Examples with Saml2X509Credential org.springframework.security.saml2.core.Saml2X509Credential used on opensource projects

Search in sources :

Example 21 with Saml2X509Credential

use of org.springframework.security.saml2.core.Saml2X509Credential in project spring-security by spring-projects.

the class RelyingPartyRegistration method toDeprecated.

private static org.springframework.security.saml2.credentials.Saml2X509Credential toDeprecated(Saml2X509Credential credential) {
    PrivateKey privateKey = credential.getPrivateKey();
    X509Certificate certificate = credential.getCertificate();
    Set<org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType> credentialTypes = new HashSet<>();
    if (credential.isSigningCredential()) {
        credentialTypes.add(org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.SIGNING);
    }
    if (credential.isVerificationCredential()) {
        credentialTypes.add(org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.VERIFICATION);
    }
    if (credential.isEncryptionCredential()) {
        credentialTypes.add(org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.ENCRYPTION);
    }
    if (credential.isDecryptionCredential()) {
        credentialTypes.add(org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType.DECRYPTION);
    }
    return new org.springframework.security.saml2.credentials.Saml2X509Credential(privateKey, certificate, credentialTypes);
}
Also used : PrivateKey(java.security.PrivateKey) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) X509Certificate(java.security.cert.X509Certificate) HashSet(java.util.HashSet)

Example 22 with Saml2X509Credential

use of org.springframework.security.saml2.core.Saml2X509Credential in project spring-security by spring-projects.

the class OpenSamlVerificationUtils method trustEngine.

static SignatureTrustEngine trustEngine(RelyingPartyRegistration registration) {
    Set<Credential> credentials = new HashSet<>();
    Collection<Saml2X509Credential> keys = registration.getAssertingPartyDetails().getVerificationX509Credentials();
    for (Saml2X509Credential key : keys) {
        BasicX509Credential cred = new BasicX509Credential(key.getCertificate());
        cred.setUsageType(UsageType.SIGNING);
        cred.setEntityId(registration.getAssertingPartyDetails().getEntityId());
        credentials.add(cred);
    }
    CredentialResolver credentialsResolver = new CollectionCredentialResolver(credentials);
    return new ExplicitKeySignatureTrustEngine(credentialsResolver, DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver());
}
Also used : Credential(org.opensaml.security.credential.Credential) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) ExplicitKeySignatureTrustEngine(org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) CollectionCredentialResolver(org.opensaml.security.credential.impl.CollectionCredentialResolver) CredentialResolver(org.opensaml.security.credential.CredentialResolver) CollectionCredentialResolver(org.opensaml.security.credential.impl.CollectionCredentialResolver) HashSet(java.util.HashSet)

Example 23 with Saml2X509Credential

use of org.springframework.security.saml2.core.Saml2X509Credential in project spring-security by spring-projects.

the class TestRelyingPartyRegistrations method relyingPartyRegistration.

public static RelyingPartyRegistration.Builder relyingPartyRegistration() {
    String registrationId = "simplesamlphp";
    String rpEntityId = "{baseUrl}/saml2/service-provider-metadata/{registrationId}";
    Saml2X509Credential signingCredential = TestSaml2X509Credentials.relyingPartySigningCredential();
    String assertionConsumerServiceLocation = "{baseUrl}" + Saml2WebSsoAuthenticationFilter.DEFAULT_FILTER_PROCESSES_URI;
    String apEntityId = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/metadata.php";
    Saml2X509Credential verificationCertificate = TestSaml2X509Credentials.relyingPartyVerifyingCredential();
    String singleSignOnServiceLocation = "https://simplesaml-for-spring-saml.apps.pcfone.io/saml2/idp/SSOService.php";
    String singleLogoutServiceLocation = "{baseUrl}/logout/saml2/slo";
    return RelyingPartyRegistration.withRegistrationId(registrationId).entityId(rpEntityId).assertionConsumerServiceLocation(assertionConsumerServiceLocation).singleLogoutServiceLocation(singleLogoutServiceLocation).credentials((c) -> c.add(signingCredential)).providerDetails((c) -> c.entityId(apEntityId).webSsoUrl(singleSignOnServiceLocation)).credentials((c) -> c.add(verificationCertificate));
}
Also used : Saml2WebSsoAuthenticationFilter(org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter) TestSaml2X509Credentials(org.springframework.security.saml2.credentials.TestSaml2X509Credentials) Saml2X509Credential(org.springframework.security.saml2.credentials.Saml2X509Credential) Saml2X509Credential(org.springframework.security.saml2.credentials.Saml2X509Credential)

Example 24 with Saml2X509Credential

use of org.springframework.security.saml2.core.Saml2X509Credential in project spring-security by spring-projects.

the class TestOpenSamlObjects method encrypted.

static EncryptedAssertion encrypted(Assertion assertion, Saml2X509Credential credential) {
    X509Certificate certificate = credential.getCertificate();
    Encrypter encrypter = getEncrypter(certificate);
    try {
        return encrypter.encrypt(assertion);
    } catch (EncryptionException ex) {
        throw new Saml2Exception("Unable to encrypt assertion.", ex);
    }
}
Also used : Encrypter(org.opensaml.saml.saml2.encryption.Encrypter) EncryptionException(org.opensaml.xmlsec.encryption.support.EncryptionException) Saml2Exception(org.springframework.security.saml2.Saml2Exception) X509Certificate(java.security.cert.X509Certificate)

Example 25 with Saml2X509Credential

use of org.springframework.security.saml2.core.Saml2X509Credential in project spring-security by spring-projects.

the class TestOpenSamlObjects method assertingPartyLogoutRequestNameIdInEncryptedId.

public static LogoutRequest assertingPartyLogoutRequestNameIdInEncryptedId(RelyingPartyRegistration registration) {
    LogoutRequestBuilder logoutRequestBuilder = new LogoutRequestBuilder();
    LogoutRequest logoutRequest = logoutRequestBuilder.buildObject();
    logoutRequest.setID("id");
    NameIDBuilder nameIdBuilder = new NameIDBuilder();
    NameID nameId = nameIdBuilder.buildObject();
    nameId.setValue("user");
    logoutRequest.setNameID(null);
    Saml2X509Credential credential = registration.getAssertingPartyDetails().getEncryptionX509Credentials().iterator().next();
    EncryptedID encrypted = encrypted(nameId, credential);
    logoutRequest.setEncryptedID(encrypted);
    IssuerBuilder issuerBuilder = new IssuerBuilder();
    Issuer issuer = issuerBuilder.buildObject();
    issuer.setValue(registration.getAssertingPartyDetails().getEntityId());
    logoutRequest.setIssuer(issuer);
    logoutRequest.setDestination(registration.getSingleLogoutServiceLocation());
    return logoutRequest;
}
Also used : NameIDBuilder(org.opensaml.saml.saml2.core.impl.NameIDBuilder) LogoutRequestBuilder(org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder) NameID(org.opensaml.saml.saml2.core.NameID) Issuer(org.opensaml.saml.saml2.core.Issuer) Saml2X509Credential(org.springframework.security.saml2.core.Saml2X509Credential) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) IssuerBuilder(org.opensaml.saml.saml2.core.impl.IssuerBuilder) EncryptedID(org.opensaml.saml.saml2.core.EncryptedID)

Aggregations

Saml2X509Credential (org.springframework.security.saml2.core.Saml2X509Credential)24 X509Certificate (java.security.cert.X509Certificate)17 Saml2Exception (org.springframework.security.saml2.Saml2Exception)14 ArrayList (java.util.ArrayList)10 Credential (org.opensaml.security.credential.Credential)8 PrivateKey (java.security.PrivateKey)7 RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)7 SAMLConstants (org.opensaml.saml.common.xml.SAMLConstants)6 Saml2MessageBinding (org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)6 Document (org.w3c.dom.Document)6 Element (org.w3c.dom.Element)6 ByteArrayInputStream (java.io.ByteArrayInputStream)5 CertificateException (java.security.cert.CertificateException)5 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)5 Assertions.assertThatExceptionOfType (org.assertj.core.api.Assertions.assertThatExceptionOfType)5 BasicCredential (org.opensaml.security.credential.BasicCredential)5 SignatureConstants (org.opensaml.xmlsec.signature.support.SignatureConstants)5 TestSaml2X509Credentials (org.springframework.security.saml2.credentials.TestSaml2X509Credentials)5 TestRelyingPartyRegistrations (org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations)5 StandardCharsets (java.nio.charset.StandardCharsets)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial