signingCredential.setEntityCertificate(spMetadata.getSigningCertificate()); encryptionCredential.setEntityCertificate(spMetadata.getEncryptionCertificate());
/** * Tries to load peer SSL certificate from the inbound message transport using attribute * "javax.servlet.request.X509Certificate". If found sets peerSSLCredential in the context. * * @param samlContext context to populate */ protected void populatePeerSSLCredential(SAMLMessageContext samlContext) { X509Certificate[] chain = (X509Certificate[]) samlContext.getInboundMessageTransport().getAttribute(ServletRequestX509CredentialAdapter.X509_CERT_REQUEST_ATTRIBUTE); if (chain != null && chain.length > 0) { log.debug("Found certificate chain from request {}", chain[0]); BasicX509Credential credential = new BasicX509Credential(); credential.setEntityCertificate(chain[0]); credential.setEntityCertificateChain(Arrays.asList(chain)); samlContext.setPeerSSLCredential(credential); } }
/** * Build an X509Credential from a keystore trusted certificate entry. * * @param trustedCertEntry the entry being processed * @param entityID the entityID to set * @param usage the usage type to set * @return new X509Credential instance */ protected X509Credential processTrustedCertificateEntry(KeyStore.TrustedCertificateEntry trustedCertEntry, String entityID, UsageType usage) { log.debug("Processing TrustedCertificateEntry from keystore"); BasicX509Credential credential = new BasicX509Credential(); credential.setEntityId(entityID); credential.setUsageType(usage); X509Certificate cert = (X509Certificate) trustedCertEntry.getTrustedCertificate(); credential.setEntityCertificate(cert); ArrayList<X509Certificate> certChain = new ArrayList<X509Certificate>(); certChain.add(cert); credential.setEntityCertificateChain(certChain); return credential; }
if (idpMetadata.getSigningCertificate() != null && sig != null) { BasicX509Credential credential = new BasicX509Credential(); credential.setEntityCertificate(idpMetadata.getSigningCertificate()); SignatureValidator validator = new SignatureValidator(credential); try { if (idpMetadata.getSigningCertificate() != null && encSig != null) { BasicX509Credential sigCredential = new BasicX509Credential(); sigCredential.setEntityCertificate(idpMetadata.getSigningCertificate()); SignatureValidator validator = new SignatureValidator(sigCredential); try {
/** * Build an X509Credential from a keystore trusted certificate entry. * * @param trustedCertEntry the entry being processed * @param entityID the entityID to set * @param usage the usage type to set * @return new X509Credential instance */ protected X509Credential processTrustedCertificateEntry(KeyStore.TrustedCertificateEntry trustedCertEntry, String entityID, UsageType usage) { log.debug("Processing TrustedCertificateEntry from keystore"); BasicX509Credential credential = new BasicX509Credential(); credential.setEntityId(entityID); credential.setUsageType(usage); X509Certificate cert = (X509Certificate) trustedCertEntry.getTrustedCertificate(); credential.setEntityCertificate(cert); ArrayList<X509Certificate> certChain = new ArrayList<X509Certificate>(); certChain.add(cert); credential.setEntityCertificateChain(certChain); return credential; }
/** * Get a simple, minimal credential containing an end-entity X.509 certificate, and optionally a private key. * * @param cert the end-entity certificate to wrap * @param privateKey the private key to wrap, which may be null * @return a credential containing the certificate and key specified */ public static BasicX509Credential getSimpleCredential(X509Certificate cert, PrivateKey privateKey) { if (cert == null) { throw new IllegalArgumentException("A certificate is required"); } BasicX509Credential cred = new BasicX509Credential(); cred.setEntityCertificate(cert); cred.setPrivateKey(privateKey); return cred; }
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { if (x509Certificates == null || x509Certificates.length == 0) { throw new IllegalArgumentException("Null or empty certificates list"); } BasicX509Credential credential = new BasicX509Credential(); X509Certificate x509Certificate = x509Certificates[0]; credential.setEntityCertificate(x509Certificate); credential.setEntityCertificateChain(Arrays.asList(x509Certificates)); credential.setUsageType(UsageType.UNSPECIFIED); EntityIDCriteria entityIDCriteria = criteriaSet.get(EntityIDCriteria.class); if (entityIDCriteria != null) { credential.setEntityId(entityIDCriteria.getEntityID()); } try { log.debug("Checking server trust"); if (trustEngine.validate(credential, criteriaSet)) { log.debug("Server certificate trust verified"); } else { Principal issuerDN = x509Certificate.getIssuerDN(); Principal subjectDN = x509Certificate.getSubjectDN(); StringBuilder sb = new StringBuilder(120); sb.append("Peer SSL/TLS certificate '").append(subjectDN).append("' "); sb.append("issued by '").append(issuerDN).append("' "); sb.append("is not trusted, add the certificate or it's CA to your trust store and optionally update tlsKey in extended metadata with the certificate's alias"); throw new UntrustedCertificateException(sb.toString(), x509Certificates); } } catch (org.opensaml.xml.security.SecurityException e) { throw new CertificateException("Error validating certificate", e); } }
/** * Get a simple, minimal credential containing an end-entity X.509 certificate, and optionally a private key. * * @param cert the end-entity certificate to wrap * @param privateKey the private key to wrap, which may be null * @return a credential containing the certificate and key specified */ public static BasicX509Credential getSimpleCredential(X509Certificate cert, PrivateKey privateKey) { if (cert == null) { throw new IllegalArgumentException("A certificate is required"); } BasicX509Credential cred = new BasicX509Credential(); cred.setEntityCertificate(cert); cred.setPrivateKey(privateKey); return cred; }
/** * Build an X509Credential from a keystore private key entry. * * @param privateKeyEntry the entry being processed * @param entityID the entityID to set * @param usage the usage type to set * @return new X509Credential instance */ protected X509Credential processPrivateKeyEntry(KeyStore.PrivateKeyEntry privateKeyEntry, String entityID, UsageType usage) { log.debug("Processing PrivateKeyEntry from keystore"); BasicX509Credential credential = new BasicX509Credential(); credential.setEntityId(entityID); credential.setUsageType(usage); credential.setPrivateKey(privateKeyEntry.getPrivateKey()); credential.setEntityCertificate((X509Certificate) privateKeyEntry.getCertificate()); credential.setEntityCertificateChain(Arrays.asList((X509Certificate[]) privateKeyEntry.getCertificateChain())); return credential; }
private static Credential getCredential(X509Certificate certificate) { BasicX509Credential credential = new BasicX509Credential(); credential.setEntityCertificate(certificate); credential.setPublicKey(certificate.getPublicKey()); credential.setCRLs(Collections.emptyList()); return credential; }
/** * Build an X509Credential from a keystore private key entry. * * @param privateKeyEntry the entry being processed * @param entityID the entityID to set * @param usage the usage type to set * @return new X509Credential instance */ protected X509Credential processPrivateKeyEntry(KeyStore.PrivateKeyEntry privateKeyEntry, String entityID, UsageType usage) { log.debug("Processing PrivateKeyEntry from keystore"); BasicX509Credential credential = new BasicX509Credential(); credential.setEntityId(entityID); credential.setUsageType(usage); credential.setPrivateKey(privateKeyEntry.getPrivateKey()); credential.setEntityCertificate((X509Certificate) privateKeyEntry.getCertificate()); credential.setEntityCertificateChain(Arrays.asList((X509Certificate[]) privateKeyEntry.getCertificateChain())); return credential; }
basicCredential.setEntityCertificate((java.security.cert.X509Certificate) certificate); basicCredential.setPrivateKey(issuerPK);
credential.setEntityCertificateChain(new ArrayList<X509Certificate>(certificates)); if (entityCertificate != null) { credential.setEntityCertificate(entityCertificate); } else { credential.setEntityCertificate(certificates.get(0));
/** * Create basic credentials needed to generate signature using EntitlementServiceComponent * * @return basicX509Credential */ private static BasicX509Credential createBasicCredentials() { Certificate certificate = null; PrivateKey issuerPK = null; KeyStoreManager keyMan = KeyStoreManager.getInstance(-1234); try { certificate = keyMan.getDefaultPrimaryCertificate(); issuerPK = keyMan.getDefaultPrivateKey(); } catch (Exception e) { log.error("Error occurred while getting the KeyStore from KeyManger.", e); } BasicX509Credential basicCredential = new BasicX509Credential(); basicCredential.setEntityCertificate((java.security.cert.X509Certificate) certificate); basicCredential.setPrivateKey(issuerPK); return basicCredential; }
/** * Create basic credentials needed to generate signature using EntitlementServiceComponent * * @return basicX509Credential */ private static BasicX509Credential createBasicCredentials() { Certificate certificate = null; PrivateKey issuerPK = null; KeyStoreManager keyMan = KeyStoreManager.getInstance(-1234); try { certificate = keyMan.getDefaultPrimaryCertificate(); issuerPK = keyMan.getDefaultPrivateKey(); } catch (Exception e) { log.error("Error occurred while getting the KeyStore from KeyManger.", e); } BasicX509Credential basicCredential = new BasicX509Credential(); basicCredential.setEntityCertificate((java.security.cert.X509Certificate) certificate); basicCredential.setPrivateKey(issuerPK); return basicCredential; }
/** * Create basic credentials needed to generate signature using EntitlementServiceComponent * * @return basicX509Credential */ private static BasicX509Credential createBasicCredentials() { Certificate certificate = null; PrivateKey issuerPK = null; KeyStoreManager keyMan = KeyStoreManager.getInstance(-1234); try { certificate = keyMan.getDefaultPrimaryCertificate(); issuerPK = keyMan.getDefaultPrivateKey(); } catch (Exception e) { log.error("Error occurred while getting the KeyStore from KeyManger.", e); } BasicX509Credential basicCredential = new BasicX509Credential(); basicCredential.setEntityCertificate((java.security.cert.X509Certificate) certificate); basicCredential.setPrivateKey(issuerPK); return basicCredential; }
private void validateSignature(Assertion assertion) throws ValidationException, CertificateException{ assertion.validate(true); Signature signature = assertion.getSignature(); KeyInfo inf = signature.getKeyInfo(); List<X509Certificate> certs = KeyInfoHelper.getCertificates(inf); if (certs == null || certs.isEmpty() ){ throw new CertificateException("KeyInfoHelper contains no certificates, unable to validate signature!"); } X509Certificate cert = certs.get(0); //TODO: verify certificate issuer/subject? // Principal pr = cert.getIssuerDN(); // pr = cert.getSubjectDN(); SAMLSignatureProfileValidator pv = new SAMLSignatureProfileValidator(); pv.validate(signature); BasicX509Credential credential = new BasicX509Credential(); credential.setEntityCertificate(cert); SignatureValidator sigValidator = new SignatureValidator(credential); sigValidator.validate(signature); }
private Signature getSignature() { try { final char[] jksPassword = config.getKeystorePassword(); final String alias = config.getCertificateAlias(); final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); try (final FileInputStream fileInputStream = new FileInputStream(config.getKeystore())) { keyStore.load(fileInputStream, jksPassword); } final KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, new KeyStore.PasswordProtection(jksPassword)); final PrivateKey privateKey = privateKeyEntry.getPrivateKey(); final X509Certificate certificate = (X509Certificate) privateKeyEntry.getCertificate(); final BasicX509Credential credential = new BasicX509Credential(); credential.setEntityCertificate(certificate); credential.setPrivateKey(privateKey); final Signature signature = (Signature) org.opensaml.xml.Configuration.getBuilderFactory() .getBuilder(org.opensaml.xml.signature.Signature.DEFAULT_ELEMENT_NAME) .buildObject(org.opensaml.xml.signature.Signature.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(credential); final SecurityConfiguration securityConfiguration = Configuration.getGlobalSecurityConfiguration(); final String keyInfoGeneratorProfile = null; SecurityHelper.prepareSignatureParams(signature, credential, securityConfiguration, keyInfoGeneratorProfile); return signature; } catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException | UnrecoverableEntryException | SecurityException ex) { Logger.getLogger(SAMLClient.class.getName()).log(Level.SEVERE, null, ex); return null; } }
credential.setEntityCertificate(samlKeyInfo.getCerts()[0]); } else if (samlKeyInfo.getPublicKey() != null) { credential.setPublicKey(samlKeyInfo.getPublicKey());
credential.setEntityCertificate(samlKeyInfo.getCerts()[0]); } else if (samlKeyInfo.getPublicKey() != null) { credential.setPublicKey(samlKeyInfo.getPublicKey());