a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: KeyUtil.java,v 1.4 2009/10/28 23:58:58 exu Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.common.SystemConfigurationUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Constants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.xmlsig.KeyProvider;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.common.WSFederationUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.meta.WSFederationMetaUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The <code>KeyUtil</code> provides methods to obtain
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the hosting entity's signing key and decryption key, and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * to obtain a partner entity's signature verification key
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * and encryption related information
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // key is EntityID|Role
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // value is EncInfo
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected static Hashtable encHash = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // key is EntityID|Role
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // value is X509Certificate
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected static Hashtable sigHash = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster kp = (KeyProvider)Class.forName(SystemConfigurationUtil.getProperty(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLConstants.KEY_PROVIDER_IMPL_CLASS)).newInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "KeyUtil static block:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " Couldn't find the class.",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "KeyUtil static block:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " Couldn't instantiate the key provider instance.",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "KeyUtil static block:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " Couldn't access the default constructor.",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the instance of <code>KeyProvider</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>KeyProvider</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static KeyProvider getKeyProviderInstance() {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the host entity's signing certificate alias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param baseConfig <code>BaseConfigType</code> for the host entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>String</code> for host entity's signing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * certificate alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String getSigningCertAlias(BaseConfigType baseConfig) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster WSFederationMetaUtils.getAttributes(baseConfig);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List<String> list = map.get(SAML2Constants.SIGNING_CERT_ALIAS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (alias != null && alias.length() != 0 && kp != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the host entity's decryption key.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param baseConfig <code>BaseConfigType</code> for the host entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>PrivateKey</code> for decrypting a message received
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * by the host entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static PrivateKey getDecryptionKey(BaseConfigType baseConfig) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map map = WSFederationMetaUtils.getAttributes(baseConfig);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List list = (List)map.get(SAML2Constants.ENCRYPTION_CERT_ALIAS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (alias != null && alias.length() != 0 && kp != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the partner entity's signature verification certificate.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param fed <code>FederationElement</code> for the partner entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityID partner entity's ID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param isIDP whether partner entity's role is IDP or SP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>X509Certificate</code> for verifying the partner
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * entity's signature
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static X509Certificate getVerificationCert(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String classMethod = "KeyUtil.getVerificationCert: ";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (WSFederationUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Entering... \nEntityID=" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // first try to get it from cache
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster X509Certificate cert = (X509Certificate)sigHash.get(index);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // else get it from meta
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Null SSODescriptorType input for entityID=" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "No signing cert for entityID=" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns certificate stored in <code>FederationElement</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param fed <code>FederationElement</code> which contains certificate info
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return X509Certificate contained in <code>FederationElement</code>; or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>null</code> if no certificate is included.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static java.security.cert.X509Certificate getCert(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster byte[] bt = WSFederationUtils.getMetaManager().
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (java.security.cert.CertificateException ce) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Unable to get CertificateFactory "+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ByteArrayInputStream bais = new ByteArrayInputStream(bt);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster java.security.cert.X509Certificate retCert = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (java.security.cert.CertificateException ce) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Unable to generate certificate from byte "+