KeyInfo keyInfo=(KeyInfo)Configuration.getBuilderFactory().getBuilder(KeyInfo.DEFAULT_ELEMENT_NAME).buildObject(KeyInfo.DEFAULT_ELEMENT_NAME); X509Data data=(X509Data)Configuration.getBuilderFactory().getBuilder(X509Data.DEFAULT_ELEMENT_NAME).buildObject(X509Data.DEFAULT_ELEMENT_NAME); X509Certificate cert=(X509Certificate)Configuration.getBuilderFactory().getBuilder(X509Certificate.DEFAULT_ELEMENT_NAME).buildObject(X509Certificate.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(signingCredential); value=org.apache.xml.security.utils.Base64.encode(signingCredential.getEntityCertificate().getEncoded()); cert.setValue(value); data.getX509Certificates().add(cert); keyInfo.getX509Datas().add(data); signature.setKeyInfo(keyInfo);
List<X509Data> x509Datas = keyInfo.getX509Datas(); if (x509Datas == null || x509Datas.isEmpty()) { log.debug("KeyInfo contained no X509Data children, skipping certificate match");
protected List<SimpleKey> getKeyFromDescriptor(KeyDescriptor desc) { List<SimpleKey> result = new LinkedList<>(); if (desc.getKeyInfo() == null) { return null; } KeyType type = desc.getUse() != null ? KeyType.valueOf(desc.getUse().name()) : KeyType.UNSPECIFIED; int index = 0; for (X509Data x509 : ofNullable(desc.getKeyInfo().getX509Datas()).orElse(emptyList())) { for (X509Certificate cert : ofNullable(x509.getX509Certificates()).orElse(emptyList())) { result.add(new SimpleKey(type.getTypeName() + "-" + (index++), null, cert.getValue(), null, type )); } } return result; }
for (X509Data x509Data : key.getKeyInfo().getX509Datas()) { for (org.opensaml.xmlsec.signature.X509Certificate cert : x509Data.getX509Certificates()) { try (ByteArrayInputStream bais = new ByteArrayInputStream(
/** * Generates an XML Object representing a digital signature. * * @param signatureAlgorithm the algorithm used to compute the signature * @param credential the signature signing credentials * @return an XML Object representing an enveloped or detached XML Digital Signature * @throws SSOException if an error occurs while getting the signature */ private static Signature setSignatureRaw(String signatureAlgorithm, X509Credential credential) throws SSOException { Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(credential); signature.setSignatureAlgorithm(signatureAlgorithm); signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); try { KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME); X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME); X509Certificate cert = (X509Certificate) buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME); String value = org.apache.xml.security.utils.Base64.encode(credential.getEntityCertificate().getEncoded()); cert.setValue(value); data.getX509Certificates().add(cert); keyInfo.getX509Datas().add(data); signature.setKeyInfo(keyInfo); return signature; } catch (CertificateEncodingException e) { throw new SSOException("Error getting certificate", e); } }
cert.setValue(value); data.getX509Certificates().add(cert); keyInfo.getX509Datas().add(data); signature.setKeyInfo(keyInfo); } catch (CertificateEncodingException e) {
signingX509Certificate.setValue(signingCert); signingX509Data.getX509Certificates().add(signingX509Certificate); signingKeyInfo.getX509Datas().add(signingX509Data); signingKeyDescriptor.setKeyInfo(signingKeyInfo); idpssoDescriptor.getKeyDescriptors().add(signingKeyDescriptor); encX509Certificate.setValue(encryptionCert); encX509Data.getX509Certificates().add(encX509Certificate); encKeyInfo.getX509Datas().add(encX509Data); encKeyDescriptor.setKeyInfo(encKeyInfo); idpssoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
signingX509Certificate.setValue(signingCert); signingX509Data.getX509Certificates().add(signingX509Certificate); signingKeyInfo.getX509Datas().add(signingX509Data); signingKeyDescriptor.setKeyInfo(signingKeyInfo); spSsoDescriptor.getKeyDescriptors().add(signingKeyDescriptor); encX509Certificate.setValue(encryptionCert); encX509Data.getX509Certificates().add(encX509Certificate); encKeyInfo.getX509Datas().add(encX509Data); encKeyDescriptor.setKeyInfo(encKeyInfo); spSsoDescriptor.getKeyDescriptors().add(encKeyDescriptor);