package com.rackspace.saml;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.RandomAccessFile;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.x509.BasicX509Credential;
public class CertManager {
/**
* gets credential used to sign saml assertionts that are produced. This method
* assumes the cert and pkcs formatted primary key are on file system. this data
* could be stored elsewhere e.g keystore
*
* a credential is used to sign saml response, and includes the private key
* as well as a cert for the public key
*
* @return
* @throws Throwable
*/
public Credential getSigningCredential(String publicKeyLocation, String privateKeyLocation) throws Throwable {
// create public key (cert) portion of credential
InputStream inStream = new FileInputStream(publicKeyLocation);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate publicKey = (X509Certificate)cf.generateCertificate(inStream);
inStream.close();
// create private key
RandomAccessFile raf = new RandomAccessFile(privateKeyLocation, "r");
byte[] buf = new byte[(int)raf.length()];
raf.readFully(buf);
raf.close();
PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(buf);
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey privateKey = kf.generatePrivate(kspec);
// create credential and initialize
BasicX509Credential credential = new BasicX509Credential();
credential.setEntityCertificate(publicKey);
credential.setPrivateKey(privateKey);
return credential;
}
}
