How to add KeyInfo & X509Data under the Signature in SAML 2.0 using Java

佐手、 提交于 2019-12-24 14:34:31

问题


I am completely new to SAML, I just build the saml but per requirement I also need to add KeyInfo and x509 certificate nodes including client’s public cert, I have used below code to generate the signature element, but dont know how to add KeyInfo & X509Data inside signature. needing help on this?

BasicX509Credential signingCredential = new BasicX509Credential();
    //Namespace nameSpaceSAML = new Namespace("http://www.w3.org/2000/09/xmldsig#","ds");
    KeyStore keyStore = getKeyStore( signingKeyStorePath,signingKeyStorePassword);
    PrivateKey privateKey = getPrivateKey(keyStore,signingKeyalias,signingKeyStorePassword );
    signingCredential.setPrivateKey(privateKey);
    signature = (Signature) Configuration.getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME).buildObject(Signature.DEFAULT_ELEMENT_NAME);
    signature.setSigningCredential(signingCredential);
    signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
    signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); 

回答1:


If you want less code, there is a helper class for signatures that does this.

X509KeyInfoGeneratorFactory x509Factory = new X509KeyInfoGeneratorFactory();
x509Factory.setEmitEntityCertificate(true);
x509Factory.setEmitEntityCertificateChain(true);
x509Factory.setEmitX509IssuerSerial(true);
x509Factory.setEmitX509SubjectName(true);

Configuration.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager().registerFactory("x509emitingKeyInfoGenerator", x509Factory);

SecurityHelper.prepareSignatureParams(signature, SPCredentials.getCredential(), null,  "x509emitingKeyInfoGenerator");

This sets KeyInfo, signing algorithms etc. Use the setEmit methods on the factory to set what should be added to the KeyInfo

For more information, read my blog post on it. I also wrote a book on OpenSAML where I explain signing and encryption functions and more in detail.




回答2:


For those seeking for answer, as I figured out the solution to add KayInfo elements along with X509Data as below, and it is working fine...

KeyInfo keyInfo=(KeyInfo)Configuration.getBuilderFactory().getBuilder(KeyInfo.DEFAULT_ELEMENT_NAME).buildObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        X509Data data=(X509Data)Configuration.getBuilderFactory().getBuilder(X509Data.DEFAULT_ELEMENT_NAME).buildObject(X509Data.DEFAULT_ELEMENT_NAME);
        X509Certificate cert=(X509Certificate)Configuration.getBuilderFactory().getBuilder(X509Certificate.DEFAULT_ELEMENT_NAME).buildObject(X509Certificate.DEFAULT_ELEMENT_NAME);
        signature.setSigningCredential(signingCredential);
        value=org.apache.xml.security.utils.Base64.encode(signingCredential.getEntityCertificate().getEncoded());
        cert.setValue(value);
        data.getX509Certificates().add(cert);
        keyInfo.getX509Datas().add(data);
        signature.setKeyInfo(keyInfo);


来源:https://stackoverflow.com/questions/31403071/how-to-add-keyinfo-x509data-under-the-signature-in-saml-2-0-using-java

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!