("Error generating KeyInfo from signing credential", e);
throw new MessageEncodingException("Error generating KeyInfo from signing credential", e);
} catch (MarshallingException e) {
log.error("Error marshalling KeyInfo based on signing credential", e);
throw new MessageEncodingException("Error marshalling KeyInfo based on signing credential", e);
}
}
Also used :
Marshaller(org.opensaml.xml.io.Marshaller)
MarshallingException(org.opensaml.xml.io.MarshallingException)
KeyInfo(org.opensaml.xml.signature.KeyInfo)
SecurityException(org.opensaml.xml.security.SecurityException)
MessageEncodingException(org.opensaml.ws.message.encoder.MessageEncodingException)
Aggregations
KeyInfo (org.opensaml.xml.signature.KeyInfo)3
Marshaller (org.opensaml.xml.io.Marshaller)2
Signature (org.opensaml.xml.signature.Signature)2
X509Data (org.opensaml.xml.signature.X509Data)2
CertificateFactory (java.security.cert.CertificateFactory)1
X509Certificate (java.security.cert.X509Certificate)1
ArrayList (java.util.ArrayList)1
XMLSignature (org.apache.xml.security.signature.XMLSignature)1
SAMLObjectContentReference (org.opensaml.common.impl.SAMLObjectContentReference)1
MessageEncodingException (org.opensaml.ws.message.encoder.MessageEncodingException)1
MarshallerFactory (org.opensaml.xml.io.MarshallerFactory)1
MarshallingException (org.opensaml.xml.io.MarshallingException)1
XSString (org.opensaml.xml.schema.XSString)1
SecurityException (org.opensaml.xml.security.SecurityException)1
BasicX509Credential (org.opensaml.xml.security.x509.BasicX509Credential)1
SignatureBuilder (org.opensaml.xml.signature.impl.SignatureBuilder)1
