/** * Sign a string using the private key * @param stringToBeSigned * @param signingKey * @return * @throws GeneralSecurityException */ public static byte[] sign(String stringToBeSigned, PrivateKey signingKey) throws GeneralSecurityException { if (stringToBeSigned == null) throw new IllegalArgumentException(ErrorCodes.NULL_ARGUMENT + "stringToBeSigned"); if (signingKey == null) throw new IllegalArgumentException(ErrorCodes.NULL_ARGUMENT + "signingKey"); String algo = signingKey.getAlgorithm(); Signature sig = getSignature(algo); sig.initSign(signingKey); sig.update(stringToBeSigned.getBytes()); return sig.sign(); }
private static byte[] computeSignature(String samlParameter, String urlEncoded, String urlEncodedRelayState, PrivateKey signingKey) throws IOException, GeneralSecurityException { StringBuilder sb = new StringBuilder(); addParameter(sb, samlParameter, urlEncoded); if (isNotNull(urlEncodedRelayState)) { addParameter(sb, GeneralConstants.RELAY_STATE, urlEncodedRelayState); } // SigAlg String algo = signingKey.getAlgorithm(); String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(algo); sigAlg = URLEncoder.encode(sigAlg, "UTF-8"); addParameter(sb, GeneralConstants.SAML_SIG_ALG_REQUEST_KEY, sigAlg); byte[] sigValue = SignatureUtil.sign(sb.toString(), signingKey); return sigValue; }
/** * <p> * Creates a {@code KeyValueType} that wraps the specified public key. This method supports DSA and RSA keys. * </p> * * @param key the {@code PublicKey} that will be represented as a {@code KeyValueType}. * * @return the constructed {@code KeyValueType} or {@code null} if the specified key is neither a DSA nor a RSA * key. */ public static KeyValueType createKeyValue(PublicKey key) { return SignatureUtil.createKeyValue(key); }
try isValid = SignatureUtil.validate(sb.toString().getBytes("UTF-8"), sigValue, validatingKey);
private static String getRedirectURLWithSignature(String samlParameter, String urlEncoded, String urlEncodedRelayState, byte[] signature, String sigAlgo) throws IOException { StringBuilder sb = new StringBuilder(); addParameter(sb, samlParameter, urlEncoded); if (isNotNull(urlEncodedRelayState)) { addParameter(sb, GeneralConstants.RELAY_STATE, urlEncodedRelayState); } // SigAlg String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(sigAlgo); sigAlg = URLEncoder.encode(sigAlg, "UTF-8"); addParameter(sb, GeneralConstants.SAML_SIG_ALG_REQUEST_KEY, sigAlg); // Encode the signature value String encodedSig = RedirectBindingUtil.base64URLEncode(signature); addParameter(sb, GeneralConstants.SAML_SIGNATURE_REQUEST_KEY, encodedSig); return sb.toString(); }
if (child != null) { try { keyValue = SignatureUtil.getRSAKeyValue(child); } catch (ParsingException e) { throw logger.stsError(e); if (child != null) { try { keyValue = SignatureUtil.getDSAKeyValue(child); } catch (ParsingException e) { throw logger.stsError(e);
private static DSAKeyValueType parseDSAKeyValue(XMLEventReader xmlEventReader) throws ParsingException { StartElement startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); StaxParserUtil.validate(startElement, WSTrustConstants.XMLDSig.DSA_KEYVALUE); Element dsaElement = StaxParserUtil.getDOMElement(xmlEventReader); return SignatureUtil.getDSAKeyValue(dsaElement); }
public static boolean validateSignature(String queryString, PublicKey validatingKey, byte[] sigValue) throws UnsupportedEncodingException, GeneralSecurityException { // Construct the url again StringBuilder sb = new StringBuilder(); if (isRequestQueryString(queryString)) { addParameter(sb, GeneralConstants.SAML_REQUEST_KEY, RedirectBindingSignatureUtil.getTokenValue(queryString, GeneralConstants.SAML_REQUEST_KEY)); } else { addParameter(sb, GeneralConstants.SAML_RESPONSE_KEY, RedirectBindingSignatureUtil.getTokenValue(queryString, GeneralConstants.SAML_RESPONSE_KEY)); } String relayStateFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString, GeneralConstants.RELAY_STATE); if (isNotNull(relayStateFromURL)) { addParameter(sb, GeneralConstants.RELAY_STATE, relayStateFromURL); } addParameter(sb, GeneralConstants.SAML_SIG_ALG_REQUEST_KEY, RedirectBindingSignatureUtil.getTokenValue(queryString, GeneralConstants.SAML_SIG_ALG_REQUEST_KEY)); return SignatureUtil.validate(sb.toString().getBytes("UTF-8"), sigValue, validatingKey); }
private static String getRedirectURLWithSignature(String samlParameter, String urlEncoded, String urlEncodedRelayState, byte[] signature, String sigAlgo) throws IOException { StringBuilder sb = new StringBuilder(); addParameter(sb, samlParameter, urlEncoded); if (isNotNull(urlEncodedRelayState)) { addParameter(sb, GeneralConstants.RELAY_STATE, urlEncodedRelayState); } // SigAlg String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(sigAlgo); sigAlg = URLEncoder.encode(sigAlg, "UTF-8"); addParameter(sb, GeneralConstants.SAML_SIG_ALG_REQUEST_KEY, sigAlg); // Encode the signature value String encodedSig = RedirectBindingUtil.base64URLEncode(signature); addParameter(sb, GeneralConstants.SAML_SIGNATURE_REQUEST_KEY, encodedSig); return sb.toString(); }
if (child != null) { try { keyValue = SignatureUtil.getRSAKeyValue(child); } catch (ParsingException e) { throw logger.stsError(e); if (child != null) { try { keyValue = SignatureUtil.getDSAKeyValue(child); } catch (ParsingException e) { throw logger.stsError(e);
private static DSAKeyValueType parseDSAKeyValue(XMLEventReader xmlEventReader) throws ParsingException { StartElement startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); StaxParserUtil.validate(startElement, WSTrustConstants.XMLDSig.DSA_KEYVALUE); Element dsaElement = StaxParserUtil.getDOMElement(xmlEventReader); return SignatureUtil.getDSAKeyValue(dsaElement); }
private static byte[] computeSignature(String samlParameter, String urlEncoded, String urlEncodedRelayState, PrivateKey signingKey) throws IOException, GeneralSecurityException { StringBuilder sb = new StringBuilder(); addParameter(sb, samlParameter, urlEncoded); if (isNotNull(urlEncodedRelayState)) { addParameter(sb, GeneralConstants.RELAY_STATE, urlEncodedRelayState); } // SigAlg String algo = signingKey.getAlgorithm(); String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(algo); sigAlg = URLEncoder.encode(sigAlg, "UTF-8"); addParameter(sb, GeneralConstants.SAML_SIG_ALG_REQUEST_KEY, sigAlg); byte[] sigValue = SignatureUtil.sign(sb.toString(), signingKey); return sigValue; }
/** * Sign a string using the private key * @param stringToBeSigned * @param signingKey * @return * @throws GeneralSecurityException */ public static byte[] sign(String stringToBeSigned, PrivateKey signingKey) throws GeneralSecurityException { if (stringToBeSigned == null) throw new IllegalArgumentException(ErrorCodes.NULL_ARGUMENT + "stringToBeSigned"); if (signingKey == null) throw new IllegalArgumentException(ErrorCodes.NULL_ARGUMENT + "signingKey"); String algo = signingKey.getAlgorithm(); Signature sig = getSignature(algo); sig.initSign(signingKey); sig.update(stringToBeSigned.getBytes()); return sig.sign(); }
public static boolean validateSignature(String queryString, PublicKey validatingKey, byte[] sigValue) throws UnsupportedEncodingException, GeneralSecurityException { // Construct the url again StringBuilder sb = new StringBuilder(); if (isRequestQueryString(queryString)) { addParameter(sb, GeneralConstants.SAML_REQUEST_KEY, RedirectBindingSignatureUtil.getTokenValue(queryString, GeneralConstants.SAML_REQUEST_KEY)); } else { addParameter(sb, GeneralConstants.SAML_RESPONSE_KEY, RedirectBindingSignatureUtil.getTokenValue(queryString, GeneralConstants.SAML_RESPONSE_KEY)); } String relayStateFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString, GeneralConstants.RELAY_STATE); if (isNotNull(relayStateFromURL)) { addParameter(sb, GeneralConstants.RELAY_STATE, relayStateFromURL); } addParameter(sb, GeneralConstants.SAML_SIG_ALG_REQUEST_KEY, RedirectBindingSignatureUtil.getTokenValue(queryString, GeneralConstants.SAML_SIG_ALG_REQUEST_KEY)); return SignatureUtil.validate(sb.toString().getBytes("UTF-8"), sigValue, validatingKey); }
private static String getRedirectURLWithSignature(String samlParameter, String urlEncoded, String urlEncodedRelayState, byte[] signature, String sigAlgo) throws IOException { StringBuilder sb = new StringBuilder(); addParameter(sb, samlParameter, urlEncoded); if (isNotNull(urlEncodedRelayState)) { addParameter(sb, GeneralConstants.RELAY_STATE, urlEncodedRelayState); } // SigAlg String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(sigAlgo); sigAlg = URLEncoder.encode(sigAlg, "UTF-8"); addParameter(sb, GeneralConstants.SAML_SIG_ALG_REQUEST_KEY, sigAlg); // Encode the signature value String encodedSig = RedirectBindingUtil.base64URLEncode(signature); addParameter(sb, GeneralConstants.SAML_SIGNATURE_REQUEST_KEY, encodedSig); return sb.toString(); }
private static DSAKeyValueType parseDSAKeyValue(XMLEventReader xmlEventReader) throws ParsingException { StartElement startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); StaxParserUtil.validate(startElement, WSTrustConstants.XMLDSig.DSA_KEYVALUE); Element dsaElement = StaxParserUtil.getDOMElement(xmlEventReader); return SignatureUtil.getDSAKeyValue(dsaElement); }
/** * <p> * Creates a {@code KeyValueType} that wraps the specified public key. This method supports DSA and RSA keys. * </p> * * @param key the {@code PublicKey} that will be represented as a {@code KeyValueType}. * * @return the constructed {@code KeyValueType} or {@code null} if the specified key is neither a DSA nor a RSA * key. */ public static KeyValueType createKeyValue(PublicKey key) { return SignatureUtil.createKeyValue(key); }
private static byte[] computeSignature(String samlParameter, String urlEncoded, String urlEncodedRelayState, PrivateKey signingKey) throws IOException, GeneralSecurityException { StringBuilder sb = new StringBuilder(); addParameter(sb, samlParameter, urlEncoded); if (isNotNull(urlEncodedRelayState)) { addParameter(sb, GeneralConstants.RELAY_STATE, urlEncodedRelayState); } //SigAlg String algo = signingKey.getAlgorithm(); String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(algo); sigAlg = URLEncoder.encode(sigAlg, "UTF-8"); addParameter(sb, GeneralConstants.SAML_SIG_ALG_REQUEST_KEY, sigAlg); byte[] sigValue = SignatureUtil.sign(sb.toString(), signingKey); return sigValue; }
/** * Validate the signed content with the signature value * @param signedContent * @param signatureValue * @param validatingKey * @return * @throws GeneralSecurityException */ public static boolean validate(byte[] signedContent, byte[] signatureValue, PublicKey validatingKey) throws GeneralSecurityException { if (signedContent == null) throw new IllegalArgumentException(ErrorCodes.NULL_ARGUMENT + "signedContent"); if (signatureValue == null) throw new IllegalArgumentException(ErrorCodes.NULL_ARGUMENT + "signatureValue"); if (validatingKey == null) throw new IllegalArgumentException(ErrorCodes.NULL_ARGUMENT + "validatingKey"); //We assume that the sigatureValue has the same algorithm as the public key //If not, there will be an exception anyway String algo = validatingKey.getAlgorithm(); Signature sig = getSignature(algo); sig.initVerify(validatingKey); sig.update(signedContent); return sig.verify(signatureValue); }
public static boolean validateSignature(String queryString, PublicKey validatingKey, byte[] sigValue) throws UnsupportedEncodingException, GeneralSecurityException { // Construct the url again StringBuilder sb = new StringBuilder(); if (isRequestQueryString(queryString)) { addParameter(sb, GeneralConstants.SAML_REQUEST_KEY, RedirectBindingSignatureUtil.getTokenValue(queryString, GeneralConstants.SAML_REQUEST_KEY)); } else { addParameter(sb, GeneralConstants.SAML_RESPONSE_KEY, RedirectBindingSignatureUtil.getTokenValue(queryString, GeneralConstants.SAML_RESPONSE_KEY)); } String relayStateFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString, GeneralConstants.RELAY_STATE); if (isNotNull(relayStateFromURL)) { addParameter(sb, GeneralConstants.RELAY_STATE, relayStateFromURL); } addParameter(sb, GeneralConstants.SAML_SIG_ALG_REQUEST_KEY, RedirectBindingSignatureUtil.getTokenValue(queryString, GeneralConstants.SAML_SIG_ALG_REQUEST_KEY)); return SignatureUtil.validate(sb.toString().getBytes("UTF-8"), sigValue, validatingKey); }