/** * getInstance * <p/> * Returns an instance of SAMLIssuer. This method uses the file * <code>saml.properties</code> to determine which implementation to * use. Thus the property <code>org.apache.ws.security.saml.issuerClass</code> * must define the classname of the SAMLIssuer implementation. The file * may contain other property definitions as well. These properties are * handed over to the SAMLIssuer implementation. The file * <code>saml.properties</code> is loaded with the * <code>Loader.getResource()</code> method. * <p/> * * @return The SAMLIssuer implementation was defined * @throws WSSecurityException if there is an error in loading the crypto properties */ public static SAMLIssuer getInstance() throws WSSecurityException { return getInstance("saml.properties"); }
/** * getInstance * <p/> * Returns an instance of SAMLIssuer. This method uses the specified filename * to load a property file. This file shall use the property * <code>org.apache.ws.security.saml.issuerClass</code> * to define the classname of the SAMLIssuer implementation. The file * may contain other property definitions as well. These properties are * handed over to the SAMLIssuer implementation. The specified file * is loaded with the <code>Loader.getResource()</code> method. * <p/> * * @param propFilename The name of the property file to load * @return The SAMLIssuer implementation that was defined * @throws WSSecurityException if there is an error in loading the crypto properties */ public static SAMLIssuer getInstance(String propFilename) throws WSSecurityException { return getInstance(getProperties(propFilename)); }
/** * getInstance * <p/> * Returns an instance of SAMLIssuer. The properties are handed over the the SAMLIssuer * implementation. The properties can be <code>null</code>. It is dependent on the * SAMLIssuer implementation how the initialization is done in this case. * <p/> * * @param samlClass This is the SAMLIssuer implementation class. No default is * provided here. * @param properties The Properties that are forwarded to the SAMLIssuer implementation. * These properties are dependent on the SAMLIssuer implementation * @return The SAMLIssuer implementation or null if no samlClassName was defined * @throws WSSecurityException if there is an error in loading the crypto properties */ public static SAMLIssuer getInstance( Class<? extends SAMLIssuer> samlClass, Properties properties ) throws WSSecurityException { return loadClass(samlClass, properties); }
if (secretKey == null) { AssertionWrapper assertion = SAMLUtil.getAssertionFromKeyIdentifier( secRef, secRef.getElement(), data, wsDocInfo ); SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant); X509Certificate[] foundCerts = samlKi.getCerts(); if (foundCerts != null && foundCerts.length > 0) { certs = new X509Certificate[]{foundCerts[0]}; secretKey = samlKi.getSecret(); publicKey = samlKi.getPublicKey(); principal = createPrincipalFromSAML(assertion);
/** * Get a SecretKey from a SAML Assertion */ private byte[] getSecretKeyFromAssertion( AssertionWrapper assertion, SecurityTokenReference secRef, RequestData data, WSDocInfo wsDocInfo, boolean bspCompliant ) throws WSSecurityException { if (bspCompliant) { BSPEnforcer.checkSamlTokenBSPCompliance(secRef, assertion); } SAMLKeyInfo samlKi = SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant); if (samlKi == null) { throw new WSSecurityException( WSSecurityException.FAILED_CHECK, "invalidSAMLToken", new Object[] {"No Secret Key"} ); } return samlKi.getSecret(); }
/** * Parse a SAML Assertion to obtain a SAMLKeyInfo object from * the Subject of the assertion * * @param assertion The SAML Assertion * @param data The RequestData instance used to obtain configuration * @param docInfo A WSDocInfo instance * @param bspCompliant Whether to process tokens in compliance with the BSP spec or not * @return a SAMLKeyInfo object * @throws WSSecurityException */ public static SAMLKeyInfo getCredentialFromSubject( AssertionWrapper assertion, RequestData data, WSDocInfo docInfo, boolean bspCompliant ) throws WSSecurityException { if (assertion.getSaml1() != null) { return getCredentialFromSubject(assertion.getSaml1(), data, docInfo, bspCompliant); } else { return getCredentialFromSubject(assertion.getSaml2(), data, docInfo, bspCompliant); } }
/** * Verify trust in the signature of a signed Assertion. This method is separate so that * the user can override if if they want. * @param assertion The signed Assertion * @param data The RequestData context * @return A Credential instance * @throws WSSecurityException */ protected Credential verifySignedAssertion( AssertionWrapper assertion, RequestData data ) throws WSSecurityException { Credential trustCredential = new Credential(); SAMLKeyInfo samlKeyInfo = assertion.getSignatureKeyInfo(); trustCredential.setPublicKey(samlKeyInfo.getPublicKey()); trustCredential.setCertificates(samlKeyInfo.getCerts()); return super.validate(trustCredential, data); }
SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant); certs = keyInfo.getCerts(); } else { throw new WSSecurityException(
Object obj = handler.getProperty(reqData.getMsgContext(), refId); if (obj instanceof Properties) { samlIssuer = SAMLIssuerFactory.getInstance((Properties)obj); } else if (obj instanceof SAMLIssuer) { samlIssuer = (SAMLIssuer)obj; String samlPropFile = handler.getString(WSHandlerConstants.SAML_PROP_FILE, reqData.getMsgContext()); samlIssuer = SAMLIssuerFactory.getInstance(samlPropFile); ); if (callbackHandler != null) { samlIssuer.setCallbackHandler(callbackHandler);
public void execute(WSHandler handler, int actionToDo, Document doc, RequestData reqData) throws WSSecurityException { WSSecSAMLToken builder = new WSSecSAMLToken(reqData.getWssConfig()); SAMLIssuer saml = loadSamlIssuer(handler, reqData); AssertionWrapper assertion = saml.newAssertion(); // add the SAMLAssertion Token to the SOAP Envelope builder.build(doc, assertion, reqData.getSecHeader()); } }
if (secretKey == null) { AssertionWrapper assertion = SAMLUtil.getAssertionFromKeyIdentifier( secRef, secRef.getElement(), data, wsDocInfo ); SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant); X509Certificate[] foundCerts = samlKi.getCerts(); if (foundCerts != null && foundCerts.length > 0) { certs = new X509Certificate[]{foundCerts[0]}; secretKey = samlKi.getSecret(); publicKey = samlKi.getPublicKey(); principal = createPrincipalFromSAML(assertion);
/** * Get a SecretKey from a SAML Assertion */ private byte[] getSecretKeyFromAssertion( AssertionWrapper assertion, SecurityTokenReference secRef, RequestData data, WSDocInfo wsDocInfo, boolean bspCompliant ) throws WSSecurityException { if (bspCompliant) { BSPEnforcer.checkSamlTokenBSPCompliance(secRef, assertion); } SAMLKeyInfo samlKi = SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant); if (samlKi == null) { throw new WSSecurityException( WSSecurityException.FAILED_CHECK, "invalidSAMLToken", new Object[] {"No Secret Key"} ); } return samlKi.getSecret(); }
/** * Parse a SAML Assertion to obtain a SAMLKeyInfo object from * the Subject of the assertion * * @param assertion The SAML Assertion * @param data The RequestData instance used to obtain configuration * @param docInfo A WSDocInfo instance * @param bspCompliant Whether to process tokens in compliance with the BSP spec or not * @return a SAMLKeyInfo object * @throws WSSecurityException */ public static SAMLKeyInfo getCredentialFromSubject( AssertionWrapper assertion, RequestData data, WSDocInfo docInfo, boolean bspCompliant ) throws WSSecurityException { if (assertion.getSaml1() != null) { return getCredentialFromSubject(assertion.getSaml1(), data, docInfo, bspCompliant); } else { return getCredentialFromSubject(assertion.getSaml2(), data, docInfo, bspCompliant); } }
/** * Verify trust in the signature of a signed Assertion. This method is separate so that * the user can override if if they want. * @param assertion The signed Assertion * @param data The RequestData context * @return A Credential instance * @throws WSSecurityException */ protected Credential verifySignedAssertion( AssertionWrapper assertion, RequestData data ) throws WSSecurityException { Credential trustCredential = new Credential(); SAMLKeyInfo samlKeyInfo = assertion.getSignatureKeyInfo(); trustCredential.setPublicKey(samlKeyInfo.getPublicKey()); trustCredential.setCertificates(samlKeyInfo.getCerts()); return super.validate(trustCredential, data); }
/** * getInstance * <p/> * Returns an instance of SAMLIssuer. This method uses the specified filename * to load a property file. This file shall use the property * <code>org.apache.ws.security.saml.issuerClass</code> * to define the classname of the SAMLIssuer implementation. The file * may contain other property definitions as well. These properties are * handed over to the SAMLIssuer implementation. The specified file * is loaded with the <code>Loader.getResource()</code> method. * <p/> * * @param propFilename The name of the property file to load * @return The SAMLIssuer implementation that was defined * @throws WSSecurityException if there is an error in loading the crypto properties */ public static SAMLIssuer getInstance(String propFilename) throws WSSecurityException { return getInstance(getProperties(propFilename)); }
Object obj = handler.getProperty(reqData.getMsgContext(), refId); if (obj instanceof Properties) { samlIssuer = SAMLIssuerFactory.getInstance((Properties)obj); } else if (obj instanceof SAMLIssuer) { samlIssuer = (SAMLIssuer)obj; String samlPropFile = handler.getString(WSHandlerConstants.SAML_PROP_FILE, reqData.getMsgContext()); samlIssuer = SAMLIssuerFactory.getInstance(samlPropFile); ); if (callbackHandler != null) { samlIssuer.setCallbackHandler(callbackHandler);
/** * getInstance * <p/> * Returns an instance of SAMLIssuer. This method uses the file * <code>saml.properties</code> to determine which implementation to * use. Thus the property <code>org.apache.ws.security.saml.issuerClass</code> * must define the classname of the SAMLIssuer implementation. The file * may contain other property definitions as well. These properties are * handed over to the SAMLIssuer implementation. The file * <code>saml.properties</code> is loaded with the * <code>Loader.getResource()</code> method. * <p/> * * @return The SAMLIssuer implementation was defined * @throws WSSecurityException if there is an error in loading the crypto properties */ public static SAMLIssuer getInstance() throws WSSecurityException { return getInstance("saml.properties"); }
/** * getInstance * <p/> * Returns an instance of SAMLIssuer. The properties are handed over the the SAMLIssuer * implementation. The properties can be <code>null</code>. It is dependent on the * SAMLIssuer implementation how the initialization is done in this case. * <p/> * * @param samlClass This is the SAMLIssuer implementation class. No default is * provided here. * @param properties The Properties that are forwarded to the SAMLIssuer implementation. * These properties are dependent on the SAMLIssuer implementation * @return The SAMLIssuer implementation or null if no samlClassName was defined * @throws WSSecurityException if there is an error in loading the crypto properties */ public static SAMLIssuer getInstance( Class<? extends SAMLIssuer> samlClass, Properties properties ) throws WSSecurityException { return loadClass(samlClass, properties); }
public void execute(WSHandler handler, int actionToDo, Document doc, RequestData reqData) throws WSSecurityException { WSSecSAMLToken builder = new WSSecSAMLToken(reqData.getWssConfig()); SAMLIssuer saml = loadSamlIssuer(handler, reqData); AssertionWrapper assertion = saml.newAssertion(); // add the SAMLAssertion Token to the SOAP Envelope builder.build(doc, assertion, reqData.getSecHeader()); } }
@Override public byte[] getAssertionKeyInfoSecret(Crypto signatureCrypto, TokenCallbackHandler tokenCallbackHandler) throws WSSecurityException { RequestData requestData = new RequestData(); requestData.setCallbackHandler(tokenCallbackHandler); requestData.setSigCrypto(signatureCrypto); WSDocInfo docInfo = new WSDocInfo(assertion.getDOM().getOwnerDocument()); // TODO Improve .. // TODO change this to use SAMLAssertion parameter once wss4j conversion is done .... SAMLKeyInfo samlKi = SAMLUtil.getCredentialFromSubject(assertion, requestData, docInfo, true); return samlKi.getSecret(); }