public static String buildX509Certificate(String certAlias) throws SAML2MetaException {
if ((certAlias == null) || (certAlias.trim().length() == 0)) {
return null;
}
X509Certificate cert = KeyUtil.getKeyProviderInstance().getX509Certificate(certAlias);
if (cert != null) {
try {
return Base64.encode(cert.getEncoded(), true);
} catch (Exception ex) {
if (debug.messageEnabled()) {
debug.message("SAML2MetaSecurityUtils.buildX509Certificate:", ex);
}
}
}
Object[] objs = {certAlias};
throw new SAML2MetaException("invalid_cert_alias", objs);
}
private static void initializeKeyStore() {
if (keyProviderInitialized) {
return;
}
org.apache.xml.security.Init.init();
keyProvider = KeyUtil.getKeyProviderInstance();
if (keyProvider != null) {
keyStore = keyProvider.getKeyStore();
}
try {
String valCert = SystemPropertiesManager.get("com.sun.identity.saml.checkcert", "on");
checkCert = valCert.trim().equalsIgnoreCase("on");
} catch (Exception e) {
checkCert = true;
}
keyProviderInitialized = true;
}
/**
* @param xacmlQuery XACML Query
* @param realm the entity's realm.
* @param pepEntityID entity identifier of PEP.
* @param pdpEntityID entity identifier of PDP.
* @throws <code>SAML2Exception</code> if error in verifying the signature.
*/
private static void signAttributeQuery(
XACMLAuthzDecisionQuery xacmlQuery, String realm, String pepEntityID, boolean includeCert)
throws SAML2Exception {
KeyProvider keyProvider = KeyUtil.getKeyProviderInstance();
XACMLAuthzDecisionQueryConfigElement pepConfig = getPEPConfig(realm, pepEntityID);
String alias = getAttributeValueFromPEPConfig(pepConfig, "signingCertAlias");
PrivateKey signingKey = keyProvider.getPrivateKey(alias);
if (signingKey == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
}
X509Certificate signingCert = null;
if (includeCert) {
signingCert = keyProvider.getX509Certificate(alias);
}
if (signingKey != null) {
xacmlQuery.sign(signingKey, signingCert);
}
}
