/** * Signs the specified {@link SignableSAMLObject} with the specified {@link Credential} and * {@code signatureAlgorithm}. */ static void sign(SignableSAMLObject signableObj, Credential signingCredential, String signatureAlgorithm) { requireNonNull(signableObj, "signableObj"); requireNonNull(signingCredential, "signingCredential"); requireNonNull(signatureAlgorithm, "signatureAlgorithm"); final Signature signature = signatureBuilder.buildObject(); signature.setSignatureAlgorithm(signatureAlgorithm); signature.setSigningCredential(signingCredential); signature.setCanonicalizationAlgorithm(ALGO_ID_C14N_EXCL_OMIT_COMMENTS); try { signature.setKeyInfo(keyInfoGenerator.generate(signingCredential)); } catch (SecurityException e) { throw new SamlException("failed to create a key info of signing credential", e); } signableObj.setSignature(signature); serialize(signableObj); try { Signer.signObject(signature); } catch (SignatureException e) { throw new SamlException("failed to sign a SAML object", e); } }
KeyFactory rsaKeyFac = KeyFactory.getInstance("RSA"); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(key); RSAPublicKey rsaPubKey = (RSAPublicKey)rsaKeyFac.generatePublic(keySpec); return new PublicKeyImpl(rsaPubKey);
/** * Validate an instance of {@link SignatureImpl}, which is in turn based on underlying Apache XML Security * <code>XMLSignature</code> instance. * * @param sigImpl the signature implementation object to validate * @throws SignatureException thrown if the signature is not valid with respect to the profile */ protected void validateSignatureImpl(SignatureImpl sigImpl) throws SignatureException { if (sigImpl.getXMLSignature() == null) { log.error("SignatureImpl did not contain the an Apache XMLSignature child"); throw new SignatureException("Apache XMLSignature does not exist on SignatureImpl"); } XMLSignature apacheSig = sigImpl.getXMLSignature(); if (!(sigImpl.getParent() instanceof SignableSAMLObject)) { log.error("Signature is not an immedidate child of a SignableSAMLObject"); throw new SignatureException("Signature is not an immediate child of a SignableSAMLObject."); } SignableSAMLObject signableObject = (SignableSAMLObject) sigImpl.getParent(); Reference ref = validateReference(apacheSig); validateReferenceURI(ref.getURI(), signableObject); validateTransforms(ref); validateObjectChildren(apacheSig); }
protected Signature getSignature(SignableSAMLObject target) { org.opensaml.xmlsec.signature.Signature signature = target.getSignature(); Signature result = null; if (signature != null && signature instanceof SignatureImpl) { SignatureImpl impl = (SignatureImpl) signature; try { result = new Signature() .setSignatureAlgorithm(AlgorithmMethod.fromUrn(impl.getSignatureAlgorithm())) .setCanonicalizationAlgorithm(CanonicalizationMethod.fromUrn(impl .getCanonicalizationAlgorithm())) .setSignatureValue(org.apache.xml.security.utils.Base64.encode(impl.getXMLSignature() .getSignatureValue())) ; //TODO extract the digest value for (ContentReference ref : ofNullable(signature.getContentReferences()).orElse(emptyList())) { if (ref instanceof SAMLObjectContentReference) { SAMLObjectContentReference sref = (SAMLObjectContentReference) ref; result.setDigestAlgorithm(DigestMethod.fromUrn(sref.getDigestAlgorithm())); } } } catch (XMLSignatureException e) { //TODO - ignore for now } } return result; }
/** * Signs the specified {@link SignableSAMLObject} with the specified {@link Credential} and * {@code signatureAlgorithm}. */ static void sign(SignableSAMLObject signableObj, Credential signingCredential, String signatureAlgorithm) { requireNonNull(signableObj, "signableObj"); requireNonNull(signingCredential, "signingCredential"); requireNonNull(signatureAlgorithm, "signatureAlgorithm"); final Signature signature = signatureBuilder.buildObject(); signature.setSignatureAlgorithm(signatureAlgorithm); signature.setSigningCredential(signingCredential); signature.setCanonicalizationAlgorithm(ALGO_ID_C14N_EXCL_OMIT_COMMENTS); try { signature.setKeyInfo(keyInfoGenerator.generate(signingCredential)); } catch (SecurityException e) { throw new SamlException("failed to create a key info of signing credential", e); } signableObj.setSignature(signature); serialize(signableObj); try { Signer.signObject(signature); } catch (SignatureException e) { throw new SamlException("failed to sign a SAML object", e); } }