Examples with X509Certificate org.opensaml.xmlsec.signature.X509Certificate used on opensource projects

Search in sources :

Example 1 with X509Certificate

use of org.opensaml.xmlsec.signature.X509Certificate in project ddf by codice.

the class SamlProtocol method createIdpMetadata.

@SuppressWarnings("squid:S00107")
public static EntityDescriptor createIdpMetadata(String entityId, String signingCert, String encryptionCert, List<String> nameIds, String singleSignOnLocationRedirect, String singleSignOnLocationPost, String singleSignOnLocationSoap, String singleLogOutLocation) {
    EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
    entityDescriptor.setEntityID(entityId);
    IDPSSODescriptor idpssoDescriptor = idpssoDescriptorBuilder.buildObject();
    // signing
    KeyDescriptor signingKeyDescriptor = keyDescriptorBuilder.buildObject();
    signingKeyDescriptor.setUse(UsageType.SIGNING);
    KeyInfo signingKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    X509Data signingX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
    X509Certificate signingX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
    signingX509Certificate.setValue(signingCert);
    signingX509Data.getX509Certificates().add(signingX509Certificate);
    signingKeyInfo.getX509Datas().add(signingX509Data);
    signingKeyDescriptor.setKeyInfo(signingKeyInfo);
    idpssoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);
    // encryption
    KeyDescriptor encKeyDescriptor = keyDescriptorBuilder.buildObject();
    encKeyDescriptor.setUse(UsageType.ENCRYPTION);
    KeyInfo encKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    X509Data encX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
    X509Certificate encX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
    encX509Certificate.setValue(encryptionCert);
    encX509Data.getX509Certificates().add(encX509Certificate);
    encKeyInfo.getX509Datas().add(encX509Data);
    encKeyDescriptor.setKeyInfo(encKeyInfo);
    idpssoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
    for (String nameId : nameIds) {
        NameIDFormat nameIDFormat = nameIdFormatBuilder.buildObject();
        nameIDFormat.setFormat(nameId);
        idpssoDescriptor.getNameIDFormats().add(nameIDFormat);
    }
    if (StringUtils.isNotBlank(singleSignOnLocationRedirect)) {
        SingleSignOnService singleSignOnServiceRedirect = singleSignOnServiceBuilder.buildObject();
        singleSignOnServiceRedirect.setBinding(REDIRECT_BINDING);
        singleSignOnServiceRedirect.setLocation(singleSignOnLocationRedirect);
        idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServiceRedirect);
    }
    if (StringUtils.isNotBlank(singleSignOnLocationPost)) {
        SingleSignOnService singleSignOnServicePost = singleSignOnServiceBuilder.buildObject();
        singleSignOnServicePost.setBinding(POST_BINDING);
        singleSignOnServicePost.setLocation(singleSignOnLocationPost);
        idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServicePost);
    }
    addSingleLogoutLocation(singleLogOutLocation, idpssoDescriptor.getSingleLogoutServices());
    if (StringUtils.isNotBlank(singleSignOnLocationSoap)) {
        SingleSignOnService singleSignOnServiceSoap = singleSignOnServiceBuilder.buildObject();
        singleSignOnServiceSoap.setBinding(SOAP_BINDING);
        singleSignOnServiceSoap.setLocation(singleSignOnLocationSoap);
        idpssoDescriptor.getSingleSignOnServices().add(singleSignOnServiceSoap);
    }
    idpssoDescriptor.setWantAuthnRequestsSigned(true);
    idpssoDescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
    entityDescriptor.getRoleDescriptors().add(idpssoDescriptor);
    entityDescriptor.setCacheDuration(getCacheDuration().toMillis());
    return entityDescriptor;
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) NameIDFormat(org.opensaml.saml.saml2.metadata.NameIDFormat) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService) X509Data(org.opensaml.xmlsec.signature.X509Data) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)

Example 2 with X509Certificate

use of org.opensaml.xmlsec.signature.X509Certificate in project ddf by codice.

the class SamlProtocol method createSpMetadata.

public static EntityDescriptor createSpMetadata(String entityId, String signingCert, String encryptionCert, List<String> nameIds, String singleLogOutLocation, String assertionConsumerServiceLocationRedirect, String assertionConsumerServiceLocationPost, String assertionConsumerServiceLocationPaos) {
    EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
    entityDescriptor.setEntityID(entityId);
    SPSSODescriptor spSsoDescriptor = spSsoDescriptorBuilder.buildObject();
    // signing
    KeyDescriptor signingKeyDescriptor = keyDescriptorBuilder.buildObject();
    signingKeyDescriptor.setUse(UsageType.SIGNING);
    KeyInfo signingKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    X509Data signingX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
    X509Certificate signingX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
    signingX509Certificate.setValue(signingCert);
    signingX509Data.getX509Certificates().add(signingX509Certificate);
    signingKeyInfo.getX509Datas().add(signingX509Data);
    signingKeyDescriptor.setKeyInfo(signingKeyInfo);
    spSsoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);
    // encryption
    KeyDescriptor encKeyDescriptor = keyDescriptorBuilder.buildObject();
    encKeyDescriptor.setUse(UsageType.ENCRYPTION);
    KeyInfo encKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    X509Data encX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME);
    X509Certificate encX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
    encX509Certificate.setValue(encryptionCert);
    encX509Data.getX509Certificates().add(encX509Certificate);
    encKeyInfo.getX509Datas().add(encX509Data);
    encKeyDescriptor.setKeyInfo(encKeyInfo);
    spSsoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
    for (String nameId : nameIds) {
        NameIDFormat nameIDFormat = nameIdFormatBuilder.buildObject();
        nameIDFormat.setFormat(nameId);
        spSsoDescriptor.getNameIDFormats().add(nameIDFormat);
    }
    addSingleLogoutLocation(singleLogOutLocation, spSsoDescriptor.getSingleLogoutServices());
    int acsIndex = 0;
    if (StringUtils.isNotBlank(assertionConsumerServiceLocationRedirect)) {
        AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject();
        assertionConsumerService.setBinding(REDIRECT_BINDING);
        assertionConsumerService.setIndex(acsIndex++);
        assertionConsumerService.setLocation(assertionConsumerServiceLocationRedirect);
        spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService);
    }
    if (StringUtils.isNotBlank(assertionConsumerServiceLocationPost)) {
        AssertionConsumerService assertionConsumerService = assertionConsumerServiceBuilder.buildObject();
        assertionConsumerService.setBinding(POST_BINDING);
        assertionConsumerService.setIndex(acsIndex++);
        assertionConsumerService.setLocation(assertionConsumerServiceLocationPost);
        spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerService);
    }
    if (StringUtils.isNotBlank(assertionConsumerServiceLocationPaos)) {
        AssertionConsumerService assertionConsumerServicePaos = assertionConsumerServiceBuilder.buildObject();
        assertionConsumerServicePaos.setBinding(PAOS_BINDING);
        assertionConsumerServicePaos.setIndex(acsIndex);
        assertionConsumerServicePaos.setLocation(assertionConsumerServiceLocationPaos);
        spSsoDescriptor.getAssertionConsumerServices().add(assertionConsumerServicePaos);
    }
    spSsoDescriptor.addSupportedProtocol(SUPPORTED_PROTOCOL);
    entityDescriptor.getRoleDescriptors().add(spSsoDescriptor);
    entityDescriptor.setCacheDuration(getCacheDuration().toMillis());
    return entityDescriptor;
}
Also used : EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) SPSSODescriptor(org.opensaml.saml.saml2.metadata.SPSSODescriptor) NameIDFormat(org.opensaml.saml.saml2.metadata.NameIDFormat) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService) X509Data(org.opensaml.xmlsec.signature.X509Data) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)

Example 3 with X509Certificate

use of org.opensaml.xmlsec.signature.X509Certificate in project verify-hub by alphagov.

the class HubIdentityProviderMetadataDtoToEntityDescriptorTransformerTest method assertCertificateCorrect.

private void assertCertificateCorrect(KeyDescriptor keyDescriptor, String issuerId, Certificate certificateValue) {
    final KeyInfo keyInfo = keyDescriptor.getKeyInfo();
    final List<KeyName> keyNames = keyInfo.getKeyNames();
    Assertions.assertThat(keyNames.size()).isEqualTo(1);
    Assertions.assertThat(keyNames.get(0).getValue()).isEqualTo(issuerId);
    Assertions.assertThat(keyInfo.getX509Datas().size()).isEqualTo(1);
    final List<X509Data> x509Datas = keyInfo.getX509Datas();
    final List<X509Certificate> x509Certificates = x509Datas.get(0).getX509Certificates();
    Assertions.assertThat(x509Certificates.size()).isEqualTo(1);
    Assertions.assertThat(x509Certificates.get(0).getValue()).isEqualTo(certificateValue.getCertificate());
}
Also used : KeyName(org.opensaml.xmlsec.signature.KeyName) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) X509Data(org.opensaml.xmlsec.signature.X509Data) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)

Example 4 with X509Certificate

use of org.opensaml.xmlsec.signature.X509Certificate in project verify-hub by alphagov.

the class IdpMetadataPublicKeyStore method getPublicKey.

private PublicKey getPublicKey(X509Certificate x509Certificate) {
    try {
        byte[] derValue = Base64.decode(x509Certificate.getValue());
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        Certificate certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(derValue));
        return certificate.getPublicKey();
    } catch (Base64DecodingException | CertificateException e) {
        throw propagate(e);
    }
}
Also used : Base64DecodingException(org.apache.xml.security.exceptions.Base64DecodingException) ByteArrayInputStream(java.io.ByteArrayInputStream) CertificateException(java.security.cert.CertificateException) CertificateFactory(java.security.cert.CertificateFactory) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate) Certificate(java.security.cert.Certificate)

Example 5 with X509Certificate

use of org.opensaml.xmlsec.signature.X509Certificate in project verify-hub by alphagov.

the class SamlEntityDescriptorValidator method validateRoleDescriptor.

private void validateRoleDescriptor(EntityDescriptor descriptor) {
    if (descriptor.getRoleDescriptors().isEmpty()) {
        SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.missingRoleDescriptor();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
    }
    RoleDescriptor roleDescriptor = descriptor.getRoleDescriptors().get(0);
    if (roleDescriptor.getKeyDescriptors().isEmpty()) {
        SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.missingKeyDescriptor();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
    }
    KeyInfo keyInfo = roleDescriptor.getKeyDescriptors().get(0).getKeyInfo();
    if (keyInfo == null) {
        SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.missingKeyInfo();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
    }
    if (keyInfo.getX509Datas().isEmpty()) {
        SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.missingX509Data();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
    }
    X509Data x509Data = keyInfo.getX509Datas().get(0);
    if (x509Data.getX509Certificates().isEmpty()) {
        SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.missingX509Certificate();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
    }
    X509Certificate x509Certificate = x509Data.getX509Certificates().get(0);
    if (StringUtils.isEmpty(x509Certificate.getValue())) {
        SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.emptyX509Certificiate();
        throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
    }
}
Also used : SamlValidationSpecificationFailure(uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) SamlTransformationErrorException(uk.gov.ida.saml.core.validation.SamlTransformationErrorException) RoleDescriptor(org.opensaml.saml.saml2.metadata.RoleDescriptor) X509Data(org.opensaml.xmlsec.signature.X509Data) X509Certificate(org.opensaml.xmlsec.signature.X509Certificate)

Aggregations

X509Certificate (org.opensaml.xmlsec.signature.X509Certificate)10 KeyInfo (org.opensaml.xmlsec.signature.KeyInfo)8 X509Data (org.opensaml.xmlsec.signature.X509Data)8 KeyDescriptor (org.opensaml.saml.saml2.metadata.KeyDescriptor)6 EntityDescriptor (org.opensaml.saml.saml2.metadata.EntityDescriptor)4 NameIDFormat (org.opensaml.saml.saml2.metadata.NameIDFormat)3 AssertionConsumerService (org.opensaml.saml.saml2.metadata.AssertionConsumerService)2 IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)2 SPSSODescriptor (org.opensaml.saml.saml2.metadata.SPSSODescriptor)2 SingleLogoutService (org.opensaml.saml.saml2.metadata.SingleLogoutService)2 SingleSignOnService (org.opensaml.saml.saml2.metadata.SingleSignOnService)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 Certificate (java.security.cert.Certificate)1 CertificateEncodingException (java.security.cert.CertificateEncodingException)1 CertificateException (java.security.cert.CertificateException)1 CertificateFactory (java.security.cert.CertificateFactory)1 Base64DecodingException (org.apache.xml.security.exceptions.Base64DecodingException)1 RoleDescriptor (org.opensaml.saml.saml2.metadata.RoleDescriptor)1 KeyName (org.opensaml.xmlsec.signature.KeyName)1 Saml2Exception (org.springframework.security.saml2.Saml2Exception)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial