@Override public Signature build() { Signature signature = new SignatureBuilder().buildObject(); signature.setSigningCredential(credential); signature.setCanonicalizationAlgorithm(canonicalizationAlgorithm); signature.setSignatureAlgorithm(signatureAlgoritm); signature.setKeyInfo(keyInfo); return signature; } }
String signAlgo = signature.getSignatureAlgorithm(); if (signAlgo == null) { signAlgo = secConfig.getSignatureAlgorithmURI(signingCredential); signature.setSignatureAlgorithm(signAlgo); if (signature.getHMACOutputLength() == null) { signature.setHMACOutputLength(secConfig.getSignatureHMACOutputLength()); if (signature.getCanonicalizationAlgorithm() == null) { signature.setCanonicalizationAlgorithm(secConfig.getSignatureCanonicalizationAlgorithm()); if (signature.getKeyInfo() == null) { KeyInfoGenerator kiGenerator = getKeyInfoGenerator(signingCredential, secConfig, keyInfoGenName); if (kiGenerator != null) { try { KeyInfo keyInfo = kiGenerator.generate(signingCredential); signature.setKeyInfo(keyInfo); } catch (SecurityException e) { log.error("Error generating KeyInfo from credential", e);
public static void signAssertion(SignableXMLObject signableXMLObject, Credential signingCredential) throws MarshallingException, SignatureException { Signature signature = buildSAMLObject(Signature.class, Signature.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(signingCredential); signature.setSignatureAlgorithm(Configuration.getGlobalSecurityConfiguration().getSignatureAlgorithmURI(signingCredential)); signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); signableXMLObject.setSignature(signature); Configuration.getMarshallerFactory().getMarshaller(signableXMLObject).marshall(signableXMLObject); Signer.signObject(signature); }
signature.setSigningCredential(credential); signature.setCanonicalizationAlgorithm(canonicalizationAlgorithm); logger.error(message,e); signature.setKeyInfo(keyInfo);
private void signAssertion(Assertion assertion, Credential credential) throws SecurityException, MarshallingException, SignatureException { SignatureBuilder signatureBuilder = (SignatureBuilder) builderFactory .getBuilder(Signature.DEFAULT_ELEMENT_NAME); Signature signature = signatureBuilder.buildObject(); signature.setSigningCredential(credential); SecurityHelper.prepareSignatureParams(signature, credential, null, null); assertion.setSignature(signature); Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(assertion); marshaller.marshall(assertion); Signer.signObject(signature); }
signature.setSignatureAlgorithm(signingAlgorithm); signature.setSigningCredential(signingCredential);
log.debug("Starting to marshall {}", signature.getElementQName()); if (signature.getHMACOutputLength() != null && SecurityHelper.isHMAC(signature.getSignatureAlgorithm())) { dsig = new XMLSignature(document, "", signature.getSignatureAlgorithm(), signature .getHMACOutputLength(), signature.getCanonicalizationAlgorithm()); } else { dsig = new XMLSignature(document, "", signature.getSignatureAlgorithm(), signature .getCanonicalizationAlgorithm()); for (ContentReference contentReference : signature.getContentReferences()) { contentReference.createReference(dsig); Element signatureElement = dsig.getElement(); if (signature.getKeyInfo() != null) { Marshaller keyInfoMarshaller = Configuration.getMarshallerFactory().getMarshaller( KeyInfo.DEFAULT_ELEMENT_NAME); keyInfoMarshaller.marshall(signature.getKeyInfo(), signatureElement); signature.setDOM(signatureElement); signature.releaseParentDOM(true); return signatureElement; log.error("Unable to construct signature Element " + signature.getElementQName(), e); throw new MarshallingException("Unable to construct signature Element " + signature.getElementQName(), e);
private static void extractSignatureInfo(Assertion assertion, AssertionType assertOut) { SamlSignatureType samlSignature = assertOut.getSamlSignature() ; SamlSignatureKeyInfoType samlSignatureKeyInfoType = samlSignature.getKeyInfo() ; byte []signatureValue = samlSignature.getSignatureValue(); samlSignature.getKeyInfo().getRsaKeyValueExponent(); samlSignature.getKeyInfo().getRsaKeyValueModulus() ; Signature signature = assertion.getSignature() ; assertion.getSignature().getCanonicalizationAlgorithm(); signature.getSignatureAlgorithm(); List<ContentReference> contentReference1 = signature.getContentReferences(); ContentReference contentReference = (ContentReference)contentReference1.get(0); signature.getSigningCredential().getPublicKey().getAlgorithm(); //signature.getSigningCredential(). } private static String getSubjectNameIDValue(Assertion assertion) {
if (signature.getKeyInfo() != null) { KeyInfoCriteria keyInfoCriteria = new KeyInfoCriteria(signature.getKeyInfo()); CriteriaSet keyInfoCriteriaSet = new CriteriaSet(keyInfoCriteria);
/** * {@inheritDoc} * * When a signature is added, a default content reference that uses the ID of this object will be * created and added to the signature at the time of signing. See {@link SAMLObjectContentReference} * for the default digest algorithm and transforms that will be used. These default values may be * changed prior to marshalling this object. */ public void setSignature(Signature newSignature) { if(newSignature != null){ newSignature.getContentReferences().add(new SAMLObjectContentReference(this)); } super.setSignature(newSignature); }
if (samlAssertion.isSigned()) { Signature sig = samlAssertion.getSignature(); KeyInfo keyInfo = sig.getKeyInfo(); if (keyInfo == null) { throw new WSSecurityException( XMLValidateContext context = new DOMValidateContext(key, sig.getDOM()); context.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE); context.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE);
String signAlgo = signature.getSignatureAlgorithm(); if (signAlgo == null) { signAlgo = secConfig.getSignatureAlgorithmURI(signingCredential); signature.setSignatureAlgorithm(signAlgo); if (signature.getHMACOutputLength() == null) { signature.setHMACOutputLength(secConfig.getSignatureHMACOutputLength()); if (signature.getCanonicalizationAlgorithm() == null) { signature.setCanonicalizationAlgorithm(secConfig.getSignatureCanonicalizationAlgorithm()); if (signature.getKeyInfo() == null) { KeyInfoGenerator kiGenerator = getKeyInfoGenerator(signingCredential, secConfig, keyInfoGenName); if (kiGenerator != null) { try { KeyInfo keyInfo = kiGenerator.generate(signingCredential); signature.setKeyInfo(keyInfo); } catch (SecurityException e) { log.error("Error generating KeyInfo from credential", e);
signature.setSigningCredential(credential); signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
Signature signature = signatureBuilder.buildObject(); final Credential defaultCredential = keyManager.getDefaultCredential(); signature.setSigningCredential(defaultCredential); SecurityHelper.prepareSignatureParams(signature, defaultCredential, null, null); assertion.setSignature(signature);
log.debug("Starting to marshall {}", signature.getElementQName()); if (signature.getHMACOutputLength() != null && SecurityHelper.isHMAC(signature.getSignatureAlgorithm())) { dsig = new XMLSignature(document, "", signature.getSignatureAlgorithm(), signature .getHMACOutputLength(), signature.getCanonicalizationAlgorithm()); } else { dsig = new XMLSignature(document, "", signature.getSignatureAlgorithm(), signature .getCanonicalizationAlgorithm()); for (ContentReference contentReference : signature.getContentReferences()) { contentReference.createReference(dsig); Element signatureElement = dsig.getElement(); if (signature.getKeyInfo() != null) { Marshaller keyInfoMarshaller = Configuration.getMarshallerFactory().getMarshaller( KeyInfo.DEFAULT_ELEMENT_NAME); keyInfoMarshaller.marshall(signature.getKeyInfo(), signatureElement); signature.setDOM(signatureElement); signature.releaseParentDOM(true); return signatureElement; log.error("Unable to construct signature Element " + signature.getElementQName(), e); throw new MarshallingException("Unable to construct signature Element " + signature.getElementQName(), e);
if (signature.getKeyInfo() != null) { KeyInfoCriteria keyInfoCriteria = new KeyInfoCriteria(signature.getKeyInfo()); CriteriaSet keyInfoCriteriaSet = new CriteriaSet(keyInfoCriteria);
/** * Method setSignature sets the signature of this SamlAssertionWrapper object. * * @param signature the signature of this SamlAssertionWrapper object. * @param signatureDigestAlgorithm the signature digest algorithm to use */ public void setSignature(Signature signature, String signatureDigestAlgorithm) { if (xmlObject instanceof SignableSAMLObject) { SignableSAMLObject signableObject = (SignableSAMLObject) xmlObject; signableObject.setSignature(signature); String digestAlg = signatureDigestAlgorithm; if (digestAlg == null) { digestAlg = defaultSignatureDigestAlgorithm; } SAMLObjectContentReference contentRef = (SAMLObjectContentReference)signature.getContentReferences().get(0); contentRef.setDigestAlgorithm(digestAlg); signableObject.releaseDOM(); signableObject.releaseChildrenDOM(true); } else { LOG.error("Attempt to sign an unsignable object " + xmlObject.getClass().getName()); } }
if (samlAssertion.isSigned()) { Signature sig = samlAssertion.getSignature(); KeyInfo keyInfo = sig.getKeyInfo(); if (keyInfo == null) { throw new WSSecurityException( XMLValidateContext context = new DOMValidateContext(key, sig.getDOM()); context.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE); context.setProperty("org.jcp.xml.dsig.secureValidation", Boolean.TRUE);
private static Signature setSignatureRaw(String signatureAlgorithm, X509Credential cred) throws SSOAgentException { Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(cred); signature.setSignatureAlgorithm(signatureAlgorithm); signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); try { KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME); X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME); org.opensaml.xml.signature.X509Certificate cert = (org.opensaml.xml.signature.X509Certificate) buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME); String value = org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded()); cert.setValue(value); data.getX509Certificates().add(cert); keyInfo.getX509Datas().add(data); signature.setKeyInfo(keyInfo); return signature; } catch (CertificateEncodingException e) { throw new SSOAgentException("Error getting certificate", e); } }
private Signature getSignature() { try { final char[] jksPassword = config.getKeystorePassword(); final String alias = config.getCertificateAlias(); final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); try (final FileInputStream fileInputStream = new FileInputStream(config.getKeystore())) { keyStore.load(fileInputStream, jksPassword); } final KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, new KeyStore.PasswordProtection(jksPassword)); final PrivateKey privateKey = privateKeyEntry.getPrivateKey(); final X509Certificate certificate = (X509Certificate) privateKeyEntry.getCertificate(); final BasicX509Credential credential = new BasicX509Credential(); credential.setEntityCertificate(certificate); credential.setPrivateKey(privateKey); final Signature signature = (Signature) org.opensaml.xml.Configuration.getBuilderFactory() .getBuilder(org.opensaml.xml.signature.Signature.DEFAULT_ELEMENT_NAME) .buildObject(org.opensaml.xml.signature.Signature.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(credential); final SecurityConfiguration securityConfiguration = Configuration.getGlobalSecurityConfiguration(); final String keyInfoGeneratorProfile = null; SecurityHelper.prepareSignatureParams(signature, credential, securityConfiguration, keyInfoGeneratorProfile); return signature; } catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException | UnrecoverableEntryException | SecurityException ex) { Logger.getLogger(SAMLClient.class.getName()).log(Level.SEVERE, null, ex); return null; } }