@Test public void test_add_certs_keys_only() throws Exception { config.setKeys(EMPTY_MAP); config.addAndActivateKey("cert-only", new SamlKey(null, null, certificate1)); JKSKeyManager manager1 = (JKSKeyManager) SamlKeyManagerFactory.getKeyManager(config); assertNotNull(manager1.getDefaultCredential().getPublicKey()); assertNull(manager1.getDefaultCredential().getPrivateKey()); }
@Test public void testWithWorkingCertificate() throws Exception { SamlConfig config = new SamlConfig(); config.setPrivateKey(KEY); config.setPrivateKeyPassword(PASSWORD); config.setCertificate(CERTIFICATE); keyManager = SamlKeyManagerFactory.getKeyManager(config); Credential credential = keyManager.getDefaultCredential(); assertNotNull(credential.getPrivateKey()); assertNotNull(credential.getPublicKey()); assertNotNull(credential); }
Credential credential = keyManager.getDefaultCredential(); assertNotNull(credential.getPrivateKey()); assertNotNull(credential.getPublicKey()); assertNotNull(credential);
/** * Extract the encryption key from the credential. * * @param credential the credential containing the encryption key * @return the encryption key (either a public key or a secret (symmetric) key */ public static Key extractEncryptionKey(Credential credential) { if (credential == null) { return null; } if (credential.getPublicKey() != null) { return credential.getPublicKey(); } else { return credential.getSecretKey(); } }
/** * Extract the verification key from the credential. * * @param credential the credential containing the verification key * @return the verification key (either a public key or a secret (symmetric) key */ public static Key extractVerificationKey(Credential credential) { if (credential == null) { return null; } if (credential.getPublicKey() != null) { return credential.getPublicKey(); } else { return credential.getSecretKey(); } }
/** * Extract the verification key from the credential. * * @param credential the credential containing the verification key * @return the verification key (either a public key or a secret (symmetric) key */ public static Key extractVerificationKey(Credential credential) { if (credential == null) { return null; } if (credential.getPublicKey() != null) { return credential.getPublicKey(); } else { return credential.getSecretKey(); } }
/** * Extract the encryption key from the credential. * * @param credential the credential containing the encryption key * @return the encryption key (either a public key or a secret (symmetric) key */ public static Key extractEncryptionKey(Credential credential) { if (credential == null) { return null; } if (credential.getPublicKey() != null) { return credential.getPublicKey(); } else { return credential.getSecretKey(); } }
/** {@inheritDoc} */ public Boolean evaluate(Credential target) { if (target == null) { log.error("Credential target was null"); return null; } PublicKey key = target.getPublicKey(); if (key == null) { log.info("Credential contained no public key, does not satisfy public key criteria"); return Boolean.FALSE; } Boolean result = publicKey.equals(key); return result; }
/** {@inheritDoc} */ public Boolean evaluate(Credential target) { if (target == null) { log.error("Credential target was null"); return null; } PublicKey key = target.getPublicKey(); if (key == null) { log.info("Credential contained no public key, does not satisfy public key criteria"); return Boolean.FALSE; } Boolean result = publicKey.equals(key); return result; }
/** Process the value of {@link Credential#getPublicKey()}. * * @param keyInfo the KeyInfo that is being built * @param credential the Credential that is geing processed */ protected void processPublicKey(KeyInfo keyInfo, Credential credential) { if (credential.getPublicKey() != null) { if (options.emitPublicKeyValue) { KeyInfoHelper.addPublicKey(keyInfo, credential.getPublicKey()); } if (options.emitPublicDEREncodedKeyValue) { try { KeyInfoHelper.addDEREncodedPublicKey(keyInfo, credential.getPublicKey()); } catch (NoSuchAlgorithmException e) { // TODO: should wrap in SecurityException once API can be changed log.error("Can't DER-encode key, unsupported key algorithm", e); } catch (InvalidKeySpecException e) { // TODO: should wrap in SecurityException once API can be changed log.error("Can't DER-encode key, invalid key specification", e); } } } } }
/** Process the value of {@link Credential#getPublicKey()}. * * @param keyInfo the KeyInfo that is being built * @param credential the Credential that is geing processed */ protected void processPublicKey(KeyInfo keyInfo, Credential credential) { if (credential.getPublicKey() != null) { if (options.emitPublicKeyValue) { KeyInfoHelper.addPublicKey(keyInfo, credential.getPublicKey()); } if (options.emitPublicDEREncodedKeyValue) { try { KeyInfoHelper.addDEREncodedPublicKey(keyInfo, credential.getPublicKey()); } catch (NoSuchAlgorithmException e) { // TODO: should wrap in SecurityException once API can be changed log.error("Can't DER-encode key, unsupported key algorithm", e); } catch (InvalidKeySpecException e) { // TODO: should wrap in SecurityException once API can be changed log.error("Can't DER-encode key, invalid key specification", e); } } } } }
/** {@inheritDoc} */ protected void postProcess(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet, List<Credential> credentials) throws SecurityException { ArrayList<Credential> localCreds = new ArrayList<Credential>(); for (Credential cred : credentials) { if (isLocalCredential(cred)) { localCreds.add(cred); } else if (cred.getPublicKey() != null) { localCreds.addAll(resolveByPublicKey(cred.getPublicKey())); } } // Also resolve local creds based on any key names that are known for (String keyName : kiContext.getKeyNames()) { localCreds.addAll(resolveByKeyName(keyName)); } credentials.clear(); credentials.addAll(localCreds); }
/** {@inheritDoc} */ protected void postProcess(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet, List<Credential> credentials) throws SecurityException { ArrayList<Credential> localCreds = new ArrayList<Credential>(); for (Credential cred : credentials) { if (isLocalCredential(cred)) { localCreds.add(cred); } else if (cred.getPublicKey() != null) { localCreds.addAll(resolveByPublicKey(cred.getPublicKey())); } } // Also resolve local creds based on any key names that are known for (String keyName : kiContext.getKeyNames()) { localCreds.addAll(resolveByKeyName(keyName)); } credentials.clear(); credentials.addAll(localCreds); }
/** * Get the key contained within the credential. * * @param credential the credential containing a key * @return the key from the credential */ private Key getKey(Credential credential) { if (credential.getPublicKey() != null) { return credential.getPublicKey(); } else if (credential.getSecretKey() != null) { return credential.getSecretKey(); } else if (credential.getPrivateKey() != null) { // There should have been a corresponding public key, but just in case... return credential.getPrivateKey(); } else { return null; } }
/** * Get the key contained within the credential. * * @param credential the credential containing a key * @return the key from the credential */ private Key getKey(Credential credential) { if (credential.getPublicKey() != null) { return credential.getPublicKey(); } else if (credential.getSecretKey() != null) { return credential.getSecretKey(); } else if (credential.getPrivateKey() != null) { // There should have been a corresponding public key, but just in case... return credential.getPrivateKey(); } else { return null; } }
/** * Get the key contained within the credential. * * @param credential the credential containing a key * @return the key from the credential */ private Key getKey(Credential credential) { if (credential.getPublicKey() != null) { return credential.getPublicKey(); } else if (credential.getSecretKey() != null) { return credential.getSecretKey(); } else if (credential.getPrivateKey() != null) { // There should have been a corresponding public key, but just in case... return credential.getPrivateKey(); } else { return null; } }
/** * Get the key contained within the credential. * * @param credential the credential containing a key * @return the key from the credential */ private Key getKey(Credential credential) { if (credential.getPublicKey() != null) { return credential.getPublicKey(); } else if (credential.getSecretKey() != null) { return credential.getSecretKey(); } else if (credential.getPrivateKey() != null) { // There should have been a corresponding public key, but just in case... return credential.getPrivateKey(); } else { return null; } }
/** * Utility method to extract any key that might be present in the specified Credential. * * @param cred the Credential to evaluate * @return the Key contained in the credential, or null if it does not contain a key. */ protected Key extractKeyValue(Credential cred) { if (cred == null) { return null; } if (cred.getPublicKey() != null) { return cred.getPublicKey(); } // This could happen if key is derived, e.g. key agreement, etc if (cred.getSecretKey() != null) { return cred.getSecretKey(); } // Perhaps unlikely, but go ahead and check if (cred.getPrivateKey() != null) { return cred.getPrivateKey(); } return null; }
/** * Utility method to extract any key that might be present in the specified Credential. * * @param cred the Credential to evaluate * @return the Key contained in the credential, or null if it does not contain a key. */ protected Key extractKeyValue(Credential cred) { if (cred == null) { return null; } if (cred.getPublicKey() != null) { return cred.getPublicKey(); } // This could happen if key is derived, e.g. key agreement, etc if (cred.getSecretKey() != null) { return cred.getSecretKey(); } // Perhaps unlikely, but go ahead and check if (cred.getPrivateKey() != null) { return cred.getPrivateKey(); } return null; }
private static void extractSignatureInfo(Assertion assertion, AssertionType assertOut) { SamlSignatureType samlSignature = assertOut.getSamlSignature() ; SamlSignatureKeyInfoType samlSignatureKeyInfoType = samlSignature.getKeyInfo() ; byte []signatureValue = samlSignature.getSignatureValue(); samlSignature.getKeyInfo().getRsaKeyValueExponent(); samlSignature.getKeyInfo().getRsaKeyValueModulus() ; Signature signature = assertion.getSignature() ; assertion.getSignature().getCanonicalizationAlgorithm(); signature.getSignatureAlgorithm(); List<ContentReference> contentReference1 = signature.getContentReferences(); ContentReference contentReference = (ContentReference)contentReference1.get(0); signature.getSigningCredential().getPublicKey().getAlgorithm(); //signature.getSigningCredential(). } private static String getSubjectNameIDValue(Assertion assertion) {