org.opensaml.security.credential.UsageType Java Examples

The following examples show how to use org.opensaml.security.credential.UsageType. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SamlClient.java    From saml-client with MIT License 6 votes vote down vote up 
private static List<X509Certificate> getCertificates(IDPSSODescriptor idpSsoDescriptor)
    throws SamlException {

  List<X509Certificate> certificates;

  try {
    certificates =
        idpSsoDescriptor
            .getKeyDescriptors()
            .stream()
            .filter(x -> x.getUse() == UsageType.SIGNING)
            .flatMap(SamlClient::getDatasWithCertificates)
            .map(SamlClient::getFirstCertificate)
            .collect(Collectors.toList());

  } catch (Exception e) {
    throw new SamlException("Exception in getCertificates", e);
  }

  return certificates;
}
Example #2
Source File: Saml2SettingsProvider.java    From deprecated-security-advanced-modules with Apache License 2.0 5 votes vote down vote up 
private void initIdpCerts(IDPSSODescriptor idpSsoDescriptor, HashMap<String, Object> configProperties) {
    int i = 0;

    for (KeyDescriptor keyDescriptor : idpSsoDescriptor.getKeyDescriptors()) {
        if (UsageType.SIGNING.equals(keyDescriptor.getUse())
                || UsageType.UNSPECIFIED.equals(keyDescriptor.getUse())) {
            for (X509Data x509data : keyDescriptor.getKeyInfo().getX509Datas()) {
                for (X509Certificate x509Certificate : x509data.getX509Certificates()) {
                    configProperties.put(SettingsBuilder.IDP_X509CERTMULTI_PROPERTY_KEY + "." + (i++),
                            x509Certificate.getValue());
                }
            }
        }
    }
}
Example #3
Source File: MockSamlIdpServer.java    From deprecated-security-advanced-modules with Apache License 2.0 4 votes vote down vote up 
private String createMetadata() {
    try {
        EntityDescriptor idpEntityDescriptor = createSamlElement(EntityDescriptor.class);
        idpEntityDescriptor.setEntityID(idpEntityId);

        IDPSSODescriptor idpSsoDescriptor = createSamlElement(IDPSSODescriptor.class);
        idpEntityDescriptor.getRoleDescriptors().add(idpSsoDescriptor);

        idpSsoDescriptor.setWantAuthnRequestsSigned(wantAuthnRequestsSigned);
        idpSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);

        SingleLogoutService redirectSingleLogoutService = createSamlElement(SingleLogoutService.class);
        idpSsoDescriptor.getSingleLogoutServices().add(redirectSingleLogoutService);

        redirectSingleLogoutService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        redirectSingleLogoutService.setLocation(getSamlSloUri());

        idpSsoDescriptor.getNameIDFormats()
                .add(createNameIDFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"));

        SingleSignOnService redirectSingleSignOnService = createSamlElement(SingleSignOnService.class);
        idpSsoDescriptor.getSingleSignOnServices().add(redirectSingleSignOnService);

        redirectSingleSignOnService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        redirectSingleSignOnService.setLocation(getSamlSsoUri());

        X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        keyInfoGeneratorFactory.setEmitEntityCertificate(true);
        KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance();

        KeyDescriptor signingKeyDescriptor = createSamlElement(KeyDescriptor.class);
        idpSsoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);

        signingKeyDescriptor.setUse(UsageType.SIGNING);

        signingKeyDescriptor
                .setKeyInfo(keyInfoGenerator.generate(new BasicX509Credential(this.signingCertificate)));

        return marshallSamlXml(idpEntityDescriptor);
    } catch (org.opensaml.security.SecurityException e) {
        throw new RuntimeException(e);
    }
}
Example #4
Source File: X509CredentialImpl.java    From carbon-identity-framework with Apache License 2.0 4 votes vote down vote up 
public UsageType getUsageType() {
    // TODO Auto-generated method stub
    return null;
}
Example #5
Source File: SamlMetadataServiceFunction.java    From armeria with Apache License 2.0 4 votes vote down vote up 
private EntityDescriptor buildMetadataEntityDescriptorElement(
        String defaultHostname, SamlPortConfig portConfig) {
    final EntityDescriptor entityDescriptor = build(EntityDescriptor.DEFAULT_ELEMENT_NAME);
    entityDescriptor.setEntityID(entityId);

    final SPSSODescriptor spSsoDescriptor = build(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
    spSsoDescriptor.setAuthnRequestsSigned(true);
    spSsoDescriptor.setWantAssertionsSigned(true);
    spSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);

    final List<String> nameIdFormats = idpConfigs.values().stream()
                                                 .map(p -> p.nameIdPolicy().format())
                                                 .distinct()
                                                 .map(SamlNameIdFormat::urn)
                                                 .collect(Collectors.toList());
    spSsoDescriptor.getNameIDFormats().addAll(buildNameIdFormatElements(nameIdFormats));

    final List<SingleLogoutService> sloList = spSsoDescriptor.getSingleLogoutServices();
    singleLogoutEndpoints.forEach(endpoint -> {
        final SingleLogoutService slo = build(SingleLogoutService.DEFAULT_ELEMENT_NAME);
        slo.setBinding(endpoint.bindingProtocol().urn());
        slo.setLocation(endpoint.toUriString(portConfig.scheme().uriText(),
                                             defaultHostname,
                                             portConfig.port()));
        sloList.add(slo);
    });

    int acsIndex = 0;
    final List<AssertionConsumerService> services = spSsoDescriptor.getAssertionConsumerServices();
    for (final SamlAssertionConsumerConfig acs : assertionConsumerConfigs) {
        services.add(buildAssertionConsumerServiceElement(acs, portConfig, defaultHostname, acsIndex++));
    }

    final X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
    keyInfoGeneratorFactory.setEmitEntityCertificate(true);
    keyInfoGeneratorFactory.setEmitEntityCertificateChain(true);
    final KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance();

    try {
        spSsoDescriptor.getKeyDescriptors().add(
                buildKeyDescriptorElement(UsageType.SIGNING,
                                          keyInfoGenerator.generate(signingCredential)));
        spSsoDescriptor.getKeyDescriptors().add(
                buildKeyDescriptorElement(UsageType.ENCRYPTION,
                                          keyInfoGenerator.generate(encryptionCredential)));
    } catch (SecurityException e) {
        throw new SamlException("failed to generate KeyInfo element", e);
    }

    entityDescriptor.getRoleDescriptors().add(spSsoDescriptor);
    return entityDescriptor;
}
Example #6
Source File: SamlMetadataServiceFunction.java    From armeria with Apache License 2.0 4 votes vote down vote up 
private static KeyDescriptor buildKeyDescriptorElement(UsageType type, @Nullable KeyInfo key) {
    final KeyDescriptor descriptor = build(KeyDescriptor.DEFAULT_ELEMENT_NAME);
    descriptor.setUse(type);
    descriptor.setKeyInfo(key);
    return descriptor;
}
Example #7
Source File: X509CredentialImpl.java    From carbon-apimgt with Apache License 2.0 4 votes vote down vote up 
public UsageType getUsageType() {
       // TODO Auto-generated method stub
	return null;
}