Refine search
/** * Verify the signature of this assertion * * @throws ValidationException */ public void verifySignature( SAMLKeyInfoProcessor keyInfoProcessor, Crypto sigCrypto ) throws WSSecurityException { Signature sig = getSignature(); if (sig != null) { KeyInfo keyInfo = sig.getKeyInfo(); if (keyInfo == null) { throw new WSSecurityException( WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity", new Object[] {"cannot get certificate or key"} ); } SAMLKeyInfo samlKeyInfo = SAMLUtil.getCredentialFromKeyInfo(keyInfo.getDOM(), keyInfoProcessor, sigCrypto); verifySignature(samlKeyInfo); } else { LOG.debug("SamlAssertionWrapper: no signature to validate"); } }
protected boolean matchesX509Certificate(@Nullable final X509Certificate cert, @Nonnull final KeyInfo keyInfo) throws AssertionValidationException { if (cert == null) { List<X509Data> x509Datas = keyInfo.getX509Datas(); if (x509Datas == null || x509Datas.isEmpty()) { log.debug("KeyInfo contained no X509Data children, skipping certificate match");
/** * Place the EncryptedKey elements inside the KeyInfo element within the EncryptedData element. * * Although operationally trivial, this method is provided so that subclasses may override or augment as desired. * * @param encElement the EncryptedElementType instance which will hold the encrypted data and keys * @param encData the EncryptedData object * @param encKeys the list of EncryptedKey objects * @return the processed EncryptedElementType instance */ protected EncryptedElementType placeKeysInline(EncryptedElementType encElement, EncryptedData encData, List<EncryptedKey> encKeys) { log.debug("Placing EncryptedKey elements inline inside EncryptedData"); encData.getKeyInfo().getEncryptedKeys().addAll(encKeys); encElement.setEncryptedData(encData); return encElement; }
protected boolean matchesKeyValue(@Nullable final PublicKey key, @Nonnull final KeyInfo keyInfo) throws AssertionValidationException { if (matchesKeyValue(key, keyInfo.getKeyValues())) { return true; if (matchesDEREncodedKeyValue(key, keyInfo.getDEREncodedKeyValues())) { return true;
KeyInfo keyInfo=(KeyInfo)Configuration.getBuilderFactory().getBuilder(KeyInfo.DEFAULT_ELEMENT_NAME).buildObject(KeyInfo.DEFAULT_ELEMENT_NAME); X509Data data=(X509Data)Configuration.getBuilderFactory().getBuilder(X509Data.DEFAULT_ELEMENT_NAME).buildObject(X509Data.DEFAULT_ELEMENT_NAME); X509Certificate cert=(X509Certificate)Configuration.getBuilderFactory().getBuilder(X509Certificate.DEFAULT_ELEMENT_NAME).buildObject(X509Certificate.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(signingCredential); value=org.apache.xml.security.utils.Base64.encode(signingCredential.getEntityCertificate().getEncoded()); cert.setValue(value); data.getX509Certificates().add(cert); keyInfo.getX509Datas().add(data); signature.setKeyInfo(keyInfo);
log.debug("Linking multiple peer EncryptedKeys with CarriedKeyName and DataReference"); List<KeyName> dataEncKeyNames = encData.getKeyInfo().getKeyNames(); String carriedKeyNameValue; if (dataEncKeyNames.size() == 0 || Strings.isNullOrEmpty(dataEncKeyNames.get(0).getValue())) {
protected List<SimpleKey> getKeyFromDescriptor(KeyDescriptor desc) { List<SimpleKey> result = new LinkedList<>(); if (desc.getKeyInfo() == null) { return null; } KeyType type = desc.getUse() != null ? KeyType.valueOf(desc.getUse().name()) : KeyType.UNSPECIFIED; int index = 0; for (X509Data x509 : ofNullable(desc.getKeyInfo().getX509Datas()).orElse(emptyList())) { for (X509Certificate cert : ofNullable(x509.getX509Certificates()).orElse(emptyList())) { result.add(new SimpleKey(type.getTypeName() + "-" + (index++), null, cert.getValue(), null, type )); } } return result; }
samlKeyInfo = SAMLUtil.getCredentialFromKeyInfo( keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData, new WSDocInfo(doc)), sigCrypto ); } catch (WSSecurityException ex) {
for (X509Data x509Data : key.getKeyInfo().getX509Datas()) { for (org.opensaml.xmlsec.signature.X509Certificate cert : x509Data.getX509Certificates()) { try (ByteArrayInputStream bais = new ByteArrayInputStream(
Optional<EncryptedKey> key = Optional.empty(); if (keyInfo != null) { key = keyInfo.getEncryptedKeys() .stream() .findFirst();
samlKeyInfo = SAMLUtil.getCredentialFromKeyInfo( keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData), sigCrypto ); } catch (WSSecurityException ex) {
/** * Generates an XML Object representing a digital signature. * * @param signatureAlgorithm the algorithm used to compute the signature * @param credential the signature signing credentials * @return an XML Object representing an enveloped or detached XML Digital Signature * @throws SSOException if an error occurs while getting the signature */ private static Signature setSignatureRaw(String signatureAlgorithm, X509Credential credential) throws SSOException { Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(credential); signature.setSignatureAlgorithm(signatureAlgorithm); signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); try { KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME); X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME); X509Certificate cert = (X509Certificate) buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME); String value = org.apache.xml.security.utils.Base64.encode(credential.getEntityCertificate().getEncoded()); cert.setValue(value); data.getX509Certificates().add(cert); keyInfo.getX509Datas().add(data); signature.setKeyInfo(keyInfo); return signature; } catch (CertificateEncodingException e) { throw new SSOException("Error getting certificate", e); } }
SAMLKeyInfo samlKeyInfo = SAMLUtil.getCredentialFromKeyInfo( keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData), sigCrypto ); assertion.verifySignature(samlKeyInfo);
cert.setValue(value); data.getX509Certificates().add(cert); keyInfo.getX509Datas().add(data); signature.setKeyInfo(keyInfo); } catch (CertificateEncodingException e) {
SAMLKeyInfo samlKeyInfo = SAMLUtil.getCredentialFromKeyInfo( keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData), sigCrypto ); assertion.verifySignature(samlKeyInfo);
signingX509Certificate.setValue(signingCert); signingX509Data.getX509Certificates().add(signingX509Certificate); signingKeyInfo.getX509Datas().add(signingX509Data); signingKeyDescriptor.setKeyInfo(signingKeyInfo); idpssoDescriptor.getKeyDescriptors().add(signingKeyDescriptor); encX509Certificate.setValue(encryptionCert); encX509Data.getX509Certificates().add(encX509Certificate); encKeyInfo.getX509Datas().add(encX509Data); encKeyDescriptor.setKeyInfo(encKeyInfo); idpssoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
if (keyInfo != null) { samlKeyInfo = SAMLUtil.getCredentialFromKeyInfo( keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData), sigCrypto ); } else if (!keyInfoMustBeAvailable) {
signingX509Certificate.setValue(signingCert); signingX509Data.getX509Certificates().add(signingX509Certificate); signingKeyInfo.getX509Datas().add(signingX509Data); signingKeyDescriptor.setKeyInfo(signingKeyInfo); spSsoDescriptor.getKeyDescriptors().add(signingKeyDescriptor); encX509Certificate.setValue(encryptionCert); encX509Data.getX509Certificates().add(encX509Certificate); encKeyInfo.getX509Datas().add(encX509Data); encKeyDescriptor.setKeyInfo(encKeyInfo); spSsoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(data), data.getSigVerCrypto() );
keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(data), data.getSigVerCrypto() );