if (idpDescriptor.getKeyDescriptors() != null) { for (KeyDescriptor kd : idpDescriptor.getKeyDescriptors()) { if (kd.getUse() == UsageType.SIGNING) { try { idpMetadata.setSigningCertificate(KeyInfoHelper.getCertificates(kd.getKeyInfo()).get(0)); if (kd.getUse() == UsageType.ENCRYPTION) { try { idpMetadata.setEncryptionCertificate(KeyInfoHelper.getCertificates(kd.getKeyInfo()).get(0)); if (kd.getUse() == UsageType.UNSPECIFIED) { try { unspecifiedKey = KeyInfoHelper.getCertificates(kd.getKeyInfo()).get(0);
private static List<X509Certificate> getCertificates(IDPSSODescriptor idpSsoDescriptor) throws SamlException { List<X509Certificate> certificates; try { certificates = idpSsoDescriptor .getKeyDescriptors() .stream() .filter(x -> x.getUse() == UsageType.SIGNING) .flatMap(SamlClient::getDatasWithCertificates) .map(SamlClient::getFirstCertificate) .collect(Collectors.toList()); } catch (Exception e) { throw new SamlException("Exception in getCertificates", e); } return certificates; }
/** {@inheritDoc} */ protected void marshallAttributes(XMLObject xmlObject, Element domElement) throws MarshallingException { KeyDescriptor keyDescriptor = (KeyDescriptor) xmlObject; if (keyDescriptor.getUse() != null) { UsageType use = keyDescriptor.getUse(); // UsageType enum contains more values than are allowed by SAML 2 schema if (use.equals(UsageType.SIGNING) || use.equals(UsageType.ENCRYPTION)) { domElement.setAttribute(KeyDescriptor.USE_ATTRIB_NAME, use.toString().toLowerCase()); } else if (use.equals(UsageType.UNSPECIFIED)) { // emit nothing for unspecified - this is semantically equivalent to non-existent attribute } else { // Just in case values are unknowingly added to UsageType in the future... throw new MarshallingException("KeyDescriptor had illegal value for use attribute: " + use.toString()); } } } }
private void setX509Certificate(EntityDescriptor entityDescriptor, SPSSODescriptor spssoDescriptor, SAMLSSOServiceProviderDO samlssoServiceProviderDO) { List<KeyDescriptor> descriptors = spssoDescriptor.getKeyDescriptors(); if (descriptors != null && descriptors.size() > 0) { KeyDescriptor descriptor = descriptors.get(0); if (descriptor != null) { if (descriptor.getUse().toString().equals("SIGNING")) { try { samlssoServiceProviderDO.setX509Certificate(org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(descriptor.getKeyInfo()).get(0)); samlssoServiceProviderDO.setCertAlias(entityDescriptor.getEntityID()); } catch (java.security.cert.CertificateException ex) { log.error("Error While setting Certificate and alias", ex); } catch (java.lang.Exception ex) { log.error("Error While setting Certificate and alias", ex); } } } } }
private void setX509Certificate(EntityDescriptor entityDescriptor,SPSSODescriptor spssoDescriptor, SAMLSSOServiceProviderDO samlssoServiceProviderDO){ List<KeyDescriptor> descriptors = spssoDescriptor.getKeyDescriptors(); if (descriptors != null && descriptors.size() > 0) { KeyDescriptor descriptor = descriptors.get(0); if (descriptor != null) { if (descriptor.getUse().toString().equals("SIGNING")) { try { samlssoServiceProviderDO.setX509Certificate(org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(descriptor.getKeyInfo()).get(0)); samlssoServiceProviderDO.setCertAlias(entityDescriptor.getEntityID()); } catch (java.security.cert.CertificateException ex) { log.error("Error While setting Certificate and alias", ex); }catch(java.lang.Exception ex){ log.error("Error While setting Certificate and alias", ex); } } } } } private void setSigningAlgorithmUri(SPSSODescriptor spssoDescriptor, SAMLSSOServiceProviderDO samlssoServiceProviderDO){
UsageType mdUsage = keyDescriptor.getUse(); if (mdUsage == null) { mdUsage = UsageType.UNSPECIFIED;
/** * Checks that use attribute has only one of allowed values. * * @param keyDescriptor the key descriptor to validate * @throws ValidationException throw in use attribute does not have a legal value */ protected void validateUse(KeyDescriptor keyDescriptor) throws ValidationException { UsageType use = keyDescriptor.getUse(); if (use == null) { return; } if ( ! use.equals(UsageType.SIGNING) && ! use.equals(UsageType.ENCRYPTION) && ! use.equals(UsageType.UNSPECIFIED) ) { throw new ValidationException("Invalid value for use attribute: " + use.toString()); } } }
UsageType mdUsage = keyDescriptor.getUse(); if (mdUsage == null) { mdUsage = UsageType.UNSPECIFIED;
if (kdesc.getUse() != UsageType.SIGNING) { continue;
String use = ""; try { use = descriptor.getUse().name().toString(); } catch (Exception ex) { log.error("Error !!!!", ex); KeyDescriptor descriptor = descriptors.get(i); if (descriptor != null) { if (descriptor.getUse() != null && "SIGNING".equals(descriptor.getUse().toString())) { try { String cert = null;
if (kdesc.getUse() != UsageType.SIGNING) continue;