Package org.opensaml.xml.signature

Examples of org.opensaml.xml.signature.Signature


        samlParms.setCallbackHandler(callbackHandler);
        AssertionWrapper assertion = new AssertionWrapper(samlParms);
        assertion.signAssertion("client_certchain", "password", issuerCrypto,
                false, customCanonicalizationAlgorithm,
                customSignatureAlgorithm);
        Signature signature = assertion.getSaml2().getSignature();
        Assert.assertEquals(customSignatureAlgorithm,
                signature.getSignatureAlgorithm());
        Assert.assertEquals(customCanonicalizationAlgorithm,
                signature.getCanonicalizationAlgorithm());
    }
View Full Code Here


            requestData.setSubjectCertConstraints(certConstraints.getCompiledSubjectContraints());

            WSDocInfo docInfo = new WSDocInfo(validateTargetElement.getOwnerDocument());

            // Verify the signature
            Signature sig = assertion.getSignature();
            KeyInfo keyInfo = sig.getKeyInfo();
            SAMLKeyInfo samlKeyInfo =
                SAMLUtil.getCredentialFromKeyInfo(
                    keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, docInfo), sigCrypto
                );
            assertion.verifySignature(samlKeyInfo);
View Full Code Here

            requestData.setMsgContext(tokenParameters.getWebServiceContext().getMessageContext());

            WSDocInfo docInfo = new WSDocInfo(validateTargetElement.getOwnerDocument());

            // Verify the signature
            Signature sig = assertion.getSignature();
            KeyInfo keyInfo = sig.getKeyInfo();
            SAMLKeyInfo samlKeyInfo =
                SAMLUtil.getCredentialFromKeyInfo(
                    keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, docInfo), sigCrypto
                );
            assertion.verifySignature(samlKeyInfo);
View Full Code Here

                    throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
                }
                data.setEnableRevocation(MessageUtils.isTrue(
                    message.getContextualProperty(WSHandlerConstants.ENABLE_REVOCATION)));
               
                Signature sig = assertion.getSignature();
                WSDocInfo docInfo = new WSDocInfo(sig.getDOM().getOwnerDocument());
                KeyInfo keyInfo = sig.getKeyInfo();
               
                SAMLKeyInfo samlKeyInfo =
                    SAMLUtil.getCredentialFromKeyInfo(
                        keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(data, docInfo),
                        data.getSigVerCrypto()
View Full Code Here

        boolean sendKeyValue
    ) throws WSSecurityException {
        //
        // Create the signature
        //
        Signature signature = OpenSAMLUtil.buildSignature();
        signature.setCanonicalizationAlgorithm(
            SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS
        );
       
        // prepare to sign the SAML token
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias(issuerKeyName);
        X509Certificate[] issuerCerts = issuerCrypto.getX509Certificates(cryptoType);
        if (issuerCerts == null) {
            throw new WSSecurityException(
                "No issuer certs were found to sign the SAML Assertion using issuer name: "
                + issuerKeyName
            );
        }

        String sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
        String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
        if (log.isDebugEnabled()) {
            log.debug("automatic sig algo detection: " + pubKeyAlgo);
        }
        if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
            sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
        }
        PrivateKey privateKey = null;
        try {
            privateKey = issuerCrypto.getPrivateKey(issuerKeyName, issuerKeyPassword);
        } catch (Exception ex) {
            throw new WSSecurityException(ex.getMessage(), ex);
        }

        signature.setSignatureAlgorithm(sigAlgo);

        BasicX509Credential signingCredential = new BasicX509Credential();
        signingCredential.setEntityCertificate(issuerCerts[0]);
        signingCredential.setPrivateKey(privateKey);

        signature.setSigningCredential(signingCredential);

        X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory();
        if (sendKeyValue) {
            kiFactory.setEmitPublicKeyValue(true);
        } else {
            kiFactory.setEmitEntityCertificate(true);
        }
        try {
            KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential);
            signature.setKeyInfo(keyInfo);
        } catch (org.opensaml.xml.security.SecurityException ex) {
            throw new WSSecurityException(
                "Error generating KeyInfo from signing credential", ex
            );
        }
View Full Code Here

     * @throws ValidationException
     */
    public void verifySignature(
        RequestData data, WSDocInfo docInfo
    ) throws WSSecurityException {
        Signature sig = null;
        if (saml2 != null && saml2.getSignature() != null) {
            sig = saml2.getSignature();
        } else if (saml1 != null && saml1.getSignature() != null) {
            sig = saml1.getSignature();
        }
        if (sig != null) {
            KeyInfo keyInfo = sig.getKeyInfo();
            SAMLKeyInfo samlKeyInfo =
                SAMLUtil.getCredentialFromKeyInfo(
                    keyInfo.getDOM(), data, docInfo, data.getWssConfig().isWsiBSPCompliant()
                );
            if (samlKeyInfo == null) {
View Full Code Here

    private void assertValidSamlResponse(final IdpConfiguration config,
            final SignableSAMLObject response) throws Exception {
        Thread.sleep(1); // stop beforeNow comparison flappers

        final Signature signature;

        // Parse and assert differently based on SAML version.
        switch (config.getSamlVersion()) {
        case _1_1:
            // Response-level assertions
View Full Code Here

        }
    }

    public SignableXMLObject sign(SignableXMLObject signableXmlObject) {
        logger.debug("Building unsigned Signature");
        Signature signature = (Signature) Configuration.getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME).buildObject(Signature.DEFAULT_ELEMENT_NAME);
        signature.setSigningCredential(credential);
        signature.setCanonicalizationAlgorithm(canonicalizationAlgorithm);

        if (includeKeyInfoInSignature) {
            logger.debug("Building KeyInfo");
            KeyInfoGeneratorManager keyInfoGeneratorManager = Configuration.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager().getDefaultManager();
            KeyInfoGeneratorFactory keyInfoGeneratorFactory = keyInfoGeneratorManager.getFactory(credential);
            KeyInfo keyInfo = null;
            try {
                keyInfo = keyInfoGeneratorFactory.newInstance().generate(credential);
            } catch (SecurityException e) {
                throw new RuntimeException(e);
            }
            signature.setKeyInfo(keyInfo);
        }

        logger.debug("Trying to match signature Algorithm to public key algorithm: " + credential.getPublicKey().getAlgorithm());
        if (credential.getPublicKey().getAlgorithm().equalsIgnoreCase("DSA")) {
            signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_DSA);
        } else if (credential.getPublicKey().getAlgorithm().equalsIgnoreCase("RSA")) {
            signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA);
        } else {
            throw new RuntimeException(new SignatureException("Unknown public key algorithm. Signature algorithm not set."));
        }
        //TODO: add more algos
View Full Code Here

        SamlAssertionWrapper samlAssertion,
        RequestData data,
        WSDocInfo wsDocInfo
    ) throws WSSecurityException {
        if (samlAssertion.isSigned()) {
            Signature sig = samlAssertion.getSignature();
            KeyInfo keyInfo = sig.getKeyInfo();
            if (keyInfo == null) {
                throw new WSSecurityException(
                    WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity",
                    "cannot get certificate or key"
                );
            }
            SAMLKeyInfo samlKeyInfo =
                SAMLUtil.getCredentialFromKeyInfo(
                    keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(data, wsDocInfo), data.getSigVerCrypto()
                );
           
            PublicKey key = null;
            if (samlKeyInfo.getCerts() != null && samlKeyInfo.getCerts()[0] != null) {
                key = samlKeyInfo.getCerts()[0].getPublicKey();
            } else if (samlKeyInfo.getPublicKey() != null) {
                key = samlKeyInfo.getPublicKey();
            } else {
                throw new WSSecurityException(
                    WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity",
                    "cannot get certificate or key");
            }
           
            // Not checking signature here, just marshalling into an XMLSignature
            // structure for testing the transform/digest algorithms etc.
            XMLValidateContext context = new DOMValidateContext(key, sig.getDOM());
            context.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
            context.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE);

            XMLSignature xmlSignature;
            try {
View Full Code Here

        SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(token);
        if (samlAssertion.isSigned()) {
            // Check for compliance against the defined AlgorithmSuite
            AlgorithmSuite algorithmSuite = data.getSamlAlgorithmSuite();
           
            Signature sig = samlAssertion.getSignature();
            KeyInfo keyInfo = sig.getKeyInfo();
            if (keyInfo == null) {
                throw new WSSecurityException(
                    WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity",
                    "cannot get certificate or key"
                );
            }
            SAMLKeyInfo samlKeyInfo =
                SAMLUtil.getCredentialFromKeyInfo(
                    keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(data, docInfo), data.getSigVerCrypto()
                );
           
            if (algorithmSuite != null) {
                AlgorithmSuiteValidator algorithmSuiteValidator = new
                    AlgorithmSuiteValidator(algorithmSuite);

                PublicKey key = null;
                if (samlKeyInfo.getCerts() != null && samlKeyInfo.getCerts()[0] != null) {
                    key = samlKeyInfo.getCerts()[0].getPublicKey();
                } else if (samlKeyInfo.getPublicKey() != null) {
                    key = samlKeyInfo.getPublicKey();
                } else {
                    throw new WSSecurityException(
                        WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity",
                        "cannot get certificate or key");
                }
           
                // Not checking signature here, just marshalling into an XMLSignature
                // structure for testing the transform/digest algorithms etc.
                XMLValidateContext context = new DOMValidateContext(key, sig.getDOM());
                context.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
                context.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE);

                XMLSignature xmlSignature;
                try {
View Full Code Here

TOP

Related Classes of org.opensaml.xml.signature.Signature

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.