@BeforeClass public static void bootstrap() throws Exception { Security.addProvider(new BouncyCastleProvider()); DefaultBootstrap.bootstrap(); NamedKeyInfoGeneratorManager keyInfoGeneratorManager = Configuration.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager(); keyInfoGeneratorManager.getManager(SAML_METADATA_KEY_INFO_GENERATOR); }
@BeforeClass public static void bootstrap() throws Exception { Security.addProvider(new BouncyCastleProvider()); DefaultBootstrap.bootstrap(); NamedKeyInfoGeneratorManager keyInfoGeneratorManager = Configuration.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager(); keyInfoGeneratorManager.getManager(SAMLConstants.SAML_METADATA_KEY_INFO_GENERATOR); }
/** * Constructor. * * @param metadataProvider provider of the metadata * * @throws IllegalArgumentException thrown if the supplied provider is null */ public MetadataCredentialResolver(MetadataProvider metadataProvider) { super(); if (metadataProvider == null) { throw new IllegalArgumentException("Metadata provider may not be null"); } metadata = metadataProvider; cache = new HashMap<MetadataCacheKey, SoftReference<Collection<Credential>>>(); keyInfoCredentialResolver = Configuration.getGlobalSecurityConfiguration() .getDefaultKeyInfoCredentialResolver(); rwlock = new ReentrantReadWriteLock(); if (metadata instanceof ObservableMetadataProvider) { ObservableMetadataProvider observable = (ObservableMetadataProvider) metadataProvider; observable.getObservers().add(new MetadataProviderObserver()); } }
@Override public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) { super.postProcessBeanFactory(beanFactory); BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration(); config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256); } }
/** * Method registers extension specific KeyInfoGenerator which emits . * * @see SAMLConstants#SAML_METADATA_KEY_INFO_GENERATOR */ protected void setMetadataKeyInfoGenerator() { NamedKeyInfoGeneratorManager manager = Configuration.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager(); X509KeyInfoGeneratorFactory generator = new X509KeyInfoGeneratorFactory(); generator.setEmitEntityCertificate(true); generator.setEmitEntityCertificateChain(true); manager.registerFactory(SAMLConstants.SAML_METADATA_KEY_INFO_GENERATOR, generator); }
private Signature getSignature() { try { final char[] jksPassword = config.getKeystorePassword(); final String alias = config.getCertificateAlias(); final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); try (final FileInputStream fileInputStream = new FileInputStream(config.getKeystore())) { keyStore.load(fileInputStream, jksPassword); } final KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, new KeyStore.PasswordProtection(jksPassword)); final PrivateKey privateKey = privateKeyEntry.getPrivateKey(); final X509Certificate certificate = (X509Certificate) privateKeyEntry.getCertificate(); final BasicX509Credential credential = new BasicX509Credential(); credential.setEntityCertificate(certificate); credential.setPrivateKey(privateKey); final Signature signature = (Signature) org.opensaml.xml.Configuration.getBuilderFactory() .getBuilder(org.opensaml.xml.signature.Signature.DEFAULT_ELEMENT_NAME) .buildObject(org.opensaml.xml.signature.Signature.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(credential); final SecurityConfiguration securityConfiguration = Configuration.getGlobalSecurityConfiguration(); final String keyInfoGeneratorProfile = null; SecurityHelper.prepareSignatureParams(signature, credential, securityConfiguration, keyInfoGeneratorProfile); return signature; } catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException | UnrecoverableEntryException | SecurityException ex) { Logger.getLogger(SAMLClient.class.getName()).log(Level.SEVERE, null, ex); return null; } }
private void bootstrap() { try { PaosBootstrap.bootstrap(); } catch (ConfigurationException e) { e.printStackTrace(); } NamedKeyInfoGeneratorManager manager = Configuration.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager(); X509KeyInfoGeneratorFactory generator = new X509KeyInfoGeneratorFactory(); generator.setEmitEntityCertificate(true); generator.setEmitEntityCertificateChain(true); manager.registerFactory(SAMLConstants.SAML_METADATA_KEY_INFO_GENERATOR, generator); }
Configuration.getGlobalSecurityConfiguration( ).getDefaultKeyInfoCredentialResolver();
public static void signAssertion(SignableXMLObject signableXMLObject, Credential signingCredential) throws MarshallingException, SignatureException { Signature signature = buildSAMLObject(Signature.class, Signature.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(signingCredential); signature.setSignatureAlgorithm(Configuration.getGlobalSecurityConfiguration().getSignatureAlgorithmURI(signingCredential)); signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); signableXMLObject.setSignature(signature); Configuration.getMarshallerFactory().getMarshaller(signableXMLObject).marshall(signableXMLObject); Signer.signObject(signature); }
kekParams.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15); KeyInfoGeneratorFactory kigf = Configuration .getGlobalSecurityConfiguration().getKeyInfoGeneratorManager() .getDefaultManager().getFactory(keyEncryptionCredential); kekParams.setKeyInfoGenerator(kigf.newInstance());