Example 11 with KeyInfo
use of org.opensaml.xmlsec.signature.KeyInfo in project ddf by codice.
the class SamlProtocol method createIdpMetadata.
public static EntityDescriptor createIdpMetadata(String entityId, String signingCert, String encryptionCert, List<String> nameIds, String singleSignOnLocationRedirect, String singleSignOnLocationPost, String singleLogOutLocation) {
EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
entityDescriptor.setEntityID(entityId);
IDPSSODescriptor idpssoDescriptor = idpssoDescriptorBuilder.buildObject();
//signing
KeyDescriptor signingKeyDescriptor = keyDescriptorBuilder.buildObject();
signingKeyDescriptor.setUse(UsageType.SIGNING);
KeyInfo signingKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data signingX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate signingX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
signingX509Certificate.setValue(signingCert);
signingX509Data.getX509Certificates().add(signingX509Certificate);
signingKeyInfo.getX509Datas().add(signingX509Data);
signingKeyDescriptor.setKeyInfo(signingKeyInfo);
idpssoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);
//encryption
KeyDescriptor encKeyDescriptor = keyDescriptorBuilder.buildObject();
encKeyDescriptor.setUse(UsageType.ENCRYPTION);
KeyInfo encKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data encX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate encX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
encX509Certificate.setValue(encryptionCert);
encX509Data.getX509Certificates().add(encX509Certificate);
encKeyInfo.getX509Datas().add(encX509Data);
encKeyDescriptor.setKeyInfo(encKeyInfo);
idpssoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
for (String nameId : nameIds) {
NameIDFormat nameIDFormat = nameIdFormatBuilder.buildObject();
nameIDFormat.setFormat(nameId);
idpssoDescriptor.getNameIDFormats().add(nameIDFormat);
}
if (StringUtils.isNotBlank(singleSignOnLocationRedirect)) {
SingleSignOnService singleSignOnServiceRedirect = singleSignOnServiceBuilder.buildObject();
singleSignOnServiceRedirect.setBinding(REDIRECT_BINDING);
singleSignOnServiceRedirect.setLocation(singleSignOnLocationRedirect);
idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServiceRedirect);
}
if (StringUtils.isNotBlank(singleSignOnLocationPost)) {
SingleSignOnService singleSignOnServicePost = singleSignOnServiceBuilder.buildObject();
singleSignOnServicePost.setBinding(POST_BINDING);
singleSignOnServicePost.setLocation(singleSignOnLocationPost);
idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServicePost);
}
if (StringUtils.isNotBlank(singleLogOutLocation)) {
SingleLogoutService singleLogoutServiceRedir = singleLogOutServiceBuilder.buildObject();
singleLogoutServiceRedir.setBinding(REDIRECT_BINDING);
singleLogoutServiceRedir.setLocation(singleLogOutLocation);
idpssoDescriptor.getSingleLogoutServices().add(singleLogoutServiceRedir);
SingleLogoutService singleLogoutServicePost = singleLogOutServiceBuilder.buildObject();
singleLogoutServicePost.setBinding(POST_BINDING);
singleLogoutServicePost.setLocation(singleLogOutLocation);
idpssoDescriptor.getSingleLogoutServices().add(singleLogoutServicePost);
}
idpssoDescriptor.setWantAuthnRequestsSigned(true);
idpssoDescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
entityDescriptor.getRoleDescriptors().add(idpssoDescriptor);
return entityDescriptor;
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
NameIDFormat(org.opensaml.saml.saml2.metadata.NameIDFormat)
IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor)
KeyInfo(org.opensaml.xmlsec.signature.KeyInfo)
SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService)
KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)
SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService)
X509Data(org.opensaml.xmlsec.signature.X509Data)
X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)
Example 12 with KeyInfo
use of org.opensaml.xmlsec.signature.KeyInfo in project ddf by codice.
the class SamlProtocol method createSpMetadata.
public static EntityDescriptor createSpMetadata(String entityId, String signingCert, String encryptionCert, String singleLogOutLocation, String assertionConsumerServiceLocationRedirect, String assertionConsumerServiceLocationPost) {
EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
entityDescriptor.setEntityID(entityId);
SPSSODescriptor spSsoDescriptor = spSsoDescriptorBuilder.buildObject();
//signing
KeyDescriptor signingKeyDescriptor = keyDescriptorBuilder.buildObject();
signingKeyDescriptor.setUse(UsageType.SIGNING);
KeyInfo signingKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data signingX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate signingX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
signingX509Certificate.setValue(signingCert);
signingX509Data.getX509Certificates().add(signingX509Certificate);
signingKeyInfo.getX509Datas().add(signingX509Data);
signingKeyDescriptor.setKeyInfo(signingKeyInfo);
spSsoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);
//encryption
KeyDescriptor encKeyDescriptor = keyDescriptorBuilder.buildObject();
encKeyDescriptor.setUse(UsageType.ENCRYPTION);
KeyInfo encKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
X509Data encX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
X509Certificate encX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
encX509Certificate.setValue(encryptionCert);
encX509Data.getX509Certificates().add(encX509Certificate);
encKeyInfo.getX509Datas().add(encX509Data);
encKeyDescriptor.setKeyInfo(encKeyInfo);
spSsoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
if (StringUtils.isNotBlank(singleLogOutLocation)) {
SingleLogoutService singleLogoutServiceRedirect = singleLogOutServiceBuilder.buildObject();
singleLogoutServiceRedirect.setBinding(REDIRECT_BINDING);
singleLogoutServiceRedirect.setLocation(singleLogOutLocation);
spSsoDescriptor.getSingleLogoutServices().add(singleLogoutServiceRedirect);
SingleLogoutService singleLogoutServicePost = singleLogOutServiceBuilder.buildObject();
singleLogoutServicePost.setBinding(POST_BINDING);
singleLogoutServicePost.setLocation(singleLogOutLocation);
spSsoDescriptor.getSingleLogoutServices().add(singleLogoutServicePost);
}
int acsIndex = 0;
if (StringUtils.isNotBlank(assertionConsumerServiceLocationRedirect)) {
AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject();
assertionConsumerService.setBinding(REDIRECT_BINDING);
assertionConsumerService.setIndex(acsIndex++);
assertionConsumerService.setLocation(assertionConsumerServiceLocationRedirect);
spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService);
}
if (StringUtils.isNotBlank(assertionConsumerServiceLocationPost)) {
AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject();
assertionConsumerService.setBinding(POST_BINDING);
assertionConsumerService.setIndex(acsIndex++);
assertionConsumerService.setLocation(assertionConsumerServiceLocationPost);
spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService);
}
spSsoDescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
entityDescriptor.getRoleDescriptors().add(spSsoDescriptor);
return entityDescriptor;
}
Also used :
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor)
KeyInfo(org.opensaml.xmlsec.signature.KeyInfo)
SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService)
KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)
AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService)
X509Data(org.opensaml.xmlsec.signature.X509Data)
X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)
Example 13 with KeyInfo
use of org.opensaml.xmlsec.signature.KeyInfo in project ddf by codice.
the class SimpleSign method signSamlObject.
public void signSamlObject(SignableSAMLObject samlObject) throws SignatureException {
X509Certificate[] certificates = getSignatureCertificates();
String sigAlgo = getSignatureAlgorithm(certificates[0]);
PrivateKey privateKey = getSignaturePrivateKey();
// Create the signature
Signature signature = OpenSAMLUtil.buildSignature();
if (signature == null) {
throw new SignatureException("Unable to build signature.");
}
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
signature.setSignatureAlgorithm(sigAlgo);
BasicX509Credential signingCredential = new BasicX509Credential(certificates[0]);
signingCredential.setPrivateKey(privateKey);
signature.setSigningCredential(signingCredential);
X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
try {
KeyInfo keyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential);
signature.setKeyInfo(keyInfo);
} catch (org.opensaml.security.SecurityException e) {
throw new SignatureException("Error generating KeyInfo from signing credential", e);
}
if (samlObject instanceof Response) {
List<Assertion> assertions = ((Response) samlObject).getAssertions();
for (Assertion assertion : assertions) {
assertion.getSignature().setSigningCredential(signingCredential);
}
}
samlObject.setSignature(signature);
SAMLObjectContentReference contentRef = (SAMLObjectContentReference) signature.getContentReferences().get(0);
contentRef.setDigestAlgorithm(SignatureConstants.ALGO_ID_DIGEST_SHA1);
samlObject.releaseDOM();
samlObject.releaseChildrenDOM(true);
}
Also used :
PrivateKey(java.security.PrivateKey)
Assertion(org.opensaml.saml.saml2.core.Assertion)
X509Certificate(java.security.cert.X509Certificate)
Response(org.opensaml.saml.saml2.core.Response)
BasicX509Credential(org.opensaml.security.x509.BasicX509Credential)
KeyInfo(org.opensaml.xmlsec.signature.KeyInfo)
SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo)
Signature(org.opensaml.xmlsec.signature.Signature)
SAMLObjectContentReference(org.opensaml.saml.common.SAMLObjectContentReference)
X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)
Example 14 with KeyInfo
use of org.opensaml.xmlsec.signature.KeyInfo in project pac4j by pac4j.
the class KeyStoreCredentialProvider method getKeyInfo.
@Override
public KeyInfo getKeyInfo() {
final Credential serverCredential = getCredential();
final KeyInfo keyInfo = generateKeyInfoForCredential(serverCredential);
return keyInfo;
}
Also used :
X509Credential(org.opensaml.security.x509.X509Credential)
Credential(org.opensaml.security.credential.Credential)
KeyInfo(org.opensaml.xmlsec.signature.KeyInfo)
Example 15 with KeyInfo
use of org.opensaml.xmlsec.signature.KeyInfo in project verify-hub by alphagov.
the class IdpMetadataPublicKeyStoreTest method buildKeyDescriptor.
private static KeyDescriptor buildKeyDescriptor(String certificate) {
X509Certificate x509Certificate = X509CertificateBuilder.aX509Certificate().withCert(certificate).build();
X509Data build = X509DataBuilder.aX509Data().withX509Certificate(x509Certificate).build();
KeyInfo signing_one = KeyInfoBuilder.aKeyInfo().withKeyName("signing_one").withX509Data(build).build();
return KeyDescriptorBuilder.aKeyDescriptor().withKeyInfo(signing_one).build();
}
Also used :
KeyInfo(org.opensaml.xmlsec.signature.KeyInfo)
X509Data(org.opensaml.xmlsec.signature.X509Data)
X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)
Aggregations
KeyInfo (org.opensaml.xmlsec.signature.KeyInfo)24
BasicX509Credential (org.opensaml.security.x509.BasicX509Credential)12
Signature (org.opensaml.xmlsec.signature.Signature)12
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)9
SAMLKeyInfo (org.apache.wss4j.common.saml.SAMLKeyInfo)9
X509Data (org.opensaml.xmlsec.signature.X509Data)9
X509Certificate (java.security.cert.X509Certificate)8
X509KeyInfoGeneratorFactory (org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)8
X509Certificate (org.opensaml.xmlsec.signature.X509Certificate)8
WSDocInfo (org.apache.wss4j.dom.WSDocInfo)7
WSSConfig (org.apache.wss4j.dom.engine.WSSConfig)7
RequestData (org.apache.wss4j.dom.handler.RequestData)7
WSSSAMLKeyInfoProcessor (org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor)7
Credential (org.apache.wss4j.dom.validate.Credential)7
PrivateKey (java.security.PrivateKey)6
KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)5
CryptoType (org.apache.wss4j.common.crypto.CryptoType)4
SignableSAMLObject (org.opensaml.saml.common.SignableSAMLObject)4
Assertion (org.opensaml.saml.saml2.core.Assertion)4
EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)4
