@Override public void afterPropertiesSet() throws Exception { BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration(); switch (signatureAlgorithm) { case SHA1: config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA1); break; case SHA256: config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256); break; case SHA512: config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512); config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA512); break; } }
protected KeyInfo generateKeyInfoForCredential(Credential credential) { try { String keyInfoGeneratorName = org.springframework.security.saml.SAMLConstants.SAML_METADATA_KEY_INFO_GENERATOR; if (extendedMetadata != null && extendedMetadata.getKeyInfoGeneratorName() != null) { keyInfoGeneratorName = extendedMetadata.getKeyInfoGeneratorName(); } KeyInfoGenerator keyInfoGenerator = SecurityHelper.getKeyInfoGenerator(credential, null, keyInfoGeneratorName); return keyInfoGenerator.generate(credential); } catch (org.opensaml.xml.security.SecurityException e) { log.error("Can't obtain key from the keystore or generate key info for credential: " + credential, e); throw new SAMLRuntimeException("Can't obtain key from keystore or generate key info", e); } }
CertPathPKIXValidationOptions pkixOptions = new CertPathPKIXValidationOptions(); pkixOptions.setForceRevocationEnabled(true); } else { log.debug("Revocation checking not forced"); pkixOptions.setForceRevocationEnabled(false); Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver(), new org.springframework.security.saml.trust.CertPathPKIXTrustEvaluator(pkixOptions), new BasicX509CredentialNameEvaluator()); return new AllowAllSignatureTrustEngine(Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add(new EntityIDCriteria(openSAMLContext.entityId())); criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); try { Credential signingCredential = openSAMLContext.keyStoreCredentialResolver().resolveSingle(criteriaSet); String relayState = authState; LOG.debug("Sending authnRequest to {}", target);
@BeforeClass public static void bootstrap() throws Exception { Security.addProvider(new BouncyCastleProvider()); DefaultBootstrap.bootstrap(); NamedKeyInfoGeneratorManager keyInfoGeneratorManager = Configuration.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager(); keyInfoGeneratorManager.getManager(SAMLConstants.SAML_METADATA_KEY_INFO_GENERATOR); }
/** * Build and return a default configuration. * * @return a new basic security configuration with reasonable default values */ public static BasicSecurityConfiguration buildDefaultConfig() { BasicSecurityConfiguration config = new BasicSecurityConfiguration(); populateSignatureParams(config); populateEncryptionParams(config); populateKeyInfoCredentialResolverParams(config); populateKeyInfoGeneratorManager(config); populateKeyParams(config); return config; }
private void signAssertion(Assertion assertion, Credential credential) throws SecurityException, MarshallingException, SignatureException { SignatureBuilder signatureBuilder = (SignatureBuilder) builderFactory .getBuilder(Signature.DEFAULT_ELEMENT_NAME); Signature signature = signatureBuilder.buildObject(); signature.setSigningCredential(credential); SecurityHelper.prepareSignatureParams(signature, credential, null, null); assertion.setSignature(signature); Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(assertion); marshaller.marshall(assertion); Signer.signObject(signature); }
@Test public void testSHA1SignatureAlgorithm() throws Exception { SamlConfigurationBean samlConfigurationBean = new SamlConfigurationBean(); samlConfigurationBean.setSignatureAlgorithm(SamlConfigurationBean.SignatureAlgorithm.SHA1); samlConfigurationBean.afterPropertiesSet(); BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration(); assertEquals(SignatureConstants.ALGO_ID_DIGEST_SHA1, config.getSignatureReferenceDigestMethod()); assertEquals(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1, config.getSignatureAlgorithmURI("RSA")); }
/** * @deprecated * Get a basic KeyInfo credential resolver which can process standard inline * data - RSAKeyValue, DSAKeyValue, X509Data. * * @return a new KeyInfoCredentialResolver instance */ public static KeyInfoCredentialResolver buildBasicInlineKeyInfoResolver() { return SecurityHelper.buildBasicInlineKeyInfoResolver(); } }
/** {@inheritDoc} */ public boolean hasNext() { if (current != null) { return true; } current = getNextMatch(); if (current != null) { return true; } return false; }
/** * @deprecated * Build Java DSA public key from base64 encoding. * * @param base64EncodedKey base64-encoded DSA public key * @return a native Java DSAPublicKey * @throws KeyException thrown if there is an error constructing key */ public static DSAPublicKey buildJavaDSAPublicKey(String base64EncodedKey) throws KeyException { return SecurityHelper.buildJavaDSAPublicKey(base64EncodedKey); }
/** * @deprecated * Build Java RSA public key from base64 encoding. * * @param base64EncodedKey base64-encoded RSA public key * @return a native Java RSAPublicKey * @throws KeyException thrown if there is an error constructing key */ public static RSAPublicKey buildJavaRSAPublicKey(String base64EncodedKey) throws KeyException { return SecurityHelper.buildJavaRSAPublicKey(base64EncodedKey); }
/** * @deprecated * Build Java DSA private key from base64 encoding. * * @param base64EncodedKey base64-encoded DSA private key * @return a native Java DSAPrivateKey * @throws KeyException thrown if there is an error constructing key */ public static DSAPrivateKey buildJavaDSAPrivateKey(String base64EncodedKey) throws KeyException { return SecurityHelper.buildJavaDSAPrivateKey(base64EncodedKey); }
/** * @deprecated * Build Java RSA private key from base64 encoding. * * @param base64EncodedKey base64-encoded RSA private key * @return a native Java RSAPrivateKey * @throws KeyException thrown if there is an error constructing key */ public static RSAPrivateKey buildJavaRSAPrivateKey(String base64EncodedKey) throws KeyException { return SecurityHelper.buildJavaRSAPrivateKey(base64EncodedKey); }
@BeforeClass public static void bootstrap() throws Exception { Security.addProvider(new BouncyCastleProvider()); DefaultBootstrap.bootstrap(); NamedKeyInfoGeneratorManager keyInfoGeneratorManager = Configuration.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager(); keyInfoGeneratorManager.getManager(SAML_METADATA_KEY_INFO_GENERATOR); }
final Credential defaultCredential = keyManager.getDefaultCredential(); signature.setSigningCredential(defaultCredential); SecurityHelper.prepareSignatureParams(signature, defaultCredential, null, null); assertion.setSignature(signature); Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(assertion);
@Test public void testSHA256SignatureAlgorithm() throws Exception { SamlConfigurationBean samlConfigurationBean = new SamlConfigurationBean(); samlConfigurationBean.setSignatureAlgorithm(SamlConfigurationBean.SignatureAlgorithm.SHA256); samlConfigurationBean.afterPropertiesSet(); BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration(); assertEquals(SignatureConstants.ALGO_ID_DIGEST_SHA256, config.getSignatureReferenceDigestMethod()); assertEquals(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256, config.getSignatureAlgorithmURI("RSA")); }
/** {@inheritDoc} */ public boolean hasNext() { if (current != null) { return true; } current = getNextMatch(); if (current != null) { return true; } return false; }
/** * @deprecated * Build Java DSA public key from base64 encoding. * * @param base64EncodedKey base64-encoded DSA public key * @return a native Java DSAPublicKey * @throws KeyException thrown if there is an error constructing key */ public static DSAPublicKey buildJavaDSAPublicKey(String base64EncodedKey) throws KeyException { return SecurityHelper.buildJavaDSAPublicKey(base64EncodedKey); }
@Test public void testSHA512SignatureAlgorithm() throws Exception { SamlConfigurationBean samlConfigurationBean = new SamlConfigurationBean(); samlConfigurationBean.setSignatureAlgorithm(SamlConfigurationBean.SignatureAlgorithm.SHA512); samlConfigurationBean.afterPropertiesSet(); BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration(); assertEquals(SignatureConstants.ALGO_ID_DIGEST_SHA512, config.getSignatureReferenceDigestMethod()); assertEquals(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512, config.getSignatureAlgorithmURI("RSA")); }