@Override public SignableXMLObject setSignature( SignableXMLObject signableXMLObject, String signatureAlgorithm, String digestAlgorithm, X509Credential cred) throws IdentityException { Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(cred); signature.setSignatureAlgorithm(signatureAlgorithm); signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME); X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME); X509Certificate cert = (X509Certificate) buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME); String value; try { value = org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded()); } catch (CertificateEncodingException e) { throw IdentityException.error("Error occurred while retrieving encoded cert", e); } cert.setValue(value); data.getX509Certificates().add(cert); keyInfo.getX509Datas().add(data); signature.setKeyInfo(keyInfo); signableXMLObject.setSignature(signature); ((SAMLObjectContentReference) signature.getContentReferences().get(0)) .setDigestAlgorithm(digestAlgorithm); List<Signature> signatureList = new ArrayList<Signature>(); signatureList.add(signature); MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory(); Marshaller marshaller = marshallerFactory.getMarshaller(signableXMLObject); try { marshaller.marshall(signableXMLObject); } catch (MarshallingException e) { throw IdentityException.error("Unable to marshall the request", e); } org.apache.xml.security.Init.init(); try { Signer.signObjects(signatureList); } catch (SignatureException e) { throw IdentityException.error("Error occurred while signing request", e); } return signableXMLObject; }
/** * Serialize the Auth. Request * * @param xmlObject * @return serialized auth. req */ protected String marshall(XMLObject xmlObject) throws SSOAgentException { try { System.setProperty( "javax.xml.parsers.DocumentBuilderFactory", "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl"); MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory(); Marshaller marshaller = marshallerFactory.getMarshaller(xmlObject); Element element = marshaller.marshall(xmlObject); ByteArrayOutputStream byteArrayOutputStrm = new ByteArrayOutputStream(); DOMImplementationRegistry registry = DOMImplementationRegistry.newInstance(); DOMImplementationLS impl = (DOMImplementationLS) registry.getDOMImplementation("LS"); LSSerializer writer = impl.createLSSerializer(); LSOutput output = impl.createLSOutput(); output.setByteStream(byteArrayOutputStrm); writer.write(element, output); return new String(byteArrayOutputStrm.toByteArray(), Charset.forName("UTF-8")); } catch (ClassNotFoundException e) { throw new SSOAgentException("Error in marshalling SAML2 Assertion", e); } catch (InstantiationException e) { throw new SSOAgentException("Error in marshalling SAML2 Assertion", e); } catch (MarshallingException e) { throw new SSOAgentException("Error in marshalling SAML2 Assertion", e); } catch (IllegalAccessException e) { throw new SSOAgentException("Error in marshalling SAML2 Assertion", e); } }
/** * Applies the XML Digital Signature to the SAML 2.0 based Logout Request (LogoutRequest). * * @param logoutRequest the SAML 2.0 based Logout Request (LogoutRequest) * @param signatureAlgorithm the algorithm used to compute the signature * @param credential the signature signing credential * @return the SAML 2.0 based Logout Request (LogoutRequest) with XML Digital Signature set * @throws SSOException if an error occurs while signing the SAML 2.0 LogoutRequest message */ protected static LogoutRequest setSignature( LogoutRequest logoutRequest, String signatureAlgorithm, X509Credential credential) throws SSOException { try { Signature signature = setSignatureRaw(signatureAlgorithm, credential); logoutRequest.setSignature(signature); List<Signature> signatureList = new ArrayList<>(); signatureList.add(signature); // Marshall and Sign MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory(); Marshaller marshaller = marshallerFactory.getMarshaller(logoutRequest); marshaller.marshall(logoutRequest); // Initializes and configures the library Init.init(); // Signer is responsible for creating the digital signatures for the given XML Objects. // Signs the XML Objects based on the given order of the Signature list Signer.signObjects(signatureList); return logoutRequest; } catch (MarshallingException | SignatureException e) { throw new SSOException("Error while signing the SAML 2.0 based LogoutRequest message", e); } }
private static String getMetadataAsString(final EntityDescriptor descriptor) throws MarshallingException { final MarshallerFactory marshallerFactory = Configuration.getMarshallerFactory(); final Marshaller marshaller = marshallerFactory.getMarshaller(descriptor); final Element element = marshaller.marshall(descriptor); return XMLHelper.nodeToString(element); }
/* * Create a fully formed SAML Request. * @return The SAML Request as XML. */ public String buildAuthnRequest2String() throws org.opensaml.xml.io.MarshallingException, BindingException, IOException, ValidationException { // build an AuthnRequest object final AuthnRequestImpl auth = buildAuthnRequest(); // Now we must marshall the object for the transfer over the wire. final Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(auth); final Element authDOM = marshaller.marshall(auth); // We use a StringWriter to produce our XML output. This gets us XML where // the encoding is UTF-8. We must have UTF-8 or bad things happen. return XMLHelper.prettyPrintXML(authDOM); }
/** * Sign the SAML AuthnRequest message * * @param logoutRequest * @param signatureAlgorithm * @param cred * @return * @throws SAMLSSOException */ public static LogoutRequest setSignature( LogoutRequest logoutRequest, String signatureAlgorithm, X509Credential cred) throws SAMLSSOException { try { Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME); signature.setSigningCredential(cred); signature.setSignatureAlgorithm(signatureAlgorithm); signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); try { KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME); X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME); org.opensaml.xml.signature.X509Certificate cert = (org.opensaml.xml.signature.X509Certificate) buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME); String value = org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded()); cert.setValue(value); data.getX509Certificates().add(cert); keyInfo.getX509Datas().add(data); signature.setKeyInfo(keyInfo); } catch (CertificateEncodingException e) { throw new SAMLSSOException("Error getting certificate", e); } logoutRequest.setSignature(signature); List<Signature> signatureList = new ArrayList<Signature>(); signatureList.add(signature); // Marshall and Sign MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory(); Marshaller marshaller = marshallerFactory.getMarshaller(logoutRequest); marshaller.marshall(logoutRequest); org.apache.xml.security.Init.init(); Signer.signObjects(signatureList); return logoutRequest; } catch (Exception e) { throw new SAMLSSOException("Error while signing the Logout Request message", e); } }
/** * Serializing a SAML2 object into a String * * @param xmlObject object that needs to serialized. * @return serialized object * @throws Exception */ public static String marshall(XMLObject xmlObject) throws Exception { try { doBootstrap(); System.setProperty( "javax.xml.parsers.DocumentBuilderFactory", "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl"); MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory(); Marshaller marshaller = marshallerFactory.getMarshaller(xmlObject); Element element = marshaller.marshall(xmlObject); ByteArrayOutputStream byteArrayOutputStrm = new ByteArrayOutputStream(); DOMImplementationRegistry registry = DOMImplementationRegistry.newInstance(); DOMImplementationLS impl = (DOMImplementationLS) registry.getDOMImplementation("LS"); LSSerializer writer = impl.createLSSerializer(); LSOutput output = impl.createLSOutput(); output.setByteStream(byteArrayOutputStrm); writer.write(element, output); return byteArrayOutputStrm.toString(); } catch (Exception e) { throw new Exception("Error Serializing the SAML Response", e); } }