org.opensaml.xml.security.x509.BasicX509Credential Java Examples

The following examples show how to use org.opensaml.xml.security.x509.BasicX509Credential. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KeyStoreCredentialResolver.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Build an X509Credential from a keystore trusted certificate entry.
 * 
 * @param trustedCertEntry the entry being processed
 * @param entityID the entityID to set
 * @param usage the usage type to set
 * @return new X509Credential instance
 */
protected X509Credential processTrustedCertificateEntry(KeyStore.TrustedCertificateEntry trustedCertEntry,
        String entityID, UsageType usage) {

    log.debug("Processing TrustedCertificateEntry from keystore");

    BasicX509Credential credential = new BasicX509Credential();
    credential.setEntityId(entityID);
    credential.setUsageType(usage);

    X509Certificate cert = (X509Certificate) trustedCertEntry.getTrustedCertificate();

    credential.setEntityCertificate(cert);

    ArrayList<X509Certificate> certChain = new ArrayList<X509Certificate>();
    certChain.add(cert);
    credential.setEntityCertificateChain(certChain);

    return credential;
}
 
Example #2
Source File: KeyStoreCredentialResolver.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Build an X509Credential from a keystore private key entry.
 * 
 * @param privateKeyEntry the entry being processed
 * @param entityID the entityID to set
 * @param usage the usage type to set
 * @return new X509Credential instance
 */
protected X509Credential processPrivateKeyEntry(KeyStore.PrivateKeyEntry privateKeyEntry, String entityID,
        UsageType usage) {

    log.debug("Processing PrivateKeyEntry from keystore");

    BasicX509Credential credential = new BasicX509Credential();
    credential.setEntityId(entityID);
    credential.setUsageType(usage);

    credential.setPrivateKey(privateKeyEntry.getPrivateKey());

    credential.setEntityCertificate((X509Certificate) privateKeyEntry.getCertificate());
    credential.setEntityCertificateChain(Arrays.asList((X509Certificate[]) privateKeyEntry.getCertificateChain()));

    return credential;
}
 
Example #3
Source File: WSXACMLMessageReceiver.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
/**
 * Create basic credentials needed to generate signature using EntitlementServiceComponent
 *
 * @return basicX509Credential
 */
private static BasicX509Credential createBasicCredentials() {

    Certificate certificate = null;
    PrivateKey issuerPK = null;

    KeyStoreManager keyMan = KeyStoreManager.getInstance(-1234);

    try {
        certificate = keyMan.getDefaultPrimaryCertificate();
        issuerPK = keyMan.getDefaultPrivateKey();
    } catch (Exception e) {
        log.error("Error occurred while getting the KeyStore from KeyManger.", e);
    }

    BasicX509Credential basicCredential = new BasicX509Credential();
    basicCredential.setEntityCertificate((java.security.cert.X509Certificate) certificate);
    basicCredential.setPrivateKey(issuerPK);

    return basicCredential;
}
 
Example #4
Source File: CertManager.java    From saml-generator with Apache License 2.0 6 votes vote down vote up
/**
 * gets credential used to sign saml assertionts that are produced. This method
 * assumes the cert and pkcs formatted primary key are on file system. this data
 * could be stored elsewhere e.g keystore
 * 
 * a credential is used to sign saml response, and includes the private key
 * as well as a cert for the public key
 * 
 * @return
 * @throws Throwable
 */
public Credential getSigningCredential(String publicKeyLocation, String privateKeyLocation) throws Throwable {
	// create public key (cert) portion of credential
	InputStream inStream = new FileInputStream(publicKeyLocation);
	CertificateFactory cf = CertificateFactory.getInstance("X.509");
	X509Certificate publicKey = (X509Certificate)cf.generateCertificate(inStream);
	inStream.close();
	    
	// create private key
	RandomAccessFile raf = new RandomAccessFile(privateKeyLocation, "r");
	byte[] buf = new byte[(int)raf.length()];
	raf.readFully(buf);
	raf.close();
	
	PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(buf);
	KeyFactory kf = KeyFactory.getInstance("RSA");
	PrivateKey privateKey = kf.generatePrivate(kspec);
	
	// create credential and initialize
	BasicX509Credential credential = new BasicX509Credential();
	credential.setEntityCertificate(publicKey);
	credential.setPrivateKey(privateKey);
	
	return credential;
}
 
Example #5
Source File: SamlHelper.java    From secure-data-service with Apache License 2.0 6 votes vote down vote up
protected Assertion decryptAssertion(EncryptedAssertion encryptedAssertion, KeyStore.PrivateKeyEntry keystoreEntry) {
    BasicX509Credential decryptionCredential = new BasicX509Credential();

    decryptionCredential.setPrivateKey(keystoreEntry.getPrivateKey());

    StaticKeyInfoCredentialResolver resolver = new StaticKeyInfoCredentialResolver(decryptionCredential);

    ChainingEncryptedKeyResolver keyResolver = new ChainingEncryptedKeyResolver();
    keyResolver.getResolverChain().add(new InlineEncryptedKeyResolver());
    keyResolver.getResolverChain().add(new EncryptedElementTypeEncryptedKeyResolver());
    keyResolver.getResolverChain().add(new SimpleRetrievalMethodEncryptedKeyResolver());

    Decrypter decrypter = new Decrypter(null, resolver, keyResolver);
    decrypter.setRootInNewDocument(true);
    Assertion assertion = null;
    try {
        assertion = decrypter.decrypt(encryptedAssertion);
    } catch (DecryptionException e) {
        raiseSamlValidationError("Unable to decrypt SAML assertion", null);
    }
    return assertion;
}
 
Example #6
Source File: SecurityHelper.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Get a simple, minimal credential containing an end-entity X.509 certificate, and optionally a private key.
 * 
 * @param cert the end-entity certificate to wrap
 * @param privateKey the private key to wrap, which may be null
 * @return a credential containing the certificate and key specified
 */
public static BasicX509Credential getSimpleCredential(X509Certificate cert, PrivateKey privateKey) {
    if (cert == null) {
        throw new IllegalArgumentException("A certificate is required");
    }
    BasicX509Credential cred = new BasicX509Credential();
    cred.setEntityCertificate(cert);
    cred.setPrivateKey(privateKey);
    return cred;
}
 
Example #7
Source File: WsFederationConfiguration.java    From MaxKey with Apache License 2.0 5 votes vote down vote up
/**
 * sets the signing certs.
 *
 * @param signingCertificateFiles a list of certificate files to read in.
 */
public void setSigningCertificates(final List<Resource> signingCertificateFiles) {
    this.signingCertificates = signingCertificateFiles;

    final List<BasicX509Credential> signingCerts = new ArrayList<BasicX509Credential>();

    for (Resource file : signingCertificateFiles) {
        signingCerts.add(WsFederationUtils.getSigningCredential(file));
    }

    this.signingWallet = signingCerts;
}
 
Example #8
Source File: SamlHelper.java    From secure-data-service with Apache License 2.0 5 votes vote down vote up
private Credential initializeCredentialsFromKeystore(KeyStore.PrivateKeyEntry keystoreEntry) {
    BasicX509Credential signingCredential = new BasicX509Credential();

    PrivateKey pk = keystoreEntry.getPrivateKey();
    X509Certificate certificate = (X509Certificate) keystoreEntry.getCertificate();

    signingCredential.setEntityCertificate(certificate);
    signingCredential.setPrivateKey(pk);

    return signingCredential;
}
 
Example #9
Source File: WsFederationConfiguration.java    From MaxKey with Apache License 2.0 4 votes vote down vote up
public List<BasicX509Credential> getSigningWallet() {
	return signingWallet;
}
 
Example #10
Source File: WsFederationConfiguration.java    From MaxKey with Apache License 2.0 4 votes vote down vote up
public void setSigningWallet(List<BasicX509Credential> signingWallet) {
	this.signingWallet = signingWallet;
}
 
Example #11
Source File: WsFederationConfiguration.java    From MaxKey with Apache License 2.0 2 votes vote down vote up
/**
 * gets the signing certificates.
 *
 * @return X509credentials of the signing certs
 */
public List<BasicX509Credential> getSigningCertificates() {
    return this.signingWallet;
}