/** * Signs the specified {@link SignableSAMLObject} with the specified {@link Credential} and * {@code signatureAlgorithm}. */ static void sign(SignableSAMLObject signableObj, Credential signingCredential, String signatureAlgorithm) { requireNonNull(signableObj, "signableObj"); requireNonNull(signingCredential, "signingCredential"); requireNonNull(signatureAlgorithm, "signatureAlgorithm"); final Signature signature = signatureBuilder.buildObject(); signature.setSignatureAlgorithm(signatureAlgorithm); signature.setSigningCredential(signingCredential); signature.setCanonicalizationAlgorithm(ALGO_ID_C14N_EXCL_OMIT_COMMENTS); try { signature.setKeyInfo(keyInfoGenerator.generate(signingCredential)); } catch (SecurityException e) { throw new SamlException("failed to create a key info of signing credential", e); } signableObj.setSignature(signature); serialize(signableObj); try { Signer.signObject(signature); } catch (SignatureException e) { throw new SamlException("failed to sign a SAML object", e); } }
final X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory(); keyInfoGeneratorFactory.setEmitEntityCertificate(true); keyInfoGeneratorFactory.setEmitEntityCertificateChain(true); final KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance(); keyInfoGenerator.generate(signingCredential))); spSsoDescriptor.getKeyDescriptors().add( buildKeyDescriptorElement(UsageType.ENCRYPTION, keyInfoGenerator.generate(encryptionCredential))); } catch (SecurityException e) { throw new SamlException("failed to generate KeyInfo element", e);
public KeyInfoGenerator getKeyInfoGenerator(Credential credential) { NamedKeyInfoGeneratorManager manager = DefaultSecurityConfigurationBootstrap .buildBasicKeyInfoGeneratorManager(); return manager.getDefaultManager().getFactory(credential).newInstance(); }
X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory(); KeyInfoBean.CERT_IDENTIFIER certIdentifier = keyInfo.getCertIdentifer(); switch (certIdentifier) { case X509_CERT: kiFactory.setEmitEntityCertificate(true); break; case KEY_VALUE: kiFactory.setEmitPublicKeyValue(true); break; case X509_ISSUER_SERIAL: kiFactory.setEmitX509IssuerSerial(true); return kiFactory.newInstance().generate(keyInfoCredential); BasicKeyInfoGeneratorFactory kiFactory = new BasicKeyInfoGeneratorFactory(); kiFactory.setEmitPublicKeyValue(true); return kiFactory.newInstance().generate(keyInfoCredential);
final KeyInfoGeneratorManager kigm = keyInfoGeneratorManager.getDefaultManager(); final KeyInfoGeneratorFactory kigf = kigm.getFactory(cred); final KeyInfoGenerator kig = kigf.newInstance(); try { final KeyInfo keyInfo = kig.generate(cred); scData.getKeyInfos().add(keyInfo); } catch (final SecurityException e) {
Assertion assertion = createAssertion(); // Assume this contains a recipient's RSA public key Credential keyEncryptionCredential = getKEKCredential(); EncryptionParameters encParams = new EncryptionParameters(); encParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256); KeyEncryptionParameters kekParams = new KeyEncryptionParameters(); kekParams.setEncryptionCredential(keyEncryptionCredential); kekParams.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP); KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration() .getKeyInfoGeneratorManager().getDefaultManager() .getFactory(keyEncryptionCredential); kekParams.setKeyInfoGenerator(kigf.newInstance()); Encrypter samlEncrypter = new Encrypter(encParams, kekParams); samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
final CriteriaSet criteriaSet = new CriteriaSet(new KeyInfoCriterion(keyInfo)); try { for (final Credential cred : keyInfoResolver.resolve(criteriaSet)) { credentials.add(cred);
PublicKey kiPublicKey = KeyInfoSupport.getKey(keyValue); if (Objects.equals(key, kiPublicKey)) { log.debug("Matched KeyValue PublicKey");
/** * Extract trusted names from a KeyInfo element. * * @param keyInfo the KeyInfo instance from which to extract trusted names * @param accumulator set of trusted names to return */ protected void getTrustedNames(final Set<String> accumulator, final KeyInfo keyInfo) { // TODO return anything if there are things other than names in the KeyInfo ? accumulator.addAll(KeyInfoSupport.getKeyNames(keyInfo)); }
X509Certificate kiCert = KeyInfoSupport.getCertificate(xmlCertificate); if (Objects.equals(cert, kiCert)) { log.debug("Matched X509Certificate");
protected final KeyInfo generateKeyInfoForCredential(final Credential credential) { try { return getKeyInfoGenerator().generate(credential); } catch (final org.opensaml.security.SecurityException e) { throw new SAMLException("Unable to generate keyInfo from given credential", e); } }
@Override public final KeyInfoGenerator getKeyInfoGenerator() { final NamedKeyInfoGeneratorManager mgmr = DefaultSecurityConfigurationBootstrap.buildBasicKeyInfoGeneratorManager(); final Credential credential = getCredential(); return mgmr.getDefaultManager().getFactory(credential).newInstance(); }
critSet.add(new KeyInfoCriterion(keyDescriptor.getKeyInfo())); final Iterable<Credential> resolvedCreds = getKeyInfoCredentialResolver().resolve(critSet); for (final Credential cred : resolvedCreds) { if (cred instanceof MutableCredential) {
PublicKey kiPublicKey = KeyInfoSupport.getKey(derEncodedKeyValue); if (Objects.equals(key, kiPublicKey)) { log.debug("Matched DEREncodedKeyValue PublicKey");
KeyInfo keyInfo = kiGenerator.generate(signingCredential); if (keyInfo != null) { Marshaller marshaller = XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(keyInfo);
private KeyInfo getKeyInfo(final Credential c, final String keyName) { final SecurityConfiguration secConfiguration = Configuration.getGlobalSecurityConfiguration(); final NamedKeyInfoGeneratorManager namedKeyInfoGeneratorManager = secConfiguration.getKeyInfoGeneratorManager(); final KeyInfoGeneratorManager keyInfoGeneratorManager = namedKeyInfoGeneratorManager.getDefaultManager(); final KeyInfoGeneratorFactory keyInfoGeneratorFactory = keyInfoGeneratorManager.getFactory(c); final KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance(); KeyInfo keyInfo; keyInfo = keyInfoGenerator.generate(c); KeyInfoHelper.addKeyName(keyInfo, keyName); return keyInfo; }
/** * Signs the specified {@link SignableSAMLObject} with the specified {@link Credential} and * {@code signatureAlgorithm}. */ static void sign(SignableSAMLObject signableObj, Credential signingCredential, String signatureAlgorithm) { requireNonNull(signableObj, "signableObj"); requireNonNull(signingCredential, "signingCredential"); requireNonNull(signatureAlgorithm, "signatureAlgorithm"); final Signature signature = signatureBuilder.buildObject(); signature.setSignatureAlgorithm(signatureAlgorithm); signature.setSigningCredential(signingCredential); signature.setCanonicalizationAlgorithm(ALGO_ID_C14N_EXCL_OMIT_COMMENTS); try { signature.setKeyInfo(keyInfoGenerator.generate(signingCredential)); } catch (SecurityException e) { throw new SamlException("failed to create a key info of signing credential", e); } signableObj.setSignature(signature); serialize(signableObj); try { Signer.signObject(signature); } catch (SignatureException e) { throw new SamlException("failed to sign a SAML object", e); } }
.getKeyInfoGeneratorManager(); KeyInfoGeneratorManager keyInfoGeneratorManager = namedKeyInfoGeneratorManager .getDefaultManager(); KeyInfoGeneratorFactory factory = keyInfoGeneratorManager .getFactory(credential); KeyInfoGenerator generator = factory.newInstance(); return generator.generate(credential);
public void sign(final SignableSAMLObject signableObject) throws SecurityException { org.opensaml.xmlsec.signature.Signature signature = OpenSAMLUtil.buildSignature(); signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); signature.setSignatureAlgorithm(sigAlgo); signature.setSigningCredential(loader.getCredential()); signature.setKeyInfo(keyInfoGenerator.generate(loader.getCredential())); signableObject.setSignature(signature); signableObject.releaseDOM(); signableObject.releaseChildrenDOM(true); }
public KeyDescriptor getKeyDescriptor(SimpleKey key) { SAMLObjectBuilder<KeyDescriptor> builder = (SAMLObjectBuilder<KeyDescriptor>) getBuilderFactory() .getBuilder(KeyDescriptor.DEFAULT_ELEMENT_NAME); KeyDescriptor descriptor = builder.buildObject(); KeyStoreCredentialResolver resolver = getCredentialsResolver(key); Credential credential = getCredential(key, resolver); try { KeyInfo info = getKeyInfoGenerator(credential).generate(credential); descriptor.setKeyInfo(info); if (key.getType() != null) { descriptor.setUse(UsageType.valueOf(key.getType().toString())); } else { descriptor.setUse(UsageType.SIGNING); } return descriptor; } catch (SecurityException e) { throw new SamlKeyException(e); } }