Changeset 236

Show
Ignore:
Timestamp:
08/02/07 16:56:55 (1 year ago)
Author:
paulhethmon
Message:

--

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • MetaTest/trunk/src/metatest/Main.java

    r233 r236  
    1111 
    1212import java.io.File; 
     13import org.apache.xml.security.algorithms.SignatureAlgorithm; 
    1314import org.opensaml.saml2.metadata.provider.*; 
    1415import org.opensaml.saml2.metadata.impl.*; 
    1516import org.opensaml.saml2.metadata.*; 
     17import org.opensaml.saml2.core.*; 
    1618import org.opensaml.xml.XMLObject; 
    1719import org.opensaml.DefaultBootstrap; 
     
    2426import org.opensaml.xml.util.Base64; 
    2527 
     28import java.security.Security; 
    2629import java.security.KeyFactory; 
    2730import java.security.PublicKey; 
    2831import java.security.PrivateKey; 
    2932import java.security.spec.X509EncodedKeySpec; 
     33import java.security.spec.EncodedKeySpec; 
    3034import java.io.*; 
    3135 
     36import org.bouncycastle.jce.provider.BouncyCastleProvider; 
    3237import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 
    3338import org.bouncycastle.asn1.x509.AlgorithmIdentifier; 
     
    5156   */ 
    5257  public static void main(String[] args) throws MetadataProviderException, ConfigurationException, java.security.NoSuchAlgorithmException,  
    53     java.security.spec.InvalidKeySpecException, java.io.FileNotFoundException, java.io.IOException { 
     58    java.security.spec.InvalidKeySpecException, java.io.FileNotFoundException, java.io.IOException, org.opensaml.xml.io.MarshallingException { 
     59     
     60    Security.addProvider(new BouncyCastleProvider()); 
     61     
    5462    org.opensaml.DefaultBootstrap.bootstrap(); 
    5563    BasicParserPool parser = new BasicParserPool(); 
    5664//    if (1 == 1) return; 
    5765     
    58     String privateKeyFile = "c:\\Business\\Clareity\\Dev\\SAML\\MetaTest\\src\\dev.acmeidp.com.key"; 
     66    String privateKeyFile = "c:\\Clareity\\Dev\\OpenSAML\\MetaTest\\src\\dev.acmeidp.com.key"; 
    5967    String encodedPrivateKey = ""; 
    6068    String line; 
     
    7886    pkCache.setPrivateKeyEncoded(encodedPrivateKey); 
    7987    PrivateKey privateKey = pkCache.getPrivateKey(); 
    80      
    81      
    82      
    83      
    84      
     88    System.out.println("Private key read and created as object ..."); 
     89     
     90    // Signature stuff 
     91    org.opensaml.xml.signature.impl.SignatureBuilder signatureBuilder = new org.opensaml.xml.signature.impl.SignatureBuilder(); 
     92    org.opensaml.xml.signature.impl.SignatureImpl signature = signatureBuilder.buildObject(); 
     93    org.opensaml.xml.security.x509.BasicX509Credential credential; 
     94    credential = new org.opensaml.xml.security.x509.BasicX509Credential(); 
     95    credential.setPrivateKey(privateKey); 
     96    //signature.setSigningCredential(credential); 
     97    System.out.println("Set private key into credential object"); 
     98     
     99    // build the AuthnRequest 
     100    net.clareitysecurity.websso.sp.HttpPost post = new net.clareitysecurity.websso.sp.HttpPost(); 
     101    post.setActionURL("xxx"); 
     102    post.setAssertionConsumerServiceURL("yyy"); 
     103    post.setIssuerName("test"); 
     104    post.setProviderName("provider"); 
     105    AuthnRequest authnRequest = post.getAuthnRequest(); 
     106    System.out.println("Built AuthnRequest object ..."); 
     107     
     108    // Now the response to our AuthnRequest 
     109    SAMLResponse samlResponse = new SAMLResponse(); 
     110    samlResponse.setActionURL("http://dev.acmemls.com/recv-response.jsp"); 
     111    samlResponse.setIssuerName("dev.acmeidp.com"); 
     112    samlResponse.setLoginId("acme"); 
     113    samlResponse.setAuthnRequest(authnRequest); 
     114    Response rsp = samlResponse.getSuccessResponse(); 
     115    System.out.println("Built Response object ..."); 
     116     
     117    // Now we need to try and sign the response object 
     118    org.opensaml.common.impl.SAMLObjectContentReference socr = new org.opensaml.common.impl.SAMLObjectContentReference(rsp); 
     119    signature.getContentReferences().add(socr); 
     120    signature.setSigningCredential(credential); 
     121    signature.setSignatureAlgorithm( SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1 ); 
     122    signature.setCanonicalizationAlgorithm( SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS ); 
     123    rsp.setSignature(signature); 
     124    System.out.println("Signature object created and added to Response object ..."); 
     125    // Now sign it 
     126    org.opensaml.xml.signature.Signer.signObject(signature); 
     127    System.out.println("Response now signed ..."); 
     128     
     129    // Ok. We should now have a signed Response object. 
     130     
     131     
     132    // Now let's find the public key stuff and verify our signed Response object 
    85133    String metaUrl = "http://red.csknox.com/idp-meta.xml"; 
    86134    //metaUrl = "http://idp.ssocircle.com/idp-meta.xml"; 
     
    117165 
    118166    // Create a copy of the KeyInfo 
    119     KeyInfoBuilder keyInfoBuilder = new KeyInfoBuilder(); 
    120     KeyInfo keyInfoDupe = keyInfoBuilder.buildObject(); 
    121     keyInfoDupe.setDOM(keyInfo.getDOM()); 
    122      
    123     // Signature stuff 
    124     org.opensaml.xml.signature.impl.SignatureBuilder signatureBuilder = new org.opensaml.xml.signature.impl.SignatureBuilder(); 
    125     org.opensaml.xml.signature.impl.SignatureImpl signature = signatureBuilder.buildObject(); 
    126     signature.setKeyInfo(keyInfoDupe); 
    127     System.out.println("Set KeyInfo"); 
    128      
    129      
    130 /* 
     167//    KeyInfoBuilder keyInfoBuilder = new KeyInfoBuilder(); 
     168//    KeyInfo keyInfoDupe = keyInfoBuilder.buildObject(); 
     169//    keyInfoDupe.setDOM(keyInfo.getDOM()); 
     170     
    131171    // Get the list of certificates 
    132172    java.util.List<X509Data> x509List; 
     
    144184    X509Certificate x509Cert; 
    145185    x509Cert = x509CertList.get(0); 
    146      
     186 
     187/*     
    147188    AlgorithmIdentifier algid = new AlgorithmIdentifier(PKCSObjectIdentifiers.sha1WithRSAEncryption); 
    148189    // x509Cert.getValue gives us the BASE64 encoded certificate value 
     
    155196    System.out.println("PublicKey finally created"); 
    156197*/ 
     198    String encodedPublicKey = x509Cert.getValue(); 
     199    byte[] x509KeyBytes = Base64.decode(encodedPublicKey);     
     200    X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec( x509KeyBytes ); 
     201    KeyFactory keyFactory = KeyFactory.getInstance("RSA"); 
     202    PublicKey publicKey = keyFactory.generatePublic(pubKeySpec); 
     203    System.out.println("PublicKey finally created"); 
     204     
     205    org.opensaml.xml.security.x509.BasicX509Credential publicCredential = new org.opensaml.xml.security.x509.BasicX509Credential(); 
     206    publicCredential.setPublicKey(publicKey); 
     207    org.opensaml.xml.signature.SignatureValidator signatureValidator = new org.opensaml.xml.signature.SignatureValidator(publicCredential); 
     208     
     209    // Now try to validate 
     210    try { 
     211      signatureValidator.validate(signature); 
     212    } catch (org.opensaml.xml.validation.ValidationException ve) { 
     213      System.out.println("Signature is NOT valid."); 
     214      return; 
     215    } 
     216    System.out.println("Signature is valid."); 
     217     
    157218/*     
    158219    // Create the Java PublicKey object