예제 #1
0
  /**
   * Applies the XML Digital Signature to the SAML 2.0 based Logout Request (LogoutRequest).
   *
   * @param logoutRequest the SAML 2.0 based Logout Request (LogoutRequest)
   * @param signatureAlgorithm the algorithm used to compute the signature
   * @param credential the signature signing credential
   * @return the SAML 2.0 based Logout Request (LogoutRequest) with XML Digital Signature set
   * @throws SSOException if an error occurs while signing the SAML 2.0 LogoutRequest message
   */
  protected static LogoutRequest setSignature(
      LogoutRequest logoutRequest, String signatureAlgorithm, X509Credential credential)
      throws SSOException {
    try {
      Signature signature = setSignatureRaw(signatureAlgorithm, credential);
      logoutRequest.setSignature(signature);

      List<Signature> signatureList = new ArrayList<>();
      signatureList.add(signature);

      // Marshall and Sign
      MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
      Marshaller marshaller = marshallerFactory.getMarshaller(logoutRequest);
      marshaller.marshall(logoutRequest);

      //  Initializes and configures the library
      Init.init();
      //  Signer is responsible for creating the digital signatures for the given XML Objects.
      //  Signs the XML Objects based on the given order of the Signature list
      Signer.signObjects(signatureList);
      return logoutRequest;
    } catch (MarshallingException | SignatureException e) {
      throw new SSOException("Error while signing the SAML 2.0 based LogoutRequest message", e);
    }
  }
예제 #2
0
  public static Document encryptAES(
      Key symmetricKey,
      Key keyEncryptionKey,
      Document document,
      Element elementToEncrypt,
      boolean encryptContentsOnly)
      throws Exception {
    org.apache.xml.security.Init.init(); // TODO: make singleton and do this only one time.

    // initialize cipher
    // XMLCipher keyCipher = XMLCipher.getInstance(XMLCipher.RSA_v1dot5);
    XMLCipher keyCipher = XMLCipher.getInstance(XMLCipher.RSA_OAEP);
    keyCipher.init(XMLCipher.WRAP_MODE, keyEncryptionKey);

    // encrypt symmetric key
    System.out.println("sym key: " + symmetricKey);
    EncryptedKey encryptedKey = keyCipher.encryptKey(document, symmetricKey);

    // xml
    XMLCipher xmlCipher = XMLCipher.getInstance(XMLCipher.AES_128);
    xmlCipher.init(XMLCipher.ENCRYPT_MODE, symmetricKey);

    // add key info to encrypted data element
    EncryptedData encryptedDataElement = xmlCipher.getEncryptedData();
    KeyInfo keyInfo = new KeyInfo(document);
    keyInfo.add(encryptedKey);
    encryptedDataElement.setKeyInfo(keyInfo);

    // do the actual encryption
    document = xmlCipher.doFinal(document, elementToEncrypt, encryptContentsOnly);

    return document;
  }
예제 #3
0
 static {
   // We use some Apache XML Security utility functions, so need to make sure library
   // is initialized.
   if (!Init.isInitialized()) {
     Init.init();
   }
 }
예제 #4
0
  @Override
  public SignableXMLObject setSignature(
      SignableXMLObject signableXMLObject,
      String signatureAlgorithm,
      String digestAlgorithm,
      X509Credential cred)
      throws IdentityException {

    Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
    signature.setSigningCredential(cred);
    signature.setSignatureAlgorithm(signatureAlgorithm);
    signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

    KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
    X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
    X509Certificate cert = (X509Certificate) buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);

    String value;
    try {
      value = org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded());
    } catch (CertificateEncodingException e) {
      throw IdentityException.error("Error occurred while retrieving encoded cert", e);
    }

    cert.setValue(value);
    data.getX509Certificates().add(cert);
    keyInfo.getX509Datas().add(data);
    signature.setKeyInfo(keyInfo);

    signableXMLObject.setSignature(signature);
    ((SAMLObjectContentReference) signature.getContentReferences().get(0))
        .setDigestAlgorithm(digestAlgorithm);

    List<Signature> signatureList = new ArrayList<Signature>();
    signatureList.add(signature);

    MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
    Marshaller marshaller = marshallerFactory.getMarshaller(signableXMLObject);

    try {
      marshaller.marshall(signableXMLObject);
    } catch (MarshallingException e) {
      throw IdentityException.error("Unable to marshall the request", e);
    }

    org.apache.xml.security.Init.init();
    try {
      Signer.signObjects(signatureList);
    } catch (SignatureException e) {
      throw IdentityException.error("Error occurred while signing request", e);
    }

    return signableXMLObject;
  }
예제 #5
0
  /**
   * Sign the SAML AuthnRequest message
   *
   * @param logoutRequest
   * @param signatureAlgorithm
   * @param cred
   * @return
   * @throws SAMLSSOException
   */
  public static LogoutRequest setSignature(
      LogoutRequest logoutRequest, String signatureAlgorithm, X509Credential cred)
      throws SAMLSSOException {
    try {
      Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
      signature.setSigningCredential(cred);
      signature.setSignatureAlgorithm(signatureAlgorithm);
      signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

      try {
        KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
        org.opensaml.xml.signature.X509Certificate cert =
            (org.opensaml.xml.signature.X509Certificate)
                buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
        String value =
            org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded());
        cert.setValue(value);
        data.getX509Certificates().add(cert);
        keyInfo.getX509Datas().add(data);
        signature.setKeyInfo(keyInfo);
      } catch (CertificateEncodingException e) {
        throw new SAMLSSOException("Error getting certificate", e);
      }

      logoutRequest.setSignature(signature);

      List<Signature> signatureList = new ArrayList<Signature>();
      signatureList.add(signature);

      // Marshall and Sign
      MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
      Marshaller marshaller = marshallerFactory.getMarshaller(logoutRequest);

      marshaller.marshall(logoutRequest);

      org.apache.xml.security.Init.init();
      Signer.signObjects(signatureList);
      return logoutRequest;

    } catch (Exception e) {
      throw new SAMLSSOException("Error while signing the Logout Request message", e);
    }
  }
예제 #6
0
  private static void initializeKeyStore() {
    if (keyProviderInitialized) {
      return;
    }

    org.apache.xml.security.Init.init();

    keyProvider = KeyUtil.getKeyProviderInstance();
    if (keyProvider != null) {
      keyStore = keyProvider.getKeyStore();
    }

    try {
      String valCert = SystemPropertiesManager.get("com.sun.identity.saml.checkcert", "on");

      checkCert = valCert.trim().equalsIgnoreCase("on");
    } catch (Exception e) {
      checkCert = true;
    }

    keyProviderInitialized = true;
  }
예제 #7
0
  @RequestMapping(value = "/pos-info", method = RequestMethod.GET)
  public String listReport(ModelMap modelMap) throws Exception {
    ClassPathResource resource = new ClassPathResource("server-configuration.properties");

    Properties properties = PropertiesLoaderUtils.loadProperties(resource);
    modelMap.addAttribute("modoIntegracion", properties.getProperty("pos.server.modo"));

    String puntoEmision = properties.getProperty("pos.server.punto_emision");
    modelMap.addAttribute("puntoEmision", puntoEmision);

    String MAC = macService.getCachedMAC();
    modelMap.addAttribute("MAC", MAC);

    String transferencia = properties.getProperty("pos.server.transferencia");
    modelMap.addAttribute("transferenciaHabilitada", transferencia.equals("1"));

    String limpieza = properties.getProperty("pos.server.limpieza");
    modelMap.addAttribute("limpiezaHabilitada", limpieza.equals("1"));

    String storePath = properties.getProperty("pos.server.almacenfirma.archivo");
    String storePassword = properties.getProperty("pos.server.almacenfirma.password");
    String certAlias = properties.getProperty("pos.server.certificado.alias");

    Init.init();
    KeyStore keyStore = KeyStore.getInstance("JKS");
    keyStore.load(getClass().getResourceAsStream(storePath), storePassword.toCharArray());

    X509Certificate certificate = (X509Certificate) keyStore.getCertificate(certAlias);
    DateTime expireCertDate = new DateTime(certificate.getNotAfter());
    DateTime now = DateTime.now();
    int difference = Days.daysBetween(expireCertDate, now).getDays();

    modelMap.addAttribute("certificadoExpirado", (difference > 0));
    modelMap.addAttribute("fechaExpiracion", expireCertDate);

    return "/page";
  }
예제 #8
0
 static {
   org.apache.xml.security.Init.init();
 }
예제 #9
0
 static {
   Init.init();
 }