Package org.apache.rahas.impl.util

Class CommonUtil

java.lang.Object
org.apache.rahas.impl.util.CommonUtil
public class CommonUtil extends Object
This class implements some utility methods common to SAML1 and SAML2.

  • Constructor Details

    • CommonUtil

      public CommonUtil()

  • Method Details

    • getOMDOMDocument

      public static Document getOMDOMDocument() throws TrustException
      This method creates a DOM compatible Axiom document.
      Returns:
      DOM compatible Axiom document
      Throws:
      TrustException - If an error occurred while creating the Document.

    • getCertificateByAlias

      public static X509Certificate getCertificateByAlias(org.apache.wss4j.common.crypto.Crypto crypto, String alias) throws TrustException
      Gets the certificates chain by alias. Always returns the first certificate if a certificate chain is found.
      Parameters:
      crypto - Crypto to lookup certificate.
      alias - Alias name.
      Returns:
      X509 certificate object.
      Throws:
      TrustException - If an error occurred while retrieving the certificate or if no certificates are found for given alias.

    • getCertificatesByAlias

      public static X509Certificate[] getCertificatesByAlias(org.apache.wss4j.common.crypto.Crypto crypto, String alias) throws TrustException
      Gets the certificates chain by alias. If no certificates are found return an empty array.
      Parameters:
      crypto - Crypto to lookup certificate.
      alias - Alias name.
      Returns:
      X509 certificates array.
      Throws:
      TrustException - If an error occurred while retrieving the certificate.

    • getDecryptedBytes

      public static byte[] getDecryptedBytes(CallbackHandler callbackHandler, org.apache.wss4j.common.crypto.Crypto crypto, Node encryptedKeyElement, org.apache.wss4j.dom.handler.RequestData requestData) throws org.apache.wss4j.common.ext.WSSecurityException
      Decrypts the EncryptedKey element and returns the secret that was used. This method has been deprecated - use the method that passes in org.apache.wss4j.dom.handler.RequestData
      Parameters:
      callbackHandler - Callback handler to pass to WSS4J framework.
      crypto - To get private key information.
      encryptedKeyElement - The encrypted Key element.
      requestData - Set optional WSS4J values and pass this Object in
      Returns:
      The secret as a byte stream.
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException - If an error is occurred while decrypting the element.

    • getDecryptedBytes

      @Deprecated public static byte[] getDecryptedBytes(CallbackHandler callbackHandler, org.apache.wss4j.common.crypto.Crypto crypto, Node encryptedKeyElement) throws org.apache.wss4j.common.ext.WSSecurityException
      Deprecated.
      Decrypts the EncryptedKey element and returns the secret that was used. This method has been deprecated - use the method that passes in org.apache.wss4j.dom.handler.RequestData
      Parameters:
      callbackHandler - Callback handler to pass to WSS4J framework.
      crypto - To get private key information.
      encryptedKeyElement - The encrypted Key element.
      Returns:
      The secret as a byte stream.
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException - If an error is occurred while decrypting the element.

    • getCrypto

      public static org.apache.wss4j.common.crypto.Crypto getCrypto(Properties properties, ClassLoader classLoader) throws TrustException
      Constructs crypto configuration based on the given properties. Provider is instantiated using given class loader.
      Parameters:
      properties - Crypto configuration properties.
      classLoader - Class loader used to create provider.
      Returns:
      A crypto object.
      Throws:
      TrustException - If an error occurred while creating the Crypto object.

    • getCrypto

      public static org.apache.wss4j.common.crypto.Crypto getCrypto(String propertiesFile, ClassLoader classLoader) throws TrustException
      Constructs crypto configuration based on the given properties. Provider is instantiated using given class loader.
      Parameters:
      propertiesFile - Crypto configuration properties file name.
      classLoader - Class loader used to create provider.
      Returns:
      A crypto object.
      Throws:
      TrustException - If an error occurred while creating the Crypto object.

    • getTokenIssuerConfiguration

      public static SAMLTokenIssuerConfig getTokenIssuerConfiguration(org.apache.axiom.om.OMElement configElement, String configFile, org.apache.axis2.description.Parameter messageContextParameter) throws TrustException
      Creates the token issuer configuration. The configuration is created in following order, 1. Try create token configuration using configuration OMElement 2. Try create token configuration using a configuration file name 3. Try create token configuration using a parameter name in message context. The issuer configuration would look like as follows, 
         <saml-issuer-config>
       <issuerName>Test_STS</issuerName>
       <issuerKeyAlias>ip</issuerKeyAlias>
       <issuerKeyPassword>password</issuerKeyPassword>
       <cryptoProperties>
          <crypto provider="org.apache.ws.security.components.crypto.Merlin">
               <property name="org.apache.ws.security.crypto.merlin.keystore.type">pkcs12</property>
               <property name="org.apache.ws.security.crypto.merlin.file">META-INF/rahas-sts2024.pkcs12</property>
               <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
           </crypto>
       </cryptoProperties>
       <timeToLive>300000</timeToLive>
       <keySize>256</keySize>
       <addRequestedAttachedRef />
       <addRequestedUnattachedRef />
       <keyComputation>2</keyComputation>
       <proofKeyType>BinarySecret</proofKeyType>
       <trusted-services>
           <service alias="bob">http://localhost:8080/axis2/services/STS</service>
       </trusted-services>
   </saml-issuer-config>
      Parameters:
      configElement - Configuration as an OMElement.
      configFile - Configuration as a file.
      messageContextParameter - Configuration as a message context parameter.
      Returns:
      Token issuer configuration as a SAMLTokenIssuerConfig object.
      Throws:
      TrustException - If an error occurred while creating SAMLTokenIssuerConfig object.

    • createTokenIssuerConfiguration

      protected static SAMLTokenIssuerConfig createTokenIssuerConfiguration(org.apache.axiom.om.OMElement configElement) throws TrustException
      Throws:
      TrustException

    • createTokenIssuerConfiguration

      protected static SAMLTokenIssuerConfig createTokenIssuerConfiguration(String configFile) throws TrustException
      Throws:
      TrustException

    • createTokenIssuerConfiguration

      protected static SAMLTokenIssuerConfig createTokenIssuerConfiguration(org.apache.axis2.description.Parameter messageContextParameter) throws TrustException
      Throws:
      TrustException

    • buildXMLObject

      public static org.opensaml.core.xml.XMLObject buildXMLObject(QName objectQName) throws TrustException
      Builds the requested XMLObject.
      Parameters:
      objectQName - name of the XMLObject
      Returns:
      the build XMLObject
      Throws:
      TrustException - If unable to find the appropriate builder.

    • getSymmetricKeyBasedKeyInfo

      public static org.opensaml.xmlsec.signature.KeyInfo getSymmetricKeyBasedKeyInfo(Document doc, RahasData data, X509Certificate serviceCert, int keySize, org.apache.wss4j.common.crypto.Crypto crypto, int keyComputation) throws org.apache.wss4j.common.ext.WSSecurityException, TrustException
      This method creates KeyInfo element of an assertion. This is a facade, in which it calls to other helper methods to create KeyInfo. The TokenIssuer will call this method to create the KeyInfo.
      Parameters:
      doc - An Axiom based DOM Document.
      data - The ephemeral key which we use here need in encrypting the message also. Therefore we need to save the ephemeral key in RahasData passed here.
      serviceCert - Public key used to encrypt the assertion is extracted from this certificate.
      keySize - Size of the key to be used
      crypto - The relevant private key
      keyComputation - Key computation mechanism.
      Returns:
      OpenSAML KeyInfo representation.
      Throws:
      org.apache.wss4j.common.ext.WSSecurityException - We use WSS4J to generate encrypted key. This exception will trigger if an error occurs while generating the encrypted key.
      TrustException - If an error occurred while creating KeyInfo object.

    • getCertificateBasedKeyInfo

      public static org.opensaml.xmlsec.signature.KeyInfo getCertificateBasedKeyInfo(X509Certificate certificate) throws TrustException
      Creates the certificate based KeyInfo object.
      Parameters:
      certificate - The public key certificate used to create the KeyInfo object.
      Returns:
      OpenSAML representation of KeyInfo object.
      Throws:
      TrustException - If an error occurred while creating the KeyInfo

    • getSAMLCallbackHandler

      public static SAMLCallbackHandler getSAMLCallbackHandler(SAMLTokenIssuerConfig tokenIssuerConfiguration, RahasData data) throws TrustException
      Gets the SAML callback handler. First checks whether there is a registered callback handler in token issuer configuration. If not this will check whether there is a callback class configured in token issuer configuration. If class name is specified this method will create an object of the class and will return. If class name is also not specified this method will return null.
      Parameters:
      tokenIssuerConfiguration - The SAML token issuer configuration.
      data - The RahasData.
      Returns:
      The SAMLCallbackHandler if configured in token issuer configuration, else null.
      Throws:
      TrustException - If an error occurred while loading class from class loader