Package org.apache.wss4j.common.saml

Examples of org.apache.wss4j.common.saml.SAMLKeyInfo


                        securityTokenReferenceId, senderVouches, includeSTR);

                securityToken.setProcessor(finalSAMLTokenOutputProcessor);

            } else if (WSSConstants.SAML_TOKEN_SIGNED.equals(action) && hok) {
                final SAMLKeyInfo samlKeyInfo = new SAMLKeyInfo();

                SubjectBean subjectBean = samlCallback.getSubject();
                if (subjectBean != null) {
                    KeyInfoBean keyInfoBean = subjectBean.getKeyInfo();
                    if (keyInfoBean != null) {
                        X509Certificate x509Certificate = keyInfoBean.getCertificate();
                        if (x509Certificate != null) {
                            String alias = ((WSSSecurityProperties) getSecurityProperties()).getSignatureCrypto().
                                    getX509Identifier(x509Certificate);
                            if (alias == null) {
                                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "aliasIsNull");
                            }
                            WSPasswordCallback wsPasswordCallback =
                                new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE);
                            WSSUtils.doPasswordCallback(
                                    ((WSSSecurityProperties) getSecurityProperties()).getCallbackHandler(),
                                    wsPasswordCallback);
                            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
                            cryptoType.setAlias(alias);
                            samlKeyInfo.setCerts(((WSSSecurityProperties) getSecurityProperties()).
                                    getSignatureCrypto().getX509Certificates(cryptoType));
                            samlKeyInfo.setPrivateKey(((WSSSecurityProperties) getSecurityProperties()).
                                    getSignatureCrypto().getPrivateKey(alias, wsPasswordCallback.getPassword()));
                        } else if (keyInfoBean.getPublicKey() != null) {
                            PublicKey publicKey = keyInfoBean.getPublicKey();
                            samlKeyInfo.setPublicKey(publicKey);
                            samlKeyInfo.setPrivateKey(((WSSSecurityProperties) getSecurityProperties()).
                                    getSignatureCrypto().getPrivateKey(
                                            samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword()));
                        } else {
                            samlKeyInfo.setSecret(keyInfoBean.getEphemeralKey());
                        }
                    }
                }
               
                final Element ref;
                if (securityToken != null) {
                    ref = securityToken.getCustomTokenReference();
                } else {
                    ref = null;
                }

                finalSAMLTokenOutputProcessor = new FinalSAMLTokenOutputProcessor(null, samlAssertionWrapper,
                        securityTokenReferenceId, senderVouches, includeSTR);

                final SecurityTokenProvider<OutboundSecurityToken> securityTokenProvider =
                        new SecurityTokenProvider<OutboundSecurityToken>() {

                    private GenericOutboundSecurityToken samlSecurityToken;

                    @Override
                    public OutboundSecurityToken getSecurityToken() throws XMLSecurityException {

                        if (this.samlSecurityToken != null) {
                            return this.samlSecurityToken;
                        }

                        WSSecurityTokenConstants.TokenType tokenType;
                        if (samlCallback.getSamlVersion() == SAMLVersion.VERSION_10) {
                            tokenType = WSSecurityTokenConstants.Saml10Token;
                        } else if (samlCallback.getSamlVersion() == SAMLVersion.VERSION_11) {
                            tokenType = WSSecurityTokenConstants.Saml11Token;
                        } else {
                            tokenType = WSSecurityTokenConstants.Saml20Token;
                        }
                        if (samlKeyInfo.getPrivateKey() != null) {
                            this.samlSecurityToken = new GenericOutboundSecurityToken(
                                    tokenId, tokenType, samlKeyInfo.getPrivateKey(), samlKeyInfo.getCerts());
                        } else {
                            this.samlSecurityToken = new GenericOutboundSecurityToken(
                                    tokenId, tokenType) {

                                @Override
                                public Key getSecretKey(String algorithmURI) throws WSSecurityException {

                                    Key key;
                                    try {
                                        key = super.getSecretKey(algorithmURI);
                                    } catch (XMLSecurityException e) {
                                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
                                    }
                                    if (key != null) {
                                        return key;
                                    }
                                    if (samlKeyInfo.getSecret() != null) {
                                        String algoFamily = JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(algorithmURI);
                                        key = new SecretKeySpec(samlKeyInfo.getSecret(), algoFamily);
                                        setSecretKey(algorithmURI, key);
                                    }
                                    return key;
                                }
                            };
View Full Code Here


                            data.getSigVerCrypto(), data.getCallbackHandler()
                        );
                    }
                    STRParserUtil.checkSamlTokenBSPCompliance(secRef, samlAssertion, data.getBSPEnforcer());
                   
                    SAMLKeyInfo keyInfo = samlAssertion.getSubjectKeyInfo();
                    X509Certificate[] foundCerts = keyInfo.getCerts();
                    if (foundCerts != null && foundCerts.length > 0) {
                        certs = new X509Certificate[]{foundCerts[0]};
                    }
                    secretKey = keyInfo.getSecret();
                    principal = createPrincipalFromSAML(samlAssertion);
                } else if (el.equals(WSSecurityEngine.ENCRYPTED_KEY)) {
                    STRParserUtil.checkEncryptedKeyBSPCompliance(secRef, data.getBSPEnforcer());
                    Processor proc = data.getWssConfig().getProcessor(WSSecurityEngine.ENCRYPTED_KEY);
                    List<WSSecurityEngineResult> encrResult =
View Full Code Here

                STRParserUtil.getAssertionFromKeyIdentifier(
                    secRef, secRef.getElement(), data, wsDocInfo
                );
            STRParserUtil.checkSamlTokenBSPCompliance(secRef, samlAssertion, data.getBSPEnforcer());
           
            SAMLKeyInfo samlKi =
                SAMLUtil.getCredentialFromSubject(samlAssertion,
                        new WSSSAMLKeyInfoProcessor(data, wsDocInfo),
                        data.getSigVerCrypto(), data.getCallbackHandler());
            X509Certificate[] foundCerts = samlKi.getCerts();
            if (foundCerts != null && foundCerts.length > 0) {
                certs = new X509Certificate[]{foundCerts[0]};
            }
            secretKey = samlKi.getSecret();
            publicKey = samlKi.getPublicKey();
            principal = createPrincipalFromSAML(samlAssertion);
        }
    }
View Full Code Here

        } else if (WSConstants.ST_UNSIGNED == action || WSConstants.ST_SIGNED == action) {
            SamlAssertionWrapper samlAssertion =
                (SamlAssertionWrapper)result.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
            STRParserUtil.checkSamlTokenBSPCompliance(secRef, samlAssertion, data.getBSPEnforcer());
           
            SAMLKeyInfo keyInfo = samlAssertion.getSubjectKeyInfo();
            if (keyInfo == null) {
                throw new WSSecurityException(
                    WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"
                );
            }
            X509Certificate[] foundCerts = keyInfo.getCerts();
            if (foundCerts != null) {
                certs = new X509Certificate[]{foundCerts[0]};
            }
            secretKey = keyInfo.getSecret();
            publicKey = keyInfo.getPublicKey();
            principal = createPrincipalFromSAML(samlAssertion);
        }
    }
View Full Code Here

            // Check for compliance against the defined AlgorithmSuite
            AlgorithmSuite algorithmSuite = data.getSamlAlgorithmSuite();
           
            Signature sig = samlAssertion.getSignature();
            KeyInfo keyInfo = sig.getKeyInfo();
            SAMLKeyInfo samlKeyInfo =
                SAMLUtil.getCredentialDirectlyFromKeyInfo(
                    keyInfo.getDOM(), data.getSigVerCrypto()
                );
           
            if (algorithmSuite != null) {
                AlgorithmSuiteValidator algorithmSuiteValidator = new
                    AlgorithmSuiteValidator(algorithmSuite);

                PublicKey key = null;
                if (samlKeyInfo.getCerts() != null && samlKeyInfo.getCerts()[0] != null) {
                    key = samlKeyInfo.getCerts()[0].getPublicKey();
                } else if (samlKeyInfo.getPublicKey() != null) {
                    key = samlKeyInfo.getPublicKey();
                } else {
                    throw new WSSecurityException(
                        WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity",
                        "cannot get certificate or key");
                }
View Full Code Here

    protected Credential verifySignedAssertion(
        SamlAssertionWrapper samlAssertion,
        RequestData data
    ) throws WSSecurityException {
        Credential trustCredential = new Credential();
        SAMLKeyInfo samlKeyInfo = samlAssertion.getSignatureKeyInfo();
        trustCredential.setPublicKey(samlKeyInfo.getPublicKey());
        trustCredential.setCertificates(samlKeyInfo.getCerts());
        return super.validate(trustCredential, data);
    }
View Full Code Here

        for (String confirmationMethod : confirmationMethods) {
            if (OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) {
                if (tlsCerts == null && (signedResults == null || signedResults.isEmpty())) {
                    return false;
                }
                SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo();
                if (!compareCredentials(subjectKeyInfo, signedResults, tlsCerts)) {
                    return false;
                }
            }
        }
View Full Code Here

                        proc.handleToken((Element)node, data, docInfo, data.getSamlAlgorithmSuite());
                    byte[] secret =
                        (byte[])result.get(0).get(
                            WSSecurityEngineResult.TAG_SECRET
                        );
                    return new SAMLKeyInfo(secret);
                } else if (el.equals(BINARY_SECRET) || el.equals(BINARY_SECRET_05_12)) {
                    Text txt = (Text)node.getFirstChild();
                    try {
                        return new SAMLKeyInfo(Base64.decode(txt.getData()));
                    } catch (Exception e) {
                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
                                "empty", e, "decoding.general");
                    }
                } else if (SecurityTokenReference.STR_QNAME.equals(el)) {
                    STRParser strParser = new SignatureSTRParser();
                    strParser.parseSecurityTokenReference(
                        (Element)node, data, docInfo, new HashMap<String, Object>()
                    );
                    SAMLKeyInfo samlKeyInfo = new SAMLKeyInfo(strParser.getCertificates());
                    samlKeyInfo.setPublicKey(strParser.getPublicKey());
                    samlKeyInfo.setSecret(strParser.getSecretKey());
                   
                    Principal principal = strParser.getPrincipal();
                   
                    // Check for compliance against the defined AlgorithmSuite
                    AlgorithmSuite algorithmSuite = data.getSamlAlgorithmSuite();
View Full Code Here

        SecurityTokenReference secRef,
        RequestData data,
        WSDocInfo wsDocInfo
    ) throws WSSecurityException {
        STRParserUtil.checkSamlTokenBSPCompliance(secRef, samlAssertion, data.getBSPEnforcer());
        SAMLKeyInfo samlKi =
            SAMLUtil.getCredentialFromSubject(samlAssertion,
                    new WSSSAMLKeyInfoProcessor(data, wsDocInfo),
                    data.getSigVerCrypto(), data.getCallbackHandler());
        if (samlKi == null) {
            throw new WSSecurityException(
                WSSecurityException.ErrorCode.FAILED_CHECK, "invalidSAMLToken", "No Secret Key");
        }
        return samlKi.getSecret();
    }
View Full Code Here

                RequestData data = new RequestData();
                SignatureActionToken actionToken = new SignatureActionToken();
                data.setSignatureToken(actionToken);
                actionToken.setCrypto(userCrypto);
                data.setWssConfig(getWsConfig());
                SAMLKeyInfo samlKeyInfo =
                    SAMLUtil.getCredentialFromSubject(
                            samlAssertion, new WSSSAMLKeyInfoProcessor(data, wsDocInfo),
                            userCrypto, data.getCallbackHandler()
                    );
                publicKey = samlKeyInfo.getPublicKey();
                certs = samlKeyInfo.getCerts();
                wsDocInfo.setCrypto(userCrypto);
            }
        }
        if ((certs == null || certs.length == 0 || certs[0] == null)
            && publicKey == null && secretKey == null) {
View Full Code Here

TOP

Related Classes of org.apache.wss4j.common.saml.SAMLKeyInfo

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.