Interface SAML2CryptoProvider
-
- All Known Implementing Classes:
FauxSAML2CryptoProvider,SAML2CryptoProviderImpl
public interface SAML2CryptoProviderEncapsulates the concerns of obtaining the Crypto context necessary to sign and encrypt SAML2 assertions.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description PrivateKeygetIDPPrivateKey(String keyAlias, String keyPassword)Returns the PrivateKey corresponding to the PrivateKeyEntry containing the SAML2 Identity Provider's private key.X509CertificategetIDPX509Certificate(String certAlias)Returns the IDP's X509Certificate.X509CertificategetSPX509Certificate(String certAlias)Returns the SP's X509Certificate.
-
-
-
Method Detail
-
getIDPX509Certificate
X509Certificate getIDPX509Certificate(String certAlias) throws TokenCreationException
Returns the IDP's X509Certificate. Is the X509Certificate associated with the PrivateKeyEntry used to sign SAML2 assertions (note this should really return a X509Certificate[], but the OpenAM Assertion class, which encapsulates assertion signing, only allows for a single X509Certificate).- Parameters:
certAlias- the alias corresponding to the SAML2 IdentityProvider's PrivateKeyEntry- Returns:
- the X509Certificate - null will not be returned.
- Throws:
TokenCreationException- if no entry corresponds to the specified alias
-
getSPX509Certificate
X509Certificate getSPX509Certificate(String certAlias) throws TokenCreationException
Returns the SP's X509Certificate. Is the X509Certificate with TrustedCertificateEntry corresponding to the SAML2 ServiceProvider corresponding to the published STS instance. Used to encrypt the generated symmetric key used to encrypt assertion state. In other words, SAML2 assertion encryption involves the generation of a symmetric key, which is used to encrypt the assertion, which includes the generated symmetric key, which is encrypted with the SP's public key.- Parameters:
certAlias- the alias corresponding to the SAML2 ServiceProviders TrustedCertificateEntry- Returns:
- the X509Certificate - null will not be returned.
- Throws:
TokenCreationException- if no entry corresponds to the specified alias
-
getIDPPrivateKey
PrivateKey getIDPPrivateKey(String keyAlias, String keyPassword) throws TokenCreationException
Returns the PrivateKey corresponding to the PrivateKeyEntry containing the SAML2 Identity Provider's private key.- Parameters:
keyAlias- the alias referencing the PrivateKeyEntrykeyPassword- the password for the PrivateKeyEntry- Returns:
- the PrivateKey - null will not be returned
- Throws:
TokenCreationException- if no entry could be returned corresponding to the alias-password combination
-
-