Examples with SignatureBuilder org.opensaml.xml.signature.impl.SignatureBuilder used on opensource projects

Search in sources :

Example 1 with SignatureBuilder

use of org.opensaml.xml.signature.impl.SignatureBuilder in project entcore by opendigitaleducation.

the class SamlValidator method createSignature.

private Signature createSignature(boolean addKeyInfo) throws Throwable {
    SignatureBuilder builder = new SignatureBuilder();
    Signature signature = builder.buildObject();
    // create public key (cert) portion of credential
    String publicKeyPath = config.getString("saml-public-key");
    FileInputStream inStream = new FileInputStream(publicKeyPath);
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    X509Certificate cer = (X509Certificate) cf.generateCertificate(inStream);
    inStream.close();
    // create credential and initialize
    BasicX509Credential credential = new BasicX509Credential();
    credential.setEntityCertificate(cer);
    // credential.setPublicKey(cer.getPublicKey());
    credential.setPrivateKey(privateKey);
    signature.setSigningCredential(credential);
    signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
    signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
    if (addKeyInfo) {
        KeyInfo keyInfo = SamlUtils.buildSAMLObjectWithDefaultName(KeyInfo.class);
        X509Data data = SamlUtils.buildSAMLObjectWithDefaultName(X509Data.class);
        org.opensaml.xml.signature.X509Certificate cert = SamlUtils.buildSAMLObjectWithDefaultName(org.opensaml.xml.signature.X509Certificate.class);
        String value = org.apache.xml.security.utils.Base64.encode(credential.getEntityCertificate().getEncoded());
        cert.setValue(value);
        data.getX509Certificates().add(cert);
        keyInfo.getX509Datas().add(data);
        signature.setKeyInfo(keyInfo);
    }
    return signature;
}
Also used : SignatureBuilder(org.opensaml.xml.signature.impl.SignatureBuilder) BasicX509Credential(org.opensaml.xml.security.x509.BasicX509Credential) KeyInfo(org.opensaml.xml.signature.KeyInfo) Signature(org.opensaml.xml.signature.Signature) XSString(org.opensaml.xml.schema.XSString) CertificateFactory(java.security.cert.CertificateFactory) X509Data(org.opensaml.xml.signature.X509Data) X509Certificate(java.security.cert.X509Certificate)

Example 2 with SignatureBuilder

use of org.opensaml.xml.signature.impl.SignatureBuilder in project MaxKey by dromara.

the class AssertionGenerator method generateAssertion.

public Assertion generateAssertion(AppsSAML20Details saml20Details, BindingAdapter bindingAdapter, String assertionConsumerURL, String inResponseTo, String audienceUrl, int validInSeconds, HashMap<String, String> attributeMap) {
    Assertion assertion = new AssertionBuilder().buildObject();
    ;
    // Subject
    Subject subject = subjectGenerator.generateSubject(saml20Details, assertionConsumerURL, inResponseTo, validInSeconds);
    assertion.setSubject(subject);
    // issuer
    Issuer issuer = issuerGenerator.generateIssuer();
    assertion.setIssuer(issuer);
    // AuthnStatements
    DateTime authnInstant = new DateTime(WebContext.getSession().getCreationTime());
    AuthnStatement authnStatement = authnStatementGenerator.generateAuthnStatement(authnInstant);
    assertion.getAuthnStatements().add(authnStatement);
    // AttributeStatements
    ArrayList<GrantedAuthority> grantedAuthoritys = new ArrayList<GrantedAuthority>();
    grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_USER"));
    for (GrantedAuthority anthGrantedAuthority : ((UsernamePasswordAuthenticationToken) WebContext.getAuthentication()).getAuthorities()) {
        grantedAuthoritys.add(anthGrantedAuthority);
    }
    AttributeStatement attributeStatement = attributeStatementGenerator.generateAttributeStatement(saml20Details, grantedAuthoritys, attributeMap);
    assertion.getAttributeStatements().add(attributeStatement);
    // ID
    assertion.setID(idService.generateID());
    // IssueInstant
    assertion.setIssueInstant(timeService.getCurrentDateTime());
    // Conditions
    Conditions conditions = conditionsGenerator.generateConditions(audienceUrl, validInSeconds);
    assertion.setConditions(conditions);
    // sign Assertion
    try {
        if (bindingAdapter.getSigningCredential() == null) {
            throw new Exception("Signing Credential is null...");
        }
        logger.debug("EntityId " + bindingAdapter.getSigningCredential().getEntityId());
        BasicCredential basicCredential = new BasicCredential();
        basicCredential.setPrivateKey(bindingAdapter.getSigningCredential().getPrivateKey());
        Signature signature = new SignatureBuilder().buildObject();
        signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
        signature.setSigningCredential(basicCredential);
        KeyInfoGeneratorFactory keyInfoGeneratorFactory = Configuration.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager().getDefaultManager().getFactory(bindingAdapter.getSigningCredential());
        signature.setKeyInfo(keyInfoGeneratorFactory.newInstance().generate(bindingAdapter.getSigningCredential()));
        BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration();
        if (saml20Details.getSignature().equalsIgnoreCase("RSAwithSHA1")) {
            signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
            config.registerSignatureAlgorithmURI(saml20Details.getSignature(), SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
        } else if (saml20Details.getSignature().equalsIgnoreCase("RSAwithSHA256")) {
            signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
            config.registerSignatureAlgorithmURI(saml20Details.getSignature(), SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
        } else if (saml20Details.getSignature().equalsIgnoreCase("RSAwithSHA384")) {
            signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA384);
            config.registerSignatureAlgorithmURI(saml20Details.getSignature(), SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA384);
        } else if (saml20Details.getSignature().equalsIgnoreCase("RSAwithSHA512")) {
            signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512);
            config.registerSignatureAlgorithmURI(saml20Details.getSignature(), SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512);
        } else if (saml20Details.getSignature().equalsIgnoreCase("RSAwithMD5")) {
            signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5);
            config.registerSignatureAlgorithmURI(saml20Details.getSignature(), SignatureConstants.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5);
        } else if (saml20Details.getSignature().equalsIgnoreCase("RSAwithRIPEMD160")) {
            signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_RIPEMD160);
            config.registerSignatureAlgorithmURI(saml20Details.getSignature(), SignatureConstants.ALGO_ID_SIGNATURE_RSA_RIPEMD160);
        } else if (saml20Details.getSignature().equalsIgnoreCase("DSAwithSHA1")) {
            signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1);
            config.registerSignatureAlgorithmURI(saml20Details.getSignature(), SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1);
        } else if (saml20Details.getSignature().equalsIgnoreCase("ECDSAwithSHA256")) {
            signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
            config.registerSignatureAlgorithmURI(saml20Details.getSignature(), SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA256);
        } else if (saml20Details.getSignature().equalsIgnoreCase("ECDSAwithSHA384")) {
            signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA384);
            config.registerSignatureAlgorithmURI(saml20Details.getSignature(), SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA384);
        } else if (saml20Details.getSignature().equalsIgnoreCase("ECDSAwithSHA512")) {
            signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA512);
            config.registerSignatureAlgorithmURI(saml20Details.getSignature(), SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA512);
        } else if (saml20Details.getSignature().equalsIgnoreCase("HMAC-MD5")) {
            signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5);
            config.registerSignatureAlgorithmURI(saml20Details.getSignature(), SignatureConstants.ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5);
        } else if (saml20Details.getSignature().equalsIgnoreCase("HMAC-SHA1")) {
            signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_MAC_HMAC_SHA1);
            config.registerSignatureAlgorithmURI(saml20Details.getSignature(), SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
        } else if (saml20Details.getSignature().equalsIgnoreCase("HMAC-SHA256")) {
            signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
            config.registerSignatureAlgorithmURI(saml20Details.getSignature(), SignatureConstants.ALGO_ID_MAC_HMAC_SHA256);
        } else if (saml20Details.getSignature().equalsIgnoreCase("HMAC-SHA384")) {
            signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_MAC_HMAC_SHA384);
            config.registerSignatureAlgorithmURI(saml20Details.getSignature(), SignatureConstants.ALGO_ID_MAC_HMAC_SHA384);
        } else if (saml20Details.getSignature().equalsIgnoreCase("HMAC-SHA512")) {
            signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_MAC_HMAC_SHA512);
            config.registerSignatureAlgorithmURI(saml20Details.getSignature(), SignatureConstants.ALGO_ID_MAC_HMAC_SHA512);
        } else if (saml20Details.getSignature().equalsIgnoreCase("HMAC-RIPEMD160")) {
            signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_MAC_HMAC_RIPEMD160);
            config.registerSignatureAlgorithmURI(saml20Details.getSignature(), SignatureConstants.ALGO_ID_MAC_HMAC_RIPEMD160);
        }
        if (saml20Details.getDigestMethod().equalsIgnoreCase("MD5")) {
            config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_NOT_RECOMMENDED_MD5);
        } else if (saml20Details.getDigestMethod().equalsIgnoreCase("SHA1")) {
            config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA1);
        } else if (saml20Details.getDigestMethod().equalsIgnoreCase("SHA256")) {
            config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
        } else if (saml20Details.getDigestMethod().equalsIgnoreCase("SHA384")) {
            config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA384);
        } else if (saml20Details.getDigestMethod().equalsIgnoreCase("SHA512")) {
            config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA512);
        } else if (saml20Details.getDigestMethod().equalsIgnoreCase("RIPEMD-160")) {
            config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_RIPEMD160);
        }
        assertion.setSignature(signature);
        Configuration.getMarshallerFactory().getMarshaller(assertion).marshall(assertion);
        Signer.signObject(signature);
        logger.debug("assertion.isSigned " + assertion.isSigned());
    } catch (Exception e) {
        e.printStackTrace();
        logger.info("Unable to Signer assertion ", e);
    }
    return assertion;
}
Also used : SignatureBuilder(org.opensaml.xml.signature.impl.SignatureBuilder) Issuer(org.opensaml.saml2.core.Issuer) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) Assertion(org.opensaml.saml2.core.Assertion) ArrayList(java.util.ArrayList) AssertionBuilder(org.opensaml.saml2.core.impl.AssertionBuilder) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) BasicSecurityConfiguration(org.opensaml.xml.security.BasicSecurityConfiguration) Subject(org.opensaml.saml2.core.Subject) DateTime(org.joda.time.DateTime) Conditions(org.opensaml.saml2.core.Conditions) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) AttributeStatement(org.opensaml.saml2.core.AttributeStatement) Signature(org.opensaml.xml.signature.Signature) AuthnStatement(org.opensaml.saml2.core.AuthnStatement) KeyInfoGeneratorFactory(org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory) BasicCredential(org.opensaml.xml.security.credential.BasicCredential)

Example 3 with SignatureBuilder

use of org.opensaml.xml.signature.impl.SignatureBuilder in project uaa by cloudfoundry.

the class IdpWebSsoProfileImpl method signAssertion.

private void signAssertion(Assertion assertion, Credential credential) throws SecurityException, MarshallingException, SignatureException {
    SignatureBuilder signatureBuilder = (SignatureBuilder) builderFactory.getBuilder(Signature.DEFAULT_ELEMENT_NAME);
    Signature signature = signatureBuilder.buildObject();
    signature.setSigningCredential(credential);
    SecurityHelper.prepareSignatureParams(signature, credential, null, null);
    assertion.setSignature(signature);
    Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(assertion);
    marshaller.marshall(assertion);
    Signer.signObject(signature);
}
Also used : Marshaller(org.opensaml.xml.io.Marshaller) SignatureBuilder(org.opensaml.xml.signature.impl.SignatureBuilder) Signature(org.opensaml.xml.signature.Signature)

Example 4 with SignatureBuilder

use of org.opensaml.xml.signature.impl.SignatureBuilder in project uaa by cloudfoundry.

the class SamlTestUtils method mockAssertion.

public Assertion mockAssertion(String issuerEntityId, String format, String username, String spEndpoint, String audienceEntityID, String privateKey, String keyPassword, String certificate) throws Exception {
    String authenticationId = UUID.randomUUID().toString();
    Authentication authentication = mockUaaAuthentication(authenticationId);
    SAMLMessageContext context = mockSamlMessageContext();
    IdpWebSsoProfileImpl profile = mockSsoWebProfileImpl();
    IdpWebSSOProfileOptions options = new IdpWebSSOProfileOptions();
    options.setAssertionsSigned(false);
    profile.buildResponse(authentication, context, options);
    Response response = (Response) context.getOutboundSAMLMessage();
    Assertion assertion = response.getAssertions().get(0);
    DateTime until = new DateTime().plusHours(1);
    assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setRecipient(spEndpoint);
    assertion.getConditions().getAudienceRestrictions().get(0).getAudiences().get(0).setAudienceURI(audienceEntityID);
    assertion.getIssuer().setValue(issuerEntityId);
    assertion.getSubject().getNameID().setValue(username);
    assertion.getSubject().getNameID().setFormat(format);
    assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setInResponseTo(null);
    assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setNotOnOrAfter(until);
    assertion.getConditions().setNotOnOrAfter(until);
    SamlConfig config = new SamlConfig();
    config.addAndActivateKey("active-key", new SamlKey(privateKey, keyPassword, certificate));
    KeyManager keyManager = new SamlKeyManagerFactory().getKeyManager(config);
    SignatureBuilder signatureBuilder = (SignatureBuilder) builderFactory.getBuilder(Signature.DEFAULT_ELEMENT_NAME);
    Signature signature = signatureBuilder.buildObject();
    final Credential defaultCredential = keyManager.getDefaultCredential();
    signature.setSigningCredential(defaultCredential);
    SecurityHelper.prepareSignatureParams(signature, defaultCredential, null, null);
    assertion.setSignature(signature);
    Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(assertion);
    marshaller.marshall(assertion);
    Signer.signObject(signature);
    return assertion;
}
Also used : Credential(org.opensaml.xml.security.credential.Credential) AssertionMarshaller(org.opensaml.saml2.core.impl.AssertionMarshaller) Marshaller(org.opensaml.xml.io.Marshaller) SignatureBuilder(org.opensaml.xml.signature.impl.SignatureBuilder) SamlConfig(org.cloudfoundry.identity.uaa.zone.SamlConfig) DateTime(org.joda.time.DateTime) SamlKey(org.cloudfoundry.identity.uaa.saml.SamlKey) SAMLMessageContext(org.springframework.security.saml.context.SAMLMessageContext) UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication) Authentication(org.springframework.security.core.Authentication) Signature(org.opensaml.xml.signature.Signature) SamlKeyManagerFactory(org.cloudfoundry.identity.uaa.provider.saml.SamlKeyManagerFactory) KeyManager(org.springframework.security.saml.key.KeyManager)

Aggregations

Signature (org.opensaml.xml.signature.Signature)4 SignatureBuilder (org.opensaml.xml.signature.impl.SignatureBuilder)4 DateTime (org.joda.time.DateTime)2 Marshaller (org.opensaml.xml.io.Marshaller)2 CertificateFactory (java.security.cert.CertificateFactory)1 X509Certificate (java.security.cert.X509Certificate)1 ArrayList (java.util.ArrayList)1 UaaAuthentication (org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)1 SamlKeyManagerFactory (org.cloudfoundry.identity.uaa.provider.saml.SamlKeyManagerFactory)1 SamlKey (org.cloudfoundry.identity.uaa.saml.SamlKey)1 SamlConfig (org.cloudfoundry.identity.uaa.zone.SamlConfig)1 Assertion (org.opensaml.saml2.core.Assertion)1 AttributeStatement (org.opensaml.saml2.core.AttributeStatement)1 AuthnStatement (org.opensaml.saml2.core.AuthnStatement)1 Conditions (org.opensaml.saml2.core.Conditions)1 Issuer (org.opensaml.saml2.core.Issuer)1 Subject (org.opensaml.saml2.core.Subject)1 AssertionBuilder (org.opensaml.saml2.core.impl.AssertionBuilder)1 AssertionMarshaller (org.opensaml.saml2.core.impl.AssertionMarshaller)1 XSString (org.opensaml.xml.schema.XSString)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial