@Override
  public SignableXMLObject setSignature(
      SignableXMLObject signableXMLObject,
      String signatureAlgorithm,
      String digestAlgorithm,
      X509Credential cred)
      throws IdentityException {

    Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
    signature.setSigningCredential(cred);
    signature.setSignatureAlgorithm(signatureAlgorithm);
    signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

    KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
    X509Certificate cert = (X509Certificate) buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);

    String value;
    try {
      value = org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded());
    } catch (CertificateEncodingException e) {
      throw IdentityException.error("Error occurred while retrieving encoded cert", e);
    }

    cert.setValue(value);
    data.getX509Certificates().add(cert);
    keyInfo.getX509Datas().add(data);
    signature.setKeyInfo(keyInfo);

    signableXMLObject.setSignature(signature);
    ((SAMLObjectContentReference) signature.getContentReferences().get(0))
        .setDigestAlgorithm(digestAlgorithm);

    List<Signature> signatureList = new ArrayList<Signature>();
    signatureList.add(signature);

    MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
    Marshaller marshaller = marshallerFactory.getMarshaller(signableXMLObject);

    try {
      marshaller.marshall(signableXMLObject);
    } catch (MarshallingException e) {
      throw IdentityException.error("Unable to marshall the request", e);
    }

    org.apache.xml.security.Init.init();
    try {
      Signer.signObjects(signatureList);
    } catch (SignatureException e) {
      throw IdentityException.error("Error occurred while signing request", e);
    }

    return signableXMLObject;
  }
 /**
  * Serializes an authentication request into a string.
  *
  * @param request the request to serialize
  * @return the serialized form of the string
  * @throws MarshallingException thrown if the request can not be marshalled and serialized
  */
 protected String serializeRequest(AuthnRequest request) throws MarshallingException {
   Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(request);
   Element requestElem = marshaller.marshall(request);
   StringWriter writer = new StringWriter();
   XMLHelper.writeNode(requestElem, writer);
   return writer.toString();
 }
  /**
   * Serialize the Auth. Request
   *
   * @param xmlObject
   * @return serialized auth. req
   */
  protected String marshall(XMLObject xmlObject) throws SSOAgentException {

    try {
      System.setProperty(
          "javax.xml.parsers.DocumentBuilderFactory",
          "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
      MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
      Marshaller marshaller = marshallerFactory.getMarshaller(xmlObject);
      Element element = marshaller.marshall(xmlObject);
      ByteArrayOutputStream byteArrayOutputStrm = new ByteArrayOutputStream();
      DOMImplementationRegistry registry = DOMImplementationRegistry.newInstance();
      DOMImplementationLS impl = (DOMImplementationLS) registry.getDOMImplementation("LS");
      LSSerializer writer = impl.createLSSerializer();
      LSOutput output = impl.createLSOutput();
      output.setByteStream(byteArrayOutputStrm);
      writer.write(element, output);
      return new String(byteArrayOutputStrm.toByteArray(), Charset.forName("UTF-8"));
    } catch (ClassNotFoundException e) {
      throw new SSOAgentException("Error in marshalling SAML2 Assertion", e);
    } catch (InstantiationException e) {
      throw new SSOAgentException("Error in marshalling SAML2 Assertion", e);
    } catch (MarshallingException e) {
      throw new SSOAgentException("Error in marshalling SAML2 Assertion", e);
    } catch (IllegalAccessException e) {
      throw new SSOAgentException("Error in marshalling SAML2 Assertion", e);
    }
  }
  /**
   * Applies the XML Digital Signature to the SAML 2.0 based Logout Request (LogoutRequest).
   *
   * @param logoutRequest the SAML 2.0 based Logout Request (LogoutRequest)
   * @param signatureAlgorithm the algorithm used to compute the signature
   * @param credential the signature signing credential
   * @return the SAML 2.0 based Logout Request (LogoutRequest) with XML Digital Signature set
   * @throws SSOException if an error occurs while signing the SAML 2.0 LogoutRequest message
   */
  protected static LogoutRequest setSignature(
      LogoutRequest logoutRequest, String signatureAlgorithm, X509Credential credential)
      throws SSOException {
    try {
      Signature signature = setSignatureRaw(signatureAlgorithm, credential);
      logoutRequest.setSignature(signature);

      List<Signature> signatureList = new ArrayList<>();
      signatureList.add(signature);

      // Marshall and Sign
      MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
      Marshaller marshaller = marshallerFactory.getMarshaller(logoutRequest);
      marshaller.marshall(logoutRequest);

      //  Initializes and configures the library
      Init.init();
      //  Signer is responsible for creating the digital signatures for the given XML Objects.
      //  Signs the XML Objects based on the given order of the Signature list
      Signer.signObjects(signatureList);
      return logoutRequest;
    } catch (MarshallingException | SignatureException e) {
      throw new SSOException("Error while signing the SAML 2.0 based LogoutRequest message", e);
    }
  }
 /**
  * Serializes the specified SAML 2.0 based XML content representation to its corresponding actual
  * XML syntax representation.
  *
  * @param xmlObject the SAML 2.0 based XML content object
  * @return a {@link String} representation of the actual XML representation of the SAML 2.0 based
  *     XML content representation
  * @throws SSOException if an error occurs during the marshalling process
  */
 public static String marshall(XMLObject xmlObject) throws SSOException {
   try {
     //  Explicitly sets the special XML parser library to be used, in the global variables
     System.setProperty(
         "javax.xml.parsers.DocumentBuilderFactory",
         "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
     MarshallerFactory marshallerFactory = Configuration.getMarshallerFactory();
     Marshaller marshaller = marshallerFactory.getMarshaller(xmlObject);
     Element element = marshaller.marshall(xmlObject);
     ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
     DOMImplementationRegistry registry = DOMImplementationRegistry.newInstance();
     DOMImplementationLS implementation =
         (DOMImplementationLS) registry.getDOMImplementation("LS");
     LSSerializer writer = implementation.createLSSerializer();
     LSOutput output = implementation.createLSOutput();
     output.setByteStream(byteArrayOutputStream);
     writer.write(element, output);
     return new String(byteArrayOutputStream.toByteArray(), Charset.forName("UTF-8"));
   } catch (ClassNotFoundException
       | InstantiationException
       | MarshallingException
       | IllegalAccessException e) {
     throw new SSOException("Error in marshalling SAML2 Assertion", e);
   }
 }
  private static String getMetadataAsString(final EntityDescriptor descriptor)
      throws MarshallingException {

    final MarshallerFactory marshallerFactory = Configuration.getMarshallerFactory();
    final Marshaller marshaller = marshallerFactory.getMarshaller(descriptor);
    final Element element = marshaller.marshall(descriptor);
    return XMLHelper.nodeToString(element);
  }
  /*
   * Create a fully formed SAML Request.
   * @return The SAML Request as XML.
   */
  public String buildAuthnRequest2String()
      throws org.opensaml.xml.io.MarshallingException, BindingException, IOException,
          ValidationException {
    // build an AuthnRequest object
    final AuthnRequestImpl auth = buildAuthnRequest();

    // Now we must marshall the object for the transfer over the wire.
    final Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(auth);
    final Element authDOM = marshaller.marshall(auth);
    // We use a StringWriter to produce our XML output. This gets us XML where
    // the encoding is UTF-8. We must have UTF-8 or bad things happen.
    return XMLHelper.prettyPrintXML(authDOM);
  }
  /**
   * Encodes the SAML 2.0 based request XML object into its corresponding Base64 notation, based on
   * the type of SAML 2.0 binding.
   *
   * @param requestMessage the {@link RequestAbstractType} XML object to be encoded
   * @param binding the SAML 2.0 binding type
   * @return encoded {@link String} corresponding to the request XML object
   * @throws SSOException if an error occurs while encoding SAML2 request
   */
  protected static String encodeRequestMessage(RequestAbstractType requestMessage, String binding)
      throws SSOException {
    Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(requestMessage);
    Element authDOM;
    try {
      //  Marshall this element, and its children, and root them in a newly created Document
      authDOM = marshaller.marshall(requestMessage);
    } catch (MarshallingException e) {
      throw new SSOException(
          "Error occurred while encoding SAML2 request, failed to marshall the SAML 2.0. "
              + "Request element XMLObject to its corresponding W3C DOM element",
          e);
    }

    StringWriter writer = new StringWriter();
    //  Writes the node out to the writer using the DOM
    XMLHelper.writeNode(authDOM, writer);

    if (SAMLConstants.SAML2_REDIRECT_BINDING_URI.equals(binding)) {
      //  Compress the message, Base 64 encode and URL encode
      Deflater deflater = new Deflater(Deflater.DEFLATED, true);
      ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
      try (DeflaterOutputStream deflaterOutputStream =
          new DeflaterOutputStream(byteArrayOutputStream, deflater)) {
        deflaterOutputStream.write(writer.toString().getBytes(Charset.forName("UTF-8")));
      } catch (IOException e) {
        throw new SSOException("Error occurred while deflate encoding SAML2 request", e);
      }

      String encodedRequestMessage =
          Base64.encodeBytes(byteArrayOutputStream.toByteArray(), Base64.DONT_BREAK_LINES);
      try {
        return URLEncoder.encode(encodedRequestMessage, "UTF-8").trim();
      } catch (UnsupportedEncodingException e) {
        throw new SSOException("Error occurred while encoding SAML2 request", e);
      }
    } else if (SAMLConstants.SAML2_POST_BINDING_URI.equals(binding)) {
      return Base64.encodeBytes(
          writer.toString().getBytes(Charset.forName("UTF-8")), Base64.DONT_BREAK_LINES);
    } else {
      logger.log(
          Level.FINE,
          "Unsupported SAML2 HTTP Binding. Defaulting to " + SAMLConstants.SAML2_POST_BINDING_URI);
      return Base64.encodeBytes(
          writer.toString().getBytes(Charset.forName("UTF-8")), Base64.DONT_BREAK_LINES);
    }
  }
Esempio n. 9
0
  /**
   * Sign the SAML AuthnRequest message
   *
   * @param logoutRequest
   * @param signatureAlgorithm
   * @param cred
   * @return
   * @throws SAMLSSOException
   */
  public static LogoutRequest setSignature(
      LogoutRequest logoutRequest, String signatureAlgorithm, X509Credential cred)
      throws SAMLSSOException {
    try {
      Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
      signature.setSigningCredential(cred);
      signature.setSignatureAlgorithm(signatureAlgorithm);
      signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

      try {
        KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
        org.opensaml.xml.signature.X509Certificate cert =
            (org.opensaml.xml.signature.X509Certificate)
                buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
        String value =
            org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded());
        cert.setValue(value);
        data.getX509Certificates().add(cert);
        keyInfo.getX509Datas().add(data);
        signature.setKeyInfo(keyInfo);
      } catch (CertificateEncodingException e) {
        throw new SAMLSSOException("Error getting certificate", e);
      }

      logoutRequest.setSignature(signature);

      List<Signature> signatureList = new ArrayList<Signature>();
      signatureList.add(signature);

      // Marshall and Sign
      MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
      Marshaller marshaller = marshallerFactory.getMarshaller(logoutRequest);

      marshaller.marshall(logoutRequest);

      org.apache.xml.security.Init.init();
      Signer.signObjects(signatureList);
      return logoutRequest;

    } catch (Exception e) {
      throw new SAMLSSOException("Error while signing the Logout Request message", e);
    }
  }
  private String encodeRequestMessage(RequestAbstractType requestMessage) throws SAMLSSOException {

    Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(requestMessage);
    Element authDOM = null;
    try {
      authDOM = marshaller.marshall(requestMessage);

      /* Compress the message */
      Deflater deflater = new Deflater(Deflater.DEFLATED, true);
      ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
      DeflaterOutputStream deflaterOutputStream =
          new DeflaterOutputStream(byteArrayOutputStream, deflater);
      StringWriter rspWrt = new StringWriter();
      XMLHelper.writeNode(authDOM, rspWrt);
      deflaterOutputStream.write(rspWrt.toString().getBytes());
      deflaterOutputStream.close();

      /* Encoding the compressed message */
      String encodedRequestMessage =
          Base64.encodeBytes(byteArrayOutputStream.toByteArray(), Base64.DONT_BREAK_LINES);

      byteArrayOutputStream.write(byteArrayOutputStream.toByteArray());
      byteArrayOutputStream.toString();

      // log saml
      if (log.isDebugEnabled()) {
        log.debug("SAML Request  :  " + rspWrt.toString());
      }

      return URLEncoder.encode(encodedRequestMessage, "UTF-8").trim();

    } catch (MarshallingException e) {
      throw new SAMLSSOException("Error occurred while encoding SAML request", e);
    } catch (UnsupportedEncodingException e) {
      throw new SAMLSSOException("Error occurred while encoding SAML request", e);
    } catch (IOException e) {
      throw new SAMLSSOException("Error occurred while encoding SAML request", e);
    }
  }
Esempio n. 11
0
  /**
   * Serializing a SAML2 object into a String
   *
   * @param xmlObject object that needs to serialized.
   * @return serialized object
   * @throws Exception
   */
  public static String marshall(XMLObject xmlObject) throws Exception {
    try {
      doBootstrap();
      System.setProperty(
          "javax.xml.parsers.DocumentBuilderFactory",
          "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");

      MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
      Marshaller marshaller = marshallerFactory.getMarshaller(xmlObject);
      Element element = marshaller.marshall(xmlObject);

      ByteArrayOutputStream byteArrayOutputStrm = new ByteArrayOutputStream();
      DOMImplementationRegistry registry = DOMImplementationRegistry.newInstance();
      DOMImplementationLS impl = (DOMImplementationLS) registry.getDOMImplementation("LS");
      LSSerializer writer = impl.createLSSerializer();
      LSOutput output = impl.createLSOutput();
      output.setByteStream(byteArrayOutputStrm);
      writer.write(element, output);
      return byteArrayOutputStrm.toString();
    } catch (Exception e) {
      throw new Exception("Error Serializing the SAML Response", e);
    }
  }
  protected String encodeRequestMessage(RequestAbstractType requestMessage, String binding)
      throws SSOAgentException {

    Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(requestMessage);
    Element authDOM = null;
    try {
      authDOM = marshaller.marshall(requestMessage);
      StringWriter rspWrt = new StringWriter();
      XMLHelper.writeNode(authDOM, rspWrt);
      if (SAMLConstants.SAML2_REDIRECT_BINDING_URI.equals(binding)) {
        // Compress the message, Base 64 encode and URL encode
        Deflater deflater = new Deflater(Deflater.DEFLATED, true);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DeflaterOutputStream deflaterOutputStream =
            new DeflaterOutputStream(byteArrayOutputStream, deflater);
        deflaterOutputStream.write(rspWrt.toString().getBytes(Charset.forName("UTF-8")));
        deflaterOutputStream.close();
        String encodedRequestMessage =
            Base64.encodeBytes(byteArrayOutputStream.toByteArray(), Base64.DONT_BREAK_LINES);
        return URLEncoder.encode(encodedRequestMessage, "UTF-8").trim();
      } else if (SAMLConstants.SAML2_POST_BINDING_URI.equals(binding)) {
        return Base64.encodeBytes(rspWrt.toString().getBytes(), Base64.DONT_BREAK_LINES);
      } else {
        LOGGER.log(
            Level.FINE,
            "Unsupported SAML2 HTTP Binding. Defaulting to "
                + SAMLConstants.SAML2_POST_BINDING_URI);
        return Base64.encodeBytes(rspWrt.toString().getBytes(), Base64.DONT_BREAK_LINES);
      }
    } catch (MarshallingException e) {
      throw new SSOAgentException("Error occurred while encoding SAML2 request", e);
    } catch (UnsupportedEncodingException e) {
      throw new SSOAgentException("Error occurred while encoding SAML2 request", e);
    } catch (IOException e) {
      throw new SSOAgentException("Error occurred while encoding SAML2 request", e);
    }
  }