/** * Signs the specified {@link SignableSAMLObject} with the specified {@link Credential} and * {@code signatureAlgorithm}. */ static void sign(SignableSAMLObject signableObj, Credential signingCredential, String signatureAlgorithm) { requireNonNull(signableObj, "signableObj"); requireNonNull(signingCredential, "signingCredential"); requireNonNull(signatureAlgorithm, "signatureAlgorithm"); final Signature signature = signatureBuilder.buildObject(); signature.setSignatureAlgorithm(signatureAlgorithm); signature.setSigningCredential(signingCredential); signature.setCanonicalizationAlgorithm(ALGO_ID_C14N_EXCL_OMIT_COMMENTS); try { signature.setKeyInfo(keyInfoGenerator.generate(signingCredential)); } catch (SecurityException e) { throw new SamlException("failed to create a key info of signing credential", e); } signableObj.setSignature(signature); serialize(signableObj); try { Signer.signObject(signature); } catch (SignatureException e) { throw new SamlException("failed to sign a SAML object", e); } }
/** * Removes the signature from the protocol message. * * @param message current message context */ protected void removeSignature(SAMLObject message) { if (message instanceof SignableSAMLObject) { final SignableSAMLObject signableMessage = (SignableSAMLObject) message; if (signableMessage.isSigned()) { log.debug("Removing SAML protocol message signature"); signableMessage.setSignature(null); } } }
/** * Removes the signature from the protocol message. * * @param message current message context */ protected void removeSignature(SAMLObject message) { if (message instanceof SignableSAMLObject) { SignableSAMLObject signableMessage = (SignableSAMLObject) message; if (signableMessage.isSigned()) { log.debug("Removing SAML protocol message signature"); signableMessage.setSignature(null); } } }
/** * Method setSignature sets the signature of this SamlAssertionWrapper object. * * @param signature the signature of this SamlAssertionWrapper object. * @param signatureDigestAlgorithm the signature digest algorithm to use */ public void setSignature(Signature signature, String signatureDigestAlgorithm) { if (samlObject instanceof SignableSAMLObject) { SignableSAMLObject signableObject = (SignableSAMLObject) samlObject; signableObject.setSignature(signature); String digestAlg = signatureDigestAlgorithm; if (digestAlg == null) { digestAlg = defaultSignatureDigestAlgorithm; } SAMLObjectContentReference contentRef = (SAMLObjectContentReference)signature.getContentReferences().get(0); contentRef.setDigestAlgorithm(digestAlg); signableObject.releaseDOM(); signableObject.releaseChildrenDOM(true); } else { LOG.error("Attempt to sign an unsignable object " + samlObject.getClass().getName()); } }
/** * Signs the specified {@link SignableSAMLObject} with the specified {@link Credential} and * {@code signatureAlgorithm}. */ static void sign(SignableSAMLObject signableObj, Credential signingCredential, String signatureAlgorithm) { requireNonNull(signableObj, "signableObj"); requireNonNull(signingCredential, "signingCredential"); requireNonNull(signatureAlgorithm, "signatureAlgorithm"); final Signature signature = signatureBuilder.buildObject(); signature.setSignatureAlgorithm(signatureAlgorithm); signature.setSigningCredential(signingCredential); signature.setCanonicalizationAlgorithm(ALGO_ID_C14N_EXCL_OMIT_COMMENTS); try { signature.setKeyInfo(keyInfoGenerator.generate(signingCredential)); } catch (SecurityException e) { throw new SamlException("failed to create a key info of signing credential", e); } signableObj.setSignature(signature); serialize(signableObj); try { Signer.signObject(signature); } catch (SignatureException e) { throw new SamlException("failed to sign a SAML object", e); } }
signableObject.setSignature(signature); signableObject.releaseDOM(); signableObject.releaseChildrenDOM(true);
public void sign(final SignableSAMLObject signableObject) throws SecurityException { org.opensaml.xmlsec.signature.Signature signature = OpenSAMLUtil.buildSignature(); signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); signature.setSignatureAlgorithm(sigAlgo); signature.setSigningCredential(loader.getCredential()); signature.setKeyInfo(keyInfoGenerator.generate(loader.getCredential())); signableObject.setSignature(signature); signableObject.releaseDOM(); signableObject.releaseChildrenDOM(true); }
signableObject.setSignature(signature); String digestAlg = SignatureConstants.ALGO_ID_DIGEST_SHA1; SAMLObjectContentReference contentRef =
samlObject.setSignature(signature);
public void signObject(SignableSAMLObject signable, SimpleKey key, AlgorithmMethod algorithm, DigestMethod digest) { KeyStoreCredentialResolver resolver = getCredentialsResolver(key); Credential credential = getCredential(key, resolver); XMLObjectBuilder<org.opensaml.xmlsec.signature.Signature> signatureBuilder = (XMLObjectBuilder<org.opensaml.xmlsec.signature.Signature>) getBuilderFactory() .getBuilder(org.opensaml.xmlsec.signature.Signature.DEFAULT_ELEMENT_NAME); org.opensaml.xmlsec.signature.Signature signature = signatureBuilder.buildObject(org.opensaml.xmlsec .signature.Signature.DEFAULT_ELEMENT_NAME); signable.setSignature(signature); SignatureSigningParameters parameters = new SignatureSigningParameters(); parameters.setSigningCredential(credential); parameters.setKeyInfoGenerator(getKeyInfoGenerator(credential)); parameters.setSignatureAlgorithm(algorithm.toString()); parameters.setSignatureReferenceDigestMethod(digest.toString()); parameters.setSignatureCanonicalizationAlgorithm( CanonicalizationMethod.ALGO_ID_C14N_EXCL_OMIT_COMMENTS.toString() ); try { SignatureSupport.prepareSignatureParams(signature, parameters); Marshaller marshaller = XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(signable); marshaller.marshall(signable); Signer.signObject(signature); } catch (SecurityException | MarshallingException | SignatureException e) { throw new SamlKeyException(e); } }