Java Code Examples for org.opensaml.xml.signature.Signature#setKeyInfo()

The following examples show how to use org.opensaml.xml.signature.Signature#setKeyInfo() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SAML2TokenBuilder.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
@Override
public void setSignature(String signatureAlgorithm, X509Credential cred) throws IdentityProviderException {
    Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
    signature.setSigningCredential(cred);
    signature.setSignatureAlgorithm(signatureAlgorithm);
    signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

    try {
        KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
        X509Certificate cert = (X509Certificate) buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
        String value = Base64.encode(cred.getEntityCertificate().getEncoded());
        cert.setValue(value);
        data.getX509Certificates().add(cert);
        keyInfo.getX509Datas().add(data);
        signature.setKeyInfo(keyInfo);
    } catch (CertificateEncodingException e) {
        log.error("Failed to get encoded certificate", e);
        throw new IdentityProviderException("Error while getting encoded certificate");
    }

    assertion.setSignature(signature);
    signatureList.add(signature);
}
 
Example 2
Source File: SAML1TokenBuilder.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
@Override
public void setSignature(String signatureAlgorithm, X509Credential cred) throws IdentityProviderException {
    Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
    signature.setSigningCredential(cred);
    signature.setSignatureAlgorithm(signatureAlgorithm);
    signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

    try {
        KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
        X509Certificate cert = (X509Certificate) buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
        String value = Base64.encode(cred.getEntityCertificate().getEncoded());
        cert.setValue(value);
        data.getX509Certificates().add(cert);
        keyInfo.getX509Datas().add(data);
        signature.setKeyInfo(keyInfo);
    } catch (CertificateEncodingException e) {
        log.error("Error while getting the encoded certificate", e);
        throw new IdentityProviderException("Error while getting the encoded certificate");
    }

    assertion.setSignature(signature);
    signatureList.add(signature);
}
 
Example 3
Source File: SSOAgentUtils.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
private static Signature setSignatureRaw(String signatureAlgorithm, X509Credential cred) throws SSOAgentException {
    Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
    signature.setSigningCredential(cred);
    signature.setSignatureAlgorithm(signatureAlgorithm);
    signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

    try {
        KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
        org.opensaml.xml.signature.X509Certificate cert =
                (org.opensaml.xml.signature.X509Certificate) buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
        String value =
                org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded());
        cert.setValue(value);
        data.getX509Certificates().add(cert);
        keyInfo.getX509Datas().add(data);
        signature.setKeyInfo(keyInfo);
        return signature;

    } catch (CertificateEncodingException e) {
        throw new SSOAgentException("Error getting certificate", e);
    }
}
 
Example 4
Source File: SecurityHelper.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Prepare a {@link Signature} with necessary additional information prior to signing.
 * 
 * <p>
 * <strong>NOTE:</strong>Since this operation modifies the specified Signature object, it should be called
 * <strong>prior</strong> to marshalling the Signature object.
 * </p>
 * 
 * <p>
 * The following Signature values will be added:
 * <ul>
 * <li>signature algorithm URI</li>
 * <li>canonicalization algorithm URI</li>
 * <li>HMAC output length (if applicable and a value is configured)</li>
 * <li>a {@link KeyInfo} element representing the signing credential</li>
 * </ul>
 * </p>
 * 
 * <p>
 * Existing (non-null) values of these parameters on the specified signature will <strong>NOT</strong> be
 * overwritten, however.
 * </p>
 * 
 * <p>
 * All values are determined by the specified {@link SecurityConfiguration}. If a security configuration is not
 * supplied, the global security configuration ({@link Configuration#getGlobalSecurityConfiguration()}) will be
 * used.
 * </p>
 * 
 * <p>
 * The signature algorithm URI and optional HMAC output length are derived from the signing credential.
 * </p>
 * 
 * <p>
 * The KeyInfo to be generated is based on the {@link NamedKeyInfoGeneratorManager} defined in the security
 * configuration, and is determined by the type of the signing credential and an optional KeyInfo generator manager
 * name. If the latter is ommited, the default manager ({@link NamedKeyInfoGeneratorManager#getDefaultManager()})
 * of the security configuration's named generator manager will be used.
 * </p>
 * 
 * @param signature the Signature to be updated
 * @param signingCredential the credential with which the Signature will be computed
 * @param config the SecurityConfiguration to use (may be null)
 * @param keyInfoGenName the named KeyInfoGeneratorManager configuration to use (may be null)
 * @throws SecurityException thrown if there is an error generating the KeyInfo from the signing credential
 */
public static void prepareSignatureParams(Signature signature, Credential signingCredential,
        SecurityConfiguration config, String keyInfoGenName) throws SecurityException {
    Logger log = getLogger();

    SecurityConfiguration secConfig;
    if (config != null) {
        secConfig = config;
    } else {
        secConfig = Configuration.getGlobalSecurityConfiguration();
    }

    // The algorithm URI is derived from the credential
    String signAlgo = signature.getSignatureAlgorithm();
    if (signAlgo == null) {
        signAlgo = secConfig.getSignatureAlgorithmURI(signingCredential);
        signature.setSignatureAlgorithm(signAlgo);
    }

    // If we're doing HMAC, set the output length
    if (SecurityHelper.isHMAC(signAlgo)) {
        if (signature.getHMACOutputLength() == null) {
            signature.setHMACOutputLength(secConfig.getSignatureHMACOutputLength());
        }
    }

    if (signature.getCanonicalizationAlgorithm() == null) {
        signature.setCanonicalizationAlgorithm(secConfig.getSignatureCanonicalizationAlgorithm());
    }

    if (signature.getKeyInfo() == null) {
        KeyInfoGenerator kiGenerator = getKeyInfoGenerator(signingCredential, secConfig, keyInfoGenName);
        if (kiGenerator != null) {
            try {
                KeyInfo keyInfo = kiGenerator.generate(signingCredential);
                signature.setKeyInfo(keyInfo);
            } catch (SecurityException e) {
                log.error("Error generating KeyInfo from credential", e);
                throw e;
            }
        } else {
            log.info("No factory for named KeyInfoGenerator {} was found for credential type {}", keyInfoGenName,
                    signingCredential.getCredentialType().getName());
            log.info("No KeyInfo will be generated for Signature");
        }
    }
}