Package com.sun.identity.saml2.meta

Class SAML2MetaSecurityUtils

  • public final class SAML2MetaSecurityUtils
extends Object
    The SAML2MetaUtils provides metadata security related util methods.

    • Method Detail

      • sign

        public static Document sign​(String realm,
                            EntityDescriptorElement descriptor)
                     throws JAXBException,
                            SAML2MetaException
        Signs the entity descriptor root element by the following rules:
        • Hosted Entity
          • If there is a signature already on the EntityDescriptor, removes it, then signs the EntityDescriptor.
          • Simply signs the EntityDescriptor otherwise.
        • Remote Entity
          • If there is a signature already on the EntityDescriptor, then does not change it, but returns the Document with the original signature.
          • Simply signs the EntityDescriptor otherwise
        If there is no extended metadata for the entity, the entity is considered as remote.
        Parameters:
        realm - The realm where the EntityDescriptor belongs to.
        descriptor - The entity descriptor.
        Returns:
        Signed Document for the entity descriptor or null if no metadata signing key is found in the configuration.
        Throws:
        SAML2MetaException - if unable to sign the entity descriptor.
        JAXBException - if the entity descriptor is invalid.

      • verifySignature

        public static void verifySignature​(Document doc)
                            throws SAML2MetaException
        Verifies signatures in entity descriptor represented by the Document.
        Parameters:
        doc - The document.
        Throws:
        SAML2MetaException - if unable to verify the entity descriptor.

      • formatBase64BinaryElement

        public static String formatBase64BinaryElement​(String xmlstr)
        Restores Base64 encoded format. JAXB will change ......... ......... to .................. This method will restore the format.
        Parameters:
        xmlstr - The xml string containing element 'X509Certificate'.
        Returns:
        the restored xmls string.

      • updateProviderKeyInfo

        public static void updateProviderKeyInfo​(String realm,
                                         String entityID,
                                         Set<String> certAliases,
                                         boolean isSigning,
                                         boolean isIDP,
                                         String encAlgo,
                                         int keySize)
                                  throws SAML2MetaException
        Updates signing or encryption key info for SP or IDP. This will update both signing/encryption alias on extended metadata and certificates in standard metadata.
        Parameters:
        realm - Realm the entity resides.
        entityID - ID of the entity to be updated.
        certAliases - The set of certificate aliases to be set for the entity. If null or empty, existing key information will be removed from the SP or IDP.
        isSigning - true if this is signing certificate alias, false if this is encryption certification alias.
        isIDP - true if this is for IDP signing/encryption alias, false if this is for SP signing/encryption alias
        encAlgo - Encryption algorithm URI, this is applicable for encryption cert only.
        keySize - Encryption key size, this is applicable for encryption cert only.
        Throws:
        SAML2MetaException - if failed to update the certificate alias for the entity.