org.opensaml.saml.saml2.metadata.KeyDescriptor Java Examples
The following examples show how to use
org.opensaml.saml.saml2.metadata.KeyDescriptor.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: MockMetadataAggregatorServer.java From verify-service-provider with MIT License | 6 votes |
|
private String buildTestCountryEntityDescriptor(String countryEntityId) throws Exception {
KeyDescriptor signingKeyDescriptor = KeyDescriptorBuilder.aKeyDescriptor()
.withX509ForSigning(STUB_COUNTRY_PUBLIC_PRIMARY_CERT)
.build();
IDPSSODescriptor idpSsoDescriptor = IdpSsoDescriptorBuilder.anIdpSsoDescriptor()
.withoutDefaultSigningKey()
.addKeyDescriptor(signingKeyDescriptor)
.build();
Signature signature = SignatureBuilder.aSignature()
.withSigningCredential(new TestCredentialFactory(METADATA_SIGNING_A_PUBLIC_CERT, METADATA_SIGNING_A_PRIVATE_KEY).getSigningCredential())
.withX509Data(METADATA_SIGNING_A_PUBLIC_CERT)
.build();
EntityDescriptor entityDescriptor = EntityDescriptorBuilder.anEntityDescriptor()
.withEntityId(countryEntityId)
.withIdpSsoDescriptor(idpSsoDescriptor)
.setAddDefaultSpServiceDescriptor(false)
.withValidUntil(DateTime.now().plusWeeks(2))
.withSignature(signature)
.build();
String s = new MetadataFactory().singleEntityMetadata(entityDescriptor);
return s;
}
Example #2
| Source File: Saml2SettingsProvider.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
private void initIdpCerts(IDPSSODescriptor idpSsoDescriptor, HashMap<String, Object> configProperties) {
int i = 0;
for (KeyDescriptor keyDescriptor : idpSsoDescriptor.getKeyDescriptors()) {
if (UsageType.SIGNING.equals(keyDescriptor.getUse())
|| UsageType.UNSPECIFIED.equals(keyDescriptor.getUse())) {
for (X509Data x509data : keyDescriptor.getKeyInfo().getX509Datas()) {
for (X509Certificate x509Certificate : x509data.getX509Certificates()) {
configProperties.put(SettingsBuilder.IDP_X509CERTMULTI_PROPERTY_KEY + "." + (i++),
x509Certificate.getValue());
}
}
}
}
}
Example #3
| Source File: SamlClient.java From saml-client with MIT License | 5 votes |
|
private static Stream<X509Data> getDatasWithCertificates(KeyDescriptor descriptor) {
return descriptor
.getKeyInfo()
.getX509Datas()
.stream()
.filter(d -> d.getX509Certificates().size() > 0);
}
Example #4
| Source File: SamlServiceProviderTest.java From armeria with Apache License 2.0 | 5 votes |
|
@Test
public void shouldRespondMetadataWithoutAuthentication() throws Exception {
final AggregatedHttpResponse resp = client.get("/saml/metadata").aggregate().join();
assertThat(resp.status()).isEqualTo(HttpStatus.OK);
assertThat(resp.contentType()).isEqualTo(CONTENT_TYPE_SAML_METADATA);
final EntityDescriptor metadata =
(EntityDescriptor) deserialize(resp.contentUtf8().getBytes());
assertThat(metadata).isNotNull();
final SPSSODescriptor sp = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
assertThat(sp.isAuthnRequestsSigned()).isTrue();
assertThat(sp.getWantAssertionsSigned()).isTrue();
final List<KeyDescriptor> kd = sp.getKeyDescriptors();
assertThat(kd.get(0).getUse().name()).isEqualToIgnoringCase("signing");
assertThat(kd.get(1).getUse().name()).isEqualToIgnoringCase("encryption");
final List<SingleLogoutService> slo = sp.getSingleLogoutServices();
assertThat(slo.get(0).getLocation())
.isEqualTo("http://" + spHostname + ':' + rule.httpPort() + "/saml/slo/post");
assertThat(slo.get(0).getBinding()).isEqualTo(SAMLConstants.SAML2_POST_BINDING_URI);
assertThat(slo.get(1).getLocation())
.isEqualTo("http://" + spHostname + ':' + rule.httpPort() + "/saml/slo/redirect");
assertThat(slo.get(1).getBinding()).isEqualTo(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
final List<AssertionConsumerService> acs = sp.getAssertionConsumerServices();
// index 0 (default)
assertThat(acs.get(0).getIndex()).isEqualTo(0);
assertThat(acs.get(0).isDefault()).isTrue();
assertThat(acs.get(0).getLocation())
.isEqualTo("http://" + spHostname + ':' + rule.httpPort() + "/saml/acs/post");
assertThat(acs.get(0).getBinding()).isEqualTo(SAMLConstants.SAML2_POST_BINDING_URI);
// index 1
assertThat(acs.get(1).getIndex()).isEqualTo(1);
assertThat(acs.get(1).isDefault()).isFalse();
assertThat(acs.get(1).getLocation())
.isEqualTo("http://" + spHostname + ':' + rule.httpPort() + "/saml/acs/redirect");
assertThat(acs.get(1).getBinding()).isEqualTo(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
}
Example #5
| Source File: MockSamlIdpServer.java From deprecated-security-advanced-modules with Apache License 2.0 | 4 votes |
|
private String createMetadata() {
try {
EntityDescriptor idpEntityDescriptor = createSamlElement(EntityDescriptor.class);
idpEntityDescriptor.setEntityID(idpEntityId);
IDPSSODescriptor idpSsoDescriptor = createSamlElement(IDPSSODescriptor.class);
idpEntityDescriptor.getRoleDescriptors().add(idpSsoDescriptor);
idpSsoDescriptor.setWantAuthnRequestsSigned(wantAuthnRequestsSigned);
idpSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
SingleLogoutService redirectSingleLogoutService = createSamlElement(SingleLogoutService.class);
idpSsoDescriptor.getSingleLogoutServices().add(redirectSingleLogoutService);
redirectSingleLogoutService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
redirectSingleLogoutService.setLocation(getSamlSloUri());
idpSsoDescriptor.getNameIDFormats()
.add(createNameIDFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"));
SingleSignOnService redirectSingleSignOnService = createSamlElement(SingleSignOnService.class);
idpSsoDescriptor.getSingleSignOnServices().add(redirectSingleSignOnService);
redirectSingleSignOnService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
redirectSingleSignOnService.setLocation(getSamlSsoUri());
X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
keyInfoGeneratorFactory.setEmitEntityCertificate(true);
KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance();
KeyDescriptor signingKeyDescriptor = createSamlElement(KeyDescriptor.class);
idpSsoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);
signingKeyDescriptor.setUse(UsageType.SIGNING);
signingKeyDescriptor
.setKeyInfo(keyInfoGenerator.generate(new BasicX509Credential(this.signingCertificate)));
return marshallSamlXml(idpEntityDescriptor);
} catch (org.opensaml.security.SecurityException e) {
throw new RuntimeException(e);
}
}
Example #6
| Source File: SamlMetadataServiceFunction.java From armeria with Apache License 2.0 | 4 votes |
|
private static KeyDescriptor buildKeyDescriptorElement(UsageType type, @Nullable KeyInfo key) {
final KeyDescriptor descriptor = build(KeyDescriptor.DEFAULT_ELEMENT_NAME);
descriptor.setUse(type);
descriptor.setKeyInfo(key);
return descriptor;
}
Example #7
| Source File: SAML2SPLogic.java From syncope with Apache License 2.0 | 4 votes |
|
@PreAuthorize("isAuthenticated()")
public void getMetadata(final String spEntityID, final String urlContext, final OutputStream os) {
check();
try {
EntityDescriptor spEntityDescriptor = new EntityDescriptorBuilder().buildObject();
spEntityDescriptor.setEntityID(spEntityID);
SPSSODescriptor spSSODescriptor = new SPSSODescriptorBuilder().buildObject();
spSSODescriptor.setWantAssertionsSigned(true);
spSSODescriptor.setAuthnRequestsSigned(true);
spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
keyInfoGeneratorFactory.setEmitEntityCertificate(true);
KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance();
keyInfoGenerator.generate(loader.getCredential());
KeyDescriptor keyDescriptor = new KeyDescriptorBuilder().buildObject();
keyDescriptor.setKeyInfo(keyInfoGenerator.generate(loader.getCredential()));
spSSODescriptor.getKeyDescriptors().add(keyDescriptor);
NameIDFormat nameIDFormat = new NameIDFormatBuilder().buildObject();
nameIDFormat.setFormat(NameIDType.PERSISTENT);
spSSODescriptor.getNameIDFormats().add(nameIDFormat);
nameIDFormat = new NameIDFormatBuilder().buildObject();
nameIDFormat.setFormat(NameIDType.TRANSIENT);
spSSODescriptor.getNameIDFormats().add(nameIDFormat);
for (SAML2BindingType bindingType : SAML2BindingType.values()) {
AssertionConsumerService assertionConsumerService = new AssertionConsumerServiceBuilder().buildObject();
assertionConsumerService.setIndex(bindingType.ordinal());
assertionConsumerService.setBinding(bindingType.getUri());
assertionConsumerService.setLocation(getAssertionConsumerURL(spEntityID, urlContext));
spSSODescriptor.getAssertionConsumerServices().add(assertionConsumerService);
spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
String sloUrl = spEntityID + urlContext + "/logout";
validateUrl(sloUrl);
SingleLogoutService singleLogoutService = new SingleLogoutServiceBuilder().buildObject();
singleLogoutService.setBinding(bindingType.getUri());
singleLogoutService.setLocation(sloUrl);
singleLogoutService.setResponseLocation(sloUrl);
spSSODescriptor.getSingleLogoutServices().add(singleLogoutService);
}
spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
saml2rw.sign(spEntityDescriptor);
SAML2ReaderWriter.write(new OutputStreamWriter(os), spEntityDescriptor, true);
} catch (Exception e) {
LOG.error("While getting SP metadata", e);
SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
sce.getElements().add(e.getMessage());
throw sce;
}
}
