Exemplo n.º 1
0
  public URI generateRedirectUri(String samlParameterName, String redirectUri, Document document)
      throws ConfigurationException, ProcessingException, IOException {
    KeycloakUriBuilder builder =
        KeycloakUriBuilder.fromUri(redirectUri)
            .replaceQuery(null)
            .queryParam(samlParameterName, base64Encoded(document));
    if (relayState != null) {
      builder.queryParam("RelayState", relayState);
    }

    if (sign) {
      builder.queryParam(
          GeneralConstants.SAML_SIG_ALG_REQUEST_KEY, signatureAlgorithm.getXmlSignatureMethod());
      URI uri = builder.build();
      String rawQuery = uri.getRawQuery();
      Signature signature = signatureAlgorithm.createSignature();
      byte[] sig = new byte[0];
      try {
        signature.initSign(signingKeyPair.getPrivate());
        signature.update(rawQuery.getBytes("UTF-8"));
        sig = signature.sign();
      } catch (InvalidKeyException | UnsupportedEncodingException | SignatureException e) {
        throw new ProcessingException(e);
      }
      String encodedSig = RedirectBindingUtil.base64URLEncode(sig);
      builder.queryParam(GeneralConstants.SAML_SIGNATURE_REQUEST_KEY, encodedSig);
    }
    return builder.build();
  }
  /**
   * Verifies the signature on this CertificationRequest, using the given public key and
   * CryptoToken. Does not indicate the CertificationRequest is valid at any specific time.
   */
  public void verify(PublicKey key, CryptoToken token)
      throws NoSuchAlgorithmException, CertificateException, TokenException, SignatureException,
          InvalidKeyException {
    Signature sig = token.getSignatureContext(SignatureAlgorithm.fromOID(algId.getOID()));

    sig.initVerify(key);
    sig.update(infoEncoding);
    if (!sig.verify(signature)) {
      throw new CertificateException("Signature is invalid");
    }
  }
  /**
   * Creates and signs an X.509 CertificationRequest.
   *
   * @param info A CertificationRequestInfo (TBSCertificationRequest), which specifies the actual
   *     information of the CertificationRequest.
   * @param privKey The private key with which to sign the certificat.
   * @param signingAlg The algorithm to use to sign the CertificationRequest. It must match the
   *     algorithm specified in the CertificationRequestInfo.
   * @exception IOException If an error occurred while encoding the CertificationRequest.
   * @exception CryptoManager.NotInitializedException Because this operation involves cryptography
   *     (signing), CryptoManager must be initialized before calling it.
   * @exception TokenException If an error occurs on a PKCS #11 token.
   * @exception NoSuchAlgorithmException If the OID for the signing algorithm cannot be located.
   * @exception CertificateException If the signing algorithm specified as a parameter does not
   *     match the one in the CertificationRequest info.
   * @exception InvalidKeyException If the key does not match the signing algorithm.
   * @exception SignatureException If an error occurs while signing the CertificationRequest.
   */
  public CertificationRequest(
      CertificationRequestInfo info,
      java.security.PrivateKey privKey,
      SignatureAlgorithm signingAlg)
      throws IOException, CryptoManager.NotInitializedException, TokenException,
          NoSuchAlgorithmException, CertificateException, InvalidKeyException, SignatureException {
    // make sure key is a Ninja private key
    if (!(privKey instanceof PrivateKey)) {
      throw new InvalidKeyException("Private Key is does not belong to" + " this provider");
    }
    PrivateKey priv = (PrivateKey) privKey;

    // create algId
    if (signingAlg.getSigningAlg() == SignatureAlgorithm.RSASignature) {
      algId = new AlgorithmIdentifier(signingAlg.toOID(), null);
    } else {
      algId = new AlgorithmIdentifier(signingAlg.toOID());
    }

    // encode the cert info
    this.info = info;
    infoEncoding = ASN1Util.encode(info);

    // sign the info encoding
    CryptoManager cm = CryptoManager.getInstance();
    CryptoToken token = priv.getOwningToken();
    Signature sig = token.getSignatureContext(signingAlg);
    sig.initSign(priv);
    sig.update(infoEncoding);
    signature = sig.sign();

    // bundle everything into a SEQUENCE
    sequence = new SEQUENCE();
    sequence.addElement(info);
    sequence.addElement(algId);
    sequence.addElement(new BIT_STRING(signature, 0));
  }
Exemplo n.º 4
0
  public void signDocument(Document samlDocument) throws ProcessingException {
    String signatureMethod = signatureAlgorithm.getXmlSignatureMethod();
    String signatureDigestMethod = signatureAlgorithm.getXmlSignatureDigestMethod();
    SAML2Signature samlSignature = new SAML2Signature();

    if (signatureMethod != null) {
      samlSignature.setSignatureMethod(signatureMethod);
    }

    if (signatureDigestMethod != null) {
      samlSignature.setDigestMethod(signatureDigestMethod);
    }

    Node nextSibling = samlSignature.getNextSiblingOfIssuer(samlDocument);

    samlSignature.setNextSibling(nextSibling);

    if (signingCertificate != null) {
      samlSignature.setX509Certificate(signingCertificate);
    }

    samlSignature.signSAMLDocument(
        samlDocument, signingKeyName, signingKeyPair, canonicalizationMethodType);
  }
Exemplo n.º 5
0
 /** {@inheritDoc} */
 public void setVerifyKey(final PublicKey key) {
   if (!DSAPublicKey.class.isInstance(key)) {
     throw new IllegalArgumentException("DSA public key required.");
   }
   super.setVerifyKey(key);
 }
Exemplo n.º 6
0
 /** {@inheritDoc} */
 public void setSignKey(final PrivateKey key) {
   if (!DSAPrivateKey.class.isInstance(key)) {
     throw new IllegalArgumentException("DSA private key required.");
   }
   super.setSignKey(key);
 }