Examples with SignatureSigningConfiguration org.opensaml.xmlsec.SignatureSigningConfiguration used on opensource projects

Search in sources :

Example 1 with SignatureSigningConfiguration

use of org.opensaml.xmlsec.SignatureSigningConfiguration in project cas by apereo.

the class DefaultSamlIdPObjectSigner method getSignatureSigningConfiguration.

/**
 * Gets signature signing configuration.
 * The resolved used is {@link SamlIdPMetadataCredentialResolver} that
 * allows the entire criteria set to be passed to the role descriptor resolver.
 * This behavior allows the passing of {@link SamlIdPSamlRegisteredServiceCriterion}
 * so signing configuration, etc can be fetched for a specific service as an override,
 * if on is in fact defined for the service.
 *
 * @param service the service
 * @return the signature signing configuration
 * @throws Exception the exception
 */
protected SignatureSigningConfiguration getSignatureSigningConfiguration(final SamlRegisteredService service) throws Exception {
    val config = configureSignatureSigningSecurityConfiguration(service);
    val samlIdp = casProperties.getAuthn().getSamlIdp();
    val privateKey = getSigningPrivateKey(service);
    val mdCredentialResolver = new SamlIdPMetadataCredentialResolver();
    val roleDescriptorResolver = SamlIdPUtils.getRoleDescriptorResolver(samlIdPMetadataResolver, samlIdp.getMetadata().getCore().isRequireValidMetadata());
    mdCredentialResolver.setRoleDescriptorResolver(roleDescriptorResolver);
    mdCredentialResolver.setKeyInfoCredentialResolver(DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver());
    mdCredentialResolver.initialize();
    val criteriaSet = new CriteriaSet();
    criteriaSet.add(new SignatureSigningConfigurationCriterion(config));
    criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
    val entityIdCriteriaSet = new CriteriaSet(new EvaluableEntityRoleEntityDescriptorCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME), new SamlIdPSamlRegisteredServiceCriterion(service));
    LOGGER.trace("Resolving entity id from SAML2 IdP metadata for signature signing configuration is [{}]", service.getName());
    val entityId = Objects.requireNonNull(samlIdPMetadataResolver.resolveSingle(entityIdCriteriaSet)).getEntityID();
    LOGGER.trace("Resolved entity id from SAML2 IdP metadata is [{}]", entityId);
    criteriaSet.add(new EntityIdCriterion(entityId));
    criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
    criteriaSet.add(new SamlIdPSamlRegisteredServiceCriterion(service));
    LOGGER.trace("Resolved signing credentials based on criteria [{}]", criteriaSet);
    val credentials = Sets.newLinkedHashSet(mdCredentialResolver.resolve(criteriaSet));
    LOGGER.trace("Resolved [{}] signing credentials", credentials.size());
    val finalCredentials = new ArrayList<Credential>();
    credentials.stream().map(c -> getResolvedSigningCredential(c, privateKey, service)).filter(Objects::nonNull).filter(c -> doesCredentialFingerprintMatch(c, service)).forEach(finalCredentials::add);
    if (finalCredentials.isEmpty()) {
        LOGGER.error("Unable to locate any signing credentials for service [{}]", service.getName());
        throw new IllegalArgumentException("Unable to locate signing credentials");
    }
    config.setSigningCredentials(finalCredentials);
    LOGGER.trace("Signature signing credentials configured with [{}] credentials", finalCredentials.size());
    return config;
}
Also used : lombok.val(lombok.val) CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) MessageContext(org.opensaml.messaging.context.MessageContext) SneakyThrows(lombok.SneakyThrows) RequiredArgsConstructor(lombok.RequiredArgsConstructor) SignatureSigningConfiguration(org.opensaml.xmlsec.SignatureSigningConfiguration) StringUtils(org.apache.commons.lang3.StringUtils) PrivateKeyFactoryBean(org.apereo.cas.util.crypto.PrivateKeyFactoryBean) SamlUtils(org.apereo.cas.support.saml.SamlUtils) SignatureSigningParameters(org.opensaml.xmlsec.SignatureSigningParameters) LoggingUtils(org.apereo.cas.util.LoggingUtils) Pair(org.apache.commons.lang3.tuple.Pair) SamlException(org.apereo.cas.support.saml.SamlException) BasicCredential(org.opensaml.security.credential.BasicCredential) SAMLMetadataSignatureSigningParametersResolver(org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver) UsageType(org.opensaml.security.credential.UsageType) SAMLOutboundDestinationHandler(org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler) MetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver) RequestAbstractType(org.opensaml.saml.saml2.core.RequestAbstractType) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) SamlIdPUtils(org.apereo.cas.support.saml.SamlIdPUtils) Sets(com.google.common.collect.Sets) AbstractCredential(org.opensaml.security.credential.AbstractCredential) Objects(java.util.Objects) Slf4j(lombok.extern.slf4j.Slf4j) SAMLObject(org.opensaml.saml.common.SAMLObject) PrivateKey(java.security.PrivateKey) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) SignatureSigningConfigurationCriterion(org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion) EndpointURLSchemeSecurityHandler(org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler) SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) Optional(java.util.Optional) Pattern(java.util.regex.Pattern) MutableCredential(org.opensaml.security.credential.MutableCredential) SAMLOutboundProtocolMessageSigningHandler(org.opensaml.saml.common.binding.security.impl.SAMLOutboundProtocolMessageSigningHandler) UsageCriterion(org.opensaml.security.criteria.UsageCriterion) Getter(lombok.Getter) DigestUtils(org.apereo.cas.util.DigestUtils) SamlIdPMetadataCredentialResolver(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataCredentialResolver) ArrayList(java.util.ArrayList) HttpServletRequest(javax.servlet.http.HttpServletRequest) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) SecurityParametersContext(org.opensaml.xmlsec.context.SecurityParametersContext) SamlIdPSamlRegisteredServiceCriterion(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion) SamlIdPResponseProperties(org.apereo.cas.configuration.model.support.saml.idp.SamlIdPResponseProperties) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) BasicAlgorithmPolicyConfiguration(org.opensaml.xmlsec.impl.BasicAlgorithmPolicyConfiguration) RoleDescriptorCriterion(org.opensaml.saml.criterion.RoleDescriptorCriterion) DefaultSecurityConfigurationBootstrap(org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap) Credential(org.opensaml.security.credential.Credential) lombok.val(lombok.val) HttpServletResponse(javax.servlet.http.HttpServletResponse) RoleDescriptor(org.opensaml.saml.saml2.metadata.RoleDescriptor) RegexUtils(org.apereo.cas.util.RegexUtils) CertUtils(org.apereo.cas.util.crypto.CertUtils) SamlIdPMetadataLocator(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator) EvaluableEntityRoleEntityDescriptorCriterion(org.opensaml.saml.metadata.criteria.entity.impl.EvaluableEntityRoleEntityDescriptorCriterion) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) BasicSignatureSigningConfiguration(org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration) UsageCriterion(org.opensaml.security.criteria.UsageCriterion) EvaluableEntityRoleEntityDescriptorCriterion(org.opensaml.saml.metadata.criteria.entity.impl.EvaluableEntityRoleEntityDescriptorCriterion) SamlIdPSamlRegisteredServiceCriterion(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) ArrayList(java.util.ArrayList) SamlIdPMetadataCredentialResolver(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataCredentialResolver) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) Objects(java.util.Objects) SignatureSigningConfigurationCriterion(org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion)

Example 2 with SignatureSigningConfiguration

use of org.opensaml.xmlsec.SignatureSigningConfiguration in project cas by apereo.

the class SamlIdPObjectSigner method buildSignatureSigningParameters.

/**
 * Build signature signing parameters signature signing parameters.
 *
 * @param descriptor the descriptor
 * @param service    the service
 * @return the signature signing parameters
 * @throws SAMLException the saml exception
 */
@SneakyThrows
protected SignatureSigningParameters buildSignatureSigningParameters(final RoleDescriptor descriptor, final SamlRegisteredService service) throws SAMLException {
    final CriteriaSet criteria = new CriteriaSet();
    final SignatureSigningConfiguration signatureSigningConfiguration = getSignatureSigningConfiguration(descriptor, service);
    criteria.add(new SignatureSigningConfigurationCriterion(signatureSigningConfiguration));
    criteria.add(new RoleDescriptorCriterion(descriptor));
    final SAMLMetadataSignatureSigningParametersResolver resolver = new SAMLMetadataSignatureSigningParametersResolver();
    LOGGER.debug("Resolving signature signing parameters for [{}]", descriptor.getElementQName().getLocalPart());
    @NonNull final SignatureSigningParameters params = resolver.resolveSingle(criteria);
    LOGGER.debug("Created signature signing parameters." + "\nSignature algorithm: [{}]" + "\nSignature canonicalization algorithm: [{}]" + "\nSignature reference digest methods: [{}]", params.getSignatureAlgorithm(), params.getSignatureCanonicalizationAlgorithm(), params.getSignatureReferenceDigestMethod());
    return params;
}
Also used : SignatureSigningConfiguration(org.opensaml.xmlsec.SignatureSigningConfiguration) BasicSignatureSigningConfiguration(org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration) RoleDescriptorCriterion(org.opensaml.saml.criterion.RoleDescriptorCriterion) SignatureSigningParameters(org.opensaml.xmlsec.SignatureSigningParameters) SAMLMetadataSignatureSigningParametersResolver(org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver) NonNull(lombok.NonNull) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) SignatureSigningConfigurationCriterion(org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion) SneakyThrows(lombok.SneakyThrows)

Aggregations

SneakyThrows (lombok.SneakyThrows)2 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)2 RoleDescriptorCriterion (org.opensaml.saml.criterion.RoleDescriptorCriterion)2 Sets (com.google.common.collect.Sets)1 PrivateKey (java.security.PrivateKey)1 ArrayList (java.util.ArrayList)1 Objects (java.util.Objects)1 Optional (java.util.Optional)1 Pattern (java.util.regex.Pattern)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 Getter (lombok.Getter)1 NonNull (lombok.NonNull)1 RequiredArgsConstructor (lombok.RequiredArgsConstructor)1 Slf4j (lombok.extern.slf4j.Slf4j)1 lombok.val (lombok.val)1 StringUtils (org.apache.commons.lang3.StringUtils)1 Pair (org.apache.commons.lang3.tuple.Pair)1 CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)1 SamlIdPResponseProperties (org.apereo.cas.configuration.model.support.saml.idp.SamlIdPResponseProperties)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial