package at.gv.egovernment.moa.id.protocols.pvp2x.signer; import iaik.x509.X509Certificate; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.security.KeyStore; import java.security.cert.CertificateException; import javax.jws.soap.SOAPBinding.Use; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.x509.BasicX509Credential; import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.SignatureConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; public class CredentialProvider { public static Credential getIDPSigningCredential() throws CredentialsNotAvailableException { KeyStore keyStore; PVPConfiguration config = PVPConfiguration.getInstance(); try { keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); FileInputStream inputStream = new FileInputStream( config.getIDPKeyStoreFilename()); keyStore.load(inputStream, config.getIDPKeyStorePassword().toCharArray()); inputStream.close(); KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(keyStore, config.getIDPKeyAlias(), config.getIDPKeyPassword().toCharArray()); //PrivateKey key = (PrivateKey) keyStore.getKey(config.getIDPKeyAlias(), // config.getIDPKeyPassword().toCharArray()); //Certificate cert = keyStore.getCertificate(config.getIDPKeyAlias()); //credentials.setPublicKey(cert.getPublicKey()); //credentials.setPrivateKey(key); credentials.setUsageType(UsageType.SIGNING); return credentials; } catch(Exception e) { Logger.error("Failed to generate IDP Signing credentials"); e.printStackTrace(); throw new CredentialsNotAvailableException(e.getMessage(), null); } } public static Signature getIDPSignature(Credential credentials) { Signature signer = SAML2Utils.createSAMLObject(Signature.class); signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); signer.setSigningCredential(credentials); return signer; } public static Credential getSPTrustedCredential(String entityID) throws CredentialsNotAvailableException { String filename = PVPConfiguration.getInstance().getTrustEntityCertificate(entityID); iaik.x509.X509Certificate cert; try { cert = new X509Certificate(new FileInputStream(new File(filename))); } catch (CertificateException e) { e.printStackTrace(); throw new CredentialsNotAvailableException(e.getMessage(), null); } catch (FileNotFoundException e) { e.printStackTrace(); throw new CredentialsNotAvailableException(e.getMessage(), null); } catch (IOException e) { e.printStackTrace(); throw new CredentialsNotAvailableException(e.getMessage(), null); } BasicX509Credential credential = new BasicX509Credential(); credential.setEntityId(entityID); credential.setUsageType(UsageType.SIGNING); credential.setPublicKey(cert.getPublicKey()); return credential; } /* public static Credential getTrustedCredential() throws CredentialsNotAvailableException { String filename = PVPConfiguration.getInstance().getTrustEntityCertificate("sp.crt"); iaik.x509.X509Certificate cert; try { cert = new X509Certificate(new FileInputStream(new File(filename))); } catch (CertificateException e) { e.printStackTrace(); throw new CredentialsNotAvailableException(e.getMessage(), null); } catch (FileNotFoundException e) { e.printStackTrace(); throw new CredentialsNotAvailableException(e.getMessage(), null); } catch (IOException e) { e.printStackTrace(); throw new CredentialsNotAvailableException(e.getMessage(), null); } BasicX509Credential credential = new BasicX509Credential(); credential.setEntityId("sp.crt"); credential.setUsageType(UsageType.SIGNING); credential.setPublicKey(cert.getPublicKey()); return credential; }*/ }