/** * Get a simple, minimal credential containing an end-entity X.509 certificate, and optionally a private key. * * @param cert the end-entity certificate to wrap * @param privateKey the private key to wrap, which may be null * @return a credential containing the certificate and key specified */ public static BasicX509Credential getSimpleCredential(X509Certificate cert, PrivateKey privateKey) { if (cert == null) { throw new IllegalArgumentException("A certificate is required"); } BasicX509Credential cred = new BasicX509Credential(); cred.setEntityCertificate(cert); cred.setPrivateKey(privateKey); return cred; }
BasicX509Credential credential = new BasicX509Credential(); credential.setUsageType(getUsageType()); credential.setEntityId(getEntityID()); credential.getKeyNames().addAll(getKeyNames()); credential.setEntityCertificateChain(new ArrayList<X509Certificate>(certificates)); if (entityCertificate != null) { credential.setEntityCertificate(entityCertificate); } else { credential.setEntityCertificate(certificates.get(0)); credential.setCRLs(new ArrayList<X509CRL>(x509crls)); credential.setPrivateKey(privateKey); credential.setPublicKey(credential.getEntityCertificate().getPublicKey()); if (credential.getPublicKey() != null && credential.getPrivateKey() != null) { boolean matched = false; try { matched = SecurityHelper.matchKeyPair(credential.getPublicKey(), credential.getPrivateKey()); } catch (SecurityException e) { log.warn("Could not perform sanity check against credential public and private key: {}",
private static Credential getCredential(X509Certificate certificate) { BasicX509Credential credential = new BasicX509Credential(); credential.setEntityCertificate(certificate); credential.setPublicKey(certificate.getPublicKey()); credential.setCRLs(Collections.emptyList()); return credential; }
encKeyDescriptor.setUse(UsageType.ENCRYPTION); BasicX509Credential signingCredential = new BasicX509Credential(); signingCredential.setEntityCertificate(spMetadata.getSigningCertificate()); BasicX509Credential encryptionCredential = new BasicX509Credential(); encryptionCredential.setEntityCertificate(spMetadata.getEncryptionCertificate());
/** * Build an X509Credential from a keystore trusted certificate entry. * * @param trustedCertEntry the entry being processed * @param entityID the entityID to set * @param usage the usage type to set * @return new X509Credential instance */ protected X509Credential processTrustedCertificateEntry(KeyStore.TrustedCertificateEntry trustedCertEntry, String entityID, UsageType usage) { log.debug("Processing TrustedCertificateEntry from keystore"); BasicX509Credential credential = new BasicX509Credential(); credential.setEntityId(entityID); credential.setUsageType(usage); X509Certificate cert = (X509Certificate) trustedCertEntry.getTrustedCertificate(); credential.setEntityCertificate(cert); ArrayList<X509Certificate> certChain = new ArrayList<X509Certificate>(); certChain.add(cert); credential.setEntityCertificateChain(certChain); return credential; }
BasicX509Credential credential = new BasicX509Credential(); if (samlKeyInfo.getCerts() != null) { credential.setEntityCertificate(samlKeyInfo.getCerts()[0]); } else if (samlKeyInfo.getPublicKey() != null) { credential.setPublicKey(samlKeyInfo.getPublicKey()); } else { throw new WSSecurityException(
BasicX509Credential cred = new BasicX509Credential(); cred.setEntityCertificate(entityCert); cred.setCRLs(crls); cred.setEntityCertificateChain(certs); cred.getKeyNames().addAll(kiContext.getKeyNames()); cred.getCredentalContextSet().add(credContext);
BasicX509Credential signingCredential = new BasicX509Credential(); signingCredential.setPrivateKey(privateKeyEntry.getPrivateKey()); signingCredential.setEntityCertificateChain(certificateChain);
BasicX509Credential basicX509Credential = new BasicX509Credential(); basicX509Credential.setEntityCertificate(x509cert); basicX509Credential.setPrivateKey((PrivateKey) keystore.getKey(keystoreAlias, keystoreAliasPassword)); basicX509Credential.setPublicKey(keystore.getCertificate(keystoreAlias).getPublicKey()); credential = basicX509Credential; break;
/** * Tries to load peer SSL certificate from the inbound message transport using attribute * "javax.servlet.request.X509Certificate". If found sets peerSSLCredential in the context. * * @param samlContext context to populate */ protected void populatePeerSSLCredential(SAMLMessageContext samlContext) { X509Certificate[] chain = (X509Certificate[]) samlContext.getInboundMessageTransport().getAttribute(ServletRequestX509CredentialAdapter.X509_CERT_REQUEST_ATTRIBUTE); if (chain != null && chain.length > 0) { log.debug("Found certificate chain from request {}", chain[0]); BasicX509Credential credential = new BasicX509Credential(); credential.setEntityCertificate(chain[0]); credential.setEntityCertificateChain(Arrays.asList(chain)); samlContext.setPeerSSLCredential(credential); } }
/** * Validate the specified opensaml XML Signature * * @param signature * the XML signature * @return list of {@link X509Certificate}'s in the XML signature * @throws CertificateException * something went wrong extracting the certificates from the XML * Signature. * @throws ValidationException * validation failed */ public static List<X509Certificate> validateSignature(Signature signature) throws CertificateException, ValidationException { List<X509Certificate> certChain = KeyInfoHelper .getCertificates(signature.getKeyInfo()); SAMLSignatureProfileValidator pv = new SAMLSignatureProfileValidator(); pv.validate(signature); BasicX509Credential credential = new BasicX509Credential(); credential.setPublicKey(getEndCertificate(certChain).getPublicKey()); SignatureValidator sigValidator = new SignatureValidator(credential); sigValidator.validate(signature); return certChain; }
/** * Sets the entity certificate for this credential. * * @param cert entity certificate for this credential */ public void setEntityCertificate(X509Certificate cert) { entityCert = cert; if (cert != null) { setPublicKey(cert.getPublicKey()); } else { setPublicKey(null); } }
/** * Build an X509Credential from a keystore trusted certificate entry. * * @param trustedCertEntry the entry being processed * @param entityID the entityID to set * @param usage the usage type to set * @return new X509Credential instance */ protected X509Credential processTrustedCertificateEntry(KeyStore.TrustedCertificateEntry trustedCertEntry, String entityID, UsageType usage) { log.debug("Processing TrustedCertificateEntry from keystore"); BasicX509Credential credential = new BasicX509Credential(); credential.setEntityId(entityID); credential.setUsageType(usage); X509Certificate cert = (X509Certificate) trustedCertEntry.getTrustedCertificate(); credential.setEntityCertificate(cert); ArrayList<X509Certificate> certChain = new ArrayList<X509Certificate>(); certChain.add(cert); credential.setEntityCertificateChain(certChain); return credential; }
BasicX509Credential credential = new BasicX509Credential(); if (samlKeyInfo.getCerts() != null) { credential.setEntityCertificate(samlKeyInfo.getCerts()[0]); } else if (samlKeyInfo.getPublicKey() != null) { credential.setPublicKey(samlKeyInfo.getPublicKey()); } else { throw new WSSecurityException(
BasicX509Credential cred = new BasicX509Credential(); cred.setEntityCertificate(entityCert); cred.setCRLs(crls); cred.setEntityCertificateChain(certs); cred.getKeyNames().addAll(kiContext.getKeyNames()); cred.getCredentalContextSet().add(credContext);
BasicX509Credential credential = new BasicX509Credential(); credential.setPrivateKey(spIdentity.getPrivateKey()); credential.setEntityCertificateChain(certChain);
BasicX509Credential credential = new BasicX509Credential(); credential.setEntityCertificate(idpMetadata.getSigningCertificate()); SignatureValidator validator = new SignatureValidator(credential); try { BasicX509Credential sigCredential = new BasicX509Credential(); sigCredential.setEntityCertificate(idpMetadata.getSigningCertificate()); SignatureValidator validator = new SignatureValidator(sigCredential); try {
/** * Sets the entity certificate for this credential. * * @param cert entity certificate for this credential */ public void setEntityCertificate(X509Certificate cert) { entityCert = cert; if (cert != null) { setPublicKey(cert.getPublicKey()); } else { setPublicKey(null); } }
/** * Get a simple, minimal credential containing an end-entity X.509 certificate, and optionally a private key. * * @param cert the end-entity certificate to wrap * @param privateKey the private key to wrap, which may be null * @return a credential containing the certificate and key specified */ public static BasicX509Credential getSimpleCredential(X509Certificate cert, PrivateKey privateKey) { if (cert == null) { throw new IllegalArgumentException("A certificate is required"); } BasicX509Credential cred = new BasicX509Credential(); cred.setEntityCertificate(cert); cred.setPrivateKey(privateKey); return cred; }
/** * Build an X509Credential from a keystore private key entry. * * @param privateKeyEntry the entry being processed * @param entityID the entityID to set * @param usage the usage type to set * @return new X509Credential instance */ protected X509Credential processPrivateKeyEntry(KeyStore.PrivateKeyEntry privateKeyEntry, String entityID, UsageType usage) { log.debug("Processing PrivateKeyEntry from keystore"); BasicX509Credential credential = new BasicX509Credential(); credential.setEntityId(entityID); credential.setUsageType(usage); credential.setPrivateKey(privateKeyEntry.getPrivateKey()); credential.setEntityCertificate((X509Certificate) privateKeyEntry.getCertificate()); credential.setEntityCertificateChain(Arrays.asList((X509Certificate[]) privateKeyEntry.getCertificateChain())); return credential; }