org.opensaml.saml.saml2.metadata.KeyDescriptor Java Examples

The following examples show how to use org.opensaml.saml.saml2.metadata.KeyDescriptor. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: MockMetadataAggregatorServer.java    From verify-service-provider with MIT License 6 votes vote down vote up
private String buildTestCountryEntityDescriptor(String countryEntityId) throws Exception {
    KeyDescriptor signingKeyDescriptor = KeyDescriptorBuilder.aKeyDescriptor()
        .withX509ForSigning(STUB_COUNTRY_PUBLIC_PRIMARY_CERT)
        .build();

    IDPSSODescriptor idpSsoDescriptor = IdpSsoDescriptorBuilder.anIdpSsoDescriptor()
        .withoutDefaultSigningKey()
        .addKeyDescriptor(signingKeyDescriptor)
        .build();

    Signature signature = SignatureBuilder.aSignature()
        .withSigningCredential(new TestCredentialFactory(METADATA_SIGNING_A_PUBLIC_CERT, METADATA_SIGNING_A_PRIVATE_KEY).getSigningCredential())
        .withX509Data(METADATA_SIGNING_A_PUBLIC_CERT)
        .build();

    EntityDescriptor entityDescriptor = EntityDescriptorBuilder.anEntityDescriptor()
        .withEntityId(countryEntityId)
        .withIdpSsoDescriptor(idpSsoDescriptor)
        .setAddDefaultSpServiceDescriptor(false)
        .withValidUntil(DateTime.now().plusWeeks(2))
        .withSignature(signature)
        .build();

    String s = new MetadataFactory().singleEntityMetadata(entityDescriptor);
    return s;
}
 
Example #2
Source File: Saml2SettingsProvider.java    From deprecated-security-advanced-modules with Apache License 2.0 5 votes vote down vote up
private void initIdpCerts(IDPSSODescriptor idpSsoDescriptor, HashMap<String, Object> configProperties) {
    int i = 0;

    for (KeyDescriptor keyDescriptor : idpSsoDescriptor.getKeyDescriptors()) {
        if (UsageType.SIGNING.equals(keyDescriptor.getUse())
                || UsageType.UNSPECIFIED.equals(keyDescriptor.getUse())) {
            for (X509Data x509data : keyDescriptor.getKeyInfo().getX509Datas()) {
                for (X509Certificate x509Certificate : x509data.getX509Certificates()) {
                    configProperties.put(SettingsBuilder.IDP_X509CERTMULTI_PROPERTY_KEY + "." + (i++),
                            x509Certificate.getValue());
                }
            }
        }
    }
}
 
Example #3
Source File: SamlClient.java    From saml-client with MIT License 5 votes vote down vote up
private static Stream<X509Data> getDatasWithCertificates(KeyDescriptor descriptor) {
  return descriptor
      .getKeyInfo()
      .getX509Datas()
      .stream()
      .filter(d -> d.getX509Certificates().size() > 0);
}
 
Example #4
Source File: SamlServiceProviderTest.java    From armeria with Apache License 2.0 5 votes vote down vote up
@Test
public void shouldRespondMetadataWithoutAuthentication() throws Exception {
    final AggregatedHttpResponse resp = client.get("/saml/metadata").aggregate().join();
    assertThat(resp.status()).isEqualTo(HttpStatus.OK);
    assertThat(resp.contentType()).isEqualTo(CONTENT_TYPE_SAML_METADATA);

    final EntityDescriptor metadata =
            (EntityDescriptor) deserialize(resp.contentUtf8().getBytes());
    assertThat(metadata).isNotNull();

    final SPSSODescriptor sp = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
    assertThat(sp.isAuthnRequestsSigned()).isTrue();
    assertThat(sp.getWantAssertionsSigned()).isTrue();

    final List<KeyDescriptor> kd = sp.getKeyDescriptors();
    assertThat(kd.get(0).getUse().name()).isEqualToIgnoringCase("signing");
    assertThat(kd.get(1).getUse().name()).isEqualToIgnoringCase("encryption");

    final List<SingleLogoutService> slo = sp.getSingleLogoutServices();
    assertThat(slo.get(0).getLocation())
            .isEqualTo("http://" + spHostname + ':' + rule.httpPort() + "/saml/slo/post");
    assertThat(slo.get(0).getBinding()).isEqualTo(SAMLConstants.SAML2_POST_BINDING_URI);
    assertThat(slo.get(1).getLocation())
            .isEqualTo("http://" + spHostname + ':' + rule.httpPort() + "/saml/slo/redirect");
    assertThat(slo.get(1).getBinding()).isEqualTo(SAMLConstants.SAML2_REDIRECT_BINDING_URI);

    final List<AssertionConsumerService> acs = sp.getAssertionConsumerServices();
    // index 0 (default)
    assertThat(acs.get(0).getIndex()).isEqualTo(0);
    assertThat(acs.get(0).isDefault()).isTrue();
    assertThat(acs.get(0).getLocation())
            .isEqualTo("http://" + spHostname + ':' + rule.httpPort() + "/saml/acs/post");
    assertThat(acs.get(0).getBinding()).isEqualTo(SAMLConstants.SAML2_POST_BINDING_URI);
    // index 1
    assertThat(acs.get(1).getIndex()).isEqualTo(1);
    assertThat(acs.get(1).isDefault()).isFalse();
    assertThat(acs.get(1).getLocation())
            .isEqualTo("http://" + spHostname + ':' + rule.httpPort() + "/saml/acs/redirect");
    assertThat(acs.get(1).getBinding()).isEqualTo(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
}
 
Example #5
Source File: MockSamlIdpServer.java    From deprecated-security-advanced-modules with Apache License 2.0 4 votes vote down vote up
private String createMetadata() {
    try {
        EntityDescriptor idpEntityDescriptor = createSamlElement(EntityDescriptor.class);
        idpEntityDescriptor.setEntityID(idpEntityId);

        IDPSSODescriptor idpSsoDescriptor = createSamlElement(IDPSSODescriptor.class);
        idpEntityDescriptor.getRoleDescriptors().add(idpSsoDescriptor);

        idpSsoDescriptor.setWantAuthnRequestsSigned(wantAuthnRequestsSigned);
        idpSsoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);

        SingleLogoutService redirectSingleLogoutService = createSamlElement(SingleLogoutService.class);
        idpSsoDescriptor.getSingleLogoutServices().add(redirectSingleLogoutService);

        redirectSingleLogoutService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        redirectSingleLogoutService.setLocation(getSamlSloUri());

        idpSsoDescriptor.getNameIDFormats()
                .add(createNameIDFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"));

        SingleSignOnService redirectSingleSignOnService = createSamlElement(SingleSignOnService.class);
        idpSsoDescriptor.getSingleSignOnServices().add(redirectSingleSignOnService);

        redirectSingleSignOnService.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
        redirectSingleSignOnService.setLocation(getSamlSsoUri());

        X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        keyInfoGeneratorFactory.setEmitEntityCertificate(true);
        KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance();

        KeyDescriptor signingKeyDescriptor = createSamlElement(KeyDescriptor.class);
        idpSsoDescriptor.getKeyDescriptors().add(signingKeyDescriptor);

        signingKeyDescriptor.setUse(UsageType.SIGNING);

        signingKeyDescriptor
                .setKeyInfo(keyInfoGenerator.generate(new BasicX509Credential(this.signingCertificate)));

        return marshallSamlXml(idpEntityDescriptor);
    } catch (org.opensaml.security.SecurityException e) {
        throw new RuntimeException(e);
    }
}
 
Example #6
Source File: SamlMetadataServiceFunction.java    From armeria with Apache License 2.0 4 votes vote down vote up
private static KeyDescriptor buildKeyDescriptorElement(UsageType type, @Nullable KeyInfo key) {
    final KeyDescriptor descriptor = build(KeyDescriptor.DEFAULT_ELEMENT_NAME);
    descriptor.setUse(type);
    descriptor.setKeyInfo(key);
    return descriptor;
}
 
Example #7
Source File: SAML2SPLogic.java    From syncope with Apache License 2.0 4 votes vote down vote up
@PreAuthorize("isAuthenticated()")
public void getMetadata(final String spEntityID, final String urlContext, final OutputStream os) {
    check();

    try {
        EntityDescriptor spEntityDescriptor = new EntityDescriptorBuilder().buildObject();
        spEntityDescriptor.setEntityID(spEntityID);

        SPSSODescriptor spSSODescriptor = new SPSSODescriptorBuilder().buildObject();
        spSSODescriptor.setWantAssertionsSigned(true);
        spSSODescriptor.setAuthnRequestsSigned(true);
        spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);

        X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        keyInfoGeneratorFactory.setEmitEntityCertificate(true);
        KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance();
        keyInfoGenerator.generate(loader.getCredential());

        KeyDescriptor keyDescriptor = new KeyDescriptorBuilder().buildObject();
        keyDescriptor.setKeyInfo(keyInfoGenerator.generate(loader.getCredential()));
        spSSODescriptor.getKeyDescriptors().add(keyDescriptor);

        NameIDFormat nameIDFormat = new NameIDFormatBuilder().buildObject();
        nameIDFormat.setFormat(NameIDType.PERSISTENT);
        spSSODescriptor.getNameIDFormats().add(nameIDFormat);
        nameIDFormat = new NameIDFormatBuilder().buildObject();
        nameIDFormat.setFormat(NameIDType.TRANSIENT);
        spSSODescriptor.getNameIDFormats().add(nameIDFormat);

        for (SAML2BindingType bindingType : SAML2BindingType.values()) {
            AssertionConsumerService assertionConsumerService = new AssertionConsumerServiceBuilder().buildObject();
            assertionConsumerService.setIndex(bindingType.ordinal());
            assertionConsumerService.setBinding(bindingType.getUri());
            assertionConsumerService.setLocation(getAssertionConsumerURL(spEntityID, urlContext));
            spSSODescriptor.getAssertionConsumerServices().add(assertionConsumerService);
            spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);

            String sloUrl = spEntityID + urlContext + "/logout";
            validateUrl(sloUrl);

            SingleLogoutService singleLogoutService = new SingleLogoutServiceBuilder().buildObject();
            singleLogoutService.setBinding(bindingType.getUri());
            singleLogoutService.setLocation(sloUrl);
            singleLogoutService.setResponseLocation(sloUrl);
            spSSODescriptor.getSingleLogoutServices().add(singleLogoutService);
        }

        spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
        saml2rw.sign(spEntityDescriptor);

        SAML2ReaderWriter.write(new OutputStreamWriter(os), spEntityDescriptor, true);
    } catch (Exception e) {
        LOG.error("While getting SP metadata", e);
        SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
        sce.getElements().add(e.getMessage());
        throw sce;
    }
}