public static String buildX509Certificate(String certAlias) throws SAML2MetaException { if ((certAlias == null) || (certAlias.trim().length() == 0)) { return null; } X509Certificate cert = KeyUtil.getKeyProviderInstance().getX509Certificate(certAlias); if (cert != null) { try { return Base64.encode(cert.getEncoded(), true); } catch (Exception ex) { if (debug.messageEnabled()) { debug.message("SAML2MetaSecurityUtils.buildX509Certificate:", ex); } } } Object[] objs = {certAlias}; throw new SAML2MetaException("invalid_cert_alias", objs); }
private static void initializeKeyStore() { if (keyProviderInitialized) { return; } org.apache.xml.security.Init.init(); keyProvider = KeyUtil.getKeyProviderInstance(); if (keyProvider != null) { keyStore = keyProvider.getKeyStore(); } try { String valCert = SystemPropertiesManager.get("com.sun.identity.saml.checkcert", "on"); checkCert = valCert.trim().equalsIgnoreCase("on"); } catch (Exception e) { checkCert = true; } keyProviderInitialized = true; }
/** * @param xacmlQuery XACML Query * @param realm the entity's realm. * @param pepEntityID entity identifier of PEP. * @param pdpEntityID entity identifier of PDP. * @throws <code>SAML2Exception</code> if error in verifying the signature. */ private static void signAttributeQuery( XACMLAuthzDecisionQuery xacmlQuery, String realm, String pepEntityID, boolean includeCert) throws SAML2Exception { KeyProvider keyProvider = KeyUtil.getKeyProviderInstance(); XACMLAuthzDecisionQueryConfigElement pepConfig = getPEPConfig(realm, pepEntityID); String alias = getAttributeValueFromPEPConfig(pepConfig, "signingCertAlias"); PrivateKey signingKey = keyProvider.getPrivateKey(alias); if (signingKey == null) { throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias")); } X509Certificate signingCert = null; if (includeCert) { signingCert = keyProvider.getX509Certificate(alias); } if (signingKey != null) { xacmlQuery.sign(signingKey, signingCert); } }