private static KeyDescriptor buildKeyDescriptorElement(UsageType type, KeyInfo key) { final KeyDescriptor descriptor = build(KeyDescriptor.DEFAULT_ELEMENT_NAME); descriptor.setUse(type); descriptor.setKeyInfo(key); return descriptor; } }
protected List<SimpleKey> getKeyFromDescriptor(KeyDescriptor desc) { List<SimpleKey> result = new LinkedList<>(); if (desc.getKeyInfo() == null) { return null; } KeyType type = desc.getUse() != null ? KeyType.valueOf(desc.getUse().name()) : KeyType.UNSPECIFIED; int index = 0; for (X509Data x509 : ofNullable(desc.getKeyInfo().getX509Datas()).orElse(emptyList())) { for (X509Certificate cert : ofNullable(x509.getX509Certificates()).orElse(emptyList())) { result.add(new SimpleKey(type.getTypeName() + "-" + (index++), null, cert.getValue(), null, type )); } } return result; }
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject) throws UnmarshallingException { KeyDescriptor keyDescriptor = (KeyDescriptor) parentSAMLObject; if (childSAMLObject instanceof KeyInfo) { keyDescriptor.setKeyInfo((KeyInfo) childSAMLObject); } else if (childSAMLObject instanceof EncryptionMethod) { keyDescriptor.getEncryptionMethods().add((EncryptionMethod) childSAMLObject); } else { super.processChildElement(parentSAMLObject, childSAMLObject); } }
keyDescriptor.setKeyInfo(keyInfoGenerator.generate(loader.getCredential())); spSSODescriptor.getKeyDescriptors().add(keyDescriptor);
/** {@inheritDoc} */ protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException { KeyDescriptor keyDescriptor = (KeyDescriptor) samlObject; if (attribute.getName().equals(KeyDescriptor.USE_ATTRIB_NAME)) { try { UsageType usageType = UsageType.valueOf(UsageType.class, attribute.getValue().toUpperCase()); // Only allow the enum values specified in the schema. if (usageType != UsageType.SIGNING && usageType != UsageType.ENCRYPTION) { throw new UnmarshallingException("Invalid key usage type: " + attribute.getValue()); } keyDescriptor.setUse(usageType); } catch (IllegalArgumentException e) { throw new UnmarshallingException("Invalid key usage type: " + attribute.getValue()); } } else { super.processAttribute(samlObject, attribute); } }
@Nonnull final UsageType mdUsage) throws ResolverException { final LockableClassToInstanceMultiMap<Object> keyDescriptorObjectMetadata = keyDescriptor.getObjectMetadata(); final ReadWriteLock rwlock = keyDescriptorObjectMetadata.getReadWriteLock(); critSet.add(new KeyInfoCriterion(keyDescriptor.getKeyInfo()));
for (X509Data x509Data : key.getKeyInfo().getX509Datas()) { for (org.opensaml.xmlsec.signature.X509Certificate cert : x509Data.getX509Certificates()) { try (ByteArrayInputStream bais = new ByteArrayInputStream(
/** * Constructor. * * @param descriptor the KeyDescriptor context from which a credential was resolved */ public SAMLMDCredentialContext(KeyDescriptor descriptor) { keyDescriptor = descriptor; if (descriptor != null) { // KeyDescriptor / EncryptionMethod encMethods = descriptor.getEncryptionMethods(); // KeyDescriptor -> RoleDescriptor role = (RoleDescriptor) descriptor.getParent(); } }
/** * Process a RoleDescriptor by examing each of its KeyDescriptors. * * @param accumulator the set of credentials being accumulated for return to the caller * @param roleDescriptor the KeyDescriptor being processed * @param entityID the entity ID of the KeyDescriptor being processed * @param usage the credential usage type specified as resolve input * * @throws ResolverException if there is a problem resolving credentials from the KeyDescriptor's KeyInfo element */ protected void processRoleDescriptor(@Nonnull final HashSet<Credential> accumulator, @Nonnull final RoleDescriptor roleDescriptor, @Nullable final String entityID, @Nonnull final UsageType usage) throws ResolverException { final List<KeyDescriptor> keyDescriptors = roleDescriptor.getKeyDescriptors(); for (final KeyDescriptor keyDescriptor : keyDescriptors) { UsageType mdUsage = keyDescriptor.getUse(); if (mdUsage == null) { mdUsage = UsageType.UNSPECIFIED; } if (matchUsage(mdUsage, usage)) { if (keyDescriptor.getKeyInfo() != null) { extractCredentials(accumulator, keyDescriptor, entityID, mdUsage); } } } }
private static KeyDescriptor buildKeyDescriptorElement(UsageType type, KeyInfo key) { final KeyDescriptor descriptor = build(KeyDescriptor.DEFAULT_ELEMENT_NAME); descriptor.setUse(type); descriptor.setKeyInfo(key); return descriptor; } }
final List<KeyDescriptor> keyDescriptors = roleDescriptor.getKeyDescriptors(); for (final KeyDescriptor keyDescriptor : keyDescriptors) { UsageType mdUsage = keyDescriptor.getUse(); if (mdUsage == null) { mdUsage = UsageType.UNSPECIFIED; if (keyDescriptor.getKeyInfo() != null) { getTrustedNames(trustedNames, keyDescriptor.getKeyInfo());
/** {@inheritDoc} */ @Override protected void marshallAttributes(XMLObject xmlObject, Element domElement) throws MarshallingException { KeyDescriptor keyDescriptor = (KeyDescriptor) xmlObject; if (keyDescriptor.getUse() != null) { UsageType use = keyDescriptor.getUse(); // UsageType enum contains more values than are allowed by SAML 2 schema if (use.equals(UsageType.SIGNING) || use.equals(UsageType.ENCRYPTION)) { domElement.setAttributeNS(null, KeyDescriptor.USE_ATTRIB_NAME, use.toString().toLowerCase()); } else if (use.equals(UsageType.UNSPECIFIED)) { // emit nothing for unspecified - this is semantically equivalent to non-existent attribute } else { // Just in case values are unknowingly added to UsageType in the future... throw new MarshallingException("KeyDescriptor had illegal value for use attribute: " + use.toString()); } } } }
protected final KeyDescriptor getKeyDescriptor(final UsageType type, final KeyInfo key) { final SAMLObjectBuilder<KeyDescriptor> builder = (SAMLObjectBuilder<KeyDescriptor>) Configuration.getBuilderFactory() .getBuilder(KeyDescriptor.DEFAULT_ELEMENT_NAME); final KeyDescriptor descriptor = builder.buildObject(); descriptor.setUse(type); descriptor.setKeyInfo(key); return descriptor; }
public KeyDescriptor getKeyDescriptor(SimpleKey key) { SAMLObjectBuilder<KeyDescriptor> builder = (SAMLObjectBuilder<KeyDescriptor>) getBuilderFactory() .getBuilder(KeyDescriptor.DEFAULT_ELEMENT_NAME); KeyDescriptor descriptor = builder.buildObject(); KeyStoreCredentialResolver resolver = getCredentialsResolver(key); Credential credential = getCredential(key, resolver); try { KeyInfo info = getKeyInfoGenerator(credential).generate(credential); descriptor.setKeyInfo(info); if (key.getType() != null) { descriptor.setUse(UsageType.valueOf(key.getType().toString())); } else { descriptor.setUse(UsageType.SIGNING); } return descriptor; } catch (SecurityException e) { throw new SamlKeyException(e); } }
signingKeyDescriptor.setUse(UsageType.SIGNING); KeyInfo signingKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME); X509Data signingX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME); signingX509Data.getX509Certificates().add(signingX509Certificate); signingKeyInfo.getX509Datas().add(signingX509Data); signingKeyDescriptor.setKeyInfo(signingKeyInfo); idpssoDescriptor.getKeyDescriptors().add(signingKeyDescriptor); encKeyDescriptor.setUse(UsageType.ENCRYPTION); KeyInfo encKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME); X509Data encX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME); encX509Data.getX509Certificates().add(encX509Certificate); encKeyInfo.getX509Datas().add(encX509Data); encKeyDescriptor.setKeyInfo(encKeyInfo); idpssoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
signingKeyDescriptor.setUse(UsageType.SIGNING); KeyInfo signingKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME); X509Data signingX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME); signingX509Data.getX509Certificates().add(signingX509Certificate); signingKeyInfo.getX509Datas().add(signingX509Data); signingKeyDescriptor.setKeyInfo(signingKeyInfo); spSsoDescriptor.getKeyDescriptors().add(signingKeyDescriptor); encKeyDescriptor.setUse(UsageType.ENCRYPTION); KeyInfo encKeyInfo = keyInfoBuilder.buildObject(KeyInfo.DEFAULT_ELEMENT_NAME); X509Data encX509Data = x509DataBuilder.buildObject(X509Data.DEFAULT_ELEMENT_NAME); encX509Data.getX509Certificates().add(encX509Certificate); encKeyInfo.getX509Datas().add(encX509Data); encKeyDescriptor.setKeyInfo(encKeyInfo); spSsoDescriptor.getKeyDescriptors().add(encKeyDescriptor);