/** * Applies the XML Digital Signature to the SAML 2.0 based Logout Request (LogoutRequest). * * @param logoutRequest the SAML 2.0 based Logout Request (LogoutRequest) * @param signatureAlgorithm the algorithm used to compute the signature * @param credential the signature signing credential * @return the SAML 2.0 based Logout Request (LogoutRequest) with XML Digital Signature set * @throws SSOException if an error occurs while signing the SAML 2.0 LogoutRequest message */ protected static LogoutRequest setSignature( LogoutRequest logoutRequest, String signatureAlgorithm, X509Credential credential) throws SSOException { try { Signature signature = setSignatureRaw(signatureAlgorithm, credential); logoutRequest.setSignature(signature); List<Signature> signatureList = new ArrayList<>(); signatureList.add(signature); // Marshall and Sign MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory(); Marshaller marshaller = marshallerFactory.getMarshaller(logoutRequest); marshaller.marshall(logoutRequest); // Initializes and configures the library Init.init(); // Signer is responsible for creating the digital signatures for the given XML Objects. // Signs the XML Objects based on the given order of the Signature list Signer.signObjects(signatureList); return logoutRequest; } catch (MarshallingException | SignatureException e) { throw new SSOException("Error while signing the SAML 2.0 based LogoutRequest message", e); } }
public static Document encryptAES( Key symmetricKey, Key keyEncryptionKey, Document document, Element elementToEncrypt, boolean encryptContentsOnly) throws Exception { org.apache.xml.security.Init.init(); // TODO: make singleton and do this only one time. // initialize cipher // XMLCipher keyCipher = XMLCipher.getInstance(XMLCipher.RSA_v1dot5); XMLCipher keyCipher = XMLCipher.getInstance(XMLCipher.RSA_OAEP); keyCipher.init(XMLCipher.WRAP_MODE, keyEncryptionKey); // encrypt symmetric key System.out.println("sym key: " + symmetricKey); EncryptedKey encryptedKey = keyCipher.encryptKey(document, symmetricKey); // xml XMLCipher xmlCipher = XMLCipher.getInstance(XMLCipher.AES_128); xmlCipher.init(XMLCipher.ENCRYPT_MODE, symmetricKey); // add key info to encrypted data element EncryptedData encryptedDataElement = xmlCipher.getEncryptedData(); KeyInfo keyInfo = new KeyInfo(document); keyInfo.add(encryptedKey); encryptedDataElement.setKeyInfo(keyInfo); // do the actual encryption document = xmlCipher.doFinal(document, elementToEncrypt, encryptContentsOnly); return document; }
static { // We use some Apache XML Security utility functions, so need to make sure library // is initialized. if (!Init.isInitialized()) { Init.init(); } }
@Override public SignableXMLObject setSignature( SignableXMLObject signableXMLObject, String signatureAlgorithm, String digestAlgorithm, X509Credential cred) throws IdentityException { Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(cred); signature.setSignatureAlgorithm(signatureAlgorithm); signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME); X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME); X509Certificate cert = (X509Certificate) buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME); String value; try { value = org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded()); } catch (CertificateEncodingException e) { throw IdentityException.error("Error occurred while retrieving encoded cert", e); } cert.setValue(value); data.getX509Certificates().add(cert); keyInfo.getX509Datas().add(data); signature.setKeyInfo(keyInfo); signableXMLObject.setSignature(signature); ((SAMLObjectContentReference) signature.getContentReferences().get(0)) .setDigestAlgorithm(digestAlgorithm); List<Signature> signatureList = new ArrayList<Signature>(); signatureList.add(signature); MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory(); Marshaller marshaller = marshallerFactory.getMarshaller(signableXMLObject); try { marshaller.marshall(signableXMLObject); } catch (MarshallingException e) { throw IdentityException.error("Unable to marshall the request", e); } org.apache.xml.security.Init.init(); try { Signer.signObjects(signatureList); } catch (SignatureException e) { throw IdentityException.error("Error occurred while signing request", e); } return signableXMLObject; }
/** * Sign the SAML AuthnRequest message * * @param logoutRequest * @param signatureAlgorithm * @param cred * @return * @throws SAMLSSOException */ public static LogoutRequest setSignature( LogoutRequest logoutRequest, String signatureAlgorithm, X509Credential cred) throws SAMLSSOException { try { Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(cred); signature.setSignatureAlgorithm(signatureAlgorithm); signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); try { KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME); X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME); org.opensaml.xml.signature.X509Certificate cert = (org.opensaml.xml.signature.X509Certificate) buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME); String value = org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded()); cert.setValue(value); data.getX509Certificates().add(cert); keyInfo.getX509Datas().add(data); signature.setKeyInfo(keyInfo); } catch (CertificateEncodingException e) { throw new SAMLSSOException("Error getting certificate", e); } logoutRequest.setSignature(signature); List<Signature> signatureList = new ArrayList<Signature>(); signatureList.add(signature); // Marshall and Sign MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory(); Marshaller marshaller = marshallerFactory.getMarshaller(logoutRequest); marshaller.marshall(logoutRequest); org.apache.xml.security.Init.init(); Signer.signObjects(signatureList); return logoutRequest; } catch (Exception e) { throw new SAMLSSOException("Error while signing the Logout Request message", e); } }
private static void initializeKeyStore() { if (keyProviderInitialized) { return; } org.apache.xml.security.Init.init(); keyProvider = KeyUtil.getKeyProviderInstance(); if (keyProvider != null) { keyStore = keyProvider.getKeyStore(); } try { String valCert = SystemPropertiesManager.get("com.sun.identity.saml.checkcert", "on"); checkCert = valCert.trim().equalsIgnoreCase("on"); } catch (Exception e) { checkCert = true; } keyProviderInitialized = true; }
@RequestMapping(value = "/pos-info", method = RequestMethod.GET) public String listReport(ModelMap modelMap) throws Exception { ClassPathResource resource = new ClassPathResource("server-configuration.properties"); Properties properties = PropertiesLoaderUtils.loadProperties(resource); modelMap.addAttribute("modoIntegracion", properties.getProperty("pos.server.modo")); String puntoEmision = properties.getProperty("pos.server.punto_emision"); modelMap.addAttribute("puntoEmision", puntoEmision); String MAC = macService.getCachedMAC(); modelMap.addAttribute("MAC", MAC); String transferencia = properties.getProperty("pos.server.transferencia"); modelMap.addAttribute("transferenciaHabilitada", transferencia.equals("1")); String limpieza = properties.getProperty("pos.server.limpieza"); modelMap.addAttribute("limpiezaHabilitada", limpieza.equals("1")); String storePath = properties.getProperty("pos.server.almacenfirma.archivo"); String storePassword = properties.getProperty("pos.server.almacenfirma.password"); String certAlias = properties.getProperty("pos.server.certificado.alias"); Init.init(); KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(getClass().getResourceAsStream(storePath), storePassword.toCharArray()); X509Certificate certificate = (X509Certificate) keyStore.getCertificate(certAlias); DateTime expireCertDate = new DateTime(certificate.getNotAfter()); DateTime now = DateTime.now(); int difference = Days.daysBetween(expireCertDate, now).getDays(); modelMap.addAttribute("certificadoExpirado", (difference > 0)); modelMap.addAttribute("fechaExpiracion", expireCertDate); return "/page"; }
static { org.apache.xml.security.Init.init(); }
static { Init.init(); }