本文整理汇总了Java中org.opensaml.xml.signature.SignatureConstants类的典型用法代码示例。如果您正苦于以下问题:Java SignatureConstants类的具体用法?Java SignatureConstants怎么用?Java SignatureConstants使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
SignatureConstants类属于org.opensaml.xml.signature包,在下文中一共展示了SignatureConstants类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: populateSignatureParams
import org.opensaml.xml.signature.SignatureConstants; //导入依赖的package包/类
/**
* Populate signature-related parameters.
*
* @param config the security configuration to populate
*/
protected static void populateSignatureParams(BasicSecurityConfiguration config) {
// Asymmetric key algorithms
config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
config.registerSignatureAlgorithmURI("DSA", SignatureConstants.ALGO_ID_SIGNATURE_DSA);
config.registerSignatureAlgorithmURI("EC", SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1);
// HMAC algorithms
config.registerSignatureAlgorithmURI("AES", SignatureConstants.ALGO_ID_MAC_HMAC_SHA1);
config.registerSignatureAlgorithmURI("DESede", SignatureConstants.ALGO_ID_MAC_HMAC_SHA1);
// Other signature-related params
config.setSignatureCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
config.setSignatureHMACOutputLength(null);
config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA1);
}
示例2: preProcessEncryptedKey
import org.opensaml.xml.signature.SignatureConstants; //导入依赖的package包/类
/**
* Preprocess the EncryptedKey. For example, check for supported algorithms.
*
* @param encryptedKey encrypted key element containing the encrypted key to be decrypted
* @param algorithm the algorithm associated with the decrypted key
* @param kek the key encryption key with which to attempt decryption of the encrypted key
*
* @throws DecryptionException exception indicating a decryption error
*/
protected void preProcessEncryptedKey(EncryptedKey encryptedKey, String algorithm, Key kek)
throws DecryptionException {
// Apache XML-Security currently only supports an internal, hard-coded default
// SHA-1 digest method with RSA-OAEP key transport.
String keyTransportAlgorithm = encryptedKey.getEncryptionMethod().getAlgorithm();
if (EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP.equals(keyTransportAlgorithm)) {
List<XMLObject> digestMethods =
encryptedKey.getEncryptionMethod().getUnknownXMLObjects(DigestMethod.DEFAULT_ELEMENT_NAME);
if (!digestMethods.isEmpty()) {
DigestMethod dm = (DigestMethod) digestMethods.get(0);
if (! SignatureConstants.ALGO_ID_DIGEST_SHA1
.equals(DatatypeHelper.safeTrimOrNullString(dm.getAlgorithm())) ) {
log.error("EncryptedKey/EncryptionMethod/DigestMethod contains unsupported algorithm URI: {}",
dm.getAlgorithm());
throw new DecryptionException(
"EncryptedKey/EncryptionMethod/DigestMethod contains unsupported algorithm URI");
}
}
}
}
示例3: SAMLObjectContentReference
import org.opensaml.xml.signature.SignatureConstants; //导入依赖的package包/类
/**
* Constructor.
*
* @param newSignableObject the SAMLObject this reference refers to
*/
public SAMLObjectContentReference(SignableSAMLObject newSignableObject) {
signableObject = newSignableObject;
transforms = new LazyList<String>();
// Set defaults
if (Configuration.getGlobalSecurityConfiguration() != null ) {
digestAlgorithm = Configuration.getGlobalSecurityConfiguration().getSignatureReferenceDigestMethod();
}
if (digestAlgorithm == null) {
digestAlgorithm = SignatureConstants.ALGO_ID_DIGEST_SHA1;
}
transforms.add(SignatureConstants.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.add(SignatureConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
}
示例4: declareNonVisibleNamespaces
import org.opensaml.xml.signature.SignatureConstants; //导入依赖的package包/类
/**
* Examines the {@link SignableSAMLObject} for the need to declare non-visible namespaces
* before marshalling and signing, and if required, performs the declarations.
*
* <p>
* If the object does not already have a cached DOM, does have a signature attached,
* and the signature contains a {@link SAMLObjectContentReference} with a transform of either
* {@link SignatureConstants#TRANSFORM_C14N_EXCL_OMIT_COMMENTS}
* or {@link SignatureConstants#TRANSFORM_C14N_EXCL_WITH_COMMENTS},
* it declares on the object all non-visible namespaces
* as determined by {@link NamespaceManager#getNonVisibleNamespaces()}.
* </p>
*
* @param signableObject the signable SAML object to evaluate
*/
public static void declareNonVisibleNamespaces(SignableSAMLObject signableObject) {
Logger log = getLogger();
if (signableObject.getDOM() == null && signableObject.getSignature() != null) {
log.debug("Examing signed object for content references with exclusive canonicalization transform");
boolean sawExclusive = false;
for (ContentReference cr : signableObject.getSignature().getContentReferences()) {
if (cr instanceof SAMLObjectContentReference) {
List<String> transforms = ((SAMLObjectContentReference)cr).getTransforms();
if (transforms.contains(SignatureConstants.TRANSFORM_C14N_EXCL_WITH_COMMENTS)
|| transforms.contains(SignatureConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS)) {
sawExclusive = true;
break;
}
}
}
if (sawExclusive) {
log.debug("Saw exclusive transform, declaring non-visible namespaces on signed object");
for (Namespace ns : signableObject.getNamespaceManager().getNonVisibleNamespaces()) {
signableObject.getNamespaceManager().registerNamespaceDeclaration(ns);
}
}
}
}
示例5: SAMLObjectContentReference
import org.opensaml.xml.signature.SignatureConstants; //导入依赖的package包/类
/**
* Constructor.
*
* @param newSignableObject the SAMLObject this reference refers to
*/
public SAMLObjectContentReference(SignableSAMLObject newSignableObject) {
signableObject = newSignableObject;
transforms = new ArrayList<String>();
// Set defaults
if (Configuration.getGlobalSecurityConfiguration() != null ) {
digestAlgorithm = Configuration.getGlobalSecurityConfiguration().getSignatureReferenceDigestMethod();
}
if (digestAlgorithm == null) {
digestAlgorithm = SignatureConstants.ALGO_ID_DIGEST_SHA1;
}
transforms.add(SignatureConstants.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.add(SignatureConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
}
示例6: getDigitalSignature
import org.opensaml.xml.signature.SignatureConstants; //导入依赖的package包/类
public Signature getDigitalSignature(KeyStore.PrivateKeyEntry keystoreEntry) {
Signature signature = (Signature) Configuration.getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME)
.buildObject(Signature.DEFAULT_ELEMENT_NAME);
Credential signingCredential = initializeCredentialsFromKeystore(keystoreEntry);
signature.setSigningCredential(signingCredential);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
SecurityConfiguration secConfig = Configuration.getGlobalSecurityConfiguration();
try {
SecurityHelper.prepareSignatureParams(signature, signingCredential, secConfig, null);
} catch (org.opensaml.xml.security.SecurityException ex) {
LOG.error("Error composing artifact resolution request: Failed to generate digital signature");
throw new IllegalArgumentException("Couldn't compose artifact resolution request", ex);
}
return signature;
}
示例7: postProcessApacheEncryptedKey
import org.opensaml.xml.signature.SignatureConstants; //导入依赖的package包/类
/**
*
* Post-process the Apache EncryptedKey, prior to marshalling to DOM and unmarshalling into an XMLObject.
*
* @param apacheEncryptedKey the Apache EncryptedKeyObject to post-process
* @param targetKey the key to encrypt
* @param encryptionKey the key with which to encrypt the target key
* @param encryptionAlgorithmURI the XML Encryption algorithm URI corresponding to the encryption key
* @param containingDocument the document that will own the resulting element
*
* @throws EncryptionException exception thrown on encryption errors
*/
protected void postProcessApacheEncryptedKey(org.apache.xml.security.encryption.EncryptedKey apacheEncryptedKey,
Key targetKey, Key encryptionKey, String encryptionAlgorithmURI, Document containingDocument)
throws EncryptionException {
// Workaround for XML-Security library issue. To maximize interop, explicitly express the library
// default of SHA-1 digest method input parameter to RSA-OAEP key transport algorithm.
// Check and only add if the library hasn't already done so, which it currently doesn't.
if (EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP.equals(encryptionAlgorithmURI)) {
boolean sawDigestMethod = false;
Iterator childIter = apacheEncryptedKey.getEncryptionMethod().getEncryptionMethodInformation();
while (childIter.hasNext()) {
Element child = (Element) childIter.next();
if (DigestMethod.DEFAULT_ELEMENT_NAME.equals(XMLHelper.getNodeQName(child))) {
sawDigestMethod = true;
break;
}
}
if (! sawDigestMethod) {
Element digestMethodElem = XMLHelper.constructElement(containingDocument,
DigestMethod.DEFAULT_ELEMENT_NAME);
XMLHelper.appendNamespaceDeclaration(digestMethodElem,
XMLConstants.XMLSIG_NS, XMLConstants.XMLSIG_PREFIX);
digestMethodElem.setAttributeNS(null, DigestMethod.ALGORITHM_ATTRIB_NAME,
SignatureConstants.ALGO_ID_DIGEST_SHA1);
apacheEncryptedKey.getEncryptionMethod().addEncryptionMethodInformation(digestMethodElem);
}
}
}
示例8: getSignature
import org.opensaml.xml.signature.SignatureConstants; //导入依赖的package包/类
private Signature getSignature() {
Signature sig = (new SignatureBuilder()).buildObject();
sig.setSigningCredential(_scred);
sig.setSignatureAlgorithm(
SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
sig.setCanonicalizationAlgorithm(
SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
return sig;
}
示例9: postProcessBeanFactory
import org.opensaml.xml.signature.SignatureConstants; //导入依赖的package包/类
@Override
public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
super.postProcessBeanFactory(beanFactory);
BasicSecurityConfiguration config = (BasicSecurityConfiguration) org.opensaml.Configuration.getGlobalSecurityConfiguration();
config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
}
示例10: buildSignatureSkeleton
import org.opensaml.xml.signature.SignatureConstants; //导入依赖的package包/类
/**
* Build a Signature skeleton to use in marshalling unit tests.
*
* @return minimally populated Signature element
*/
private Signature buildSignatureSkeleton() {
Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
return signature;
}
示例11: testAssertionSignature
import org.opensaml.xml.signature.SignatureConstants; //导入依赖的package包/类
/**
* Creates a simple Assertion, signs it and then verifies the signature.
*
* @throws MarshallingException thrown if the Assertion can not be marshalled into a DOM
* @throws ValidationException thrown if the Signature does not validate
* @throws SignatureException
* @throws UnmarshallingException
* @throws SecurityException
*/
public void testAssertionSignature()
throws MarshallingException, ValidationException, SignatureException, UnmarshallingException, SecurityException{
DateTime now = new DateTime();
Assertion assertion = assertionBuilder.buildObject();
assertion.setVersion(SAMLVersion.VERSION_20);
assertion.setID(idGenerator.generateIdentifier());
assertion.setIssueInstant(now);
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue("urn:example.org:issuer");
assertion.setIssuer(issuer);
AuthnStatement authnStmt = authnStatementBuilder.buildObject();
authnStmt.setAuthnInstant(now);
assertion.getAuthnStatements().add(authnStmt);
Signature signature = signatureBuilder.buildObject();
signature.setSigningCredential(goodCredential);
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA);
assertion.setSignature(signature);
Marshaller marshaller = marshallerFactory.getMarshaller(assertion);
marshaller.marshall(assertion);
Signer.signObject(signature);
// Unmarshall new tree around DOM to avoid side effects and Apache xmlsec bug.
Assertion signedAssertion =
(Assertion) unmarshallerFactory.getUnmarshaller(assertion.getDOM()).unmarshall(assertion.getDOM());
StaticCredentialResolver credResolver = new StaticCredentialResolver(goodCredential);
KeyInfoCredentialResolver kiResolver = SecurityTestHelper.buildBasicInlineKeyInfoResolver();
ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver);
CriteriaSet criteriaSet = new CriteriaSet( new EntityIDCriteria("urn:example.org:issuer") );
assertTrue("Assertion signature was not valid",
trustEngine.validate(signedAssertion.getSignature(), criteriaSet));
}
示例12: createSignature
import org.opensaml.xml.signature.SignatureConstants; //导入依赖的package包/类
private Signature createSignature() throws Throwable {
if (publicKeyLocation != null && privateKeyLocation != null) {
SignatureBuilder builder = new SignatureBuilder();
Signature signature = builder.buildObject();
signature.setSigningCredential(certManager.getSigningCredential(publicKeyLocation, privateKeyLocation));
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
return signature;
}
return null;
}
示例13: generateSAMLRequestSignature
import org.opensaml.xml.signature.SignatureConstants; //导入依赖的package包/类
public static String generateSAMLRequestSignature(final String urlEncodedString, final PrivateKey signingKey, final String sigAlgorithmName)
throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, UnsupportedEncodingException {
if (signingKey == null) {
return urlEncodedString;
}
String opensamlAlgoIdSignature = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
String javaSignatureAlgorithmName = "SHA1withRSA";
if (sigAlgorithmName.equalsIgnoreCase("SHA256")) {
opensamlAlgoIdSignature = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
javaSignatureAlgorithmName = "SHA256withRSA";
} else if (sigAlgorithmName.equalsIgnoreCase("SHA384")) {
opensamlAlgoIdSignature = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA384;
javaSignatureAlgorithmName = "SHA384withRSA";
} else if (sigAlgorithmName.equalsIgnoreCase("SHA512")) {
opensamlAlgoIdSignature = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA512;
javaSignatureAlgorithmName = "SHA512withRSA";
}
String url = urlEncodedString + "&SigAlg=" + URLEncoder.encode(opensamlAlgoIdSignature, HttpUtils.UTF_8);
Signature signature = Signature.getInstance(javaSignatureAlgorithmName);
signature.initSign(signingKey);
signature.update(url.getBytes(Charset.forName("UTF-8")));
String signatureString = Base64.encodeBytes(signature.sign(), Base64.DONT_BREAK_LINES);
if (signatureString != null) {
return url + "&Signature=" + URLEncoder.encode(signatureString, HttpUtils.UTF_8);
}
return url;
}
示例14: DefaultSAMLBootstrap
import org.opensaml.xml.signature.SignatureConstants; //导入依赖的package包/类
/**
* Default signature algorithm is SHA256withRSA and default digest algorithm is SHA-256.
*/
public DefaultSAMLBootstrap() {
this("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256, SignatureConstants.ALGO_ID_DIGEST_SHA256);
}
示例15: getSamlAssertion
import org.opensaml.xml.signature.SignatureConstants; //导入依赖的package包/类
@Override
public String getSamlAssertion(Properties _cfg) throws SAMLException {
try {
Assertion assertion = createAssertion(_cfg);
AssertionMarshaller marshaller = new AssertionMarshaller();
Element plaintextElement = marshaller.marshall(assertion);
String originalAssertionString = XMLHelper.nodeToString(plaintextElement);
Credential signingCredential = getSigningCredential(_cfg);
Signature signature = (Signature) getSAMLBuilder().getBuilder(Signature.DEFAULT_ELEMENT_NAME).buildObject(Signature.DEFAULT_ELEMENT_NAME);
signature.setSigningCredential(signingCredential);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
KeyInfoBuilder keyInfoBuilder = (KeyInfoBuilder) getSAMLBuilder().getBuilder(KeyInfo.DEFAULT_ELEMENT_NAME);
KeyInfo keyInfo = keyInfoBuilder.buildObject();
X509DataBuilder x509databuilder = (X509DataBuilder) getSAMLBuilder().getBuilder(X509Data.DEFAULT_ELEMENT_NAME);
X509Data x509Data = x509databuilder.buildObject();
X509CertificateBuilder x509CertificateBuilder = (X509CertificateBuilder) getSAMLBuilder().getBuilder(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
org.opensaml.xml.signature.X509Certificate certXMLAssertion = x509CertificateBuilder.buildObject();
certXMLAssertion.setValue(Base64.encodeBytes(signingCredential.getPublicKey().getEncoded()));
x509Data.getX509Certificates().add(certXMLAssertion);
keyInfo.getX509Datas().add(x509Data);
signature.setKeyInfo(keyInfo);
assertion.setSignature(signature);
Configuration.getMarshallerFactory().getMarshaller(assertion).marshall(assertion);
Signer.signObject(signature);
plaintextElement = marshaller.marshall(assertion);
originalAssertionString = XMLHelper.nodeToString(plaintextElement);
OAuthTracer.trace(OAuthTracer.XML_TYPE, "SAML Assertion", originalAssertionString.getBytes());
return originalAssertionString;
} catch (Exception ex) {
throw new SAMLException(ex);
}
}