Examples with X509KeyInfoGeneratorFactory org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory used on opensource projects

Search in sources :

Example 6 with X509KeyInfoGeneratorFactory

use of org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory in project syncope by apache.

the class SAML2ReaderWriter method init.

public void init() {
    X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
    keyInfoGeneratorFactory.setEmitEntityCertificate(true);
    keyInfoGenerator = keyInfoGeneratorFactory.newInstance();
    // Try to load a signature algorithm
    if (loader.getSignatureAlgorithm() != null) {
        SignatureAlgorithm loadedSignatureAlgorithm = SignatureAlgorithm.valueOf(loader.getSignatureAlgorithm());
        if (loadedSignatureAlgorithm != null) {
            sigAlgo = loadedSignatureAlgorithm.getAlgorithm();
            jceSigAlgo = JCEMapper.translateURItoJCEID(sigAlgo);
        }
        if (jceSigAlgo == null) {
            LOG.warn("Signature algorithm {} is not valid. Using default algorithm instead.", loader.getSignatureAlgorithm());
            sigAlgo = null;
        }
    }
    if (sigAlgo == null) {
        sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
        String pubKeyAlgo = loader.getCredential().getPublicKey().getAlgorithm();
        if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
            sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA_SHA1;
        } else if (pubKeyAlgo.equalsIgnoreCase("EC")) {
            sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1;
        }
        jceSigAlgo = JCEMapper.translateURItoJCEID(sigAlgo);
    }
    callbackHandler = new SAMLSPCallbackHandler(loader.getKeyPass());
}
Also used : SignatureAlgorithm(org.apache.syncope.common.lib.types.SignatureAlgorithm) X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)

Example 7 with X509KeyInfoGeneratorFactory

use of org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory in project spring-security by spring-projects.

the class OpenSamlSigningUtils method buildSignatureKeyInfoGeneratorManager.

private static NamedKeyInfoGeneratorManager buildSignatureKeyInfoGeneratorManager() {
    final NamedKeyInfoGeneratorManager namedManager = new NamedKeyInfoGeneratorManager();
    namedManager.setUseDefaultManager(true);
    final KeyInfoGeneratorManager defaultManager = namedManager.getDefaultManager();
    // Generator for X509Credentials
    final X509KeyInfoGeneratorFactory x509Factory = new X509KeyInfoGeneratorFactory();
    x509Factory.setEmitEntityCertificate(true);
    x509Factory.setEmitEntityCertificateChain(true);
    defaultManager.registerFactory(x509Factory);
    return namedManager;
}
Also used : NamedKeyInfoGeneratorManager(org.opensaml.xmlsec.keyinfo.NamedKeyInfoGeneratorManager) KeyInfoGeneratorManager(org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager) NamedKeyInfoGeneratorManager(org.opensaml.xmlsec.keyinfo.NamedKeyInfoGeneratorManager) X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)

Example 8 with X509KeyInfoGeneratorFactory

use of org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory in project spring-security by spring-projects.

the class OpenSamlSigningUtils method buildSignatureKeyInfoGeneratorManager.

private static NamedKeyInfoGeneratorManager buildSignatureKeyInfoGeneratorManager() {
    final NamedKeyInfoGeneratorManager namedManager = new NamedKeyInfoGeneratorManager();
    namedManager.setUseDefaultManager(true);
    final KeyInfoGeneratorManager defaultManager = namedManager.getDefaultManager();
    // Generator for X509Credentials
    final X509KeyInfoGeneratorFactory x509Factory = new X509KeyInfoGeneratorFactory();
    x509Factory.setEmitEntityCertificate(true);
    x509Factory.setEmitEntityCertificateChain(true);
    defaultManager.registerFactory(x509Factory);
    return namedManager;
}
Also used : NamedKeyInfoGeneratorManager(org.opensaml.xmlsec.keyinfo.NamedKeyInfoGeneratorManager) KeyInfoGeneratorManager(org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager) NamedKeyInfoGeneratorManager(org.opensaml.xmlsec.keyinfo.NamedKeyInfoGeneratorManager) X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)

Example 9 with X509KeyInfoGeneratorFactory

use of org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory in project spring-security by spring-projects.

the class OpenSamlSigningUtils method buildSignatureKeyInfoGeneratorManager.

private static NamedKeyInfoGeneratorManager buildSignatureKeyInfoGeneratorManager() {
    final NamedKeyInfoGeneratorManager namedManager = new NamedKeyInfoGeneratorManager();
    namedManager.setUseDefaultManager(true);
    final KeyInfoGeneratorManager defaultManager = namedManager.getDefaultManager();
    // Generator for X509Credentials
    final X509KeyInfoGeneratorFactory x509Factory = new X509KeyInfoGeneratorFactory();
    x509Factory.setEmitEntityCertificate(true);
    x509Factory.setEmitEntityCertificateChain(true);
    defaultManager.registerFactory(x509Factory);
    return namedManager;
}
Also used : NamedKeyInfoGeneratorManager(org.opensaml.xmlsec.keyinfo.NamedKeyInfoGeneratorManager) KeyInfoGeneratorManager(org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager) NamedKeyInfoGeneratorManager(org.opensaml.xmlsec.keyinfo.NamedKeyInfoGeneratorManager) X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)

Example 10 with X509KeyInfoGeneratorFactory

use of org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory in project cxf by apache.

the class CombinedValidatorTest method signResponse.

private void signResponse(Response response, String issuerKeyName, String issuerKeyPassword, Crypto issuerCrypto, boolean useKeyInfo) throws Exception {
    // 
    // Create the signature
    // 
    Signature signature = OpenSAMLUtil.buildSignature();
    signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
    // prepare to sign the SAML token
    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
    cryptoType.setAlias(issuerKeyName);
    X509Certificate[] issuerCerts = issuerCrypto.getX509Certificates(cryptoType);
    if (issuerCerts == null) {
        throw new Exception("No issuer certs were found to sign the SAML Assertion using issuer name: " + issuerKeyName);
    }
    String sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
    String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
    if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
        sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
    }
    PrivateKey privateKey = issuerCrypto.getPrivateKey(issuerKeyName, issuerKeyPassword);
    signature.setSignatureAlgorithm(sigAlgo);
    BasicX509Credential signingCredential = new BasicX509Credential(issuerCerts[0], privateKey);
    signature.setSigningCredential(signingCredential);
    if (useKeyInfo) {
        X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory();
        kiFactory.setEmitEntityCertificate(true);
        try {
            KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential);
            signature.setKeyInfo(keyInfo);
        } catch (org.opensaml.security.SecurityException ex) {
            throw new Exception("Error generating KeyInfo from signing credential", ex);
        }
    }
    // add the signature to the assertion
    SignableSAMLObject signableObject = response;
    signableObject.setSignature(signature);
    signableObject.releaseDOM();
    signableObject.releaseChildrenDOM(true);
}
Also used : PrivateKey(java.security.PrivateKey) CryptoType(org.apache.wss4j.common.crypto.CryptoType) X509Certificate(java.security.cert.X509Certificate) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SignableSAMLObject(org.opensaml.saml.common.SignableSAMLObject) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) Signature(org.opensaml.xmlsec.signature.Signature) X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)

Aggregations

X509KeyInfoGeneratorFactory (org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)13 BasicX509Credential (org.opensaml.security.x509.BasicX509Credential)8 KeyInfo (org.opensaml.xmlsec.signature.KeyInfo)8 Signature (org.opensaml.xmlsec.signature.Signature)8 X509Certificate (java.security.cert.X509Certificate)7 PrivateKey (java.security.PrivateKey)6 CryptoType (org.apache.wss4j.common.crypto.CryptoType)4 SignableSAMLObject (org.opensaml.saml.common.SignableSAMLObject)4 Assertion (org.opensaml.saml.saml2.core.Assertion)4 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)3 KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)3 NamedKeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.NamedKeyInfoGeneratorManager)3 SAMLKeyInfo (org.apache.wss4j.common.saml.SAMLKeyInfo)2 DateTime (org.joda.time.DateTime)2 SAMLObjectContentReference (org.opensaml.saml.common.SAMLObjectContentReference)2 Attribute (org.opensaml.saml.saml2.core.Attribute)2 AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)2 AuthnContext (org.opensaml.saml.saml2.core.AuthnContext)2 AuthnContextClassRef (org.opensaml.saml.saml2.core.AuthnContextClassRef)2 AuthnStatement (org.opensaml.saml.saml2.core.AuthnStatement)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial