Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

cc.saml
Class SAMLSignature

java.lang.Object
  extended by cc.saml.SAMLSignature

public class SAMLSignature
extends java.lang.Object

Utility for signing SAML DOM objects (assertions, requests, and responses) and for validating and checking signatures on SAML DOM objects. Unlike the rest of this package, this utility does not rely on OpenSAML; it operates directly on DOM trees. (There is an import of OpenSAML's XMLObject type, but that's just for our main method, which in turn is just for testing purposes.)

Nested Class Summary
private static class SAMLSignature.KeyValueKeySelector
          KeySelector that can handle KeyValue and X509Data info.
private static class SAMLSignature.SimpleKeySelectorResult
          Data structure returned by the key selector to the validation context.
 
Field Summary
private  javax.xml.crypto.dsig.XMLSignatureFactory factory
           
private  javax.xml.crypto.dsig.keyinfo.KeyInfo keyInfo
           
private  java.security.KeyPair keyPair
           
private  java.security.KeyStore keyStore
           
 
Constructor Summary
SAMLSignature()
          Loads a keystore and builds a stock key-info structure for use by base classes.
 
Method Summary
(package private) static boolean algEquals(java.lang.String algURI, java.lang.String algName)
          Test that a formal URI expresses the same algorithm as a conventional short name such as "DSA" or "RSA".
static void main(java.lang.String[] args)
          Parse the command line for a filename to read, and optionally a filename to write (absent which the application will write to the console).
 void signSAMLObject(org.w3c.dom.Element target)
          Adds an enveloped signature to the given element.
 boolean verifySAMLSignature(org.w3c.dom.Element target)
          Seeks out the signature element in the given tree, and validates it.
 void writeFiles(org.w3c.dom.Document doc, java.lang.String baseFilename)
          Helper method to write two output files from a given DOM tree: one is the raw output and one is pretty-printed and given the suffix "_pretty" before the ".xml" extension.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

factory

private javax.xml.crypto.dsig.XMLSignatureFactory factory

keyStore

private java.security.KeyStore keyStore

keyPair

private java.security.KeyPair keyPair

keyInfo

private javax.xml.crypto.dsig.keyinfo.KeyInfo keyInfo
Constructor Detail

SAMLSignature

public SAMLSignature()
Loads a keystore and builds a stock key-info structure for use by base classes.

Method Detail

main

public static void main(java.lang.String[] args)
                 throws java.lang.Exception
Parse the command line for a filename to read, and optionally a filename to write (absent which the application will write to the console). Reads the given file as an XMLObject, signs it using the configured key, and then dumps using a simple pretty printer. Or, validates the signature found in the given file.

Throws:
java.lang.Exception

signSAMLObject

public void signSAMLObject(org.w3c.dom.Element target)
                    throws java.security.GeneralSecurityException,
                           javax.xml.crypto.dsig.XMLSignatureException,
                           javax.xml.crypto.MarshalException
Adds an enveloped signature to the given element. Then moves the signature element so that it is in the correct position according to the SAML assertion and protocol schema: it must immediately follow any Issuer and precede everything else.

Throws:
java.security.GeneralSecurityException
javax.xml.crypto.dsig.XMLSignatureException
javax.xml.crypto.MarshalException

verifySAMLSignature

public boolean verifySAMLSignature(org.w3c.dom.Element target)
                            throws java.lang.Exception
Seeks out the signature element in the given tree, and validates it. Searches the configured keystore (asking it to function also as a truststore) for a certificate with a matching fingerprint.

Returns:
true if the signature validates and we know the signer; false otherwise
Throws:
java.lang.Exception

algEquals

static boolean algEquals(java.lang.String algURI,
                         java.lang.String algName)
Test that a formal URI expresses the same algorithm as a conventional short name such as "DSA" or "RSA".

writeFiles

public void writeFiles(org.w3c.dom.Document doc,
                       java.lang.String baseFilename)
                throws java.io.IOException
Helper method to write two output files from a given DOM tree: one is the raw output and one is pretty-printed and given the suffix "_pretty" before the ".xml" extension.

Throws:
java.io.IOException
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD