com.sun.identity.wsfederation.meta

Class WSFederationMetaSecurityUtils

java.lang.Object

com.sun.identity.wsfederation.meta.WSFederationMetaSecurityUtils

public final class WSFederationMetaSecurityUtils
extends Object

The WSFederationMetaUtils provides metadata security related utility methods.

Field Summary

Fields

Modifier and Type	Field and Description
static String	ATTR_ID
static String	ATTR_USE
static String	NS_META
static String	NS_XMLENC
static String	NS_XMLSIG
static String	PREFIX_XMLENC
static String	PREFIX_XMLSIG
static String	TAG_IDP_SSO_DESCRIPTOR
static String	TAG_KEY_DESCRIPTOR
static String	TAG_KEY_INFO
static String	TAG_SP_SSO_DESCRIPTOR

Method Summary

Modifier and Type	Method and Description
static String	buildX509Certificate(String certAlias) Base64 encodes a certificate from the key store.
static String	formatBase64BinaryElement(String xmlstr) Restores Base64 encoded format.
static Document	sign(FederationElement descriptor, SPSSOConfigElement spconfig, IDPSSOConfigElement idpconfig) Signs service provider descriptor under entity descriptor if an cert alias is found in service provider config and identity provider descriptor under entity descriptor if an cert alias is found in identity provider config.
static void	updateProviderKeyInfo(String realm, String entityID, String certAlias, boolean isIDP) Updates signing or encryption key info for SP or IDP.
static void	verifySignature(Document doc) Verifies signatures in entity descriptor represented by the Document.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

NS_META

public static final String NS_META

See Also:

Constant Field Values

NS_XMLSIG

public static final String NS_XMLSIG

See Also:

Constant Field Values

NS_XMLENC

public static final String NS_XMLENC

See Also:

Constant Field Values

PREFIX_XMLSIG

public static final String PREFIX_XMLSIG

See Also:

Constant Field Values

PREFIX_XMLENC

public static final String PREFIX_XMLENC

See Also:

Constant Field Values

TAG_KEY_INFO

public static final String TAG_KEY_INFO

See Also:

Constant Field Values

TAG_KEY_DESCRIPTOR

public static final String TAG_KEY_DESCRIPTOR

See Also:

Constant Field Values

TAG_SP_SSO_DESCRIPTOR

public static final String TAG_SP_SSO_DESCRIPTOR

See Also:

Constant Field Values

TAG_IDP_SSO_DESCRIPTOR

public static final String TAG_IDP_SSO_DESCRIPTOR

See Also:

Constant Field Values

ATTR_USE

public static final String ATTR_USE

See Also:

Constant Field Values

ATTR_ID

public static final String ATTR_ID

See Also:

Constant Field Values

Method Detail

sign

public static Document sign(FederationElement descriptor,
                            SPSSOConfigElement spconfig,
                            IDPSSOConfigElement idpconfig)
                     throws JAXBException,
                            WSFederationMetaException

Signs service provider descriptor under entity descriptor if an cert alias is found in service provider config and identity provider descriptor under entity descriptor if an cert alias is found in identity provider config.

Parameters:

descriptor - The entity descriptor.

spconfig - The service provider config.

idpconfig - The identity provider config.

Returns:

Signed Document for the entity descriptor or null if both cert aliases are not found.

Throws:

WSFederationMetaException - if unable to sign the entity descriptor.

JAXBException - if the entity descriptor is invalid.

verifySignature

public static void verifySignature(Document doc)
                            throws WSFederationMetaException

Verifies signatures in entity descriptor represented by the Document.

Parameters:

doc - The document.

Throws:

WSFederationMetaException - if unable to verify the entity descriptor.

formatBase64BinaryElement

public static String formatBase64BinaryElement(String xmlstr)

Restores Base64 encoded format. JAXB will change ......... ......... to .................. This method will restore the format.

Parameters:

xmlstr - The xml string containing element 'X509Certificate'.

Returns:

the restored xmls string.

buildX509Certificate

public static String buildX509Certificate(String certAlias)
                                   throws WSFederationMetaException

Base64 encodes a certificate from the key store.

Parameters:

certAlias - alias of certificate to be encoded.

Returns:

Base64 encoded certificate

Throws:

WSFederationMetaException

updateProviderKeyInfo

public static void updateProviderKeyInfo(String realm,
                                         String entityID,
                                         String certAlias,
                                         boolean isIDP)
                                  throws WSFederationMetaException

Updates signing or encryption key info for SP or IDP. This will update both signing/encryption alias on extended metadata and certificates in standard metadata.

Parameters:

realm - Realm the entity resides.

entityID - ID of the entity to be updated.

certAlias - Alias of the certificate to be set to the entity. If null, will remove existing key information from the SP or IDP.

isIDP - true if this is for IDP signing/encryption alias, false if this is for SP signing/encryption alias

Throws:

WSFederationMetaException - if failed to update the certificate alias for the entity.