Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver(), new org.springframework.security.saml.trust.CertPathPKIXTrustEvaluator(pkixOptions), new BasicX509CredentialNameEvaluator()); return new AllowAllSignatureTrustEngine(Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
@Override public void afterPropertiesSet() throws Exception { BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration(); switch (signatureAlgorithm) { case SHA1: config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA1); break; case SHA256: config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256); break; case SHA512: config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512); config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA512); break; } }
@Test public void testSHA1SignatureAlgorithm() throws Exception { SamlConfigurationBean samlConfigurationBean = new SamlConfigurationBean(); samlConfigurationBean.setSignatureAlgorithm(SamlConfigurationBean.SignatureAlgorithm.SHA1); samlConfigurationBean.afterPropertiesSet(); BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration(); assertEquals(SignatureConstants.ALGO_ID_DIGEST_SHA1, config.getSignatureReferenceDigestMethod()); assertEquals(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1, config.getSignatureAlgorithmURI("RSA")); }
@Test public void testSHA256SignatureAlgorithm() throws Exception { SamlConfigurationBean samlConfigurationBean = new SamlConfigurationBean(); samlConfigurationBean.setSignatureAlgorithm(SamlConfigurationBean.SignatureAlgorithm.SHA256); samlConfigurationBean.afterPropertiesSet(); BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration(); assertEquals(SignatureConstants.ALGO_ID_DIGEST_SHA256, config.getSignatureReferenceDigestMethod()); assertEquals(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256, config.getSignatureAlgorithmURI("RSA")); }
@Test public void testSHA512SignatureAlgorithm() throws Exception { SamlConfigurationBean samlConfigurationBean = new SamlConfigurationBean(); samlConfigurationBean.setSignatureAlgorithm(SamlConfigurationBean.SignatureAlgorithm.SHA512); samlConfigurationBean.afterPropertiesSet(); BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration(); assertEquals(SignatureConstants.ALGO_ID_DIGEST_SHA512, config.getSignatureReferenceDigestMethod()); assertEquals(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512, config.getSignatureAlgorithmURI("RSA")); }
public void setSignatureAlgorithm(String signatureAlgorithm) { this.signatureAlgorithm = signatureAlgorithm; BasicSecurityConfiguration.class.cast(Configuration.getGlobalSecurityConfiguration()).registerSignatureAlgorithmURI("RSA", signatureAlgorithm); } }
/** * Constructor. * * @param newSignableObject the SAMLObject this reference refers to */ public SAMLObjectContentReference(SignableSAMLObject newSignableObject) { signableObject = newSignableObject; transforms = new LazyList<String>(); // Set defaults if (Configuration.getGlobalSecurityConfiguration() != null ) { digestAlgorithm = Configuration.getGlobalSecurityConfiguration().getSignatureReferenceDigestMethod(); } if (digestAlgorithm == null) { digestAlgorithm = SignatureConstants.ALGO_ID_DIGEST_SHA1; } transforms.add(SignatureConstants.TRANSFORM_ENVELOPED_SIGNATURE); transforms.add(SignatureConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS); }
/** * Gets the signature algorithm URI to use with the given signing credential. * * @param credential the credential that will be used to sign the message * @param config the SecurityConfiguration to use (may be null) * * @return signature algorithm to use with the given signing credential * * @throws MessageEncodingException thrown if the algorithm URI could not be derived from the supplied credential */ protected String getSignatureAlgorithmURI(Credential credential, SecurityConfiguration config) throws MessageEncodingException { SecurityConfiguration secConfig; if (config != null) { secConfig = config; } else { secConfig = Configuration.getGlobalSecurityConfiguration(); } String signAlgo = secConfig.getSignatureAlgorithmURI(credential); if (signAlgo == null) { throw new MessageEncodingException("The signing credential's algorithm URI could not be derived"); } return signAlgo; }
/** * Gets the signature algorithm URI to use with the given signing credential. * * @param credential the credential that will be used to sign the message * @param config the SecurityConfiguration to use (may be null) * * @return signature algorithm to use with the given signing credential * * @throws MessageEncodingException thrown if the algorithm URI could not be derived from the supplied credential */ protected String getSignatureAlgorithmURI(Credential credential, SecurityConfiguration config) throws MessageEncodingException { SecurityConfiguration secConfig; if (config != null) { secConfig = config; } else { secConfig = Configuration.getGlobalSecurityConfiguration(); } String signAlgo = secConfig.getSignatureAlgorithmURI(credential); if (signAlgo == null) { throw new MessageEncodingException("The signing credential's algorithm URI could not be derived"); } return signAlgo; }
/** * Based on the settings in the extended metadata either creates a PKIX trust engine with trusted keys specified * in the extended metadata as anchors or (by default) an explicit trust engine using data from the metadata or * from the values overridden in the ExtendedMetadata. * * @param samlContext context to populate */ protected void populateTrustEngine(SAMLMessageContext samlContext) { SignatureTrustEngine engine; if ("pkix".equalsIgnoreCase(samlContext.getLocalExtendedMetadata().getSecurityProfile())) { engine = new PKIXSignatureTrustEngine(pkixResolver, Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver(), pkixTrustEvaluator, new BasicX509CredentialNameEvaluator()); } else { engine = new ExplicitKeySignatureTrustEngine(metadataResolver, Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver()); } samlContext.setLocalTrustEngine(engine); }
SecurityConfiguration secConfig = Configuration.getGlobalSecurityConfiguration(); if (secConfig == null) { throw new SecurityException("Global security configuration was null, could not resolve signing algorithm");
SecurityConfiguration secConfig = Configuration.getGlobalSecurityConfiguration(); if (secConfig == null) { throw new SecurityException("Global security configuration was null, could not resolve signing algorithm");
Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver(), new org.springframework.security.saml.trust.CertPathPKIXTrustEvaluator(pkixOptions), new BasicX509CredentialNameEvaluator()); return new AllowAllSignatureTrustEngine(Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
secConfig = config; } else { secConfig = Configuration.getGlobalSecurityConfiguration();
secConfig = config; } else { secConfig = Configuration.getGlobalSecurityConfiguration();
secConfig = config; } else { secConfig = Configuration.getGlobalSecurityConfiguration();
secConfig = config; } else { secConfig = Configuration.getGlobalSecurityConfiguration();
secConfig = config; } else { secConfig = Configuration.getGlobalSecurityConfiguration();
.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager() .getDefaultManager().getFactory(signingCredential); factory.setEmitEntityCertificateChain(true);
secConfig = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration();