X509Certificate[] foundCerts = samlKi.getCerts(); if (foundCerts != null && foundCerts.length > 0) { certs = new X509Certificate[]{foundCerts[0]}; secretKey = samlKi.getSecret(); publicKey = samlKi.getPublicKey(); principal = createPrincipalFromSAML(assertion);
WSSecurityEngineResult.TAG_SECRET ); return new SAMLKeyInfo(secret); } else if (el.equals(BINARY_SECRET) || el.equals(BINARY_SECRET_05_12)) { Text txt = (Text)node.getFirstChild(); return new SAMLKeyInfo(Base64.decode(txt.getData())); } else if (SecurityTokenReference.STR_QNAME.equals(el)) { STRParser strParser = new SignatureSTRParser(); (Element)node, data, docInfo, new HashMap<String, Object>() ); SAMLKeyInfo samlKeyInfo = new SAMLKeyInfo(strParser.getCertificates()); samlKeyInfo.setPublicKey(strParser.getPublicKey()); samlKeyInfo.setSecret(strParser.getSecretKey()); if (xmlStructure instanceof KeyValue) { PublicKey publicKey = ((KeyValue)xmlStructure).getPublicKey(); return new SAMLKeyInfo(publicKey); } else if (xmlStructure instanceof X509Data) { List<?> x509Data = ((X509Data)xmlStructure).getContent(); certs = new X509Certificate[1]; certs[0] = (X509Certificate)x509obj; return new SAMLKeyInfo(certs); } else if (x509obj instanceof X509IssuerSerial) { if (data.getSigCrypto() == null) { return new SAMLKeyInfo(certs);
/** * Verify trust in the signature of a signed Assertion. This method is separate so that * the user can override if if they want. * @param assertion The signed Assertion * @param data The RequestData context * @return A Credential instance * @throws WSSecurityException */ protected Credential verifySignedAssertion( AssertionWrapper assertion, RequestData data ) throws WSSecurityException { Credential trustCredential = new Credential(); SAMLKeyInfo samlKeyInfo = assertion.getSignatureKeyInfo(); trustCredential.setPublicKey(samlKeyInfo.getPublicKey()); trustCredential.setCertificates(samlKeyInfo.getCerts()); return super.validate(trustCredential, data); }
/** * Get a SecretKey from a SAML Assertion */ private byte[] getSecretKeyFromAssertion( AssertionWrapper assertion, SecurityTokenReference secRef, RequestData data, WSDocInfo wsDocInfo, boolean bspCompliant ) throws WSSecurityException { if (bspCompliant) { BSPEnforcer.checkSamlTokenBSPCompliance(secRef, assertion); } SAMLKeyInfo samlKi = SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant); if (samlKi == null) { throw new WSSecurityException( WSSecurityException.FAILED_CHECK, "invalidSAMLToken", new Object[] {"No Secret Key"} ); } return samlKi.getSecret(); }
data, wsDocInfo, bspCompliant); certs = keyInfo.getCerts(); } else { throw new WSSecurityException(
return new SAMLKeyInfo(key);
/** * Verify trust in the signature of a signed Assertion. This method is separate so that * the user can override if if they want. * @param assertion The signed Assertion * @param data The RequestData context * @return A Credential instance * @throws WSSecurityException */ protected Credential verifySignedAssertion( AssertionWrapper assertion, RequestData data ) throws WSSecurityException { Credential trustCredential = new Credential(); SAMLKeyInfo samlKeyInfo = assertion.getSignatureKeyInfo(); trustCredential.setPublicKey(samlKeyInfo.getPublicKey()); trustCredential.setCertificates(samlKeyInfo.getCerts()); return super.validate(trustCredential, data); }
@Override public byte[] getAssertionKeyInfoSecret(Crypto signatureCrypto, TokenCallbackHandler tokenCallbackHandler) throws WSSecurityException { RequestData requestData = new RequestData(); requestData.setCallbackHandler(tokenCallbackHandler); requestData.setSigCrypto(signatureCrypto); WSDocInfo docInfo = new WSDocInfo(assertion.getDOM().getOwnerDocument()); // TODO Improve .. // TODO change this to use SAMLAssertion parameter once wss4j conversion is done .... SAMLKeyInfo samlKi = SAMLUtil.getCredentialFromSubject(assertion, requestData, docInfo, true); return samlKi.getSecret(); }
data, wsDocInfo, bspCompliant); certs = keyInfo.getCerts(); } else { throw new WSSecurityException(
return new SAMLKeyInfo(key);
X509Certificate[] foundCerts = samlKi.getCerts(); if (foundCerts != null && foundCerts.length > 0) { certs = new X509Certificate[]{foundCerts[0]}; secretKey = samlKi.getSecret(); publicKey = samlKi.getPublicKey(); principal = createPrincipalFromSAML(assertion);
if (samlKeyInfo.getCerts() != null) { credential.setEntityCertificate(samlKeyInfo.getCerts()[0]); } else if (samlKeyInfo.getPublicKey() != null) { credential.setPublicKey(samlKeyInfo.getPublicKey()); } else { throw new WSSecurityException(
WSSecurityEngineResult.TAG_SECRET ); return new SAMLKeyInfo(secret); } else if (el.equals(BINARY_SECRET) || el.equals(BINARY_SECRET_05_12)) { Text txt = (Text)node.getFirstChild(); return new SAMLKeyInfo(Base64.decode(txt.getData())); } else if (SecurityTokenReference.STR_QNAME.equals(el)) { STRParser strParser = new SignatureSTRParser(); (Element)node, data, docInfo, new HashMap<String, Object>() ); SAMLKeyInfo samlKeyInfo = new SAMLKeyInfo(strParser.getCertificates()); samlKeyInfo.setPublicKey(strParser.getPublicKey()); samlKeyInfo.setSecret(strParser.getSecretKey()); if (xmlStructure instanceof KeyValue) { PublicKey publicKey = ((KeyValue)xmlStructure).getPublicKey(); return new SAMLKeyInfo(publicKey); } else if (xmlStructure instanceof X509Data) { List<?> x509Data = ((X509Data)xmlStructure).getContent(); certs = new X509Certificate[1]; certs[0] = (X509Certificate)x509obj; return new SAMLKeyInfo(certs); } else if (x509obj instanceof X509IssuerSerial) { if (data.getSigCrypto() == null) { return new SAMLKeyInfo(certs);
/** * Get a SecretKey from a SAML Assertion */ private byte[] getSecretKeyFromAssertion( AssertionWrapper assertion, SecurityTokenReference secRef, RequestData data, WSDocInfo wsDocInfo, boolean bspCompliant ) throws WSSecurityException { if (bspCompliant) { BSPEnforcer.checkSamlTokenBSPCompliance(secRef, assertion); } SAMLKeyInfo samlKi = SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant); if (samlKi == null) { throw new WSSecurityException( WSSecurityException.FAILED_CHECK, "invalidSAMLToken", new Object[] {"No Secret Key"} ); } return samlKi.getSecret(); }
SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant); certs = samlKi.getCerts(); } else { if (bspCompliant) {
return new SAMLKeyInfo(key);
); X509Certificate[] foundCerts = keyInfo.getCerts(); if (foundCerts != null) { certs = new X509Certificate[]{foundCerts[0]}; secretKey = keyInfo.getSecret(); publicKey = keyInfo.getPublicKey(); principal = createPrincipalFromSAML(assertion);
if (samlKeyInfo.getCerts() != null) { credential.setEntityCertificate(samlKeyInfo.getCerts()[0]); } else if (samlKeyInfo.getPublicKey() != null) { credential.setPublicKey(samlKeyInfo.getPublicKey()); } else { throw new WSSecurityException(