@BeforeClass public static void bootstrap() throws Exception { Security.addProvider(new BouncyCastleProvider()); DefaultBootstrap.bootstrap(); NamedKeyInfoGeneratorManager keyInfoGeneratorManager = Configuration.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager(); keyInfoGeneratorManager.getManager(SAML_METADATA_KEY_INFO_GENERATOR); }
Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver(), new org.springframework.security.saml.trust.CertPathPKIXTrustEvaluator(pkixOptions), new BasicX509CredentialNameEvaluator()); return new AllowAllSignatureTrustEngine(Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
signAlgo = secConfig.getSignatureAlgorithmURI(signingCredential); signature.setSignatureAlgorithm(signAlgo); signature.setHMACOutputLength(secConfig.getSignatureHMACOutputLength()); signature.setCanonicalizationAlgorithm(secConfig.getSignatureCanonicalizationAlgorithm());
/** * Gets the signature algorithm URI to use with the given signing credential. * * @param credential the credential that will be used to sign the message * @param config the SecurityConfiguration to use (may be null) * * @return signature algorithm to use with the given signing credential * * @throws MessageEncodingException thrown if the algorithm URI could not be derived from the supplied credential */ protected String getSignatureAlgorithmURI(Credential credential, SecurityConfiguration config) throws MessageEncodingException { SecurityConfiguration secConfig; if (config != null) { secConfig = config; } else { secConfig = Configuration.getGlobalSecurityConfiguration(); } String signAlgo = secConfig.getSignatureAlgorithmURI(credential); if (signAlgo == null) { throw new MessageEncodingException("The signing credential's algorithm URI could not be derived"); } return signAlgo; }
encParams.setAlgorithm(secConfig.getAutoGeneratedDataEncryptionKeyAlgorithmURI()); } else { encParams.setAlgorithm(secConfig.getDataEncryptionAlgorithmURI(encryptionCredential));
kekParams.setAlgorithm(secConfig.getKeyTransportEncryptionAlgorithmURI(encryptionCredential, wrappedKeyAlgorithm));
signAlgo = secConfig.getSignatureAlgorithmURI(signingCredential); signature.setSignatureAlgorithm(signAlgo); signature.setHMACOutputLength(secConfig.getSignatureHMACOutputLength()); signature.setCanonicalizationAlgorithm(secConfig.getSignatureCanonicalizationAlgorithm());
/** * Gets the signature algorithm URI to use with the given signing credential. * * @param credential the credential that will be used to sign the message * @param config the SecurityConfiguration to use (may be null) * * @return signature algorithm to use with the given signing credential * * @throws MessageEncodingException thrown if the algorithm URI could not be derived from the supplied credential */ protected String getSignatureAlgorithmURI(Credential credential, SecurityConfiguration config) throws MessageEncodingException { SecurityConfiguration secConfig; if (config != null) { secConfig = config; } else { secConfig = Configuration.getGlobalSecurityConfiguration(); } String signAlgo = secConfig.getSignatureAlgorithmURI(credential); if (signAlgo == null) { throw new MessageEncodingException("The signing credential's algorithm URI could not be derived"); } return signAlgo; }
encParams.setAlgorithm(secConfig.getAutoGeneratedDataEncryptionKeyAlgorithmURI()); } else { encParams.setAlgorithm(secConfig.getDataEncryptionAlgorithmURI(encryptionCredential));
kekParams.setAlgorithm(secConfig.getKeyTransportEncryptionAlgorithmURI(encryptionCredential, wrappedKeyAlgorithm));
@BeforeClass public static void bootstrap() throws Exception { Security.addProvider(new BouncyCastleProvider()); DefaultBootstrap.bootstrap(); NamedKeyInfoGeneratorManager keyInfoGeneratorManager = Configuration.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager(); keyInfoGeneratorManager.getManager(SAMLConstants.SAML_METADATA_KEY_INFO_GENERATOR); }
/** * Constructor. * * @param metadataProvider provider of the metadata * * @throws IllegalArgumentException thrown if the supplied provider is null */ public MetadataCredentialResolver(MetadataProvider metadataProvider) { super(); if (metadataProvider == null) { throw new IllegalArgumentException("Metadata provider may not be null"); } metadata = metadataProvider; cache = new HashMap<MetadataCacheKey, SoftReference<Collection<Credential>>>(); keyInfoCredentialResolver = Configuration.getGlobalSecurityConfiguration() .getDefaultKeyInfoCredentialResolver(); rwlock = new ReentrantReadWriteLock(); if (metadata instanceof ObservableMetadataProvider) { ObservableMetadataProvider observable = (ObservableMetadataProvider) metadataProvider; observable.getObservers().add(new MetadataProviderObserver()); } }
throw new SecurityException("Global security configuration was null, could not resolve signing algorithm"); String algoURI = secConfig.getSignatureAlgorithmURI(privKey.getAlgorithm()); if (algoURI == null) { throw new SecurityException("Can't determine algorithm URI from key algorithm: " + privKey.getAlgorithm());
private KeyInfo getKeyInfo(final Credential c, final String keyName) { final SecurityConfiguration secConfiguration = Configuration.getGlobalSecurityConfiguration(); final NamedKeyInfoGeneratorManager namedKeyInfoGeneratorManager = secConfiguration.getKeyInfoGeneratorManager(); final KeyInfoGeneratorManager keyInfoGeneratorManager = namedKeyInfoGeneratorManager.getDefaultManager(); final KeyInfoGeneratorFactory keyInfoGeneratorFactory = keyInfoGeneratorManager.getFactory(c); final KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance(); KeyInfo keyInfo; keyInfo = keyInfoGenerator.generate(c); KeyInfoHelper.addKeyName(keyInfo, keyName); return keyInfo; }
/** * Based on the settings in the extended metadata either creates a PKIX trust engine with trusted keys specified * in the extended metadata as anchors or (by default) an explicit trust engine using data from the metadata or * from the values overridden in the ExtendedMetadata. * * @param samlContext context to populate */ protected void populateTrustEngine(SAMLMessageContext samlContext) { SignatureTrustEngine engine; if ("pkix".equalsIgnoreCase(samlContext.getLocalExtendedMetadata().getSecurityProfile())) { engine = new PKIXSignatureTrustEngine(pkixResolver, Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver(), pkixTrustEvaluator, new BasicX509CredentialNameEvaluator()); } else { engine = new ExplicitKeySignatureTrustEngine(metadataResolver, Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver()); } samlContext.setLocalTrustEngine(engine); }
throw new SecurityException("Global security configuration was null, could not resolve signing algorithm"); String algoURI = secConfig.getSignatureAlgorithmURI(privKey.getAlgorithm()); if (algoURI == null) { throw new SecurityException("Can't determine algorithm URI from key algorithm: " + privKey.getAlgorithm());
/** * Method registers extension specific KeyInfoGenerator which emits . * * @see SAMLConstants#SAML_METADATA_KEY_INFO_GENERATOR */ protected void setMetadataKeyInfoGenerator() { NamedKeyInfoGeneratorManager manager = Configuration.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager(); X509KeyInfoGeneratorFactory generator = new X509KeyInfoGeneratorFactory(); generator.setEmitEntityCertificate(true); generator.setEmitEntityCertificateChain(true); manager.registerFactory(SAMLConstants.SAML_METADATA_KEY_INFO_GENERATOR, generator); }
Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver(), new org.springframework.security.saml.trust.CertPathPKIXTrustEvaluator(pkixOptions), new BasicX509CredentialNameEvaluator()); return new AllowAllSignatureTrustEngine(Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
public static void signAssertion(SignableXMLObject signableXMLObject, Credential signingCredential) throws MarshallingException, SignatureException { Signature signature = buildSAMLObject(Signature.class, Signature.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(signingCredential); signature.setSignatureAlgorithm(Configuration.getGlobalSecurityConfiguration().getSignatureAlgorithmURI(signingCredential)); signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); signableXMLObject.setSignature(signature); Configuration.getMarshallerFactory().getMarshaller(signableXMLObject).marshall(signableXMLObject); Signer.signObject(signature); }
private void bootstrap() { try { PaosBootstrap.bootstrap(); } catch (ConfigurationException e) { e.printStackTrace(); } NamedKeyInfoGeneratorManager manager = Configuration.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager(); X509KeyInfoGeneratorFactory generator = new X509KeyInfoGeneratorFactory(); generator.setEmitEntityCertificate(true); generator.setEmitEntityCertificateChain(true); manager.registerFactory(SAMLConstants.SAML_METADATA_KEY_INFO_GENERATOR, generator); }