protected KeyInfo generateKeyInfoForCredential(Credential credential) { try { String keyInfoGeneratorName = org.springframework.security.saml.SAMLConstants.SAML_METADATA_KEY_INFO_GENERATOR; if (extendedMetadata != null && extendedMetadata.getKeyInfoGeneratorName() != null) { keyInfoGeneratorName = extendedMetadata.getKeyInfoGeneratorName(); } KeyInfoGenerator keyInfoGenerator = SecurityHelper.getKeyInfoGenerator(credential, null, keyInfoGeneratorName); return keyInfoGenerator.generate(credential); } catch (org.opensaml.xml.security.SecurityException e) { log.error("Can't obtain key from the keystore or generate key info for credential: " + credential, e); throw new SAMLRuntimeException("Can't obtain key from keystore or generate key info", e); } }
protected KeyInfo generateKeyInfoForCredential(Credential credential) { try { String keyInfoGeneratorName = org.springframework.security.saml.SAMLConstants.SAML_METADATA_KEY_INFO_GENERATOR; if (extendedMetadata != null && extendedMetadata.getKeyInfoGeneratorName() != null) { keyInfoGeneratorName = extendedMetadata.getKeyInfoGeneratorName(); } KeyInfoGenerator keyInfoGenerator = SecurityHelper.getKeyInfoGenerator(credential, null, keyInfoGeneratorName); return keyInfoGenerator.generate(credential); } catch (org.opensaml.xml.security.SecurityException e) { log.error("Can't obtain key from the keystore or generate key info for credential: " + credential, e); throw new SAMLRuntimeException("Can't obtain key from keystore or generate key info", e); } }
/** {@inheritDoc} */ protected void populateVelocityContext(VelocityContext velocityContext, SAMLMessageContext messageContext, String endpointURL) throws MessageEncodingException { super.populateVelocityContext(velocityContext, messageContext, endpointURL); Credential signingCredential = messageContext.getOuboundSAMLMessageSigningCredential(); if (signingCredential == null) { log.debug("No signing credential was supplied, skipping HTTP-Post simple signing"); return; } // TODO pull SecurityConfiguration from SAMLMessageContext? needs to be added // TODO pull binding-specific keyInfoGenName from encoder setting, etc? String sigAlgURI = getSignatureAlgorithmURI(signingCredential, null); velocityContext.put("SigAlg", sigAlgURI); String formControlData = buildFormDataToSign(velocityContext, messageContext, sigAlgURI); velocityContext.put("Signature", generateSignature(signingCredential, sigAlgURI, formControlData)); KeyInfoGenerator kiGenerator = SecurityHelper.getKeyInfoGenerator(signingCredential, null, null); if (kiGenerator != null) { String kiBase64 = buildKeyInfo(signingCredential, kiGenerator); if (!DatatypeHelper.isEmpty(kiBase64)) { velocityContext.put("KeyInfo", kiBase64); } } }
encParams.setAlgorithm(secConfig.getDataEncryptionAlgorithmURI(encryptionCredential)); KeyInfoGenerator kiGenerator = getKeyInfoGenerator(encryptionCredential, secConfig, keyInfoGenName); if (kiGenerator != null) { encParams.setKeyInfoGenerator(kiGenerator);
encParams.setAlgorithm(secConfig.getDataEncryptionAlgorithmURI(encryptionCredential)); KeyInfoGenerator kiGenerator = getKeyInfoGenerator(encryptionCredential, secConfig, keyInfoGenName); if (kiGenerator != null) { encParams.setKeyInfoGenerator(kiGenerator);
wrappedKeyAlgorithm)); KeyInfoGenerator kiGenerator = getKeyInfoGenerator(encryptionCredential, secConfig, keyInfoGenName); if (kiGenerator != null) { kekParams.setKeyInfoGenerator(kiGenerator);
wrappedKeyAlgorithm)); KeyInfoGenerator kiGenerator = getKeyInfoGenerator(encryptionCredential, secConfig, keyInfoGenName); if (kiGenerator != null) { kekParams.setKeyInfoGenerator(kiGenerator);
KeyInfoGenerator kiGenerator = getKeyInfoGenerator(signingCredential, secConfig, keyInfoGenName); if (kiGenerator != null) { try {
KeyInfoGenerator kiGenerator = getKeyInfoGenerator(signingCredential, secConfig, keyInfoGenName); if (kiGenerator != null) { try {