org.opensaml.xml.signature.X509Certificate Java Examples

The following examples show how to use org.opensaml.xml.signature.X509Certificate. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/** Process the value of {@link X509Credential#getEntityCertificate()}.
 * 
 * @param keyInfo the KeyInfo that is being built
 * @param x509Data the X509Data that is being built
 * @param credential the Credential that is being processed
 * @throws SecurityException thrown if the certificate data can not be encoded from the Java certificate object
 */
protected void processEntityCertificate(KeyInfo keyInfo, X509Data x509Data, X509Credential credential) 
        throws SecurityException {
    
    if (credential.getEntityCertificate() == null) {
        return;
    }
    
    java.security.cert.X509Certificate javaCert = credential.getEntityCertificate();
    
    processCertX509DataOptions(x509Data, javaCert);
    processCertKeyNameOptions(keyInfo, javaCert);
    
    // The cert chain includes the entity cert, so don't add a duplicate
    if (options.emitEntityCertificate && ! options.emitEntityCertificateChain) {
        try {
            X509Certificate xmlCert = KeyInfoHelper.buildX509Certificate(javaCert);
            x509Data.getX509Certificates().add(xmlCert);
        } catch (CertificateEncodingException e) {
            throw new SecurityException("Error generating X509Certificate element " 
                    + "from credential's end-entity certificate", e);
        }
    }
    
}
 
Example #2
Source File: WSXACMLMessageReceiver.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
/**
 * get a org.wso2.carbon.identity.entitlement.wsxacml.X509CredentialImpl using RegistryService
 *
 * @return created X509Credential
 */
private X509CredentialImpl getPublicX509CredentialImpl() throws Exception {

    X509CredentialImpl credentialImpl;
    KeyStoreManager keyStoreManager;
    try {
        keyStoreManager = KeyStoreManager.getInstance(-1234);
        // load the default pub. cert using the configuration in carbon.xml
        java.security.cert.X509Certificate cert = keyStoreManager.getDefaultPrimaryCertificate();
        credentialImpl = new X509CredentialImpl(cert);
        return credentialImpl;
    } catch (Exception e) {
        log.error("Error instantiating an org.wso2.carbon.identity.entitlement.wsxacml.X509CredentialImpl " +
                "object for the public cert.", e);
        throw new Exception("Error instantiating an org.wso2.carbon.identity.entitlement.wsxacml.X509CredentialImpl " +
                "object for the public cert.", e);
    }
}
 
Example #3
Source File: WSXACMLMessageReceiver.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
/**
 * Create basic credentials needed to generate signature using EntitlementServiceComponent
 *
 * @return basicX509Credential
 */
private static BasicX509Credential createBasicCredentials() {

    Certificate certificate = null;
    PrivateKey issuerPK = null;

    KeyStoreManager keyMan = KeyStoreManager.getInstance(-1234);

    try {
        certificate = keyMan.getDefaultPrimaryCertificate();
        issuerPK = keyMan.getDefaultPrivateKey();
    } catch (Exception e) {
        log.error("Error occurred while getting the KeyStore from KeyManger.", e);
    }

    BasicX509Credential basicCredential = new BasicX509Credential();
    basicCredential.setEntityCertificate((java.security.cert.X509Certificate) certificate);
    basicCredential.setPrivateKey(issuerPK);

    return basicCredential;
}
 
Example #4
Source File: SAML1TokenBuilder.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
@Override
public void setSignature(String signatureAlgorithm, X509Credential cred) throws IdentityProviderException {
    Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
    signature.setSigningCredential(cred);
    signature.setSignatureAlgorithm(signatureAlgorithm);
    signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

    try {
        KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
        X509Certificate cert = (X509Certificate) buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
        String value = Base64.encode(cred.getEntityCertificate().getEncoded());
        cert.setValue(value);
        data.getX509Certificates().add(cert);
        keyInfo.getX509Datas().add(data);
        signature.setKeyInfo(keyInfo);
    } catch (CertificateEncodingException e) {
        log.error("Error while getting the encoded certificate", e);
        throw new IdentityProviderException("Error while getting the encoded certificate");
    }

    assertion.setSignature(signature);
    signatureList.add(signature);
}
 
Example #5
Source File: SAML2TokenBuilder.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
@Override
public void setSignature(String signatureAlgorithm, X509Credential cred) throws IdentityProviderException {
    Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
    signature.setSigningCredential(cred);
    signature.setSignatureAlgorithm(signatureAlgorithm);
    signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

    try {
        KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
        X509Certificate cert = (X509Certificate) buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
        String value = Base64.encode(cred.getEntityCertificate().getEncoded());
        cert.setValue(value);
        data.getX509Certificates().add(cert);
        keyInfo.getX509Datas().add(data);
        signature.setKeyInfo(keyInfo);
    } catch (CertificateEncodingException e) {
        log.error("Failed to get encoded certificate", e);
        throw new IdentityProviderException("Error while getting encoded certificate");
    }

    assertion.setSignature(signature);
    signatureList.add(signature);
}
 
Example #6
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/** Process the value of {@link X509Credential#getEntityCertificateChain()}.
 * 
 * @param keyInfo the KeyInfo that is being built
 * @param x509Data the X509Data that is being built
 * @param credential the Credential that is being processed
 * @throws SecurityException thrown if the certificate data can not be encoded from the Java certificate object
 */
protected void processEntityCertificateChain(KeyInfo keyInfo, X509Data x509Data, X509Credential credential) 
        throws SecurityException {
    
    if (options.emitEntityCertificateChain && credential.getEntityCertificateChain() != null) {
        for (java.security.cert.X509Certificate javaCert : credential.getEntityCertificateChain()) {
            try {
                X509Certificate xmlCert = KeyInfoHelper.buildX509Certificate(javaCert);
                x509Data.getX509Certificates().add(xmlCert);
            } catch (CertificateEncodingException e) {
                throw new SecurityException("Error generating X509Certificate element " 
                        + "from a certificate in credential's certificate chain", e);
            }
        }
    }
}
 
Example #7
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Process the options related to generation of KeyName elements based on subject
 * alternative name information within the certificate data.
 * 
 * @param keyInfo the KeyInfo element being processed.
 * @param cert the certificate being processed
 */
protected void processSubjectAltNameKeyNames(KeyInfo keyInfo, java.security.cert.X509Certificate cert) {
    if (options.emitSubjectAltNamesAsKeyNames && options.subjectAltNames.size() > 0) {
        Integer[] nameTypes = new Integer[ options.subjectAltNames.size() ];
        options.subjectAltNames.toArray(nameTypes);
        for (Object altNameValue : X509Util.getAltNames(cert, nameTypes)) {
            // Each returned value should either be a String or a DER-encoded byte array.
            // See X509Certificate#getSubjectAlternativeNames for the type rules.
            if (altNameValue instanceof String) {
                KeyInfoHelper.addKeyName(keyInfo, (String) altNameValue);
            } else if (altNameValue instanceof byte[]){
                log.warn("Certificate contained an alt name value as a DER-encoded byte[] (not supported)");
            } else {
                log.warn("Certificate contained an alt name value with an unexpected type: {}",
                        altNameValue.getClass().getName());
            }
        }
    }
}
 
Example #8
Source File: WSXACMLEntitlementServiceClient.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * get public X509Credentials using the configured basic credentials
 *
 * @return X509Credential implementation
 */
private X509CredentialImpl getPublicX509CredentialImpl() throws EntitlementProxyException {

    X509CredentialImpl credentialImpl = null;
    // load the default public cert using the configuration in carbon.xml
    java.security.cert.X509Certificate cert = createBasicCredentials().getEntityCertificate();
    credentialImpl = new X509CredentialImpl(cert);
    return credentialImpl;

}
 
Example #9
Source File: WSXACMLEntitlementServiceClient.java    From micro-integrator with Apache License 2.0 5 votes vote down vote up
/**
 * get public X509Credentials using the configured basic credentials
 *
 * @return X509Credential implementation
 */
private X509CredentialImpl getPublicX509CredentialImpl() throws EntitlementProxyException {

    X509CredentialImpl credentialImpl = null;
    // load the default public cert using the configuration in carbon.xml
    java.security.cert.X509Certificate cert = createBasicCredentials().getEntityCertificate();
    credentialImpl = new X509CredentialImpl(cert);
    return credentialImpl;

}
 
Example #10
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Process the options related to generation of KeyName elements based on the
 * the common name field(s) of the certificate's subject DN.
 * 
 * @param keyInfo the KeyInfo element being processed.
 * @param cert the certificate being processed
 */
protected void processSubjectCNKeyName(KeyInfo keyInfo, java.security.cert.X509Certificate cert) {
    if (options.emitSubjectCNAsKeyName) {
        for (String name : X509Util.getCommonNames(cert.getSubjectX500Principal())) {
            if (! DatatypeHelper.isEmpty(name)) {
                KeyInfoHelper.addKeyName(keyInfo, name);
            }
        }
    }
}
 
Example #11
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Process the options related to generation of KeyName elements based on the certificate's
 * subject DN value.
 * 
 * @param keyInfo the KeyInfo element being processed.
 * @param cert the certificate being processed
 */
protected void processSubjectDNKeyName(KeyInfo keyInfo, java.security.cert.X509Certificate cert) {
    if (options.emitSubjectDNAsKeyName) {
        String subjectNameValue = getSubjectName(cert);
        if (! DatatypeHelper.isEmpty(subjectNameValue)) {
           KeyInfoHelper.addKeyName(keyInfo, subjectNameValue); 
        }
    }
}
 
Example #12
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Get issuer name from a certificate, using the currently configured X500DNHandler
 * and issuer DN output format.
 * 
 * @param cert the certificate being processed
 * @return the issuer name
 */
protected String getIssuerName(java.security.cert.X509Certificate cert) {
    if (cert == null) {
        return null;
    }
    if (! DatatypeHelper.isEmpty(options.x500IssuerDNFormat)) {
        return options.x500DNHandler.getName(cert.getIssuerX500Principal(), options.x500IssuerDNFormat);
    } else {
        return options.x500DNHandler.getName(cert.getIssuerX500Principal());
    }
}
 
Example #13
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Get subject name from a certificate, using the currently configured X500DNHandler
 * and subject DN output format.
 * 
 * @param cert the certificate being processed
 * @return the subject name
 */
protected String getSubjectName(java.security.cert.X509Certificate cert) {
    if (cert == null) {
        return null;
    }
    if (! DatatypeHelper.isEmpty(options.x500SubjectDNFormat)) {
        return options.x500DNHandler.getName(cert.getSubjectX500Principal(), options.x500SubjectDNFormat);
    } else {
        return options.x500DNHandler.getName(cert.getSubjectX500Principal());
    }
}
 
Example #14
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Process the options related to generation of the X509SKI child element of X509Data 
 * based on certificate data.
 * 
 * @param x509Data the X509Data element being processed.
 * @param cert the certificate being processed
 */ 
protected void processCertX509SKI(X509Data x509Data, java.security.cert.X509Certificate cert) {
    if (options.emitX509SKI) {
        X509SKI xmlSKI = KeyInfoHelper.buildX509SKI(cert);
        if (xmlSKI != null) {
            x509Data.getX509SKIs().add(xmlSKI);
        }
    }
}
 
Example #15
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Process the options related to generation of the X509IssuerSerial child element of X509Data 
 * based on certificate data.
 * 
 * @param x509Data the X509Data element being processed.
 * @param cert the certificate being processed
 */ 
protected void processCertX509IssuerSerial(X509Data x509Data, java.security.cert.X509Certificate cert) {
    if (options.emitX509IssuerSerial) {
        String issuerNameValue = getIssuerName(cert);
        if (! DatatypeHelper.isEmpty(issuerNameValue)) {
            x509Data.getX509IssuerSerials().add( 
                    KeyInfoHelper.buildX509IssuerSerial(issuerNameValue, cert.getSerialNumber()) );
        }
    }
}
 
Example #16
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Process the options related to generation of the X509SubjectDN child element of X509Data 
 * based on certificate data.
 * 
 * @param x509Data the X509Data element being processed.
 * @param cert the certificate being processed
 */
protected void processCertX509SubjectName(X509Data x509Data, java.security.cert.X509Certificate cert) {
    if (options.emitX509SubjectName) {
        String subjectNameValue = getSubjectName(cert);
        if (! DatatypeHelper.isEmpty(subjectNameValue)) {
            x509Data.getX509SubjectNames().add( KeyInfoHelper.buildX509SubjectName(subjectNameValue));
        }
    }
}
 
Example #17
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Process the options related to generation of child elements of X509Data based on certificate data.
 * 
 * @param x509Data the X509Data element being processed.
 * @param cert the certificate being processed
 */
protected void processCertX509DataOptions(X509Data x509Data, java.security.cert.X509Certificate cert) {
    processCertX509SubjectName(x509Data, cert);
    processCertX509IssuerSerial(x509Data, cert);
    processCertX509SKI(x509Data, cert);
    processCertX509Digest(x509Data, cert);
}
 
Example #18
Source File: X509CertificateBuilder.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public X509Certificate buildObject(String namespaceURI, String localName, String namespacePrefix) {
    return new X509CertificateImpl(namespaceURI, localName, namespacePrefix);
}
 
Example #19
Source File: X509CertificateBuilder.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public X509Certificate buildObject() {
    return buildObject(XMLConstants.XMLSIG_NS, X509Certificate.DEFAULT_ELEMENT_LOCAL_NAME, XMLConstants.XMLSIG_PREFIX);
}
 
Example #20
Source File: X509DataImpl.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public List<X509Certificate> getX509Certificates() {
    return (List<X509Certificate>) this.indexedChildren.subList(X509Certificate.DEFAULT_ELEMENT_NAME);
}
 
Example #21
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 2 votes vote down vote up
/**
 * Process the options related to generation of KeyName elements based on certificate data.
 * 
 * @param keyInfo the KeyInfo element being processed.
 * @param cert the certificate being processed
 */
protected void processCertKeyNameOptions(KeyInfo keyInfo, java.security.cert.X509Certificate cert) {
    processSubjectDNKeyName(keyInfo, cert);
    processSubjectCNKeyName(keyInfo, cert);
    processSubjectAltNameKeyNames(keyInfo, cert);
}