/** * Sign an assertion whose id value is provided in the response type * @param response * @param idValueOfAssertion * @param keypair * @param referenceURI * @return * @throws ParserConfigurationException * @throws TransformerException * @throws TransformerFactoryConfigurationError * @throws XPathException * @throws XMLSignatureException * @throws MarshalException * @throws GeneralSecurityException */ public Document sign(ResponseType response, String idValueOfAssertion, KeyPair keypair, String referenceURI) throws ParserConfigurationException, XPathException, TransformerFactoryConfigurationError, TransformerException, GeneralSecurityException, MarshalException, XMLSignatureException { SAML2Response saml2Response = new SAML2Response(); Document doc = saml2Response.convert(response); return sign(doc, idValueOfAssertion, keypair, referenceURI); }
/** * Get the URL for the SAML request that contains the signature and signature algorithm * @param responseType * @param relayState * @param signingKey * @return * @throws IOException * @throws GeneralSecurityException */ public static String getSAMLResponseURLWithSignature(ResponseType responseType, String relayState, PrivateKey signingKey) throws IOException, GeneralSecurityException { SAML2Response saml2Response = new SAML2Response(); Document responseDoc = saml2Response.convert(responseType); //URL Encode the Request String responseString = DocumentUtil.getDocumentAsString(responseDoc); String urlEncodedResponse = RedirectBindingUtil.deflateBase64URLEncode(responseString); String urlEncodedRelayState = null; if (isNotNull(relayState)) urlEncodedRelayState = URLEncoder.encode(relayState, "UTF-8"); byte[] sigValue = computeSignature(GeneralConstants.SAML_RESPONSE_KEY, urlEncodedResponse, urlEncodedRelayState, signingKey); //Now construct the URL return getResponseRedirectURLWithSignature(urlEncodedResponse, urlEncodedRelayState, sigValue, signingKey.getAlgorithm()); }
/** * Get the URL for the SAML request that contains the signature and signature algorithm * @param responseType * @param relayState * @param signingKey * @return * @throws IOException * @throws GeneralSecurityException */ public static String getSAMLResponseURLWithSignature(ResponseType responseType, String relayState, PrivateKey signingKey) throws IOException, GeneralSecurityException { SAML2Response saml2Response = new SAML2Response(); Document responseDoc = saml2Response.convert(responseType); //URL Encode the Request String responseString = DocumentUtil.getDocumentAsString(responseDoc); String urlEncodedResponse = RedirectBindingUtil.deflateBase64URLEncode(responseString); String urlEncodedRelayState = null; if (isNotNull(relayState)) urlEncodedRelayState = URLEncoder.encode(relayState, "UTF-8"); byte[] sigValue = computeSignature(GeneralConstants.SAML_RESPONSE_KEY, urlEncodedResponse, urlEncodedRelayState, signingKey); //Now construct the URL return getResponseRedirectURLWithSignature(urlEncodedResponse, urlEncodedRelayState, sigValue, signingKey.getAlgorithm()); }
/** * Get the URL for the SAML request that contains the signature and signature algorithm * * @param responseType * @param relayState * @param signingKey * @return * @throws IOException * @throws GeneralSecurityException */ public static String getSAMLResponseURLWithSignature(ResponseType responseType, String relayState, PrivateKey signingKey) throws IOException, GeneralSecurityException { SAML2Response saml2Response = new SAML2Response(); Document responseDoc = saml2Response.convert(responseType); // URL Encode the Request String responseString = DocumentUtil.getDocumentAsString(responseDoc); String urlEncodedResponse = RedirectBindingUtil.deflateBase64URLEncode(responseString); String urlEncodedRelayState = null; if (isNotNull(relayState)) urlEncodedRelayState = URLEncoder.encode(relayState, "UTF-8"); byte[] sigValue = computeSignature(GeneralConstants.SAML_RESPONSE_KEY, urlEncodedResponse, urlEncodedRelayState, signingKey); // Now construct the URL return getResponseRedirectURLWithSignature(urlEncodedResponse, urlEncodedRelayState, sigValue, signingKey.getAlgorithm()); }
/** * Get the URL for the SAML request that contains the signature and signature algorithm * * @param responseType * @param relayState * @param signingKey * * @return * * @throws IOException * @throws GeneralSecurityException */ public static String getSAMLResponseURLWithSignature(ResponseType responseType, String relayState, PrivateKey signingKey) throws IOException, GeneralSecurityException { SAML2Response saml2Response = new SAML2Response(); Document responseDoc = saml2Response.convert(responseType); // URL Encode the Request String responseString = DocumentUtil.getDocumentAsString(responseDoc); String urlEncodedResponse = RedirectBindingUtil.deflateBase64URLEncode(responseString); String urlEncodedRelayState = null; if (isNotNull(relayState)) urlEncodedRelayState = URLEncoder.encode(relayState, "UTF-8"); byte[] sigValue = computeSignature(GeneralConstants.SAML_RESPONSE_KEY, urlEncodedResponse, urlEncodedRelayState, signingKey); // Now construct the URL return getResponseRedirectURLWithSignature(urlEncodedResponse, urlEncodedRelayState, sigValue, signingKey.getAlgorithm()); }
/** * Sign an ResponseType at the root * @param response * @param keypair Key Pair * @param digestMethod (Example: DigestMethod.SHA1) * @param signatureMethod (Example: SignatureMethod.DSA_SHA1) * @return * @throws ParserConfigurationException * @throws XMLSignatureException * @throws MarshalException * @throws GeneralSecurityException */ public Document sign(ResponseType response, KeyPair keypair) throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException { SAML2Response saml2Request = new SAML2Response(); Document doc = saml2Request.convert(response); doc.normalize(); return sign(doc, response.getID(), keypair); }
/** * Get the URL for the SAML request that contains the signature and signature algorithm * * @param responseType * @param relayState * @param signingKey * * @return * * @throws IOException * @throws GeneralSecurityException */ public static String getSAMLResponseURLWithSignature(ResponseType responseType, String relayState, PrivateKey signingKey) throws IOException, GeneralSecurityException { SAML2Response saml2Response = new SAML2Response(); Document responseDoc = saml2Response.convert(responseType); // URL Encode the Request String responseString = DocumentUtil.getDocumentAsString(responseDoc); String urlEncodedResponse = RedirectBindingUtil.deflateBase64URLEncode(responseString); String urlEncodedRelayState = null; if (isNotNull(relayState)) urlEncodedRelayState = URLEncoder.encode(relayState, "UTF-8"); byte[] sigValue = computeSignature(GeneralConstants.SAML_RESPONSE_KEY, urlEncodedResponse, urlEncodedRelayState, signingKey); // Now construct the URL return getResponseRedirectURLWithSignature(urlEncodedResponse, urlEncodedRelayState, sigValue, signingKey.getAlgorithm()); }
/** * Sign an assertion whose id value is provided in the response type * * @param response * @param idValueOfAssertion * @param keypair * @param referenceURI * @return * @throws ParserConfigurationException * @throws TransformerException * @throws TransformerFactoryConfigurationError * @throws XPathException * @throws XMLSignatureException * @throws MarshalException * @throws GeneralSecurityException */ public Document sign(ResponseType response, String idValueOfAssertion, KeyPair keypair, String referenceURI) throws ParserConfigurationException, XPathException, TransformerFactoryConfigurationError, TransformerException, GeneralSecurityException, MarshalException, XMLSignatureException { SAML2Response saml2Response = new SAML2Response(); Document doc = saml2Response.convert(response); doc.normalize(); Node theSibling = getNextSiblingOfIssuer(doc); if (theSibling != null) { this.sibling = theSibling; } return sign(doc, idValueOfAssertion, keypair, referenceURI); }
/** * Sign an assertion whose id value is provided in the response type * * @param response * @param idValueOfAssertion * @param keypair * @param referenceURI * * @return * * @throws ParserConfigurationException * @throws TransformerException * @throws TransformerFactoryConfigurationError * @throws XPathException * @throws XMLSignatureException * @throws MarshalException * @throws GeneralSecurityException */ public Document sign(ResponseType response, String idValueOfAssertion, KeyPair keypair, String referenceURI) throws ParserConfigurationException, XPathException, TransformerFactoryConfigurationError, TransformerException, GeneralSecurityException, MarshalException, XMLSignatureException { SAML2Response saml2Response = new SAML2Response(); Document doc = saml2Response.convert(response); doc.normalize(); Node theSibling = getNextSiblingOfIssuer(doc); if (theSibling != null) { this.sibling = theSibling; } return sign(doc, idValueOfAssertion, keypair, referenceURI); }
/** * Sign an ResponseType at the root * * @param response * @param keypair Key Pair * @param digestMethod (Example: DigestMethod.SHA1) * @param signatureMethod (Example: SignatureMethod.DSA_SHA1) * * @return * * @throws ParserConfigurationException * @throws XMLSignatureException * @throws MarshalException * @throws GeneralSecurityException */ public Document sign(ResponseType response, KeyPair keypair) throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException { SAML2Response saml2Request = new SAML2Response(); Document doc = saml2Request.convert(response); doc.normalize(); Node theSibling = getNextSiblingOfIssuer(doc); if (theSibling != null) { this.sibling = theSibling; } return sign(doc, response.getID(), keypair); }
/** * Sign an ResponseType at the root * * @param response * @param keypair Key Pair * @param digestMethod (Example: DigestMethod.SHA1) * @param signatureMethod (Example: SignatureMethod.DSA_SHA1) * @return * @throws ParserConfigurationException * @throws XMLSignatureException * @throws MarshalException * @throws GeneralSecurityException */ public Document sign(ResponseType response, KeyPair keypair) throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException { SAML2Response saml2Request = new SAML2Response(); Document doc = saml2Request.convert(response); doc.normalize(); Node theSibling = getNextSiblingOfIssuer(doc); if (theSibling != null) { this.sibling = theSibling; } return sign(doc, response.getID(), keypair); }
/** * Sign an ResponseType at the root * * @param response * @param keypair Key Pair * @param digestMethod (Example: DigestMethod.SHA1) * @param signatureMethod (Example: SignatureMethod.DSA_SHA1) * * @return * * @throws ParserConfigurationException * @throws XMLSignatureException * @throws MarshalException * @throws GeneralSecurityException */ public Document sign(ResponseType response, KeyPair keypair) throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException { SAML2Response saml2Request = new SAML2Response(); Document doc = saml2Request.convert(response); doc.normalize(); Node theSibling = getNextSiblingOfIssuer(doc); if (theSibling != null) { this.sibling = theSibling; } return sign(doc, response.getID(), keypair); }
private ResponseType decryptAssertion(ResponseType responseType, PrivateKey privateKey) throws ProcessingException { if (privateKey == null) throw new IllegalArgumentException(ErrorCodes.NULL_ARGUMENT + "privateKey"); SAML2Response saml2Response = new SAML2Response(); try { Document doc = saml2Response.convert(responseType); Element enc = DocumentUtil.getElement(doc, new QName(JBossSAMLConstants.ENCRYPTED_ASSERTION.get())); if (enc == null) throw new ProcessingException(ErrorCodes.NULL_VALUE + "Null encrypted assertion element"); String oldID = enc.getAttribute(JBossSAMLConstants.ID.get()); Document newDoc = DocumentUtil.createDocument(); Node importedNode = newDoc.importNode(enc, true); newDoc.appendChild(importedNode); Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(newDoc, privateKey); SAMLParser parser = new SAMLParser(); JAXPValidationUtil.checkSchemaValidation(decryptedDocumentElement); AssertionType assertion = (AssertionType) parser.parse(StaxParserUtil.getXMLEventReader(DocumentUtil .getNodeAsStream(decryptedDocumentElement))); responseType.replaceAssertion(oldID, new RTChoiceType(assertion)); return responseType; } catch (Exception e) { throw new ProcessingException(e); } }
private ResponseType decryptAssertion(ResponseType responseType, PrivateKey privateKey) throws ProcessingException { if (privateKey == null) throw new IllegalArgumentException(ErrorCodes.NULL_ARGUMENT + "privateKey"); SAML2Response saml2Response = new SAML2Response(); try { Document doc = saml2Response.convert(responseType); Element enc = DocumentUtil.getElement(doc, new QName(JBossSAMLConstants.ENCRYPTED_ASSERTION.get())); if (enc == null) throw new ProcessingException(ErrorCodes.NULL_VALUE + "Null encrypted assertion element"); String oldID = enc.getAttribute(JBossSAMLConstants.ID.get()); Document newDoc = DocumentUtil.createDocument(); Node importedNode = newDoc.importNode(enc, true); newDoc.appendChild(importedNode); Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(newDoc, privateKey); SAMLParser parser = new SAMLParser(); JAXPValidationUtil.checkSchemaValidation(decryptedDocumentElement); AssertionType assertion = (AssertionType) parser.parse(StaxParserUtil.getXMLEventReader(DocumentUtil .getNodeAsStream(decryptedDocumentElement))); responseType.replaceAssertion(oldID, new RTChoiceType(assertion)); return responseType; } catch (Exception e) { throw new ProcessingException(e); } }
private ResponseType decryptAssertion(ResponseType responseType, PrivateKey privateKey) throws ProcessingException { if (privateKey == null) throw logger.nullArgumentError("privateKey"); SAML2Response saml2Response = new SAML2Response(); try { Document doc = saml2Response.convert(responseType); Element enc = DocumentUtil.getElement(doc, new QName(JBossSAMLConstants.ENCRYPTED_ASSERTION.get())); if (enc == null) throw logger.samlHandlerNullEncryptedAssertion(); String oldID = enc.getAttribute(JBossSAMLConstants.ID.get()); Document newDoc = DocumentUtil.createDocument(); Node importedNode = newDoc.importNode(enc, true); newDoc.appendChild(importedNode); Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(newDoc, privateKey); SAMLParser parser = new SAMLParser(); JAXPValidationUtil.checkSchemaValidation(decryptedDocumentElement); AssertionType assertion = (AssertionType) parser.parse(StaxParserUtil.getXMLEventReader(DocumentUtil .getNodeAsStream(decryptedDocumentElement))); responseType.replaceAssertion(oldID, new RTChoiceType(assertion)); return responseType; } catch (Exception e) { throw logger.processingError(e); } }
private ResponseType decryptAssertion(ResponseType responseType, PrivateKey privateKey) throws ProcessingException { if (privateKey == null) throw logger.nullArgumentError("privateKey"); SAML2Response saml2Response = new SAML2Response(); try { Document doc = saml2Response.convert(responseType); Element enc = DocumentUtil.getElement(doc, new QName(JBossSAMLConstants.ENCRYPTED_ASSERTION.get())); if (enc == null) throw logger.samlHandlerNullEncryptedAssertion(); String oldID = enc.getAttribute(JBossSAMLConstants.ID.get()); Document newDoc = DocumentUtil.createDocument(); Node importedNode = newDoc.importNode(enc, true); newDoc.appendChild(importedNode); Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(newDoc, privateKey); SAMLParser parser = new SAMLParser(); JAXPValidationUtil.checkSchemaValidation(decryptedDocumentElement); AssertionType assertion = (AssertionType) parser.parse(StaxParserUtil.getXMLEventReader(DocumentUtil .getNodeAsStream(decryptedDocumentElement))); responseType.replaceAssertion(oldID, new RTChoiceType(assertion)); return responseType; } catch (Exception e) { throw logger.processingError(e); } }
private ResponseType decryptAssertion(ResponseType responseType, PrivateKey privateKey) throws ProcessingException { if (privateKey == null) throw logger.nullArgumentError("privateKey"); SAML2Response saml2Response = new SAML2Response(); try { Document doc = saml2Response.convert(responseType); Element enc = DocumentUtil.getElement(doc, new QName(JBossSAMLConstants.ENCRYPTED_ASSERTION.get())); if (enc == null) throw logger.samlHandlerNullEncryptedAssertion(); String oldID = enc.getAttribute(JBossSAMLConstants.ID.get()); Document newDoc = DocumentUtil.createDocument(); Node importedNode = newDoc.importNode(enc, true); newDoc.appendChild(importedNode); Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(newDoc, privateKey); SAMLParser parser = new SAMLParser(); JAXPValidationUtil.checkSchemaValidation(decryptedDocumentElement); AssertionType assertion = (AssertionType) parser.parse(StaxParserUtil.getXMLEventReader(DocumentUtil .getNodeAsStream(decryptedDocumentElement))); responseType.replaceAssertion(oldID, new RTChoiceType(assertion)); return responseType; } catch (Exception e) { throw logger.processingError(e); } }
private void generateSuccessStatusResponseType(String logOutRequestID, SAML2HandlerRequest request, SAML2HandlerResponse response, String originalIssuer) throws ConfigurationException, ParserConfigurationException, ProcessingException { logger.trace("Generating Success Status Response for " + originalIssuer); StatusResponseType statusResponse = new StatusResponseType(IDGenerator.create("ID_"), XMLTimeUtil.getIssueInstant()); // Status StatusType statusType = new StatusType(); StatusCodeType statusCodeType = new StatusCodeType(); statusCodeType.setValue(URI.create(JBossSAMLURIConstants.STATUS_SUCCESS.get())); statusType.setStatusCode(statusCodeType); statusResponse.setStatus(statusType); statusResponse.setInResponseTo(logOutRequestID); statusResponse.setIssuer(request.getIssuer()); try { SAML2Response saml2Response = new SAML2Response(); response.setResultingDocument(saml2Response.convert(statusResponse)); } catch (ParsingException je) { throw logger.processingError(je); } response.setDestination(originalIssuer); }
private void generateSuccessStatusResponseType(String logOutRequestID, SAML2HandlerRequest request, SAML2HandlerResponse response, String originalIssuer) throws ConfigurationException, ParserConfigurationException, ProcessingException { logger.trace("Generating Success Status Response for " + originalIssuer); StatusResponseType statusResponse = new StatusResponseType(IDGenerator.create("ID_"), XMLTimeUtil.getIssueInstant()); // Status StatusType statusType = new StatusType(); StatusCodeType statusCodeType = new StatusCodeType(); statusCodeType.setValue(URI.create(JBossSAMLURIConstants.STATUS_SUCCESS.get())); statusType.setStatusCode(statusCodeType); statusResponse.setStatus(statusType); statusResponse.setInResponseTo(logOutRequestID); statusResponse.setIssuer(request.getIssuer()); statusResponse.setDestination(originalIssuer); try { SAML2Response saml2Response = new SAML2Response(); response.setResultingDocument(saml2Response.convert(statusResponse)); } catch (ParsingException je) { throw logger.processingError(je); } response.setDestination(originalIssuer); }
private void generateSuccessStatusResponseType(String logOutRequestID, SAML2HandlerRequest request, SAML2HandlerResponse response, String originalIssuer) throws ConfigurationException, ParserConfigurationException, ProcessingException { logger.trace("Generating Success Status Response for " + originalIssuer); StatusResponseType statusResponse = new StatusResponseType(IDGenerator.create("ID_"), XMLTimeUtil.getIssueInstant()); // Status StatusType statusType = new StatusType(); StatusCodeType statusCodeType = new StatusCodeType(); statusCodeType.setValue(URI.create(JBossSAMLURIConstants.STATUS_SUCCESS.get())); statusType.setStatusCode(statusCodeType); statusResponse.setStatus(statusType); statusResponse.setInResponseTo(logOutRequestID); statusResponse.setIssuer(request.getIssuer()); statusResponse.setDestination(originalIssuer); try { SAML2Response saml2Response = new SAML2Response(); response.setResultingDocument(saml2Response.convert(statusResponse)); } catch (ParsingException je) { throw logger.processingError(je); } response.setDestination(originalIssuer); }