Как добавить SignatureValue и KeyInfo в OpenSaml3 Response?

Question

В OpenSAML 2.5, я использовал следующий код для генерации SAML Assertion с деталями сертификата безопасности:

 Credential signingCredential = sign.getSigningCredential(); 

     Signature signature = null; 

     try { 
      DefaultBootstrap.bootstrap(); 
     } catch (ConfigurationException e) { 
      // TODO Auto-generated catch block 
      e.printStackTrace(); 
     } 
     signature = (Signature) Configuration.getBuilderFactory() 
       .getBuilder(Signature.DEFAULT_ELEMENT_NAME) 
       .buildObject(Signature.DEFAULT_ELEMENT_NAME); 
     signature.setSigningCredential(signingCredential); 

     // This is also the default if a null SecurityConfiguration is 
     // specified 
     SecurityConfiguration secConfig = Configuration 
       .getGlobalSecurityConfiguration(); 

     try { 
      SecurityHelper.prepareSignatureParams(signature, 
        signingCredential, secConfig, null); 
     } catch (SecurityException e) { 
      e.printStackTrace(); 
     } catch (org.opensaml.xml.security.SecurityException e) { 
      // TODO Auto-generated catch block 
      e.printStackTrace(); 
     } 


     SsoSamlWriter samlWriter = new SsoSamlWriter(ssoData); 
     Assertion assertion = samlWriter.buildSamlAssertion(); 

SAML тзд экстракт:

 <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
      <ds:SignedInfo> 
       <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
       <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 
       <ds:Reference URI="#514131e4-8ef0-469c-b8b0-a185b874320e"> 
        <ds:Transforms> 
         <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> 
         <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> 
          <ec:InclusiveNamespaces PrefixList="xs" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
         </ds:Transform> 
        </ds:Transforms> 
        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> 
        <ds:DigestValue>fmIxhw8sGFU/J3SWDk5BnBCKRog=</ds:DigestValue> 
       </ds:Reference> 
      </ds:SignedInfo> 
      <ds:SignatureValue>HOHkf...pqj2w==</ds:SignatureValue> 
      <KeyInfo> 
       <ds:X509Data> 
        <ds:X509Certificate>MIID...6BS9K 
L/SvOZxWrA==</ds:X509Certificate> 
       </ds:X509Data> 
      </KeyInfo> 
     </ds:Signature> 

я пытаюсь обновить этот код OpenSAML 3,2 и Я смог получить генерируемый SAML msg, но я не знаю, как подключить подробные данные сертификата безопасности. Есть ли у кого-нибудь пример кода для добавления данных SignatureValue и X509Certificate в SAML Assertion?

OpenSAML 3,2 Код я до сих пор:

Credential signingCredential = sign.getSigningCredential(); 
SsoSamlWriter samlWriter = new SsoSamlWriter(ssoData); 
Assertion assertion = samlWriter.buildSamlAssertion(); 

Signature signature = SAMLUtils.buildSAMLObject(Signature.class); 
signature.setSigningCredential(signingCredential); 
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); 
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); 

// Need to supply an org.opensaml.security.credential.Credential; 
signature.setSigningCredential(signingCredential); 
assertion.setSignature(signature); 

try { 
    XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(assertion).marshall(assertion); 
} catch (MarshallingException e) { 
    throw new RuntimeException(e); 
} 

try { 
    Signer.signObject(signature); 
} catch (SignatureException e) { 
    throw new RuntimeException(e); 
} 

// Wrap assertion in SAML Response 
ResponseBuilder responseBuilder = new ResponseBuilder(); 
Response samlResponse = responseBuilder.buildObject(); 

// Build an Issuer object 
Issuer issuer = SAMLUtils.buildSAMLObject(Issuer.class); 
issuer.setValue(ssoIssuerName); 
issuer.setSPProvidedID(ssoUrlSuffix); 

// Add NameID element to assertion with Oasis Employee SSN 
Subject subject = new SubjectBuilder().buildObject(); 
NameID nameID = new NameIDBuilder().buildObject(); 
nameID.setValue(empSsn); 
nameID.setFormat(NameIDType.X509_SUBJECT); 
subject.setNameID(nameID); 
assertion.setSubject(subject);  

String responseIdStr = UUID.randomUUID().toString(); 
assertion.setID(responseIdStr); 
samlResponse.setID(responseIdStr); 
samlResponse.setIssueInstant(new DateTime()); 
samlResponse.setIssuer(issuer); 
samlResponse.setVersion(SAMLVersion.VERSION_20); 
samlResponse.setStatus(samlWriter.createStatus()); 
samlResponse.getAssertions().add(assertion); 

ResponseMarshaller marshaller = new ResponseMarshaller(); 
Element plain = marshaller.marshall(samlResponse); 
String samlResponseStr = XMLHelper.nodeToString(plain); 

// Remove ds: prefix from <ds:KeyInfo> elements 
// stegre => Accomodate bug on CIC side, remove this line eventually 
samlResponseStr = samlResponseStr.replaceAll("ds:KeyInfo", "KeyInfo"); 

System.out.println(""); 
System.out.println("SAML Response: "); 
System.out.println(samlResponseStr); 
System.out.println(""); 

Результирующая SAML сообщение:

<?xml version="1.0" encoding="UTF-8"?> 
<saml2p:Response ID="356498c8-036d-41b1-9602-89fa90e40331" IssueInstant="2016-10-12T15:15:23.987Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> 
    <saml2:Issuer SPProvidedID="OasisAdvantage" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">OasisAdvantage</saml2:Issuer> 
    <saml2p:Status> 
     <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> 
    </saml2p:Status> 
    <saml2:Assertion ID="356498c8-036d-41b1-9602-89fa90e40331" IssueInstant="2016-10-12T15:15:20.442Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> 
     <saml2:Issuer SPProvidedID="OasisAdvantage">OasisAdvantage</saml2:Issuer> 
     <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 
      <ds:SignedInfo> 
       <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
       <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 
       <ds:Reference URI="#356498c8-036d-41b1-9602-89fa90e40331"> 
        <ds:Transforms> 
         <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> 
         <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> 
          <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> 
         </ds:Transform> 
        </ds:Transforms> 
        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> 
        <ds:DigestValue/> 
       </ds:Reference> 
      </ds:SignedInfo> 
      <ds:SignatureValue/> 
     </ds:Signature> 
     <saml2:Subject> 
      <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">OasisUser</saml2:NameID> 
     </saml2:Subject> 
     <saml2:Conditions NotBefore="2016-10-12T15:15:20.442Z" NotOnOrAfter="2016-10-12T15:20:20.442Z"/> 
     <saml2:AuthnStatement AuthnInstant="2016-10-12T15:15:20.566Z" SessionNotOnOrAfter="2016-10-12T15:15:20.581Z"> 
      <saml2:AuthnContext> 
       <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef> 
      </saml2:AuthnContext> 
     </saml2:AuthnStatement> 
     <saml2:AttributeStatement> 
      <saml2:Attribute Name="companyid"> 
       <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">OasisAdvantage</saml2:AttributeValue> 
      </saml2:Attribute> 
     </saml2:AttributeStatement> 
    </saml2:Assertion> 
</saml2p:Response> 

Answer 1

Следующий код добавлен вычисленного SignatureValue:

org.opensaml.saml.saml2.core.Response samlResponse = responseBuilder.buildObject(); 

    // Compute and add SignatureValue element to Signature 
    XMLObjectProviderRegistrySupport.getMarshallerFactory() 
       .getMarshaller(samlResponse).marshall(samlResponse); 
    Signer.signObject(signature);