/**
   * Applies the XML Digital Signature to the SAML 2.0 based Logout Request (LogoutRequest).
   *
   * @param logoutRequest the SAML 2.0 based Logout Request (LogoutRequest)
   * @param signatureAlgorithm the algorithm used to compute the signature
   * @param credential the signature signing credential
   * @return the SAML 2.0 based Logout Request (LogoutRequest) with XML Digital Signature set
   * @throws SSOException if an error occurs while signing the SAML 2.0 LogoutRequest message
   */
  protected static LogoutRequest setSignature(
      LogoutRequest logoutRequest, String signatureAlgorithm, X509Credential credential)
      throws SSOException {
    try {
      Signature signature = setSignatureRaw(signatureAlgorithm, credential);
      logoutRequest.setSignature(signature);

      List<Signature> signatureList = new ArrayList<>();
      signatureList.add(signature);

      // Marshall and Sign
      MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
      Marshaller marshaller = marshallerFactory.getMarshaller(logoutRequest);
      marshaller.marshall(logoutRequest);

      //  Initializes and configures the library
      Init.init();
      //  Signer is responsible for creating the digital signatures for the given XML Objects.
      //  Signs the XML Objects based on the given order of the Signature list
      Signer.signObjects(signatureList);
      return logoutRequest;
    } catch (MarshallingException | SignatureException e) {
      throw new SSOException("Error while signing the SAML 2.0 based LogoutRequest message", e);
    }
  }
Пример #2
0
  /**
   * Sign the SAML AuthnRequest message
   *
   * @param logoutRequest
   * @param signatureAlgorithm
   * @param cred
   * @return
   * @throws SAMLSSOException
   */
  public static LogoutRequest setSignature(
      LogoutRequest logoutRequest, String signatureAlgorithm, X509Credential cred)
      throws SAMLSSOException {
    try {
      Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
      signature.setSigningCredential(cred);
      signature.setSignatureAlgorithm(signatureAlgorithm);
      signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

      try {
        KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
        org.opensaml.xml.signature.X509Certificate cert =
            (org.opensaml.xml.signature.X509Certificate)
                buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
        String value =
            org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded());
        cert.setValue(value);
        data.getX509Certificates().add(cert);
        keyInfo.getX509Datas().add(data);
        signature.setKeyInfo(keyInfo);
      } catch (CertificateEncodingException e) {
        throw new SAMLSSOException("Error getting certificate", e);
      }

      logoutRequest.setSignature(signature);

      List<Signature> signatureList = new ArrayList<Signature>();
      signatureList.add(signature);

      // Marshall and Sign
      MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
      Marshaller marshaller = marshallerFactory.getMarshaller(logoutRequest);

      marshaller.marshall(logoutRequest);

      org.apache.xml.security.Init.init();
      Signer.signObjects(signatureList);
      return logoutRequest;

    } catch (Exception e) {
      throw new SAMLSSOException("Error while signing the Logout Request message", e);
    }
  }