org.opensaml.xml.signature.KeyInfo Java Examples

The following examples show how to use org.opensaml.xml.signature.KeyInfo. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SSOAgentUtils.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
private static Signature setSignatureRaw(String signatureAlgorithm, X509Credential cred) throws SSOAgentException {
    Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
    signature.setSigningCredential(cred);
    signature.setSignatureAlgorithm(signatureAlgorithm);
    signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

    try {
        KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
        org.opensaml.xml.signature.X509Certificate cert =
                (org.opensaml.xml.signature.X509Certificate) buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
        String value =
                org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded());
        cert.setValue(value);
        data.getX509Certificates().add(cert);
        keyInfo.getX509Datas().add(data);
        signature.setKeyInfo(keyInfo);
        return signature;

    } catch (CertificateEncodingException e) {
        throw new SSOAgentException("Error getting certificate", e);
    }
}
 
Example #2
Source File: KeyInfoHelper.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Get the set of key names inside the specified {@link KeyInfo} as a list of strings.
 * 
 * @param keyInfo {@link KeyInfo} to retrieve key names from
 * 
 * @return a list of key name strings
 */
public static List<String> getKeyNames(KeyInfo keyInfo) {
    List<String> keynameList = new LinkedList<String>();

    if (keyInfo == null) {
        return keynameList;
    }

    List<KeyName> keyNames = keyInfo.getKeyNames();
    for (KeyName keyName : keyNames) {
        if (keyName.getValue() != null) {
            keynameList.add(keyName.getValue());
        }
    }

    return keynameList;
}
 
Example #3
Source File: KeyInfoHelper.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Get a list of the Java {@link java.security.cert.X509Certificate} within the given KeyInfo.
 * 
 * @param keyInfo key info to extract the certificates from
 * 
 * @return a list of Java {@link java.security.cert.X509Certificate}s
 * 
 * @throws CertificateException thrown if there is a problem converting the 
 *          X509 data into {@link java.security.cert.X509Certificate}s.
 */
public static List<X509Certificate> getCertificates(KeyInfo keyInfo) throws CertificateException {
    List<X509Certificate> certList = new LinkedList<X509Certificate>();

    if (keyInfo == null) {
        return certList;
    }

    List<X509Data> x509Datas = keyInfo.getX509Datas();
    for (X509Data x509Data : x509Datas) {
        if (x509Data != null) {
            certList.addAll(getCertificates(x509Data));
        }
    }

    return certList;
}
 
Example #4
Source File: KeyInfoHelper.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Get a list of the Java {@link java.security.cert.X509CRL}s within the given {@link KeyInfo}.
 * 
 * @param keyInfo the {@link KeyInfo} to extract the CRL's from
 * 
 * @return a list of Java {@link java.security.cert.X509CRL}s
 * 
 * @throws CRLException thrown if there is a problem converting the 
 *          CRL data into {@link java.security.cert.X509CRL}s
 */
public static List<X509CRL> getCRLs(KeyInfo keyInfo) throws CRLException {
    List<X509CRL> crlList = new LinkedList<X509CRL>();

    if (keyInfo == null) {
        return crlList;
    }

    List<X509Data> x509Datas = keyInfo.getX509Datas();
    for (X509Data x509Data : x509Datas) {
        if (x509Data != null) {
            crlList.addAll(getCRLs(x509Data));
        }
    }

    return crlList;
}
 
Example #5
Source File: BasicProviderKeyInfoCredentialResolver.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Initialize the resolution context that will be used by the providers.
 * 
 * The supplied KeyInfo object is stored in the context, as well as the values of any {@link KeyName} children
 * present. Finally if a credential is resolveble by any registered provider from a plain {@link KeyValue} child,
 * the key from that credential is also stored in the context.
 * 
 * @param kiContext KeyInfo resolution context
 * @param keyInfo the KeyInfo to evaluate
 * @param criteriaSet the credential criteria used to resolve credentials
 * @throws SecurityException thrown if there is an error processing the KeyValue children
 */
protected void initResolutionContext(KeyInfoResolutionContext kiContext, KeyInfo keyInfo, CriteriaSet criteriaSet)
        throws SecurityException {

    kiContext.setKeyInfo(keyInfo);

    // Extract all KeyNames
    kiContext.getKeyNames().addAll(KeyInfoHelper.getKeyNames(keyInfo));
    log.debug("Found {} key names: {}", kiContext.getKeyNames().size(), kiContext.getKeyNames());

    // Extract the Credential based on the (singular) key from an existing KeyValue(s).
    resolveKeyValue(kiContext, criteriaSet, keyInfo.getKeyValues());

    // Extract the Credential based on the (singular) key from an existing DEREncodedKeyValue(s).
    resolveKeyValue(kiContext, criteriaSet, keyInfo.getXMLObjects(DEREncodedKeyValue.DEFAULT_ELEMENT_NAME));
}
 
Example #6
Source File: KeyInfoHelper.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Converts a Java DSA or RSA public key into the corresponding XMLObject and stores it
 * in a {@link KeyInfo} in a new {@link KeyValue} element.
 * 
 * As input, only supports {@link PublicKey}s which are instances of either
 * {@link java.security.interfaces.DSAPublicKey} or
 * {@link java.security.interfaces.RSAPublicKey}
 * 
 * @param keyInfo the {@link KeyInfo} element to which to add the key
 * @param pk the native Java {@link PublicKey} to add
 * @throws IllegalArgumentException thrown if an unsupported public key
 *          type is passed
 */
public static void addPublicKey(KeyInfo keyInfo, PublicKey pk) throws IllegalArgumentException {
    KeyValue keyValue = (KeyValue) Configuration.getBuilderFactory()
        .getBuilder(KeyValue.DEFAULT_ELEMENT_NAME)
        .buildObject(KeyValue.DEFAULT_ELEMENT_NAME);
    
    if (pk instanceof RSAPublicKey) {
        keyValue.setRSAKeyValue(buildRSAKeyValue((RSAPublicKey) pk));
    } else if (pk instanceof DSAPublicKey) {
        keyValue.setDSAKeyValue(buildDSAKeyValue((DSAPublicKey) pk));
    } else {
       throw new IllegalArgumentException("Only RSAPublicKey and DSAPublicKey are supported");
    }
    
    keyInfo.getKeyValues().add(keyValue);
}
 
Example #7
Source File: SimpleKeyInfoReferenceEncryptedKeyResolver.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Dereference the URI attribute of the specified retrieval method into a KeyInfo.
 * 
 * @param ref the KeyInfoReference to process
 * @return the dereferenced KeyInfo
 */
protected KeyInfo dereferenceURI(KeyInfoReference ref) {
    String uri = ref.getURI();
    if (DatatypeHelper.isEmpty(uri) || !uri.startsWith("#")) {
        log.warn("EncryptedKey KeyInfoReference did not contain a same-document URI reference, cannot process");
        return null;
    }
    XMLObject target = ref.resolveIDFromRoot(uri.substring(1));
    if (target == null) {
        log.warn("EncryptedKey KeyInfoReference URI could not be dereferenced");
        return null;
    } else if (!(target instanceof KeyInfo)) {
        log.warn("The product of dereferencing the EncryptedKey KeyInfoReference was not a KeyInfo");
        return null;
    }
    return (KeyInfo) target;
}
 
Example #8
Source File: EncryptedTypeUnmarshaller.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentXMLObject, XMLObject childXMLObject)
        throws UnmarshallingException {
    EncryptedType et = (EncryptedType) parentXMLObject;

    if (childXMLObject instanceof EncryptionMethod) {
        et.setEncryptionMethod((EncryptionMethod) childXMLObject);
    } else if (childXMLObject instanceof KeyInfo) {
        et.setKeyInfo((KeyInfo) childXMLObject);
    } else if (childXMLObject instanceof CipherData) {
        et.setCipherData((CipherData) childXMLObject);
    } else if (childXMLObject instanceof EncryptionProperties) {
        et.setEncryptionProperties((EncryptionProperties) childXMLObject);
    } else {
        super.processChildElement(parentXMLObject, childXMLObject);
    }

}
 
Example #9
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/** Process the value of {@link X509Credential#getCRLs()}.
 * 
 * @param keyInfo the KeyInfo that is being built
 * @param x509Data the X509Data that is being built
 * @param credential the Credential that is being processed
 * @throws SecurityException thrown if the CRL data can not be encoded from the Java certificate object
 */
protected void processCRLs(KeyInfo keyInfo, X509Data x509Data, X509Credential credential) 
        throws SecurityException {
    
    if (options.emitCRLs && credential.getCRLs() != null) {
        for (java.security.cert.X509CRL javaCRL : credential.getCRLs()) {
            try {
                X509CRL xmlCRL = KeyInfoHelper.buildX509CRL(javaCRL);
                x509Data.getX509CRLs().add(xmlCRL);
            } catch (CRLException e) {
                throw new SecurityException("Error generating X509CRL element " 
                        + "from a CRL in credential's CRL list", e);
            }
        }
    }
}
 
Example #10
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Process the options related to generation of KeyName elements based on subject
 * alternative name information within the certificate data.
 * 
 * @param keyInfo the KeyInfo element being processed.
 * @param cert the certificate being processed
 */
protected void processSubjectAltNameKeyNames(KeyInfo keyInfo, java.security.cert.X509Certificate cert) {
    if (options.emitSubjectAltNamesAsKeyNames && options.subjectAltNames.size() > 0) {
        Integer[] nameTypes = new Integer[ options.subjectAltNames.size() ];
        options.subjectAltNames.toArray(nameTypes);
        for (Object altNameValue : X509Util.getAltNames(cert, nameTypes)) {
            // Each returned value should either be a String or a DER-encoded byte array.
            // See X509Certificate#getSubjectAlternativeNames for the type rules.
            if (altNameValue instanceof String) {
                KeyInfoHelper.addKeyName(keyInfo, (String) altNameValue);
            } else if (altNameValue instanceof byte[]){
                log.warn("Certificate contained an alt name value as a DER-encoded byte[] (not supported)");
            } else {
                log.warn("Certificate contained an alt name value with an unexpected type: {}",
                        altNameValue.getClass().getName());
            }
        }
    }
}
 
Example #11
Source File: SAML1TokenBuilder.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
@Override
public void setSignature(String signatureAlgorithm, X509Credential cred) throws IdentityProviderException {
    Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
    signature.setSigningCredential(cred);
    signature.setSignatureAlgorithm(signatureAlgorithm);
    signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

    try {
        KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
        X509Certificate cert = (X509Certificate) buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
        String value = Base64.encode(cred.getEntityCertificate().getEncoded());
        cert.setValue(value);
        data.getX509Certificates().add(cert);
        keyInfo.getX509Datas().add(data);
        signature.setKeyInfo(keyInfo);
    } catch (CertificateEncodingException e) {
        log.error("Error while getting the encoded certificate", e);
        throw new IdentityProviderException("Error while getting the encoded certificate");
    }

    assertion.setSignature(signature);
    signatureList.add(signature);
}
 
Example #12
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/** Process the value of {@link X509Credential#getEntityCertificate()}.
 * 
 * @param keyInfo the KeyInfo that is being built
 * @param x509Data the X509Data that is being built
 * @param credential the Credential that is being processed
 * @throws SecurityException thrown if the certificate data can not be encoded from the Java certificate object
 */
protected void processEntityCertificate(KeyInfo keyInfo, X509Data x509Data, X509Credential credential) 
        throws SecurityException {
    
    if (credential.getEntityCertificate() == null) {
        return;
    }
    
    java.security.cert.X509Certificate javaCert = credential.getEntityCertificate();
    
    processCertX509DataOptions(x509Data, javaCert);
    processCertKeyNameOptions(keyInfo, javaCert);
    
    // The cert chain includes the entity cert, so don't add a duplicate
    if (options.emitEntityCertificate && ! options.emitEntityCertificateChain) {
        try {
            X509Certificate xmlCert = KeyInfoHelper.buildX509Certificate(javaCert);
            x509Data.getX509Certificates().add(xmlCert);
        } catch (CertificateEncodingException e) {
            throw new SecurityException("Error generating X509Certificate element " 
                    + "from credential's end-entity certificate", e);
        }
    }
    
}
 
Example #13
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/** Process the value of {@link X509Credential#getEntityCertificateChain()}.
 * 
 * @param keyInfo the KeyInfo that is being built
 * @param x509Data the X509Data that is being built
 * @param credential the Credential that is being processed
 * @throws SecurityException thrown if the certificate data can not be encoded from the Java certificate object
 */
protected void processEntityCertificateChain(KeyInfo keyInfo, X509Data x509Data, X509Credential credential) 
        throws SecurityException {
    
    if (options.emitEntityCertificateChain && credential.getEntityCertificateChain() != null) {
        for (java.security.cert.X509Certificate javaCert : credential.getEntityCertificateChain()) {
            try {
                X509Certificate xmlCert = KeyInfoHelper.buildX509Certificate(javaCert);
                x509Data.getX509Certificates().add(xmlCert);
            } catch (CertificateEncodingException e) {
                throw new SecurityException("Error generating X509Certificate element " 
                        + "from a certificate in credential's certificate chain", e);
            }
        }
    }
}
 
Example #14
Source File: Encrypter.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Helper method for constructors.
 */
private void init() {
    builderFactory = Configuration.getBuilderFactory();
    keyInfoBuilder = 
        (XMLSignatureBuilder<KeyInfo>) builderFactory.getBuilder(KeyInfo.DEFAULT_ELEMENT_NAME);
    dataReferenceBuilder = 
        (XMLEncryptionBuilder<DataReference>) builderFactory.getBuilder(DataReference.DEFAULT_ELEMENT_NAME);
    referenceListBuilder = 
        (XMLEncryptionBuilder<ReferenceList>) builderFactory.getBuilder(ReferenceList.DEFAULT_ELEMENT_NAME);
    retrievalMethodBuilder = 
        (XMLSignatureBuilder<RetrievalMethod>) builderFactory.getBuilder(RetrievalMethod.DEFAULT_ELEMENT_NAME);
    keyNameBuilder = 
        (XMLSignatureBuilder<KeyName>) builderFactory.getBuilder(KeyName.DEFAULT_ELEMENT_NAME);
    carriedKeyNameBuilder = 
        (XMLEncryptionBuilder<CarriedKeyName>) builderFactory.getBuilder(CarriedKeyName.DEFAULT_ELEMENT_NAME);
    
    try{
        idGenerator = new SecureRandomIdentifierGenerator();
    }catch(NoSuchAlgorithmException e){
        log.error("JVM does not support SHA1PRNG random number generation algorithm.");
    }
    
    keyPlacement = KeyPlacement.PEER;
}
 
Example #15
Source File: SAML2TokenBuilder.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
@Override
public void setSignature(String signatureAlgorithm, X509Credential cred) throws IdentityProviderException {
    Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
    signature.setSigningCredential(cred);
    signature.setSignatureAlgorithm(signatureAlgorithm);
    signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

    try {
        KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
        X509Certificate cert = (X509Certificate) buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
        String value = Base64.encode(cred.getEntityCertificate().getEncoded());
        cert.setValue(value);
        data.getX509Certificates().add(cert);
        keyInfo.getX509Datas().add(data);
        signature.setKeyInfo(keyInfo);
    } catch (CertificateEncodingException e) {
        log.error("Failed to get encoded certificate", e);
        throw new IdentityProviderException("Error while getting encoded certificate");
    }

    assertion.setSignature(signature);
    signatureList.add(signature);
}
 
Example #16
Source File: KeyInfoHelper.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Converts a Java public key into a {@link DEREncodedKeyValue} element and adds it to
 * a {@link KeyInfo}.
 * 
 * @param keyInfo the {@link KeyInfo} element to which to add the key
 * @param pk the native Java {@link PublicKey} to add
 * @throws NoSuchAlgorithmException if the key type is unsupported
 * @throws InvalidKeySpecException if the key type does not support X.509 SPKI encoding
 */
public static void addDEREncodedPublicKey(KeyInfo keyInfo, PublicKey pk)
        throws NoSuchAlgorithmException, InvalidKeySpecException {
    DEREncodedKeyValue keyValue = (DEREncodedKeyValue) Configuration.getBuilderFactory()
        .getBuilder(DEREncodedKeyValue.DEFAULT_ELEMENT_NAME)
        .buildObject(DEREncodedKeyValue.DEFAULT_ELEMENT_NAME);
    
    KeyFactory keyFactory = KeyFactory.getInstance(pk.getAlgorithm());
    X509EncodedKeySpec keySpec = keyFactory.getKeySpec(pk, X509EncodedKeySpec.class);
    keyValue.setValue(Base64.encodeBytes(keySpec.getEncoded()));
    keyInfo.getXMLObjects().add(keyValue);
}
 
Example #17
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Constructor.
 * 
 * @param newOptions the options to be used by the generator
 */
protected X509KeyInfoGenerator(X509Options newOptions) {
    super(newOptions);
    options = newOptions;
    
    keyInfoBuilder = 
        (KeyInfoBuilder) Configuration.getBuilderFactory().getBuilder(KeyInfo.DEFAULT_ELEMENT_NAME);
    x509DataBuilder = 
        (X509DataBuilder) Configuration.getBuilderFactory().getBuilder(X509Data.DEFAULT_ELEMENT_NAME);
}
 
Example #18
Source File: StaticKeyInfoGenerator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Get a KeyInfo unmarshaller.
 * 
 * @return a KeyInfo unmarshaller
 * @throws SecurityException thrown if there is an error obtaining the unmarshaller from the configuration
 */
private Unmarshaller getUnmarshaller() throws SecurityException {
    if (keyInfoUnmarshaller != null) {
        return keyInfoUnmarshaller;
    }
    keyInfoUnmarshaller = Configuration.getUnmarshallerFactory().getUnmarshaller(KeyInfo.DEFAULT_ELEMENT_NAME);
    if (keyInfoUnmarshaller == null) {
        throw new SecurityException("Could not obtain KeyInfo unmarshaller from the configuration");
    }
    return keyInfoUnmarshaller;
}
 
Example #19
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Process the options related to generation of KeyName elements based on the
 * the common name field(s) of the certificate's subject DN.
 * 
 * @param keyInfo the KeyInfo element being processed.
 * @param cert the certificate being processed
 */
protected void processSubjectCNKeyName(KeyInfo keyInfo, java.security.cert.X509Certificate cert) {
    if (options.emitSubjectCNAsKeyName) {
        for (String name : X509Util.getCommonNames(cert.getSubjectX500Principal())) {
            if (! DatatypeHelper.isEmpty(name)) {
                KeyInfoHelper.addKeyName(keyInfo, name);
            }
        }
    }
}
 
Example #20
Source File: StaticKeyInfoGenerator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Get a KeyInfo marshaller.
 * 
 * @return a KeyInfo marshaller
 * @throws SecurityException thrown if there is an error obtaining the marshaller from the configuration
 */
private Marshaller getMarshaller() throws SecurityException {
    if (keyInfoMarshaller != null) {
        return keyInfoMarshaller;
    }
    keyInfoMarshaller = Configuration.getMarshallerFactory().getMarshaller(KeyInfo.DEFAULT_ELEMENT_NAME);
    if (keyInfoMarshaller == null) {
        throw new SecurityException("Could not obtain KeyInfo marshaller from the configuration");
    }
    return keyInfoMarshaller;
}
 
Example #21
Source File: BasicKeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
public KeyInfo generate(Credential credential) throws SecurityException {
    KeyInfo keyInfo = keyInfoBuilder.buildObject();
    
    processKeyNames(keyInfo, credential);
    processEntityID(keyInfo, credential);
    processPublicKey(keyInfo, credential);
    
    List<XMLObject> children = keyInfo.getOrderedChildren();
    if (children != null && children.size() > 0) {
        return keyInfo;
    } else {
        return null;
    }
}
 
Example #22
Source File: KeyInfoHelper.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Add a new {@link KeyName} value to a KeyInfo.
 * 
 * @param keyInfo the KeyInfo to which to add the new value
 * @param keyNameValue the new key name value to add
 */
public static void addKeyName(KeyInfo keyInfo, String keyNameValue) {
    KeyName keyName = (KeyName) Configuration.getBuilderFactory()
        .getBuilder(KeyName.DEFAULT_ELEMENT_NAME)
        .buildObject(KeyName.DEFAULT_ELEMENT_NAME);
    keyName.setValue(keyNameValue);
    keyInfo.getKeyNames().add(keyName);
}
 
Example #23
Source File: BasicKeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** Process the values of {@link Credential#getKeyNames()}.
 * 
 * @param keyInfo the KeyInfo that is being built
 * @param credential the Credential that is geing processed
 */
protected void processKeyNames(KeyInfo keyInfo, Credential credential) {
    if (options.emitKeyNames) {
        for (String keyNameValue : credential.getKeyNames()) {
            if ( ! DatatypeHelper.isEmpty(keyNameValue)) {
                KeyInfoHelper.addKeyName(keyInfo, keyNameValue);
            }
        }
    }
}
 
Example #24
Source File: BasicKeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** Process the value of {@link Credential#getEntityId()}.
 * 
 * @param keyInfo the KeyInfo that is being built
 * @param credential the Credential that is geing processed
 */
protected void processEntityID(KeyInfo keyInfo, Credential credential) {
    if (options.emitEntityIDAsKeyName) {
        String keyNameValue = credential.getEntityId();
        if ( ! DatatypeHelper.isEmpty(keyNameValue)) {
            KeyInfoHelper.addKeyName(keyInfo, keyNameValue);
        }
    }
}
 
Example #25
Source File: SignatureUnmarshaller.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
public Signature unmarshall(Element signatureElement) throws UnmarshallingException {
    log.debug("Starting to unmarshall Apache XML-Security-based SignatureImpl element");

    SignatureImpl signature = new SignatureImpl(signatureElement.getNamespaceURI(),
            signatureElement.getLocalName(), signatureElement.getPrefix());

    try {
        log.debug("Constructing Apache XMLSignature object");

        XMLSignature xmlSignature = new XMLSignature(signatureElement, "");

        SignedInfo signedInfo = xmlSignature.getSignedInfo();

        log.debug("Adding canonicalization and signing algorithms, and HMAC output length to Signature");
        signature.setCanonicalizationAlgorithm(signedInfo.getCanonicalizationMethodURI());
        signature.setSignatureAlgorithm(signedInfo.getSignatureMethodURI());
        signature.setHMACOutputLength(getHMACOutputLengthValue(signedInfo.getSignatureMethodElement()));

        org.apache.xml.security.keys.KeyInfo xmlSecKeyInfo = xmlSignature.getKeyInfo();
        if (xmlSecKeyInfo != null) {
            log.debug("Adding KeyInfo to Signature");
            Unmarshaller unmarshaller = Configuration.getUnmarshallerFactory().getUnmarshaller(
                    xmlSecKeyInfo.getElement());
            KeyInfo keyInfo = (KeyInfo) unmarshaller.unmarshall(xmlSecKeyInfo.getElement());
            signature.setKeyInfo(keyInfo);
        }
        signature.setXMLSignature(xmlSignature);
        signature.setDOM(signatureElement);
        return signature;
    } catch (XMLSecurityException e) {
        log.error("Error constructing Apache XMLSignature instance from Signature element: {}", e.getMessage());
        throw new UnmarshallingException("Unable to unmarshall Signature with Apache XMLSignature", e);
    }
}
 
Example #26
Source File: KeyDescriptorUnmarshaller.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
        throws UnmarshallingException {
    KeyDescriptor keyDescriptor = (KeyDescriptor) parentSAMLObject;

    if (childSAMLObject instanceof KeyInfo) {
        keyDescriptor.setKeyInfo((KeyInfo) childSAMLObject);
    } else if (childSAMLObject instanceof EncryptionMethod) {
        keyDescriptor.getEncryptionMethods().add((EncryptionMethod) childSAMLObject);
    } else {
        super.processChildElement(parentSAMLObject, childSAMLObject);
    }
}
 
Example #27
Source File: Encrypter.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Constructor.
 * 
 */
public Encrypter() {
    UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
    encryptedDataUnmarshaller = unmarshallerFactory.getUnmarshaller(EncryptedData.DEFAULT_ELEMENT_NAME);
    encryptedKeyUnmarshaller = unmarshallerFactory.getUnmarshaller(EncryptedKey.DEFAULT_ELEMENT_NAME);

    XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
    keyInfoBuilder = (XMLSignatureBuilder<KeyInfo>) builderFactory.getBuilder(KeyInfo.DEFAULT_ELEMENT_NAME);

    jcaProviderName = null;
}
 
Example #28
Source File: Encrypter.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Encrypts the given XMLObject using the specified encryption key, algorithm URI and content mode flag.
 * EncryptedKeys, if any, are placed inline within the KeyInfo of the resulting EncryptedData.
 * 
 * @param xmlObject the XMLObject to be encrypted
 * @param encParams the encryption parameters to use
 * @param kekParamsList the key encryption parameters to use
 * @param encryptContentMode whether just the content of the XMLObject should be encrypted
 * 
 * @return the resulting EncryptedData object
 * @throws EncryptionException exception thrown on encryption errors
 */
private EncryptedData encryptElement(XMLObject xmlObject, EncryptionParameters encParams,
        List<KeyEncryptionParameters> kekParamsList, boolean encryptContentMode) throws EncryptionException {

    checkParams(encParams, kekParamsList);

    String encryptionAlgorithmURI = encParams.getAlgorithm();
    Key encryptionKey = SecurityHelper.extractEncryptionKey(encParams.getEncryptionCredential());
    if (encryptionKey == null) {
        encryptionKey = generateEncryptionKey(encryptionAlgorithmURI);
    }

    EncryptedData encryptedData = encryptElement(xmlObject, encryptionKey, encryptionAlgorithmURI,
            encryptContentMode);
    Document ownerDocument = encryptedData.getDOM().getOwnerDocument();

    if (encParams.getKeyInfoGenerator() != null) {
        KeyInfoGenerator generator = encParams.getKeyInfoGenerator();
        log.debug("Dynamically generating KeyInfo from Credential for EncryptedData using generator: {}",
                generator.getClass().getName());
        try {
            encryptedData.setKeyInfo(generator.generate(encParams.getEncryptionCredential()));
        } catch (SecurityException e) {
            log.error("Error during EncryptedData KeyInfo generation", e);
            throw new EncryptionException("Error during EncryptedData KeyInfo generation", e);
        }
    }

    for (KeyEncryptionParameters kekParams : kekParamsList) {
        EncryptedKey encryptedKey = encryptKey(encryptionKey, kekParams, ownerDocument);
        if (encryptedData.getKeyInfo() == null) {
            KeyInfo keyInfo = keyInfoBuilder.buildObject();
            encryptedData.setKeyInfo(keyInfo);
        }
        encryptedData.getKeyInfo().getEncryptedKeys().add(encryptedKey);
    }

    return encryptedData;
}
 
Example #29
Source File: SubjectConfirmationUnmarshaller.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
        throws UnmarshallingException {

    SubjectConfirmation subjectConfirmation = (SubjectConfirmation) parentSAMLObject;

    if (childSAMLObject instanceof ConfirmationMethod) {
        subjectConfirmation.getConfirmationMethods().add((ConfirmationMethod) childSAMLObject);
    } else if(childSAMLObject instanceof KeyInfo) {
        subjectConfirmation.setKeyInfo((KeyInfo)childSAMLObject);
    } else {
        subjectConfirmation.setSubjectConfirmationData(childSAMLObject);
    }
}
 
Example #30
Source File: SessionKeyUnmarshaller.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentObject, XMLObject childObject) throws UnmarshallingException {
    SessionKey key = (SessionKey) parentObject;

    if (childObject instanceof EncType) {
        key.getEncTypes().add((EncType) childObject);
    } else if (childObject instanceof KeyInfo) {
        key.setKeyInfo((KeyInfo) childObject);
    } else {
        super.processChildElement(parentObject, childObject);
    }
}