com.sun.identity.saml2.meta

Class SAML2MetaSecurityUtils

java.lang.Object

com.sun.identity.saml2.meta.SAML2MetaSecurityUtils

public final class SAML2MetaSecurityUtils
extends Object

The SAML2MetaUtils provides metadata security related util methods.

Field Summary

Fields

Modifier and Type	Field and Description
static String	ATTR_ID
static String	ATTR_USE
static String	NS_MD_QUERY
static String	NS_META
static String	NS_XMLENC
static String	NS_XMLSIG
static String	PREFIX_MD_QUERY
static String	PREFIX_XMLENC
static String	PREFIX_XMLSIG
static String	TAG_ENTITY_DESCRIPTOR
static String	TAG_IDP_SSO_DESCRIPTOR
static String	TAG_KEY_DESCRIPTOR
static String	TAG_KEY_INFO
static String	TAG_SP_SSO_DESCRIPTOR

Method Summary

Modifier and Type	Method and Description
static String	buildX509Certificate(String certAlias)
static String	formatBase64BinaryElement(String xmlstr) Restores Base64 encoded format.
static Document	sign(String realm, EntityDescriptorElement descriptor) Signs the entity descriptor root element by the following rules: Hosted Entity If there is a signature already on the EntityDescriptor, removes it, then signs the EntityDescriptor.
static void	updateProviderKeyInfo(String realm, String entityID, Set<String> certAliases, boolean isSigning, boolean isIDP, String encAlgo, int keySize) Updates signing or encryption key info for SP or IDP.
static void	verifySignature(Document doc) Verifies signatures in entity descriptor represented by the Document.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

NS_META

public static final String NS_META

See Also:

Constant Field Values

NS_XMLSIG

public static final String NS_XMLSIG

See Also:

Constant Field Values

NS_XMLENC

public static final String NS_XMLENC

See Also:

Constant Field Values

NS_MD_QUERY

public static final String NS_MD_QUERY

See Also:

Constant Field Values

PREFIX_XMLSIG

public static final String PREFIX_XMLSIG

See Also:

Constant Field Values

PREFIX_XMLENC

public static final String PREFIX_XMLENC

See Also:

Constant Field Values

PREFIX_MD_QUERY

public static final String PREFIX_MD_QUERY

See Also:

Constant Field Values

TAG_KEY_INFO

public static final String TAG_KEY_INFO

See Also:

Constant Field Values

TAG_KEY_DESCRIPTOR

public static final String TAG_KEY_DESCRIPTOR

See Also:

Constant Field Values

TAG_ENTITY_DESCRIPTOR

public static final String TAG_ENTITY_DESCRIPTOR

See Also:

Constant Field Values

TAG_SP_SSO_DESCRIPTOR

public static final String TAG_SP_SSO_DESCRIPTOR

See Also:

Constant Field Values

TAG_IDP_SSO_DESCRIPTOR

public static final String TAG_IDP_SSO_DESCRIPTOR

See Also:

Constant Field Values

ATTR_USE

public static final String ATTR_USE

See Also:

Constant Field Values

ATTR_ID

public static final String ATTR_ID

See Also:

Constant Field Values

Method Detail

sign

public static Document sign(String realm,
                            EntityDescriptorElement descriptor)
                     throws JAXBException,
                            SAML2MetaException

Signs the entity descriptor root element by the following rules:

• Hosted Entity
• If there is a signature already on the EntityDescriptor, removes it, then signs the EntityDescriptor.
• Simply signs the EntityDescriptor otherwise.
• Remote Entity
• If there is a signature already on the EntityDescriptor, then does not change it, but returns the Document with the original signature.
• Simply signs the EntityDescriptor otherwise

If there is no extended metadata for the entity, the entity is considered as remote.

Parameters:

realm - The realm where the EntityDescriptor belongs to.

descriptor - The entity descriptor.

Returns:

Signed Document for the entity descriptor or null if no metadata signing key is found in the configuration.

Throws:

SAML2MetaException - if unable to sign the entity descriptor.

JAXBException - if the entity descriptor is invalid.

verifySignature

public static void verifySignature(Document doc)
                            throws SAML2MetaException

Verifies signatures in entity descriptor represented by the Document.

Parameters:

doc - The document.

Throws:

SAML2MetaException - if unable to verify the entity descriptor.

formatBase64BinaryElement

public static String formatBase64BinaryElement(String xmlstr)

Restores Base64 encoded format. JAXB will change ......... ......... to .................. This method will restore the format.

Parameters:

xmlstr - The xml string containing element 'X509Certificate'.

Returns:

the restored xmls string.

buildX509Certificate

public static String buildX509Certificate(String certAlias)
                                   throws SAML2MetaException

Throws:

SAML2MetaException

updateProviderKeyInfo

public static void updateProviderKeyInfo(String realm,
                                         String entityID,
                                         Set<String> certAliases,
                                         boolean isSigning,
                                         boolean isIDP,
                                         String encAlgo,
                                         int keySize)
                                  throws SAML2MetaException

Updates signing or encryption key info for SP or IDP. This will update both signing/encryption alias on extended metadata and certificates in standard metadata.

Parameters:

realm - Realm the entity resides.

entityID - ID of the entity to be updated.

certAliases - The set of certificate aliases to be set for the entity. If null or empty, existing key information will be removed from the SP or IDP.

isSigning - true if this is signing certificate alias, false if this is encryption certification alias.

isIDP - true if this is for IDP signing/encryption alias, false if this is for SP signing/encryption alias

encAlgo - Encryption algorithm URI, this is applicable for encryption cert only.

keySize - Encryption key size, this is applicable for encryption cert only.

Throws:

SAML2MetaException - if failed to update the certificate alias for the entity.