Examples with KeyInfo org.opensaml.xmlsec.signature.KeyInfo used on opensource projects

Search in sources :

Example 21 with KeyInfo

use of org.opensaml.xmlsec.signature.KeyInfo in project ddf by codice.

the class SimpleSign method signSamlObject.

private void signSamlObject(SignableSAMLObject samlObject, String sigAlgo, String canonAlgo, String digestAlgo) throws SignatureException {
    X509Certificate[] certificates = getSignatureCertificates();
    PrivateKey privateKey = getSignaturePrivateKey();
    // Create the signature
    Signature signature = OpenSAMLUtil.buildSignature();
    if (signature == null) {
        throw new SignatureException("Unable to build signature.");
    }
    signature.setCanonicalizationAlgorithm(canonAlgo);
    signature.setSignatureAlgorithm(sigAlgo);
    BasicX509Credential signingCredential = new BasicX509Credential(certificates[0]);
    signingCredential.setPrivateKey(privateKey);
    signature.setSigningCredential(signingCredential);
    X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
    x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
    try {
        KeyInfo keyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential);
        signature.setKeyInfo(keyInfo);
    } catch (org.opensaml.security.SecurityException e) {
        throw new SignatureException("Error generating KeyInfo from signing credential", e);
    }
    if (samlObject instanceof Response) {
        List<Assertion> assertions = ((Response) samlObject).getAssertions();
        for (Assertion assertion : assertions) {
            assertion.getSignature().setSigningCredential(signingCredential);
        }
    }
    samlObject.setSignature(signature);
    SAMLObjectContentReference contentRef = (SAMLObjectContentReference) signature.getContentReferences().get(0);
    contentRef.setDigestAlgorithm(digestAlgo);
    samlObject.releaseDOM();
    samlObject.releaseChildrenDOM(true);
}
Also used : PrivateKey(java.security.PrivateKey) Assertion(org.opensaml.saml.saml2.core.Assertion) SignatureException(ddf.security.samlp.SignatureException) X509Certificate(java.security.cert.X509Certificate) Response(org.opensaml.saml.saml2.core.Response) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo) Signature(org.opensaml.xmlsec.signature.Signature) SAMLObjectContentReference(org.opensaml.saml.common.SAMLObjectContentReference) X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)

Example 22 with KeyInfo

use of org.opensaml.xmlsec.signature.KeyInfo in project ddf by codice.

the class SimpleSign method validateSignature.

public void validateSignature(Signature signature, Document doc) throws SignatureException {
    RequestData requestData = new RequestData();
    requestData.setWsDocInfo(new WSDocInfo(doc));
    requestData.setSigVerCrypto(crypto.getSignatureCrypto());
    WSSConfig wssConfig = WSSConfig.getNewInstance();
    requestData.setWssConfig(wssConfig);
    SAMLKeyInfo samlKeyInfo = null;
    KeyInfo keyInfo = signature.getKeyInfo();
    if (keyInfo != null) {
        try {
            samlKeyInfo = SAMLUtil.getCredentialFromKeyInfo(keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData), crypto.getSignatureCrypto());
        } catch (WSSecurityException e) {
            throw new SignatureException("Unable to get KeyInfo.", e);
        }
    }
    if (samlKeyInfo == null) {
        throw new SignatureException("No KeyInfo supplied in the signature");
    }
    validateSignatureAndSamlKey(signature, samlKeyInfo);
    Credential trustCredential = new Credential();
    trustCredential.setPublicKey(samlKeyInfo.getPublicKey());
    trustCredential.setCertificates(samlKeyInfo.getCerts());
    Validator signatureValidator = new SignatureTrustValidator();
    try {
        signatureValidator.validate(trustCredential, requestData);
    } catch (WSSecurityException e) {
        throw new SignatureException("Error validating signature", e);
    }
}
Also used : WSDocInfo(org.apache.wss4j.dom.WSDocInfo) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) Credential(org.apache.wss4j.dom.validate.Credential) SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo) WSSConfig(org.apache.wss4j.dom.engine.WSSConfig) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo) RequestData(org.apache.wss4j.dom.handler.RequestData) SignatureTrustValidator(org.apache.wss4j.dom.validate.SignatureTrustValidator) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SignatureException(ddf.security.samlp.SignatureException) WSSSAMLKeyInfoProcessor(org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor) SignatureValidator(org.opensaml.xmlsec.signature.support.SignatureValidator) SignatureTrustValidator(org.apache.wss4j.dom.validate.SignatureTrustValidator) Validator(org.apache.wss4j.dom.validate.Validator) SAMLSignatureProfileValidator(org.opensaml.saml.security.impl.SAMLSignatureProfileValidator)

Example 23 with KeyInfo

use of org.opensaml.xmlsec.signature.KeyInfo in project ddf by codice.

the class SamlAssertionValidatorImplTest method createAssertion.

private Assertion createAssertion(boolean sign, boolean validSignature, String issuerString, DateTime notOnOrAfter) throws Exception {
    Assertion assertion = new AssertionBuilder().buildObject();
    assertion.setID(UUID.randomUUID().toString());
    assertion.setIssueInstant(new DateTime());
    Issuer issuer = new IssuerBuilder().buildObject();
    issuer.setValue(issuerString);
    assertion.setIssuer(issuer);
    NameID nameID = new NameIDBuilder().buildObject();
    nameID.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
    nameID.setNameQualifier("http://cxf.apache.org/sts");
    nameID.setValue("admin");
    SubjectConfirmation subjectConfirmation = new SubjectConfirmationBuilder().buildObject();
    subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
    Subject subject = new SubjectBuilder().buildObject();
    subject.setNameID(nameID);
    subject.getSubjectConfirmations().add(subjectConfirmation);
    assertion.setSubject(subject);
    Conditions conditions = new ConditionsBuilder().buildObject();
    conditions.setNotBefore(new DateTime().minusDays(3));
    conditions.setNotOnOrAfter(notOnOrAfter);
    assertion.setConditions(conditions);
    AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
    authnStatement.setAuthnInstant(new DateTime());
    AuthnContext authnContext = new AuthnContextBuilder().buildObject();
    AuthnContextClassRef authnContextClassRef = new AuthnContextClassRefBuilder().buildObject();
    authnContextClassRef.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
    authnContext.setAuthnContextClassRef(authnContextClassRef);
    authnStatement.setAuthnContext(authnContext);
    assertion.getAuthnStatements().add(authnStatement);
    AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
    Attribute attribute = new AttributeBuilder().buildObject();
    AttributeValueType attributeValue = new AttributeValueTypeImplBuilder().buildObject();
    attributeValue.setValue("admin");
    attribute.setName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
    attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
    attribute.getAttributeValues().add(attributeValue);
    attributeStatement.getAttributes().add(attribute);
    assertion.getAttributeStatements().add(attributeStatement);
    if (sign) {
        Signature signature = OpenSAMLUtil.buildSignature();
        signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
        signature.setSignatureAlgorithm(WSS4JConstants.RSA);
        BasicX509Credential signingCredential;
        if (validSignature) {
            signingCredential = new BasicX509Credential(certificate);
            signingCredential.setPrivateKey(privateKey);
            signature.setSigningCredential(signingCredential);
        } else {
            try (InputStream inputStream = getClass().getResourceAsStream("/localhost.crt")) {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                X509Certificate cert = (X509Certificate) certificateFactory.generateCertificate(inputStream);
                signingCredential = new BasicX509Credential(cert);
                signature.setSigningCredential(signingCredential);
            }
        }
        X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
        KeyInfo keyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential);
        signature.setKeyInfo(keyInfo);
        assertion.setSignature(signature);
    }
    return assertion;
}
Also used : Issuer(org.opensaml.saml.saml2.core.Issuer) Attribute(org.opensaml.saml.saml2.core.Attribute) AuthnStatementBuilder(org.opensaml.saml.saml2.core.impl.AuthnStatementBuilder) AuthnContextClassRefBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder) CertificateFactory(java.security.cert.CertificateFactory) DateTime(org.joda.time.DateTime) Conditions(org.opensaml.saml.saml2.core.Conditions) AuthnContext(org.opensaml.saml.saml2.core.AuthnContext) NameIDBuilder(org.opensaml.saml.saml2.core.impl.NameIDBuilder) SubjectConfirmation(org.opensaml.saml.saml2.core.SubjectConfirmation) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) SubjectBuilder(org.opensaml.saml.saml2.core.impl.SubjectBuilder) SubjectConfirmationBuilder(org.opensaml.saml.saml2.core.impl.SubjectConfirmationBuilder) X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory) AttributeStatementBuilder(org.opensaml.saml.saml2.core.impl.AttributeStatementBuilder) AttributeBuilder(org.opensaml.saml.saml2.core.impl.AttributeBuilder) NameID(org.opensaml.saml.saml2.core.NameID) AttributeValueType(org.opensaml.xacml.ctx.AttributeValueType) InputStream(java.io.InputStream) AuthnContextBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextBuilder) Assertion(org.opensaml.saml.saml2.core.Assertion) AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef) AssertionBuilder(org.opensaml.saml.saml2.core.impl.AssertionBuilder) Subject(org.opensaml.saml.saml2.core.Subject) X509Certificate(java.security.cert.X509Certificate) ConditionsBuilder(org.opensaml.saml.saml2.core.impl.ConditionsBuilder) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Signature(org.opensaml.xmlsec.signature.Signature) AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement) IssuerBuilder(org.opensaml.saml.saml2.core.impl.IssuerBuilder) AttributeValueTypeImplBuilder(org.opensaml.xacml.ctx.impl.AttributeValueTypeImplBuilder)

Example 24 with KeyInfo

use of org.opensaml.xmlsec.signature.KeyInfo in project spring-security by spring-projects.

the class OpenSamlMetadataResolver method buildKeyDescriptor.

private KeyDescriptor buildKeyDescriptor(UsageType usageType, java.security.cert.X509Certificate certificate) {
    KeyDescriptor keyDescriptor = build(KeyDescriptor.DEFAULT_ELEMENT_NAME);
    KeyInfo keyInfo = build(KeyInfo.DEFAULT_ELEMENT_NAME);
    X509Certificate x509Certificate = build(X509Certificate.DEFAULT_ELEMENT_NAME);
    X509Data x509Data = build(X509Data.DEFAULT_ELEMENT_NAME);
    try {
        x509Certificate.setValue(new String(Base64.getEncoder().encode(certificate.getEncoded())));
    } catch (CertificateEncodingException ex) {
        throw new Saml2Exception("Cannot encode certificate " + certificate.toString());
    }
    x509Data.getX509Certificates().add(x509Certificate);
    keyInfo.getX509Datas().add(x509Data);
    keyDescriptor.setUse(usageType);
    keyDescriptor.setKeyInfo(keyInfo);
    return keyDescriptor;
}
Also used : KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) CertificateEncodingException(java.security.cert.CertificateEncodingException) Saml2Exception(org.springframework.security.saml2.Saml2Exception) X509Data(org.opensaml.xmlsec.signature.X509Data) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)

Aggregations

KeyInfo (org.opensaml.xmlsec.signature.KeyInfo)24 BasicX509Credential (org.opensaml.security.x509.BasicX509Credential)12 Signature (org.opensaml.xmlsec.signature.Signature)12 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)9 SAMLKeyInfo (org.apache.wss4j.common.saml.SAMLKeyInfo)9 X509Data (org.opensaml.xmlsec.signature.X509Data)9 X509Certificate (java.security.cert.X509Certificate)8 X509KeyInfoGeneratorFactory (org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)8 X509Certificate (org.opensaml.xmlsec.signature.X509Certificate)8 WSDocInfo (org.apache.wss4j.dom.WSDocInfo)7 WSSConfig (org.apache.wss4j.dom.engine.WSSConfig)7 RequestData (org.apache.wss4j.dom.handler.RequestData)7 WSSSAMLKeyInfoProcessor (org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor)7 Credential (org.apache.wss4j.dom.validate.Credential)7 PrivateKey (java.security.PrivateKey)6 KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)5 CryptoType (org.apache.wss4j.common.crypto.CryptoType)4 SignableSAMLObject (org.opensaml.saml.common.SignableSAMLObject)4 Assertion (org.opensaml.saml.saml2.core.Assertion)4 EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial