53 lines
1.8 KiB
Java
53 lines
1.8 KiB
Java
package com.rackspace.saml;
|
|
|
|
import java.io.FileInputStream;
|
|
import java.io.InputStream;
|
|
import java.io.RandomAccessFile;
|
|
import java.security.KeyFactory;
|
|
import java.security.PrivateKey;
|
|
import java.security.cert.CertificateFactory;
|
|
import java.security.cert.X509Certificate;
|
|
import java.security.spec.PKCS8EncodedKeySpec;
|
|
|
|
import org.opensaml.xml.security.credential.Credential;
|
|
import org.opensaml.xml.security.x509.BasicX509Credential;
|
|
|
|
public class CertManager {
|
|
|
|
/**
|
|
* gets credential used to sign saml assertionts that are produced. This method
|
|
* assumes the cert and pkcs formatted primary key are on file system. this data
|
|
* could be stored elsewhere e.g keystore
|
|
*
|
|
* a credential is used to sign saml response, and includes the private key
|
|
* as well as a cert for the public key
|
|
*
|
|
* @return
|
|
* @throws Throwable
|
|
*/
|
|
public Credential getSigningCredential(String publicKeyLocation, String privateKeyLocation) throws Throwable {
|
|
// create public key (cert) portion of credential
|
|
InputStream inStream = new FileInputStream(publicKeyLocation);
|
|
CertificateFactory cf = CertificateFactory.getInstance("X.509");
|
|
X509Certificate publicKey = (X509Certificate)cf.generateCertificate(inStream);
|
|
inStream.close();
|
|
|
|
// create private key
|
|
RandomAccessFile raf = new RandomAccessFile(privateKeyLocation, "r");
|
|
byte[] buf = new byte[(int)raf.length()];
|
|
raf.readFully(buf);
|
|
raf.close();
|
|
|
|
PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(buf);
|
|
KeyFactory kf = KeyFactory.getInstance("RSA");
|
|
PrivateKey privateKey = kf.generatePrivate(kspec);
|
|
|
|
// create credential and initialize
|
|
BasicX509Credential credential = new BasicX509Credential();
|
|
credential.setEntityCertificate(publicKey);
|
|
credential.setPrivateKey(privateKey);
|
|
|
|
return credential;
|
|
}
|
|
}
|