protected List<SimpleKey> getKeyFromDescriptor(KeyDescriptor desc) { List<SimpleKey> result = new LinkedList<>(); if (desc.getKeyInfo() == null) { return null; } KeyType type = desc.getUse() != null ? KeyType.valueOf(desc.getUse().name()) : KeyType.UNSPECIFIED; int index = 0; for (X509Data x509 : ofNullable(desc.getKeyInfo().getX509Datas()).orElse(emptyList())) { for (X509Certificate cert : ofNullable(x509.getX509Certificates()).orElse(emptyList())) { result.add(new SimpleKey(type.getTypeName() + "-" + (index++), null, cert.getValue(), null, type )); } } return result; }
/** * Generates an XML Object representing a digital signature. * * @param signatureAlgorithm the algorithm used to compute the signature * @param credential the signature signing credentials * @return an XML Object representing an enveloped or detached XML Digital Signature * @throws SSOException if an error occurs while getting the signature */ private static Signature setSignatureRaw(String signatureAlgorithm, X509Credential credential) throws SSOException { Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(credential); signature.setSignatureAlgorithm(signatureAlgorithm); signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); try { KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME); X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME); X509Certificate cert = (X509Certificate) buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME); String value = org.apache.xml.security.utils.Base64.encode(credential.getEntityCertificate().getEncoded()); cert.setValue(value); data.getX509Certificates().add(cert); keyInfo.getX509Datas().add(data); signature.setKeyInfo(keyInfo); return signature; } catch (CertificateEncodingException e) { throw new SSOException("Error getting certificate", e); } }
X509Certificate cert = (X509Certificate) buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME); String value = org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded()); cert.setValue(value); data.getX509Certificates().add(cert); keyInfo.getX509Datas().add(data);
X509Certificate signingX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME); signingX509Certificate.setValue(signingCert); signingX509Data.getX509Certificates().add(signingX509Certificate); signingKeyInfo.getX509Datas().add(signingX509Data); X509Certificate encX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME); encX509Certificate.setValue(encryptionCert); encX509Data.getX509Certificates().add(encX509Certificate); encKeyInfo.getX509Datas().add(encX509Data);
for (org.opensaml.xmlsec.signature.X509Certificate cert : x509Data.getX509Certificates()) { try (ByteArrayInputStream bais = new ByteArrayInputStream( Base64.getMimeDecoder().decode(cert.getValue()))) { chain.add(X509Certificate.class.cast(cf.generateCertificate(bais)));
X509Certificate signingX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME); signingX509Certificate.setValue(signingCert); signingX509Data.getX509Certificates().add(signingX509Certificate); signingKeyInfo.getX509Datas().add(signingX509Data); X509Certificate encX509Certificate = x509CertificateBuilder.buildObject(X509Certificate.DEFAULT_ELEMENT_NAME); encX509Certificate.setValue(encryptionCert); encX509Data.getX509Certificates().add(encX509Certificate); encKeyInfo.getX509Datas().add(encX509Data);