Package org.opensaml.xml.signature

Examples of org.opensaml.xml.signature.KeyInfo

186
187
188
189
190
191
192
193
194
195
196
197
198
199
                }
                data.setEnableRevocation(MessageUtils.isTrue(
                    message.getContextualProperty(WSHandlerConstants.ENABLE_REVOCATION)));
               
                Signature sig = assertion.getSignature();
                KeyInfo keyInfo = sig.getKeyInfo();
                SAMLKeyInfo samlKeyInfo =
                    SAMLUtil.getCredentialDirectlyFromKeyInfo(
                        keyInfo.getDOM(), data.getSigVerCrypto()
                    );
                assertion.verifySignature(samlKeyInfo);
               
            } else if (getTLSCertificates(message) == null) {
                throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
View Full Code Here
133
134
135
136
137
138
139
140
141
142
143
144
145
146
                }
                data.setEnableRevocation(MessageUtils.isTrue(
                    message.getContextualProperty(WSHandlerConstants.ENABLE_REVOCATION)));
               
                Signature sig = assertion.getSignature();
                KeyInfo keyInfo = sig.getKeyInfo();
                SAMLKeyInfo samlKeyInfo =
                    SAMLUtil.getCredentialDirectlyFromKeyInfo(
                        keyInfo.getDOM(), data.getSigVerCrypto()
                    );
               
                assertion.verifySignature(samlKeyInfo);
                assertion.parseHOKSubject(
                    new WSSSAMLKeyInfoProcessor(data, null), data.getSigVerCrypto(),
View Full Code Here
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
        requestData.setSigVerCrypto(sigCrypto);
        WSSConfig wssConfig = WSSConfig.getNewInstance();
        requestData.setWssConfig(wssConfig);
        requestData.setCallbackHandler(callbackHandler);
       
        KeyInfo keyInfo = signature.getKeyInfo();
        SAMLKeyInfo samlKeyInfo = null;
        try {
            samlKeyInfo =
                SAMLUtil.getCredentialFromKeyInfo(
                    keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, new WSDocInfo(doc)), sigCrypto
                );
        } catch (WSSecurityException ex) {
            LOG.log(Level.FINE, "Error in getting KeyInfo from SAML Response: " + ex.getMessage(), ex);
            throw ex;
        }
View Full Code Here
348
349
350
351
352
353
354
355
356
357
358
359
360
361
            }
           
            // Verify the signature
            try {
                Signature sig = assertion.getSignature();
                KeyInfo keyInfo = sig.getKeyInfo();
                SAMLKeyInfo samlKeyInfo =
                    SAMLUtil.getCredentialDirectlyFromKeyInfo(
                        keyInfo.getDOM(), sigCrypto
                    );
                assertion.verifySignature(samlKeyInfo);
               
                assertion.parseHOKSubject(
                    new WSSSAMLKeyInfoProcessor(requestData, new WSDocInfo(doc)),
View Full Code Here
159
160
161
162
163
164
165
166
167
168
169
        X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory();
        kiFactory.setEmitEntityCertificate(true);
       
        try {
            KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential);
            signature.setKeyInfo(keyInfo);
        } catch (org.opensaml.xml.security.SecurityException ex) {
            throw new Exception(
                    "Error generating KeyInfo from signing credential", ex);
        }
View Full Code Here
82
83
84
85
86
87
88
89
90
91
92
                // Verify found certificate corresponds to peer certificate from SSL/TLS
                KeyInfoConfirmationDataType keyInfoConfirmation = (KeyInfoConfirmationDataType) data;
                boolean foundUserAgent = false;
                info:
                for (XMLObject xmlInfo : keyInfoConfirmation.getKeyInfos()) {
                    KeyInfo keyInfo = (KeyInfo) xmlInfo;
                    List<String> certificates = SAMLUtil.getBase64EncodeCertificates(keyInfo);
                    for (String confirmationCert : certificates) {
                        log.debug("Comparing user agent certificate {} with certificate in HoK key info {}", userAgentCertificate, confirmationCert);
                        if (userAgentCertificate.equals(confirmationCert)) {
                            log.debug("User agent certificate confirmed");
View Full Code Here
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
                // set keySize
                int keySize = data.getKeysize();
                keySize = (keySize != -1) ? keySize : config.keySize;

                // Create the encrypted key
                KeyInfo encryptedKeyInfoElement
                        = SAMLUtils.getSymmetricKeyBasedKeyInfo(doc, data, serviceCert, keySize,
                        crypto, config.keyComputation);

                return this.createAttributeAssertion(data, encryptedKeyInfoElement, nameIdentifier, config,
                    crypto, creationTime, expirationTime);


            } catch (WSSecurityException e) {

                if (serviceCert != null) {
                    throw new TrustException(
                            "errorInBuildingTheEncryptedKeyForPrincipal",
                            new String[]{serviceCert.getSubjectDN().getName()},
                            e);
                } else {
                    throw new TrustException(
                            "trustedCertNotFoundForEPR",
                            new String[]{data.getAppliesToAddress()},
                            e);
                }

            }
        } else {
            try {

                /**
                 * In this case we need to create KeyInfo as follows,
                 * <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
                 *   <X509Data xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
                 *             xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                 *        <X509Certificate>
                 *              MIICNTCCAZ6gAwIBAgIES343....
                 *           </X509Certificate>
                 *       </X509Data>
                 *   </KeyInfo>
                 */

                String subjectNameId = data.getPrincipal().getName();
               
                NameIdentifier nameId = SAMLUtils.createNamedIdentifier(subjectNameId, NameIdentifier.EMAIL);

                // Create the ds:KeyValue element with the ds:X509Data
                X509Certificate clientCert = data.getClientCert();

                if(clientCert == null) {
                    clientCert = CommonUtil.getCertificateByAlias(crypto,data.getPrincipal().getName());;
                }

                KeyInfo keyInfo = SAMLUtils.getCertificateBasedKeyInfo(clientCert);

                return this.createAuthAssertion(RahasConstants.SAML11_SUBJECT_CONFIRMATION_HOK, nameId, keyInfo,
                        config, crypto, creationTime, expirationTime, data);
            } catch (Exception e) {
                throw new TrustException("samlAssertionCreationError", e);
View Full Code Here
140
141
142
143
144
145
146
147
148
149
150
        signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
        signature.setSigningCredential(signingCredential);
        signature.setSignatureAlgorithm(signatureAlgorithm);

        X509Data x509Data = createX509Data(issuerCerts);
        KeyInfo keyInfo = createKeyInfo(x509Data);

        signature.setKeyInfo(keyInfo);
        assertion.setSignature(signature);

        try {
View Full Code Here
516
517
518
519
520
521
522
523
524
525
     * @return The appropriate opensaml representation of the KeyInfo.
     * @throws org.apache.rahas.TrustException If unable to find the builder.
     */
    public static KeyInfo createKeyInfo(EncryptedKey encryptedKey) throws TrustException {

        KeyInfo keyInfo = createKeyInfo();
        keyInfo.getEncryptedKeys().add(encryptedKey);

        return keyInfo;
    }
View Full Code Here
535
536
537
538
539
540
541
542
543
544
     * @return The appropriate opensaml representation of the KeyInfo.
     * @throws org.apache.rahas.TrustException If unable to find the builder.
     */
    public static KeyInfo createKeyInfo(X509Data x509Data) throws TrustException {

        KeyInfo keyInfo = createKeyInfo();
        keyInfo.getX509Datas().add(x509Data);

        return keyInfo;
    }
View Full Code Here
TOP

Related Classes of org.opensaml.xml.signature.KeyInfo

  • demo.sts.provider.token.Saml1TokenProvider
  • demo.sts.provider.token.Saml2TokenProvider
  • org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler
  • org.apache.cxf.rs.security.saml.AbstractSamlInHandler
  • org.apache.cxf.rs.security.saml.sso.SamlPostBindingFilter
  • org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator
  • org.apache.cxf.rs.security.saml.sso.SAMLResponseValidatorTest
  • org.apache.cxf.sts.token.validator.SAMLTokenValidator
  • org.apache.rahas.impl.SAMLTokenIssuer
  • org.apache.rahas.impl.util.SAMLUtils
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.