private static Assertion decryptAssertion(EncryptedAssertion encryptedAssertion, Credential decryptionCredential) { final StaticKeyInfoCredentialResolver keyInfoCredentialResolver = new StaticKeyInfoCredentialResolver(decryptionCredential); final Decrypter decrypter = new Decrypter(null, keyInfoCredentialResolver, new InlineEncryptedKeyResolver()); decrypter.setRootInNewDocument(true); try { return decrypter.decrypt(encryptedAssertion); } catch (DecryptionException e) { throw new SamlException("failed to decrypt an assertion", e); } } }
final X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory(); keyInfoGeneratorFactory.setEmitEntityCertificate(true); keyInfoGeneratorFactory.setEmitEntityCertificateChain(true); final KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance();
/** * Build a trust engine and populate it with the supplied credential (definition). * * @param builder the builder for this bean. * @param credential the definition of a {@link org.opensaml.security.credential.Credential} */ private void buildTrustEngine(final BeanDefinitionBuilder builder, final BeanDefinition credential) { final BeanDefinitionBuilder trustEngineBuilder = BeanDefinitionBuilder.genericBeanDefinition(ExplicitKeySignatureTrustEngine.class); final BeanDefinitionBuilder resolver = BeanDefinitionBuilder.genericBeanDefinition(StaticCredentialResolver.class); // Casting a singleton to a list resolver.addConstructorArgValue(credential); trustEngineBuilder.addConstructorArgValue(resolver.getBeanDefinition()); final List<KeyInfoProvider> keyInfoProviders = new ArrayList<>(); keyInfoProviders.add(new DSAKeyValueProvider()); keyInfoProviders.add(new RSAKeyValueProvider()); keyInfoProviders.add(new InlineX509DataProvider()); trustEngineBuilder.addConstructorArgValue(new BasicProviderKeyInfoCredentialResolver(keyInfoProviders)); builder.addConstructorArgValue(trustEngineBuilder.getBeanDefinition()); }
public void init() { X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory(); keyInfoGeneratorFactory.setEmitEntityCertificate(true); keyInfoGenerator = keyInfoGeneratorFactory.newInstance(); // Try to load a signature algorithm if (loader.getSignatureAlgorithm() != null) { SignatureAlgorithm loadedSignatureAlgorithm = SignatureAlgorithm.valueOf(loader.getSignatureAlgorithm()); if (loadedSignatureAlgorithm != null) { sigAlgo = loadedSignatureAlgorithm.getAlgorithm(); jceSigAlgo = JCEMapper.translateURItoJCEID(sigAlgo); } if (jceSigAlgo == null) { LOG.warn("Signature algorithm {} is not valid. Using default algorithm instead.", loader.getSignatureAlgorithm()); sigAlgo = null; } } if (sigAlgo == null) { sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1; String pubKeyAlgo = loader.getCredential().getPublicKey().getAlgorithm(); if (pubKeyAlgo.equalsIgnoreCase("DSA")) { sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA_SHA1; } else if (pubKeyAlgo.equalsIgnoreCase("EC")) { sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1; } jceSigAlgo = JCEMapper.translateURItoJCEID(sigAlgo); } callbackHandler = new SAMLSPCallbackHandler(loader.getKeyPass()); }
X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory(); KeyInfoBean.CERT_IDENTIFIER certIdentifier = keyInfo.getCertIdentifer(); switch (certIdentifier) { case X509_CERT: kiFactory.setEmitEntityCertificate(true); break; case KEY_VALUE: kiFactory.setEmitPublicKeyValue(true); break; case X509_ISSUER_SERIAL: kiFactory.setEmitX509IssuerSerial(true); return kiFactory.newInstance().generate(keyInfoCredential); BasicKeyInfoGeneratorFactory kiFactory = new BasicKeyInfoGeneratorFactory(); kiFactory.setEmitPublicKeyValue(true); return kiFactory.newInstance().generate(keyInfoCredential);
X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory(); if (sendKeyValue) { kiFactory.setEmitPublicKeyValue(true); } else { kiFactory.setEmitEntityCertificate(true); KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential); signature.setKeyInfo(keyInfo); } catch (org.opensaml.security.SecurityException ex) {
providers.add(new RSAKeyValueProvider()); providers.add(new DSAKeyValueProvider()); providers.add(new InlineX509DataProvider()); providers.add(new DEREncodedKeyValueProvider()); providers.add(new KeyInfoReferenceProvider()); val keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(providers); kekCredentialResolver.setKeyInfoCredentialResolver(keyInfoResolver);
X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory(); kiFactory.setEmitEntityCertificate(true); KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential); signature.setKeyInfo(keyInfo); } catch (org.opensaml.security.SecurityException ex) {
final X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory(); keyInfoGeneratorFactory.setEmitEntityCertificate(true); keyInfoGeneratorFactory.setEmitEntityCertificateChain(true); final KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance();
@Override public final Decrypter build() { final Credential encryptionCredential = this.credentialProvider.getCredential(); final KeyInfoCredentialResolver resolver = new StaticKeyInfoCredentialResolver(encryptionCredential); final Decrypter decrypter = new Decrypter(null, resolver, encryptedKeyResolver); decrypter.setRootInNewDocument(true); return decrypter; } }
X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory(); x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true); KeyInfo keyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential); signature.setKeyInfo(keyInfo); } catch (org.opensaml.security.SecurityException e) {
protected Decrypter getDecrypter(SimpleKey key) { Credential credential = getCredential(key, getCredentialsResolver(key)); KeyInfoCredentialResolver resolver = new StaticKeyInfoCredentialResolver(credential); Decrypter decrypter = new Decrypter(null, resolver, encryptedKeyResolver); decrypter.setRootInNewDocument(true); return decrypter; }
X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory(); kiFactory.setEmitEntityCertificate(true); KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential); signature.setKeyInfo(keyInfo); } catch (org.opensaml.security.SecurityException ex) {
/** * Build signature trust engine. * * @param wsFederationConfiguration the ws federation configuration * @return the signature trust engine */ private SignatureTrustEngine buildSignatureTrustEngine(final WsFederationConfiguration wsFederationConfiguration) { try { final CredentialResolver resolver = new StaticCredentialResolver(wsFederationConfiguration.getSigningCertificates()); final KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver(wsFederationConfiguration.getSigningCertificates()); return new ExplicitKeySignatureTrustEngine(resolver, keyResolver); } catch (final Exception e) { throw new RuntimeException(e); } }
spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory(); keyInfoGeneratorFactory.setEmitEntityCertificate(true); KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance(); keyInfoGenerator.generate(loader.getCredential());
/** * Build signature trust engine. * * @param wsFederationConfiguration the ws federation configuration * @return the signature trust engine */ @SneakyThrows private static SignatureTrustEngine buildSignatureTrustEngine(final WsFederationConfiguration wsFederationConfiguration) { val signingWallet = wsFederationConfiguration.getSigningWallet(); LOGGER.debug("Building signature trust engine based on the following signing certificates:"); signingWallet.forEach(c -> LOGGER.debug("Credential entity id [{}] with public key [{}]", c.getEntityId(), c.getPublicKey())); val resolver = new StaticCredentialResolver(signingWallet); val keyResolver = new StaticKeyInfoCredentialResolver(signingWallet); return new ExplicitKeySignatureTrustEngine(resolver, keyResolver); }
private static Decrypter buildAssertionDecrypter(final WsFederationConfiguration config) { val list = new ArrayList<EncryptedKeyResolver>(); list.add(new InlineEncryptedKeyResolver()); list.add(new EncryptedElementTypeEncryptedKeyResolver()); list.add(new SimpleRetrievalMethodEncryptedKeyResolver()); LOGGER.debug("Built a list of encrypted key resolvers: [{}]", list); val encryptedKeyResolver = new ChainingEncryptedKeyResolver(list); LOGGER.debug("Building credential instance to decrypt data"); val encryptionCredential = getEncryptionCredential(config); val resolver = new StaticKeyInfoCredentialResolver(encryptionCredential); val decrypter = new Decrypter(null, resolver, encryptedKeyResolver); decrypter.setRootInNewDocument(true); return decrypter; }
private Decrypter buildAssertionDecrypter(final WsFederationConfiguration config) { final List<EncryptedKeyResolver> list = new ArrayList<>(); list.add(new InlineEncryptedKeyResolver()); list.add(new EncryptedElementTypeEncryptedKeyResolver()); list.add(new SimpleRetrievalMethodEncryptedKeyResolver()); LOGGER.debug("Built a list of encrypted key resolvers: {}", list); final ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(list); LOGGER.debug("Building credential instance to decrypt data"); final Credential encryptionCredential = getEncryptionCredential(config); final KeyInfoCredentialResolver resolver = new StaticKeyInfoCredentialResolver(encryptionCredential); final Decrypter decrypter = new Decrypter(null, resolver, encryptedKeyResolver); decrypter.setRootInNewDocument(true); return decrypter; } }
private static Assertion decryptAssertion(EncryptedAssertion encryptedAssertion, Credential decryptionCredential) { final StaticKeyInfoCredentialResolver keyInfoCredentialResolver = new StaticKeyInfoCredentialResolver(decryptionCredential); final Decrypter decrypter = new Decrypter(null, keyInfoCredentialResolver, new InlineEncryptedKeyResolver()); decrypter.setRootInNewDocument(true); try { return decrypter.decrypt(encryptedAssertion); } catch (DecryptionException e) { throw new SamlException("failed to decrypt an assertion", e); } } }
EncryptedAssertion encryptedAssertion) throws SSOException { try { KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver( new X509CredentialImplementation(ssoAgentX509Credential)); decrypter = new Decrypter(new StaticKeyInfoCredentialResolver(shared), null, null); decrypter.setRootInNewDocument(true);