diff options
author | Bojan Suzic <bojan.suzic@iaik.tugraz.at> | 2014-01-27 17:42:51 +0100 |
---|---|---|
committer | Bojan Suzic <bojan.suzic@iaik.tugraz.at> | 2014-01-27 17:42:51 +0100 |
commit | aba2defe8f95cf960395158f6eb2ad7b1fb6e150 (patch) | |
tree | 298a0165a30b8538b89abb93a399c615f91702d3 /id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java | |
parent | ed9ad9b0c13ee0de3231bab038f35b01beeb0d0b (diff) | |
parent | cea2f395ec773b386ec628d60120752cf320f6b6 (diff) | |
download | moa-id-spss-aba2defe8f95cf960395158f6eb2ad7b1fb6e150.tar.gz moa-id-spss-aba2defe8f95cf960395158f6eb2ad7b1fb6e150.tar.bz2 moa-id-spss-aba2defe8f95cf960395158f6eb2ad7b1fb6e150.zip |
merging
Diffstat (limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java')
-rw-r--r-- | id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java index fa02443dc..9c6f39b30 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/BuildMetadata.java @@ -142,21 +142,38 @@ public class BuildMetadata extends HttpServlet { entitiesSignKeyDescriptor.setUse(UsageType.SIGNING); entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential)); Signature entitiesSignature = getSignature(signingcredential); - + spEntitiesDescriptor.setSignature(entitiesSignature); + + //Set AuthRequest Signing certificate X509Credential authcredential = new KeyStoreX509CredentialAdapter( keyStore, config.getPVP2KeystoreAuthRequestKeyAlias(), - config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); - - - //Set AuthRequest Signing certificate + config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray()); KeyDescriptor signKeyDescriptor = SAML2Utils .createSAMLObject(KeyDescriptor.class); signKeyDescriptor.setUse(UsageType.SIGNING); signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); - spEntitiesDescriptor.setSignature(entitiesSignature); spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + //set AuthRequest encryption certificate + if (MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyAlias())) { + X509Credential authEncCredential = new KeyStoreX509CredentialAdapter( + keyStore, + config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(), + config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray()); + KeyDescriptor encryKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + encryKeyDescriptor.setUse(UsageType.ENCRYPTION); + encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); + spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); + + } else { + log.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); + + } + + NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); persistentnameIDFormat.setFormat(NameIDType.PERSISTENT); @@ -187,6 +204,7 @@ public class BuildMetadata extends HttpServlet { spSSODescriptor.setWantAssertionsSigned(true); spSSODescriptor.setAuthnRequestsSigned(true); + AttributeConsumingService attributeService = SAML2Utils.createSAMLObject(AttributeConsumingService.class); |