Example 1 with X509Data
use of org.opensaml.xml.signature.X509Data in project product-is by wso2.
the class SAML2SSOTestBase method setSignature.
/**
* Add Signature to SAML POST request
*
* @param request SAML authentication request.
* @param signatureAlgorithm Signature Algorithm.
* @param digestAlgorithm Digest algorithm to be used while digesting message.
* @param includeCert Whether to include certificate in request or not.
* @throws Exception
*/
protected void setSignature(RequestAbstractType request, String signatureAlgorithm, String digestAlgorithm, boolean includeCert, X509Credential x509Credential) throws Exception {
doBootstrap();
if (StringUtils.isEmpty(signatureAlgorithm)) {
signatureAlgorithm = XMLSignature.ALGO_ID_SIGNATURE_RSA;
}
if (StringUtils.isEmpty(digestAlgorithm)) {
digestAlgorithm = XML_DIGEST_ALGORITHM_SHA1;
}
Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
signature.setSigningCredential(x509Credential);
signature.setSignatureAlgorithm(signatureAlgorithm);
signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
if (includeCert) {
KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
org.opensaml.xml.signature.X509Certificate cert = (org.opensaml.xml.signature.X509Certificate) buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
String value = null;
value = org.apache.xml.security.utils.Base64.encode(x509Credential.getEntityCertificate().getEncoded());
cert.setValue(value);
data.getX509Certificates().add(cert);
keyInfo.getX509Datas().add(data);
signature.setKeyInfo(keyInfo);
}
request.setSignature(signature);
((SAMLObjectContentReference) signature.getContentReferences().get(0)).setDigestAlgorithm(digestAlgorithm);
List<Signature> signatureList = new ArrayList<Signature>();
signatureList.add(signature);
// Marshall and Sign
MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
Marshaller marshaller = marshallerFactory.getMarshaller(request);
marshaller.marshall(request);
org.apache.xml.security.Init.init();
Signer.signObjects(signatureList);
}
Also used :
Marshaller(org.opensaml.xml.io.Marshaller)
ArrayList(java.util.ArrayList)
X509Data(org.opensaml.xml.signature.X509Data)
MarshallerFactory(org.opensaml.xml.io.MarshallerFactory)
KeyInfo(org.opensaml.xml.signature.KeyInfo)
XMLSignature(org.apache.xml.security.signature.XMLSignature)
Signature(org.opensaml.xml.signature.Signature)
SAMLObjectContentReference(org.opensaml.common.impl.SAMLObjectContentReference)
Example 2 with X509Data
use of org.opensaml.xml.signature.X509Data in project entcore by opendigitaleducation.
the class SamlValidator method createSignature.
private Signature createSignature(boolean addKeyInfo) throws Throwable {
SignatureBuilder builder = new SignatureBuilder();
Signature signature = builder.buildObject();
// create public key (cert) portion of credential
String publicKeyPath = config.getString("saml-public-key");
FileInputStream inStream = new FileInputStream(publicKeyPath);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cer = (X509Certificate) cf.generateCertificate(inStream);
inStream.close();
// create credential and initialize
BasicX509Credential credential = new BasicX509Credential();
credential.setEntityCertificate(cer);
// credential.setPublicKey(cer.getPublicKey());
credential.setPrivateKey(privateKey);
signature.setSigningCredential(credential);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
if (addKeyInfo) {
KeyInfo keyInfo = SamlUtils.buildSAMLObjectWithDefaultName(KeyInfo.class);
X509Data data = SamlUtils.buildSAMLObjectWithDefaultName(X509Data.class);
org.opensaml.xml.signature.X509Certificate cert = SamlUtils.buildSAMLObjectWithDefaultName(org.opensaml.xml.signature.X509Certificate.class);
String value = org.apache.xml.security.utils.Base64.encode(credential.getEntityCertificate().getEncoded());
cert.setValue(value);
data.getX509Certificates().add(cert);
keyInfo.getX509Datas().add(data);
signature.setKeyInfo(keyInfo);
}
return signature;
}
Also used :
SignatureBuilder(org.opensaml.xml.signature.impl.SignatureBuilder)
BasicX509Credential(org.opensaml.xml.security.x509.BasicX509Credential)
KeyInfo(org.opensaml.xml.signature.KeyInfo)
Signature(org.opensaml.xml.signature.Signature)
XSString(org.opensaml.xml.schema.XSString)
CertificateFactory(java.security.cert.CertificateFactory)
X509Data(org.opensaml.xml.signature.X509Data)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
KeyInfo (org.opensaml.xml.signature.KeyInfo)2
Signature (org.opensaml.xml.signature.Signature)2
X509Data (org.opensaml.xml.signature.X509Data)2
CertificateFactory (java.security.cert.CertificateFactory)1
X509Certificate (java.security.cert.X509Certificate)1
ArrayList (java.util.ArrayList)1
XMLSignature (org.apache.xml.security.signature.XMLSignature)1
SAMLObjectContentReference (org.opensaml.common.impl.SAMLObjectContentReference)1
Marshaller (org.opensaml.xml.io.Marshaller)1
MarshallerFactory (org.opensaml.xml.io.MarshallerFactory)1
XSString (org.opensaml.xml.schema.XSString)1
BasicX509Credential (org.opensaml.xml.security.x509.BasicX509Credential)1
SignatureBuilder (org.opensaml.xml.signature.impl.SignatureBuilder)1
