org.opensaml.xml.security.credential.BasicCredential Java Examples
The following examples show how to use
org.opensaml.xml.security.credential.BasicCredential.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SAMLClient.java From saml-sdk-java with Apache License 2.0 | 6 votes |
|
/**
* Create a new SAMLClient, using the IdPConfig for
* endpoints and validation.
*/
public SAMLClient(SPConfig spConfig, IdPConfig idpConfig)
throws SAMLException
{
this.spConfig = spConfig;
this.idpConfig = idpConfig;
BasicCredential cred = new BasicCredential();
cred.setEntityId(idpConfig.getEntityId());
cred.setPublicKey(idpConfig.getCert().getPublicKey());
sigValidator = new SignatureValidator(cred);
// create xml parsers
parsers = new BasicParserPool();
parsers.setNamespaceAware(true);
}
Example #2
| Source File: SAMLClient.java From saml-sdk-java with Apache License 2.0 | 6 votes |
|
/**
* Decrypt an assertion using the privkey stored in SPConfig.
*/
private Assertion decrypt(EncryptedAssertion encrypted)
throws DecryptionException
{
if (spConfig.getPrivateKey() == null)
throw new DecryptionException("Encrypted assertion found but no SP key available");
BasicCredential cred = new BasicCredential();
cred.setPrivateKey(spConfig.getPrivateKey());
StaticKeyInfoCredentialResolver resolver =
new StaticKeyInfoCredentialResolver(cred);
Decrypter decrypter =
new Decrypter(null, resolver, new InlineEncryptedKeyResolver());
decrypter.setRootInNewDocument(true);
return decrypter.decrypt(encrypted);
}
Example #3
| Source File: SecurityHelper.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* Get a simple, minimal credential containing a secret (symmetric) key.
*
* @param secretKey the symmetric key to wrap
* @return a credential containing the secret key specified
*/
public static BasicCredential getSimpleCredential(SecretKey secretKey) {
if (secretKey == null) {
throw new IllegalArgumentException("A secret key is required");
}
BasicCredential cred = new BasicCredential();
cred.setSecretKey(secretKey);
return cred;
}
Example #4
| Source File: SecurityHelper.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* Get a simple, minimal credential containing a public key, and optionally a private key.
*
* @param publicKey the public key to wrap
* @param privateKey the private key to wrap, which may be null
* @return a credential containing the key(s) specified
*/
public static BasicCredential getSimpleCredential(PublicKey publicKey, PrivateKey privateKey) {
if (publicKey == null) {
throw new IllegalArgumentException("A public key is required");
}
BasicCredential cred = new BasicCredential();
cred.setPublicKey(publicKey);
cred.setPrivateKey(privateKey);
return cred;
}
Example #5
| Source File: SecurityHelper.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* Generate a random asymmetric key pair and return in a BasicCredential.
*
* @param algorithmURI The XML Encryption algorithm URI
* @param keyLength key length
* @param includePrivate if true, the private key will be included as well
* @return a basic credential containing a randomly generated asymmetric key pair
* @throws NoSuchAlgorithmException algorithm not found
* @throws NoSuchProviderException provider not found
*/
public static Credential generateKeyPairAndCredential(String algorithmURI, int keyLength, boolean includePrivate)
throws NoSuchAlgorithmException, NoSuchProviderException {
KeyPair keyPair = generateKeyPairFromURI(algorithmURI, keyLength);
BasicCredential credential = new BasicCredential();
credential.setPublicKey(keyPair.getPublic());
if (includePrivate) {
credential.setPrivateKey(keyPair.getPrivate());
}
return credential;
}
Example #6
| Source File: BasicProviderKeyInfoCredentialResolver.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* Construct a basic credential containing the specified key and set of key names.
*
* @param key the key to include in the credential
* @param keyNames the key names to include in the credential
* @return a basic credential with the specified key and key names
* @throws SecurityException if there is an error building the credential
*/
protected Credential buildBasicCredential(Key key, Set<String> keyNames) throws SecurityException {
if (key == null) {
log.debug("Key supplied was null, could not build credential");
return null;
}
BasicCredential basicCred = new BasicCredential();
basicCred.getKeyNames().addAll(keyNames);
if (key instanceof PublicKey) {
basicCred.setPublicKey((PublicKey) key);
} else if (key instanceof SecretKey) {
basicCred.setSecretKey((SecretKey) key);
} else if (key instanceof PrivateKey) {
// This would be unusual for most KeyInfo use cases,
// but go ahead and try and handle it
PrivateKey privateKey = (PrivateKey) key;
try {
PublicKey publicKey = SecurityHelper.derivePublicKey(privateKey);
if (publicKey != null) {
basicCred.setPublicKey(publicKey);
basicCred.setPrivateKey(privateKey);
} else {
log.error("Failed to derive public key from private key");
return null;
}
} catch (KeyException e) {
log.error("Could not derive public key from private key", e);
return null;
}
} else {
log.error(String.format("Key was of an unsupported type '%s'", key.getClass().getName()));
return null;
}
return basicCred;
}
Example #7
| Source File: DSAKeyValueProvider.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
public Collection<Credential> process(KeyInfoCredentialResolver resolver, XMLObject keyInfoChild,
CriteriaSet criteriaSet, KeyInfoResolutionContext kiContext) throws SecurityException {
DSAKeyValue keyValue = getDSAKeyValue(keyInfoChild);
if (keyValue == null) {
return null;
}
KeyAlgorithmCriteria algorithmCriteria = criteriaSet.get(KeyAlgorithmCriteria.class);
if (algorithmCriteria != null
&& algorithmCriteria.getKeyAlgorithm() != null
&& ! algorithmCriteria.getKeyAlgorithm().equals("DSA")) {
log.debug("Criteria specified non-DSA key algorithm, skipping");
return null;
}
log.debug("Attempting to extract credential from a DSAKeyValue");
PublicKey pubKey = null;
try {
//TODO deal with case of incomplete DSAParams, need hook to resolve those
pubKey = KeyInfoHelper.getDSAKey(keyValue);
} catch (KeyException e) {
log.error("Error extracting DSA key value", e);
throw new SecurityException("Error extracting DSA key value", e);
}
BasicCredential cred = new BasicCredential();
cred.setPublicKey(pubKey);
if (kiContext != null) {
cred.getKeyNames().addAll(kiContext.getKeyNames());
}
CredentialContext credContext = buildCredentialContext(kiContext);
if (credContext != null) {
cred.getCredentalContextSet().add(credContext);
}
log.debug("Credential successfully extracted from DSAKeyValue");
LazySet<Credential> credentialSet = new LazySet<Credential>();
credentialSet.add(cred);
return credentialSet;
}
Example #8
| Source File: DEREncodedKeyValueProvider.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
public Collection<Credential> process(KeyInfoCredentialResolver resolver, XMLObject keyInfoChild,
CriteriaSet criteriaSet, KeyInfoResolutionContext kiContext) throws SecurityException {
DEREncodedKeyValue keyValue = getDEREncodedKeyValue(keyInfoChild);
if (keyValue == null) {
return null;
}
log.debug("Attempting to extract credential from a DEREncodedKeyValue");
PublicKey pubKey = null;
try {
pubKey = KeyInfoHelper.getKey(keyValue);
} catch (KeyException e) {
log.error("Error extracting DER-encoded key value", e);
throw new SecurityException("Error extracting DER-encoded key value", e);
}
KeyAlgorithmCriteria algorithmCriteria = criteriaSet.get(KeyAlgorithmCriteria.class);
if (algorithmCriteria != null && algorithmCriteria.getKeyAlgorithm() != null
&& !algorithmCriteria.getKeyAlgorithm().equals(pubKey.getAlgorithm())) {
log.debug("Criteria specified key algorithm {}, actually {}, skipping",
algorithmCriteria.getKeyAlgorithm(), pubKey.getAlgorithm());
return null;
}
BasicCredential cred = new BasicCredential();
cred.setPublicKey(pubKey);
if (kiContext != null) {
cred.getKeyNames().addAll(kiContext.getKeyNames());
}
CredentialContext credContext = buildCredentialContext(kiContext);
if (credContext != null) {
cred.getCredentalContextSet().add(credContext);
}
log.debug("Credential successfully extracted from DEREncodedKeyValue");
LazySet<Credential> credentialSet = new LazySet<Credential>();
credentialSet.add(cred);
return credentialSet;
}
Example #9
| Source File: RSAKeyValueProvider.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
public Collection<Credential> process(KeyInfoCredentialResolver resolver, XMLObject keyInfoChild,
CriteriaSet criteriaSet, KeyInfoResolutionContext kiContext) throws SecurityException {
RSAKeyValue keyValue = getRSAKeyValue(keyInfoChild);
if (keyValue == null) {
return null;
}
KeyAlgorithmCriteria algorithmCriteria = criteriaSet.get(KeyAlgorithmCriteria.class);
if (algorithmCriteria != null && algorithmCriteria.getKeyAlgorithm() != null
&& !algorithmCriteria.getKeyAlgorithm().equals("RSA")) {
log.debug("Criteria specified non-RSA key algorithm, skipping");
return null;
}
log.debug("Attempting to extract credential from an RSAKeyValue");
PublicKey pubKey = null;
try {
pubKey = KeyInfoHelper.getRSAKey(keyValue);
} catch (KeyException e) {
log.error("Error extracting RSA key value", e);
throw new SecurityException("Error extracting RSA key value", e);
}
BasicCredential cred = new BasicCredential();
cred.setPublicKey(pubKey);
if (kiContext != null) {
cred.getKeyNames().addAll(kiContext.getKeyNames());
}
CredentialContext credContext = buildCredentialContext(kiContext);
if (credContext != null) {
cred.getCredentalContextSet().add(credContext);
}
log.debug("Credential successfully extracted from RSAKeyValue");
LazySet<Credential> credentialSet = new LazySet<Credential>();
credentialSet.add(cred);
return credentialSet;
}
Example #10
| Source File: MetadataCredentialResolver.java From lams with GNU General Public License v2.0 | 4 votes |
|
/**
* Retrieves credentials from the provided metadata.
*
* @param entityID entityID of the credential owner
* @param role role in which the entity is operating
* @param protocol protocol over which the entity is operating (may be null)
* @param usage intended usage of resolved credentials
*
* @return the resolved credentials or null
*
* @throws SecurityException thrown if the key, certificate, or CRL information is represented in an unsupported
* format
*/
protected Collection<Credential> retrieveFromMetadata(String entityID, QName role, String protocol, UsageType usage)
throws SecurityException {
log.debug("Attempting to retrieve credentials from metadata for entity: {}", entityID);
Collection<Credential> credentials = new HashSet<Credential>(3);
List<RoleDescriptor> roleDescriptors = getRoleDescriptors(entityID, role, protocol);
if(roleDescriptors == null || roleDescriptors.isEmpty()){
return credentials;
}
for (RoleDescriptor roleDescriptor : roleDescriptors) {
List<KeyDescriptor> keyDescriptors = roleDescriptor.getKeyDescriptors();
if(keyDescriptors == null || keyDescriptors.isEmpty()){
return credentials;
}
for (KeyDescriptor keyDescriptor : keyDescriptors) {
UsageType mdUsage = keyDescriptor.getUse();
if (mdUsage == null) {
mdUsage = UsageType.UNSPECIFIED;
}
if (matchUsage(mdUsage, usage)) {
if (keyDescriptor.getKeyInfo() != null) {
CriteriaSet critSet = new CriteriaSet();
critSet.add(new KeyInfoCriteria(keyDescriptor.getKeyInfo()));
Iterable<Credential> creds = getKeyInfoCredentialResolver().resolve(critSet);
if(credentials == null){
continue;
}
for (Credential cred : creds) {
if (cred instanceof BasicCredential) {
BasicCredential basicCred = (BasicCredential) cred;
basicCred.setEntityId(entityID);
basicCred.setUsageType(mdUsage);
basicCred.getCredentalContextSet().add(new SAMLMDCredentialContext(keyDescriptor));
}
credentials.add(cred);
}
}
}
}
}
return credentials;
}
Example #11
| Source File: SecurityHelper.java From lams with GNU General Public License v2.0 | 3 votes |
|
/**
* Generate a random symmetric key and return in a BasicCredential.
*
* @param algorithmURI The XML Encryption algorithm URI
* @return a basic credential containing a randomly generated symmetric key
* @throws NoSuchAlgorithmException algorithm not found
* @throws NoSuchProviderException provider not found
*/
public static Credential generateKeyAndCredential(String algorithmURI)
throws NoSuchAlgorithmException, NoSuchProviderException {
SecretKey key = generateKeyFromURI(algorithmURI);
BasicCredential credential = new BasicCredential();
credential.setSecretKey(key);
return credential;
}
