/** * Parse a SAML Assertion to obtain a SAMLKeyInfo object from * the Subject of the assertion * * @param assertion The SAML Assertion * @param data The RequestData instance used to obtain configuration * @param docInfo A WSDocInfo instance * @param bspCompliant Whether to process tokens in compliance with the BSP spec or not * @return a SAMLKeyInfo object * @throws WSSecurityException */ public static SAMLKeyInfo getCredentialFromSubject( AssertionWrapper assertion, RequestData data, WSDocInfo docInfo, boolean bspCompliant ) throws WSSecurityException { if (assertion.getSaml1() != null) { return getCredentialFromSubject(assertion.getSaml1(), data, docInfo, bspCompliant); } else { return getCredentialFromSubject(assertion.getSaml2(), data, docInfo, bspCompliant); } }
if (secretKey == null) { AssertionWrapper assertion = SAMLUtil.getAssertionFromKeyIdentifier( secRef, secRef.getElement(), data, wsDocInfo ); SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant); X509Certificate[] foundCerts = samlKi.getCerts(); if (foundCerts != null && foundCerts.length > 0) {
/** * Verify the signature of this assertion * * @throws ValidationException */ public void verifySignature( RequestData data, WSDocInfo docInfo ) throws WSSecurityException { Signature sig = getSignature(); if (sig != null) { KeyInfo keyInfo = sig.getKeyInfo(); if (keyInfo == null) { throw new WSSecurityException( WSSecurityException.FAILURE, "invalidSAMLsecurity", new Object[]{"cannot get certificate or key"} ); } SAMLKeyInfo samlKeyInfo = SAMLUtil.getCredentialFromKeyInfo(keyInfo.getDOM(), data, docInfo, data.getWssConfig().isWsiBSPCompliant()); verifySignature(samlKeyInfo); } else { LOG.debug("AssertionWrapper: no signature to validate"); } }
) throws WSSecurityException { byte[] key = getSecretKeyFromCallbackHandler(assertion.getID(), data.getCallbackHandler()); if (key != null && key.length > 0) { return new SAMLKeyInfo(key); WSSecurityUtil.getDirectChildElement(sub, "KeyInfo", WSConstants.SIG_NS); if (keyInfoElement != null) { return getCredentialFromKeyInfo(keyInfoElement, data, docInfo, bspCompliant);
if (secretKey == null) { AssertionWrapper assertion = SAMLUtil.getAssertionFromKeyIdentifier( secRef, strElement, data, wsDocInfo
) throws WSSecurityException { byte[] key = getSecretKeyFromCallbackHandler(assertion.getID(), data.getCallbackHandler()); if (key != null && key.length > 0) { return new SAMLKeyInfo(key); WSSecurityUtil.getDirectChildElement(sub, "KeyInfo", WSConstants.SIG_NS); if (keyInfoElement != null) { return getCredentialFromKeyInfo(keyInfoElement, data, docInfo, bspCompliant);
if (secretKey == null) { AssertionWrapper assertion = SAMLUtil.getAssertionFromKeyIdentifier( secRef, strElement, data, wsDocInfo
/** * Parse a SAML Assertion to obtain a SAMLKeyInfo object from * the Subject of the assertion * * @param assertion The SAML Assertion * @param data The RequestData instance used to obtain configuration * @param docInfo A WSDocInfo instance * @param bspCompliant Whether to process tokens in compliance with the BSP spec or not * @return a SAMLKeyInfo object * @throws WSSecurityException */ public static SAMLKeyInfo getCredentialFromSubject( AssertionWrapper assertion, RequestData data, WSDocInfo docInfo, boolean bspCompliant ) throws WSSecurityException { if (assertion.getSaml1() != null) { return getCredentialFromSubject(assertion.getSaml1(), data, docInfo, bspCompliant); } else { return getCredentialFromSubject(assertion.getSaml2(), data, docInfo, bspCompliant); } }
if (secretKey == null) { AssertionWrapper assertion = SAMLUtil.getAssertionFromKeyIdentifier( secRef, secRef.getElement(), data, wsDocInfo ); SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant); X509Certificate[] foundCerts = samlKi.getCerts(); if (foundCerts != null && foundCerts.length > 0) {
) throws WSSecurityException { byte[] key = getSecretKeyFromCallbackHandler(assertion.getID(), data.getCallbackHandler()); if (key != null && key.length > 0) { return new SAMLKeyInfo(key); WSSecurityUtil.getDirectChildElement(sub, "KeyInfo", WSConstants.SIG_NS); if (keyInfoElement != null) { return getCredentialFromKeyInfo(keyInfoElement, data, docInfo, bspCompliant);
/** * Verify the signature of this assertion * * @throws ValidationException */ public void verifySignature( RequestData data, WSDocInfo docInfo ) throws WSSecurityException { Signature sig = getSignature(); if (sig != null) { KeyInfo keyInfo = sig.getKeyInfo(); if (keyInfo == null) { throw new WSSecurityException( WSSecurityException.FAILURE, "invalidSAMLsecurity", new Object[]{"cannot get certificate or key"} ); } SAMLKeyInfo samlKeyInfo = SAMLUtil.getCredentialFromKeyInfo(keyInfo.getDOM(), data, docInfo, data.getWssConfig().isWsiBSPCompliant()); verifySignature(samlKeyInfo); } else { LOG.debug("AssertionWrapper: no signature to validate"); } }
/** * This method parses the KeyInfo of the Subject for the holder-of-key confirmation * method, as required by the SAML Token spec. It then stores the SAMLKeyInfo object that * has been obtained for future processing by the SignatureProcessor. * @throws WSSecurityException */ public void parseHOKSubject( RequestData data, WSDocInfo docInfo ) throws WSSecurityException { String confirmMethod = null; List<String> methods = getConfirmationMethods(); if (methods != null && methods.size() > 0) { confirmMethod = methods.get(0); } if (OpenSAMLUtil.isMethodHolderOfKey(confirmMethod)) { if (saml1 != null) { subjectKeyInfo = SAMLUtil.getCredentialFromSubject(saml1, data, docInfo, data.getWssConfig().isWsiBSPCompliant()); } else if (saml2 != null) { subjectKeyInfo = SAMLUtil.getCredentialFromSubject(saml2, data, docInfo, data.getWssConfig().isWsiBSPCompliant()); } } }
|| WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType())) { AssertionWrapper assertion = SAMLUtil.getAssertionFromKeyIdentifier( secRef, strElement, data, wsDocInfo ); SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant); certs = samlKi.getCerts();
) throws WSSecurityException { byte[] key = getSecretKeyFromCallbackHandler(assertion.getID(), data.getCallbackHandler()); if (key != null && key.length > 0) { return new SAMLKeyInfo(key); WSSecurityUtil.getDirectChildElement(sub, "KeyInfo", WSConstants.SIG_NS); if (keyInfoElement != null) { return getCredentialFromKeyInfo(keyInfoElement, data, docInfo, bspCompliant);
SAMLUtil.getCredentialFromKeyInfo( keyInfo.getDOM(), data, wsDocInfo, data.getWssConfig().isWsiBSPCompliant() );
/** * This method parses the KeyInfo of the Subject for the holder-of-key confirmation * method, as required by the SAML Token spec. It then stores the SAMLKeyInfo object that * has been obtained for future processing by the SignatureProcessor. * @throws WSSecurityException */ public void parseHOKSubject( RequestData data, WSDocInfo docInfo ) throws WSSecurityException { String confirmMethod = null; List<String> methods = getConfirmationMethods(); if (methods != null && methods.size() > 0) { confirmMethod = methods.get(0); } if (OpenSAMLUtil.isMethodHolderOfKey(confirmMethod)) { if (saml1 != null) { subjectKeyInfo = SAMLUtil.getCredentialFromSubject(saml1, data, docInfo, data.getWssConfig().isWsiBSPCompliant()); } else if (saml2 != null) { subjectKeyInfo = SAMLUtil.getCredentialFromSubject(saml2, data, docInfo, data.getWssConfig().isWsiBSPCompliant()); } } }
|| WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(secRef.getKeyIdentifierValueType())) { AssertionWrapper assertion = SAMLUtil.getAssertionFromKeyIdentifier( secRef, strElement, data, wsDocInfo ); SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant); certs = samlKi.getCerts();
SAMLUtil.getCredentialFromKeyInfo( keyInfo.getDOM(), data, wsDocInfo, data.getWssConfig().isWsiBSPCompliant() );
@Override public byte[] getAssertionKeyInfoSecret(Crypto signatureCrypto, TokenCallbackHandler tokenCallbackHandler) throws WSSecurityException { RequestData requestData = new RequestData(); requestData.setCallbackHandler(tokenCallbackHandler); requestData.setSigCrypto(signatureCrypto); WSDocInfo docInfo = new WSDocInfo(assertion.getDOM().getOwnerDocument()); // TODO Improve .. // TODO change this to use SAMLAssertion parameter once wss4j conversion is done .... SAMLKeyInfo samlKi = SAMLUtil.getCredentialFromSubject(assertion, requestData, docInfo, true); return samlKi.getSecret(); }
/** * Get a SecretKey from a SAML Assertion */ private byte[] getSecretKeyFromAssertion( AssertionWrapper assertion, SecurityTokenReference secRef, RequestData data, WSDocInfo wsDocInfo, boolean bspCompliant ) throws WSSecurityException { if (bspCompliant) { BSPEnforcer.checkSamlTokenBSPCompliance(secRef, assertion); } SAMLKeyInfo samlKi = SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant); if (samlKi == null) { throw new WSSecurityException( WSSecurityException.FAILED_CHECK, "invalidSAMLToken", new Object[] {"No Secret Key"} ); } return samlKi.getSecret(); }