protected KeyDescriptor getKeyDescriptor(UsageType type, KeyInfo key) { @SuppressWarnings("unchecked") SAMLObjectBuilder<KeyDescriptor> builder = (SAMLObjectBuilder<KeyDescriptor>) Configuration.getBuilderFactory() .getBuilder(KeyDescriptor.DEFAULT_ELEMENT_NAME); KeyDescriptor descriptor = builder.buildObject(); descriptor.setUse(type); descriptor.setKeyInfo(key); return descriptor; }
if (idpDescriptor.getKeyDescriptors() != null) { for (KeyDescriptor kd : idpDescriptor.getKeyDescriptors()) { if (kd.getUse() == UsageType.SIGNING) { try { idpMetadata.setSigningCertificate(KeyInfoHelper.getCertificates(kd.getKeyInfo()).get(0)); } catch (CertificateException ignored) { s_logger.info("[ignored] encountered invalid certificate signing.", ignored); if (kd.getUse() == UsageType.ENCRYPTION) { try { idpMetadata.setEncryptionCertificate(KeyInfoHelper.getCertificates(kd.getKeyInfo()).get(0)); } catch (CertificateException ignored) { s_logger.info("[ignored] encountered invalid certificate encryption.", ignored); if (kd.getUse() == UsageType.UNSPECIFIED) { try { unspecifiedKey = KeyInfoHelper.getCertificates(kd.getKeyInfo()).get(0); } catch (CertificateException ignored) { s_logger.info("[ignored] encountered invalid certificate.", ignored);
private static List<X509Certificate> getCertificates(IDPSSODescriptor idpSsoDescriptor) throws SamlException { List<X509Certificate> certificates; try { certificates = idpSsoDescriptor .getKeyDescriptors() .stream() .filter(x -> x.getUse() == UsageType.SIGNING) .flatMap(SamlClient::getDatasWithCertificates) .map(SamlClient::getFirstCertificate) .collect(Collectors.toList()); } catch (Exception e) { throw new SamlException("Exception in getCertificates", e); } return certificates; }
/** * Checks that KeyInfo is present. * * @param keyDescriptor the key descriptor to validate * @throws ValidationException thrown if KeyInfo is not present */ protected void validateKeyInfo(KeyDescriptor keyDescriptor) throws ValidationException { if (keyDescriptor.getKeyInfo()==null) { throw new ValidationException("KeyInfo required"); } }
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject) throws UnmarshallingException { KeyDescriptor keyDescriptor = (KeyDescriptor) parentSAMLObject; if (childSAMLObject instanceof KeyInfo) { keyDescriptor.setKeyInfo((KeyInfo) childSAMLObject); } else if (childSAMLObject instanceof EncryptionMethod) { keyDescriptor.getEncryptionMethods().add((EncryptionMethod) childSAMLObject); } else { super.processChildElement(parentSAMLObject, childSAMLObject); } }
/** {@inheritDoc} */ protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException { KeyDescriptor keyDescriptor = (KeyDescriptor) samlObject; if (attribute.getName().equals(KeyDescriptor.USE_ATTRIB_NAME)) { try { UsageType usageType = UsageType.valueOf(UsageType.class, attribute.getValue().toUpperCase()); // Only allow the enum values specified in the schema. if (usageType != UsageType.SIGNING && usageType != UsageType.ENCRYPTION) { throw new UnmarshallingException("Invalid key usage type: " + attribute.getValue()); } keyDescriptor.setUse(usageType); } catch (IllegalArgumentException e) { throw new UnmarshallingException("Invalid key usage type: " + attribute.getValue()); } } super.processAttribute(samlObject, attribute); } }
/** * Constructor. * * @param descriptor the KeyDescriptor context from which a credential was resolved */ public SAMLMDCredentialContext(KeyDescriptor descriptor) { keyDescriptor = descriptor; if (descriptor != null) { // KeyDescriptor / EncryptionMethod encMethods = descriptor.getEncryptionMethods(); // KeyDescriptor -> RoleDescriptor role = (RoleDescriptor) descriptor.getParent(); } }
private void setX509Certificate(EntityDescriptor entityDescriptor,SPSSODescriptor spssoDescriptor, SAMLSSOServiceProviderDO samlssoServiceProviderDO){ List<KeyDescriptor> descriptors = spssoDescriptor.getKeyDescriptors(); if (descriptors != null && descriptors.size() > 0) { KeyDescriptor descriptor = descriptors.get(0); if (descriptor != null) { if (descriptor.getUse().toString().equals("SIGNING")) { try { samlssoServiceProviderDO.setX509Certificate(org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(descriptor.getKeyInfo()).get(0)); samlssoServiceProviderDO.setCertAlias(entityDescriptor.getEntityID()); } catch (java.security.cert.CertificateException ex) { log.error("Error While setting Certificate and alias", ex); }catch(java.lang.Exception ex){ log.error("Error While setting Certificate and alias", ex); } } } } } private void setSigningAlgorithmUri(SPSSODescriptor spssoDescriptor, SAMLSSOServiceProviderDO samlssoServiceProviderDO){
/** {@inheritDoc} */ protected void marshallAttributes(XMLObject xmlObject, Element domElement) throws MarshallingException { KeyDescriptor keyDescriptor = (KeyDescriptor) xmlObject; if (keyDescriptor.getUse() != null) { UsageType use = keyDescriptor.getUse(); // UsageType enum contains more values than are allowed by SAML 2 schema if (use.equals(UsageType.SIGNING) || use.equals(UsageType.ENCRYPTION)) { domElement.setAttribute(KeyDescriptor.USE_ATTRIB_NAME, use.toString().toLowerCase()); } else if (use.equals(UsageType.UNSPECIFIED)) { // emit nothing for unspecified - this is semantically equivalent to non-existent attribute } else { // Just in case values are unknowingly added to UsageType in the future... throw new MarshallingException("KeyDescriptor had illegal value for use attribute: " + use.toString()); } } } }
private static Stream<X509Data> getDatasWithCertificates(KeyDescriptor descriptor) { return descriptor .getKeyInfo() .getX509Datas() .stream() .filter(d -> d.getX509Certificates().size() > 0); }
private void setX509Certificate(EntityDescriptor entityDescriptor, SPSSODescriptor spssoDescriptor, SAMLSSOServiceProviderDO samlssoServiceProviderDO) { List<KeyDescriptor> descriptors = spssoDescriptor.getKeyDescriptors(); if (descriptors != null && descriptors.size() > 0) { KeyDescriptor descriptor = descriptors.get(0); if (descriptor != null) { if (descriptor.getUse().toString().equals("SIGNING")) { try { samlssoServiceProviderDO.setX509Certificate(org.opensaml.xml.security.keyinfo.KeyInfoHelper.getCertificates(descriptor.getKeyInfo()).get(0)); samlssoServiceProviderDO.setCertAlias(entityDescriptor.getEntityID()); } catch (java.security.cert.CertificateException ex) { log.error("Error While setting Certificate and alias", ex); } catch (java.lang.Exception ex) { log.error("Error While setting Certificate and alias", ex); } } } } }
signKeyDescriptor.setUse(UsageType.SIGNING); encKeyDescriptor.setUse(UsageType.ENCRYPTION); signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingCredential)); encKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(encryptionCredential)); spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); spSSODescriptor.getKeyDescriptors().add(encKeyDescriptor);
/** * Checks that use attribute has only one of allowed values. * * @param keyDescriptor the key descriptor to validate * @throws ValidationException throw in use attribute does not have a legal value */ protected void validateUse(KeyDescriptor keyDescriptor) throws ValidationException { UsageType use = keyDescriptor.getUse(); if (use == null) { return; } if ( ! use.equals(UsageType.SIGNING) && ! use.equals(UsageType.ENCRYPTION) && ! use.equals(UsageType.UNSPECIFIED) ) { throw new ValidationException("Invalid value for use attribute: " + use.toString()); } } }
UsageType mdUsage = keyDescriptor.getUse(); if (mdUsage == null) { mdUsage = UsageType.UNSPECIFIED; if (keyDescriptor.getKeyInfo() != null) { trustedNames.addAll(getTrustedNames(keyDescriptor.getKeyInfo()));
/** * Creates the key descriptor element with new key info each time called. * * @return KeyDescriptor with a new KeyInfo element. * @throws MetadataException */ private KeyDescriptor createKeyDescriptor() throws MetadataException { if (log.isDebugEnabled()) { log.debug("Creating the KeyDescriptor element"); } KeyDescriptor keyDescriptor = BuilderUtil.createSAMLObject(ConfigElements.FED_METADATA_NS, "KeyDescriptor", ""); keyDescriptor.setUse(UsageType.SIGNING); keyDescriptor.setKeyInfo(createKeyInfo()); return keyDescriptor; }
UsageType mdUsage = keyDescriptor.getUse(); if (mdUsage == null) { mdUsage = UsageType.UNSPECIFIED; if (keyDescriptor.getKeyInfo() != null) { CriteriaSet critSet = new CriteriaSet(); critSet.add(new KeyInfoCriteria(keyDescriptor.getKeyInfo()));
protected KeyDescriptor getKeyDescriptor(UsageType type, KeyInfo key) { SAMLObjectBuilder<KeyDescriptor> builder = (SAMLObjectBuilder<KeyDescriptor>) Configuration.getBuilderFactory().getBuilder(KeyDescriptor.DEFAULT_ELEMENT_NAME); KeyDescriptor descriptor = builder.buildObject(); descriptor.setUse(type); descriptor.setKeyInfo(key); return descriptor; }
String use = ""; try { use = descriptor.getUse().name().toString(); } catch (Exception ex) { log.error("Error !!!!", ex); KeyDescriptor descriptor = descriptors.get(i); if (descriptor != null) { if (descriptor.getUse() != null && "SIGNING".equals(descriptor.getUse().toString())) { try { String cert = null; if (descriptor.getKeyInfo() != null) { if (descriptor.getKeyInfo().getX509Datas() != null && descriptor.getKeyInfo().getX509Datas().size() > 0) { for (int k = 0; k < descriptor.getKeyInfo().getX509Datas().size(); k++) { if (descriptor.getKeyInfo().getX509Datas().get(k) != null) { if (descriptor.getKeyInfo().getX509Datas().get(k).getX509Certificates() != null && descriptor.getKeyInfo().getX509Datas().get(0).getX509Certificates().size() > 0) { for (int y = 0; y < descriptor.getKeyInfo().getX509Datas().get(k).getX509Certificates().size(); y++) { if (descriptor.getKeyInfo().getX509Datas().get(k).getX509Certificates().get(y) != null) { if (descriptor.getKeyInfo().getX509Datas().get(k).getX509Certificates().get(y). getValue() != null && descriptor.getKeyInfo().getX509Datas().get(k).getX509Certificates(). get(y).getValue().length() > 0) { cert = descriptor.getKeyInfo().getX509Datas().get(k).getX509Certificates().get(y). getValue().toString();
encKeyDescriptor.setUse(UsageType.SIGNING); encKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(credential));
if (kdesc.getUse() != UsageType.SIGNING) { continue; KeyInfo ki = kdesc.getKeyInfo(); if (ki == null) { continue;