Package com.onelogin.saml2.util

Class Util

  • public final class Util
extends java.lang.Object
    Util class of OneLogin's Java Toolkit. A class that contains several auxiliary methods related to the SAML protocol

    • Constructor Summary

      Constructors 
      Modifier Constructor Description
      private Util()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static java.lang.String addSign​(org.w3c.dom.Document document, java.security.PrivateKey key, java.security.cert.X509Certificate certificate, java.lang.String signAlgorithm)
      Signs the Document using the specified signature algorithm with the private key and the public certificate.
      static java.lang.String addSign​(org.w3c.dom.Document document, java.security.PrivateKey key, java.security.cert.X509Certificate certificate, java.lang.String signAlgorithm, java.lang.String digestAlgorithm)
      Signs the Document using the specified signature algorithm with the private key and the public certificate.
      static java.lang.String addSign​(org.w3c.dom.Node node, java.security.PrivateKey key, java.security.cert.X509Certificate certificate, java.lang.String signAlgorithm)
      Signs a Node using the specified signature algorithm with the private key and the public certificate.
      static java.lang.String addSign​(org.w3c.dom.Node node, java.security.PrivateKey key, java.security.cert.X509Certificate certificate, java.lang.String signAlgorithm, java.lang.String digestAlgorithm)
      Signs a Node using the specified signature algorithm with the private key and the public certificate.
      static java.lang.String base64decodedInflated​(java.lang.String input)
      Returns String Base64 decoded and inflated
      static byte[] base64decoder​(byte[] input)
      Returns String base64 decoded
      static byte[] base64decoder​(java.lang.String input)
      Returns String base64 decoded
      static java.lang.String base64encoder​(byte[] input)
      Returns String base64 encoded
      static java.lang.String base64encoder​(java.lang.String input)
      Returns String base64 encoded
      static java.lang.String calculateX509Fingerprint​(java.security.cert.X509Certificate x509cert)
      Calculates the SHA-1 fingerprint of a x509cert
      static java.lang.String calculateX509Fingerprint​(java.security.cert.X509Certificate x509cert, java.lang.String alg)
      Calculates the fingerprint of a x509cert
      private static java.lang.String chunkString​(java.lang.String str, int chunkSize)
      chunk a string
      static java.lang.String convertDocumentToString​(org.w3c.dom.Document doc)
      Converts an XML in Document format in a String without applying the c14n transformation
      static java.lang.String convertDocumentToString​(org.w3c.dom.Document doc, java.lang.Boolean c14n)
      Converts an XML in Document format in a String
      static org.w3c.dom.Document convertStringToDocument​(java.lang.String xmlStr)
      Converts an XML in string format in a Document object
      static java.lang.String convertToPem​(java.security.cert.X509Certificate certificate)
      Converts an X509Certificate in a well formated PEM string
      private static void copyBytes​(java.io.InputStream is, java.io.OutputStream bytes)  
      static org.w3c.dom.Document copyDocument​(org.w3c.dom.Document source)
      Clone a Document object.
      static void decryptElement​(org.w3c.dom.Element encryptedDataElement, java.security.PrivateKey inputKey)
      Decrypt an encrypted element.
      static void decryptUsingHsm​(org.w3c.dom.Element encryptedDataElement, HSM hsm)
      Decrypts the encrypted element using an HSM.
      static java.lang.String deflatedBase64encoded​(java.lang.String input)
      Returns String Deflated and base64 encoded
      static java.lang.String formatCert​(java.lang.String cert, java.lang.Boolean heads)
      Returns a certificate in String format (adding header and footer if required)
      static java.lang.String formatDateTime​(long timeInMillis)
      Create string form time In Millis with format yyyy-MM-ddTHH:mm:ssZ
      static java.lang.String formatDateTime​(long time, boolean millis)
      Create string form time In Millis with format yyyy-MM-ddTHH:mm:ssZ
      static java.lang.String formatPrivateKey​(java.lang.String key, boolean heads)
      Returns a private key (adding header and footer if required).
      static java.lang.String generateNameId​(java.lang.String value)
      Generates a nameID.
      static java.lang.String generateNameId​(java.lang.String value, java.lang.String spnq, java.lang.String format)
      Generates a nameID.
      static java.lang.String generateNameId​(java.lang.String value, java.lang.String spnq, java.lang.String format, java.lang.String nq, java.security.cert.X509Certificate cert)
      Generates a nameID.
      static java.lang.String generateNameId​(java.lang.String value, java.lang.String spnq, java.lang.String format, java.security.cert.X509Certificate cert)
      Generates a nameID.
      private static javax.crypto.SecretKey generateSymmetricKey()
      Method to generate a symmetric key for encryption
      static java.lang.String generateUniqueID()
      Generates a unique string (used for example as ID of assertions)
      static java.lang.String generateUniqueID​(java.lang.String prefix)
      Generates a unique string (used for example as ID of assertions)
      static java.lang.Long getCurrentTimeStamp()  
      static long getExpireTime​(java.lang.String cacheDuration, long validUntil)
      Compare 2 dates and return the the earliest
      static long getExpireTime​(java.lang.String cacheDuration, java.lang.String validUntil)
      Compare 2 dates and return the the earliest
      static java.lang.String getFileAsString​(java.lang.String relativeResourcePath)
      Loads a resource located at a relative path
      private static java.util.Map<java.lang.String,​java.lang.Object> getSignatureData​(org.w3c.dom.Node signNode, java.lang.String alg)
      Extract signature data from a DOM Node.
      private static java.util.Map<java.lang.String,​java.lang.Object> getSignatureData​(org.w3c.dom.Node signNode, java.lang.String alg, java.lang.Boolean rejectDeprecatedAlg)
      Extract signature data from a DOM Node.
      static SamlResponseStatus getStatus​(java.lang.String statusXpath, org.w3c.dom.Document dom)
      Get Status from a Response
      private static javax.xml.xpath.XPathFactory getXPathFactory()  
      static boolean isAlgorithmWhitelisted​(java.lang.String alg)
      Whitelist the XMLSignature algorithm
      static boolean isJaxp15Supported()
      Method which uses the recommended way ( https://docs.oracle.com/javase/tutorial/jaxp/properties/error.html ) of checking if JAXP is equal or greater than 1.5 options are supported.
      static java.security.cert.X509Certificate loadCert​(java.lang.String certString)
      Load X.509 certificate
      static java.security.PrivateKey loadPrivateKey​(java.lang.String keyString)
      Load private key
      static org.w3c.dom.Document loadXML​(java.lang.String xml)
      This function load an XML string in a save way.
      static java.lang.Boolean mustRejectDeprecatedSignatureAlgo​(java.lang.String signAlg, java.lang.Boolean rejectDeprecatedAlg)  
      static org.joda.time.DateTime parseDateTime​(java.lang.String dateTime)
      Create calendar form string with format yyyy-MM-ddTHH:mm:ssZ // yyyy-MM-ddTHH:mm:ss.SSSZ
      static long parseDuration​(java.lang.String duration)
      Interprets a ISO8601 duration value relative to a current time timestamp.
      static long parseDuration​(java.lang.String durationString, long timestamp)
      Interprets a ISO8601 duration value relative to a given timestamp.
      static org.w3c.dom.Document parseXML​(org.xml.sax.InputSource inputSource)
      Parse an XML from input source to a Document object
      static org.w3c.dom.NodeList query​(org.w3c.dom.Document dom, java.lang.String query)
      Extracts a node from the DOMDocument
      static org.w3c.dom.NodeList query​(org.w3c.dom.Document dom, java.lang.String query, org.w3c.dom.Node context)
      Extracts a node from the DOMDocument
      static byte[] sign​(java.lang.String text, java.security.PrivateKey key, java.lang.String signAlgorithm)
      Generates a signature from a string
      static java.lang.String signatureAlgConversion​(java.lang.String sign)
      Converts Signature algorithm method name
      private static byte[] toBytesUtf8​(java.lang.String str)  
      private static java.lang.String toStringUtf8​(byte[] bytes)  
      static java.lang.String toXml​(java.lang.String text)
      Escape a text so that it can be safely used within an XML element contents or attribute value.
      static java.lang.String urlDecoder​(java.lang.String input)
      Returns String URL decoded
      static java.lang.String urlEncoder​(java.lang.String input)
      Returns String URL encoded
      static java.lang.Boolean validateBinarySignature​(java.lang.String signedQuery, byte[] signature, java.security.cert.X509Certificate cert, java.lang.String signAlg)
      Validates signed binary data (Used to validate GET Signature).
      static java.lang.Boolean validateBinarySignature​(java.lang.String signedQuery, byte[] signature, java.util.List<java.security.cert.X509Certificate> certList, java.lang.String signAlg)
      Validates signed binary data (Used to validate GET Signature).
      private static void validateEncryptedData​(org.w3c.dom.Element encryptedDataElement)
      Validates the encrypted data and checks whether it contains a retrieval method to obtain the encrypted key or not.
      static java.lang.Boolean validateMetadataSign​(org.w3c.dom.Document doc, java.security.cert.X509Certificate cert, java.lang.String fingerprint, java.lang.String alg)
      Validate signature (Metadata).
      static java.lang.Boolean validateMetadataSign​(org.w3c.dom.Document doc, java.security.cert.X509Certificate cert, java.lang.String fingerprint, java.lang.String alg, java.lang.Boolean rejectDeprecatedAlg)
      Validate signature (Metadata).
      static boolean validateSign​(org.w3c.dom.Document doc, java.security.cert.X509Certificate cert, java.lang.String fingerprint, java.lang.String alg, java.lang.String xpath)
      Validate the signature pointed to by the xpath
      static boolean validateSign​(org.w3c.dom.Document doc, java.util.List<java.security.cert.X509Certificate> certList, java.lang.String fingerprint, java.lang.String alg, java.lang.String xpath)
      Validate the signature pointed to by the xpath
      static boolean validateSign​(org.w3c.dom.Document doc, java.util.List<java.security.cert.X509Certificate> certList, java.lang.String fingerprint, java.lang.String alg, java.lang.String xpath, java.lang.Boolean rejectDeprecatedAlg)
      Validate the signature pointed to by the xpath
      static java.lang.Boolean validateSignNode​(org.apache.xml.security.signature.XMLSignature signature, java.security.cert.X509Certificate cert, java.lang.String fingerprint, java.security.cert.X509Certificate extractedCert, java.lang.String extractedFingerprint)
      Validate signature of the Node.
      static java.lang.Boolean validateSignNode​(org.w3c.dom.Node signNode, java.security.cert.X509Certificate cert, java.lang.String fingerprint, java.lang.String alg)
      Validate signature of the Node.
      static java.lang.Boolean validateSignNode​(org.w3c.dom.Node signNode, java.security.cert.X509Certificate cert, java.lang.String fingerprint, java.lang.String alg, java.lang.Boolean rejectDeprecatedAlg)
      Validate signature of the Node.
      static boolean validateXML​(org.w3c.dom.Document xmlDocument, java.net.URL schemaUrl)
      This function attempts to validate an XML against the specified schema.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • LOGGER

        private static final org.slf4j.Logger LOGGER
        Private property to construct a logger for this class.

      • DATE_TIME_FORMAT

        private static final org.joda.time.format.DateTimeFormatter DATE_TIME_FORMAT

      • DATE_TIME_FORMAT_MILLS

        private static final org.joda.time.format.DateTimeFormatter DATE_TIME_FORMAT_MILLS

      • UNIQUE_ID_PREFIX

        public static final java.lang.String UNIQUE_ID_PREFIX
        See Also:
        Constant Field Values

      • RESPONSE_SIGNATURE_XPATH

        public static final java.lang.String RESPONSE_SIGNATURE_XPATH
        See Also:
        Constant Field Values

      • ASSERTION_SIGNATURE_XPATH

        public static final java.lang.String ASSERTION_SIGNATURE_XPATH
        See Also:
        Constant Field Values

      • JAXP_15_SUPPORTED

        private static boolean JAXP_15_SUPPORTED
        Indicates if JAXP 1.5 support has been detected.

      • DEPRECATED_ALGOS

        private static final java.util.Set<java.lang.String> DEPRECATED_ALGOS

    • Constructor Detail

      • Util

        private Util()

    • Method Detail

      • isJaxp15Supported

        public static boolean isJaxp15Supported()
        Method which uses the recommended way ( https://docs.oracle.com/javase/tutorial/jaxp/properties/error.html ) of checking if JAXP is equal or greater than 1.5 options are supported. Needed if the project which uses this library also has Xerces in it's classpath. If for whatever reason this method cannot determine if JAXP 1.5 properties are supported it will indicate the options are supported. This way we don't accidentally disable configuration options.
        Returns:

      • loadXML

        public static org.w3c.dom.Document loadXML​(java.lang.String xml)
        This function load an XML string in a save way. Prevent XEE/XXE Attacks
        Parameters:
        xml - String. The XML string to be loaded.
        Returns:
        The result of load the XML at the Document or null if any error occurs

      • getXPathFactory

        private static javax.xml.xpath.XPathFactory getXPathFactory()

      • query

        public static org.w3c.dom.NodeList query​(org.w3c.dom.Document dom,
                                         java.lang.String query,
                                         org.w3c.dom.Node context)
                                  throws javax.xml.xpath.XPathExpressionException
        Extracts a node from the DOMDocument
        Parameters:
        dom - The DOMDocument
        query - Xpath Expression
        context - Context Node (DomElement)
        Returns:
        DOMNodeList The queried node
        Throws:
        javax.xml.xpath.XPathExpressionException

      • query

        public static org.w3c.dom.NodeList query​(org.w3c.dom.Document dom,
                                         java.lang.String query)
                                  throws javax.xml.xpath.XPathExpressionException
        Extracts a node from the DOMDocument
        Parameters:
        dom - The DOMDocument
        query - Xpath Expression
        Returns:
        DOMNodeList The queried node
        Throws:
        javax.xml.xpath.XPathExpressionException

      • validateXML

        public static boolean validateXML​(org.w3c.dom.Document xmlDocument,
                                  java.net.URL schemaUrl)
        This function attempts to validate an XML against the specified schema.
        Parameters:
        xmlDocument - The XML document which should be validated
        schemaUrl - The schema filename which should be used
        Returns:
        found errors after validation

      • convertStringToDocument

        public static org.w3c.dom.Document convertStringToDocument​(java.lang.String xmlStr)
                                                    throws javax.xml.parsers.ParserConfigurationException,
                                                           org.xml.sax.SAXException,
                                                           java.io.IOException
        Converts an XML in string format in a Document object
        Parameters:
        xmlStr - The XML string which should be converted
        Returns:
        the Document object
        Throws:
        javax.xml.parsers.ParserConfigurationException
        org.xml.sax.SAXException
        java.io.IOException

      • parseXML

        public static org.w3c.dom.Document parseXML​(org.xml.sax.InputSource inputSource)
                                     throws javax.xml.parsers.ParserConfigurationException,
                                            org.xml.sax.SAXException,
                                            java.io.IOException
        Parse an XML from input source to a Document object
        Parameters:
        inputSource - The InputSource with the XML string which should be converted
        Returns:
        the Document object
        Throws:
        javax.xml.parsers.ParserConfigurationException
        org.xml.sax.SAXException
        java.io.IOException

      • convertDocumentToString

        public static java.lang.String convertDocumentToString​(org.w3c.dom.Document doc,
                                                       java.lang.Boolean c14n)
        Converts an XML in Document format in a String
        Parameters:
        doc - The Document object
        c14n - If c14n transformation should be applied
        Returns:
        the Document object

      • convertDocumentToString

        public static java.lang.String convertDocumentToString​(org.w3c.dom.Document doc)
        Converts an XML in Document format in a String without applying the c14n transformation
        Parameters:
        doc - The Document object
        Returns:
        the Document object

      • formatCert

        public static java.lang.String formatCert​(java.lang.String cert,
                                          java.lang.Boolean heads)
        Returns a certificate in String format (adding header and footer if required)
        Parameters:
        cert - A x509 unformatted cert
        heads - True if we want to include head and footer
        Returns:
        X509Certificate $x509 Formated cert

      • formatPrivateKey

        public static java.lang.String formatPrivateKey​(java.lang.String key,
                                                boolean heads)
        Returns a private key (adding header and footer if required).
        Parameters:
        key - A private key
        heads - True if we want to include head and footer
        Returns:
        Formated private key

      • chunkString

        private static java.lang.String chunkString​(java.lang.String str,
                                            int chunkSize)
        chunk a string
        Parameters:
        str - The string to be chunked
        chunkSize - The chunk size
        Returns:
        the chunked string

      • loadCert

        public static java.security.cert.X509Certificate loadCert​(java.lang.String certString)
                                                   throws java.security.cert.CertificateException
        Load X.509 certificate
        Parameters:
        certString - certificate in string format
        Returns:
        Loaded Certificate. X509Certificate object
        Throws:
        java.security.cert.CertificateException

      • loadPrivateKey

        public static java.security.PrivateKey loadPrivateKey​(java.lang.String keyString)
                                               throws java.security.GeneralSecurityException
        Load private key
        Parameters:
        keyString - private key in string format
        Returns:
        Loaded private key. PrivateKey object
        Throws:
        java.security.GeneralSecurityException

      • calculateX509Fingerprint

        public static java.lang.String calculateX509Fingerprint​(java.security.cert.X509Certificate x509cert,
                                                        java.lang.String alg)
        Calculates the fingerprint of a x509cert
        Parameters:
        x509cert - x509 certificate
        alg - Digest Algorithm
        Returns:
        the formated fingerprint

      • calculateX509Fingerprint

        public static java.lang.String calculateX509Fingerprint​(java.security.cert.X509Certificate x509cert)
        Calculates the SHA-1 fingerprint of a x509cert
        Parameters:
        x509cert - x509 certificate
        Returns:
        the SHA-1 formated fingerprint

      • convertToPem

        public static java.lang.String convertToPem​(java.security.cert.X509Certificate certificate)
        Converts an X509Certificate in a well formated PEM string
        Parameters:
        certificate - The public certificate
        Returns:
        the formated PEM string

      • getFileAsString

        public static java.lang.String getFileAsString​(java.lang.String relativeResourcePath)
                                        throws java.io.IOException
        Loads a resource located at a relative path
        Parameters:
        relativeResourcePath - Relative path of the resource
        Returns:
        the loaded resource in String format
        Throws:
        java.io.IOException

      • copyBytes

        private static void copyBytes​(java.io.InputStream is,
                              java.io.OutputStream bytes)
                       throws java.io.IOException
        Throws:
        java.io.IOException

      • base64decodedInflated

        public static java.lang.String base64decodedInflated​(java.lang.String input)
        Returns String Base64 decoded and inflated
        Parameters:
        input - String input
        Returns:
        the base64 decoded and inflated string

      • deflatedBase64encoded

        public static java.lang.String deflatedBase64encoded​(java.lang.String input)
                                              throws java.io.IOException
        Returns String Deflated and base64 encoded
        Parameters:
        input - String input
        Returns:
        the deflated and base64 encoded string
        Throws:
        java.io.IOException

      • base64encoder

        public static java.lang.String base64encoder​(byte[] input)
        Returns String base64 encoded
        Parameters:
        input - Stream input
        Returns:
        the base64 encoded string

      • base64encoder

        public static java.lang.String base64encoder​(java.lang.String input)
        Returns String base64 encoded
        Parameters:
        input - String input
        Returns:
        the base64 encoded string

      • base64decoder

        public static byte[] base64decoder​(byte[] input)
        Returns String base64 decoded
        Parameters:
        input - Stream input
        Returns:
        the base64 decoded bytes

      • base64decoder

        public static byte[] base64decoder​(java.lang.String input)
        Returns String base64 decoded
        Parameters:
        input - String input
        Returns:
        the base64 decoded bytes

      • urlEncoder

        public static java.lang.String urlEncoder​(java.lang.String input)
        Returns String URL encoded
        Parameters:
        input - String input
        Returns:
        the URL encoded string

      • urlDecoder

        public static java.lang.String urlDecoder​(java.lang.String input)
        Returns String URL decoded
        Parameters:
        input - URL encoded input
        Returns:
        the URL decoded string

      • sign

        public static byte[] sign​(java.lang.String text,
                          java.security.PrivateKey key,
                          java.lang.String signAlgorithm)
                   throws java.security.NoSuchAlgorithmException,
                          java.security.InvalidKeyException,
                          java.security.SignatureException
        Generates a signature from a string
        Parameters:
        text - The string we should sign
        key - The private key to sign the string
        signAlgorithm - Signature algorithm method
        Returns:
        the signature
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.InvalidKeyException
        java.security.SignatureException

      • signatureAlgConversion

        public static java.lang.String signatureAlgConversion​(java.lang.String sign)
        Converts Signature algorithm method name
        Parameters:
        sign - signature algorithm method
        Returns:
        the converted signature name

      • validateSign

        public static boolean validateSign​(org.w3c.dom.Document doc,
                                   java.security.cert.X509Certificate cert,
                                   java.lang.String fingerprint,
                                   java.lang.String alg,
                                   java.lang.String xpath)
        Validate the signature pointed to by the xpath
        Parameters:
        doc - The document we should validate
        cert - The public certificate
        fingerprint - The fingerprint of the public certificate
        alg - The signature algorithm method
        xpath - the xpath of the ds:Signture node to validate
        Returns:
        True if the signature exists and is valid, false otherwise.

      • validateSign

        public static boolean validateSign​(org.w3c.dom.Document doc,
                                   java.util.List<java.security.cert.X509Certificate> certList,
                                   java.lang.String fingerprint,
                                   java.lang.String alg,
                                   java.lang.String xpath)
        Validate the signature pointed to by the xpath
        Parameters:
        doc - The document we should validate
        certList - The public certificates
        fingerprint - The fingerprint of the public certificate
        alg - The signature algorithm method
        xpath - the xpath of the ds:Signture node to validate
        Returns:
        True if the signature exists and is valid, false otherwise.

      • validateSign

        public static boolean validateSign​(org.w3c.dom.Document doc,
                                   java.util.List<java.security.cert.X509Certificate> certList,
                                   java.lang.String fingerprint,
                                   java.lang.String alg,
                                   java.lang.String xpath,
                                   java.lang.Boolean rejectDeprecatedAlg)
        Validate the signature pointed to by the xpath
        Parameters:
        doc - The document we should validate
        certList - The public certificates
        fingerprint - The fingerprint of the public certificate
        alg - The signature algorithm method
        xpath - the xpath of the ds:Signture node to validate
        rejectDeprecatedAlg - Flag to invalidate or not Signatures with deprecated alg
        Returns:
        True if the signature exists and is valid, false otherwise.

      • validateMetadataSign

        public static java.lang.Boolean validateMetadataSign​(org.w3c.dom.Document doc,
                                                     java.security.cert.X509Certificate cert,
                                                     java.lang.String fingerprint,
                                                     java.lang.String alg)
        Validate signature (Metadata).
        Parameters:
        doc - The document we should validate
        cert - The public certificate
        fingerprint - The fingerprint of the public certificate
        alg - The signature algorithm method
        Returns:
        True if the sign is valid, false otherwise.

      • validateMetadataSign

        public static java.lang.Boolean validateMetadataSign​(org.w3c.dom.Document doc,
                                                     java.security.cert.X509Certificate cert,
                                                     java.lang.String fingerprint,
                                                     java.lang.String alg,
                                                     java.lang.Boolean rejectDeprecatedAlg)
        Validate signature (Metadata).
        Parameters:
        doc - The document we should validate
        cert - The public certificate
        fingerprint - The fingerprint of the public certificate
        alg - The signature algorithm method
        rejectDeprecatedAlg - Flag to invalidate or not Signatures with deprecated alg
        Returns:
        True if the sign is valid, false otherwise.

      • getSignatureData

        private static java.util.Map<java.lang.String,​java.lang.Object> getSignatureData​(org.w3c.dom.Node signNode,
                                                                                       java.lang.String alg)
        Extract signature data from a DOM Node.
        Parameters:
        signNode - The signed node
        alg - The signature algorithm method
        Returns:
        a Map containing the signature data (actual signature, certificate, fingerprint)

      • getSignatureData

        private static java.util.Map<java.lang.String,​java.lang.Object> getSignatureData​(org.w3c.dom.Node signNode,
                                                                                       java.lang.String alg,
                                                                                       java.lang.Boolean rejectDeprecatedAlg)
        Extract signature data from a DOM Node.
        Parameters:
        signNode - The signed node
        alg - The signature algorithm method
        rejectDeprecatedAlg - Whether to ignore signature if a deprecated algorithm is used
        Returns:
        a Map containing the signature data (actual signature, certificate, fingerprint)

      • mustRejectDeprecatedSignatureAlgo

        public static java.lang.Boolean mustRejectDeprecatedSignatureAlgo​(java.lang.String signAlg,
                                                                  java.lang.Boolean rejectDeprecatedAlg)

      • validateSignNode

        public static java.lang.Boolean validateSignNode​(org.w3c.dom.Node signNode,
                                                 java.security.cert.X509Certificate cert,
                                                 java.lang.String fingerprint,
                                                 java.lang.String alg)
        Validate signature of the Node.
        Parameters:
        signNode - The document we should validate
        cert - The public certificate
        fingerprint - The fingerprint of the public certificate
        alg - The signature algorithm method
        Returns:
        True if the sign is valid, false otherwise.
        Throws:
        java.lang.Exception

      • validateSignNode

        public static java.lang.Boolean validateSignNode​(org.w3c.dom.Node signNode,
                                                 java.security.cert.X509Certificate cert,
                                                 java.lang.String fingerprint,
                                                 java.lang.String alg,
                                                 java.lang.Boolean rejectDeprecatedAlg)
        Validate signature of the Node.
        Parameters:
        signNode - The document we should validate
        cert - The public certificate
        fingerprint - The fingerprint of the public certificate
        alg - The signature algorithm method
        rejectDeprecatedAlg - Flag to invalidate or not Signatures with deprecated alg
        Returns:
        True if the sign is valid, false otherwise.
        Throws:
        java.lang.Exception

      • validateSignNode

        public static java.lang.Boolean validateSignNode​(org.apache.xml.security.signature.XMLSignature signature,
                                                 java.security.cert.X509Certificate cert,
                                                 java.lang.String fingerprint,
                                                 java.security.cert.X509Certificate extractedCert,
                                                 java.lang.String extractedFingerprint)
        Validate signature of the Node.
        Parameters:
        signature - XMLSignature we should validate
        cert - The public certificate
        fingerprint - The fingerprint of the public certificate
        extractedCert - The cert extracted from the signNode
        extractedFingerprint - The fingerprint extracted from the signNode
        Returns:
        True if the sign is valid, false otherwise.

      • isAlgorithmWhitelisted

        public static boolean isAlgorithmWhitelisted​(java.lang.String alg)
        Whitelist the XMLSignature algorithm
        Parameters:
        alg - The signature algorithm method
        Returns:
        True if the sign is valid, false otherwise.

      • decryptElement

        public static void decryptElement​(org.w3c.dom.Element encryptedDataElement,
                                  java.security.PrivateKey inputKey)
        Decrypt an encrypted element.
        Parameters:
        encryptedDataElement - The encrypted element.
        inputKey - The private key to decrypt.

      • decryptUsingHsm

        public static void decryptUsingHsm​(org.w3c.dom.Element encryptedDataElement,
                                   HSM hsm)
        Decrypts the encrypted element using an HSM.
        Parameters:
        encryptedDataElement - The encrypted element.
        hsm - The HSM object.
        Throws:
        java.lang.Exception

      • validateEncryptedData

        private static void validateEncryptedData​(org.w3c.dom.Element encryptedDataElement)
                                   throws ValidationError
        Validates the encrypted data and checks whether it contains a retrieval method to obtain the encrypted key or not.
        Parameters:
        encryptedDataElement - The encrypted element.
        Throws:
        ValidationError

      • copyDocument

        public static org.w3c.dom.Document copyDocument​(org.w3c.dom.Document source)
                                         throws javax.xml.parsers.ParserConfigurationException
        Clone a Document object.
        Parameters:
        source - The Document object to be cloned.
        Returns:
        the clone of the Document object
        Throws:
        javax.xml.parsers.ParserConfigurationException

      • addSign

        public static java.lang.String addSign​(org.w3c.dom.Document document,
                                       java.security.PrivateKey key,
                                       java.security.cert.X509Certificate certificate,
                                       java.lang.String signAlgorithm)
                                throws org.apache.xml.security.exceptions.XMLSecurityException,
                                       javax.xml.xpath.XPathExpressionException
        Signs the Document using the specified signature algorithm with the private key and the public certificate.
        Parameters:
        document - The document to be signed
        key - The private key
        certificate - The public certificate
        signAlgorithm - Signature Algorithm
        Returns:
        the signed document in string format
        Throws:
        org.apache.xml.security.exceptions.XMLSecurityException
        javax.xml.xpath.XPathExpressionException

      • addSign

        public static java.lang.String addSign​(org.w3c.dom.Document document,
                                       java.security.PrivateKey key,
                                       java.security.cert.X509Certificate certificate,
                                       java.lang.String signAlgorithm,
                                       java.lang.String digestAlgorithm)
                                throws org.apache.xml.security.exceptions.XMLSecurityException,
                                       javax.xml.xpath.XPathExpressionException
        Signs the Document using the specified signature algorithm with the private key and the public certificate.
        Parameters:
        document - The document to be signed
        key - The private key
        certificate - The public certificate
        signAlgorithm - Signature Algorithm
        digestAlgorithm - Digest Algorithm
        Returns:
        the signed document in string format
        Throws:
        org.apache.xml.security.exceptions.XMLSecurityException
        javax.xml.xpath.XPathExpressionException

      • addSign

        public static java.lang.String addSign​(org.w3c.dom.Node node,
                                       java.security.PrivateKey key,
                                       java.security.cert.X509Certificate certificate,
                                       java.lang.String signAlgorithm,
                                       java.lang.String digestAlgorithm)
                                throws javax.xml.parsers.ParserConfigurationException,
                                       javax.xml.xpath.XPathExpressionException,
                                       org.apache.xml.security.exceptions.XMLSecurityException
        Signs a Node using the specified signature algorithm with the private key and the public certificate.
        Parameters:
        node - The Node to be signed
        key - The private key
        certificate - The public certificate
        signAlgorithm - Signature Algorithm
        digestAlgorithm - Digest Algorithm
        Returns:
        the signed document in string format
        Throws:
        javax.xml.parsers.ParserConfigurationException
        org.apache.xml.security.exceptions.XMLSecurityException
        javax.xml.xpath.XPathExpressionException

      • addSign

        public static java.lang.String addSign​(org.w3c.dom.Node node,
                                       java.security.PrivateKey key,
                                       java.security.cert.X509Certificate certificate,
                                       java.lang.String signAlgorithm)
                                throws javax.xml.parsers.ParserConfigurationException,
                                       javax.xml.xpath.XPathExpressionException,
                                       org.apache.xml.security.exceptions.XMLSecurityException
        Signs a Node using the specified signature algorithm with the private key and the public certificate.
        Parameters:
        node - The Node to be signed
        key - The private key
        certificate - The public certificate
        signAlgorithm - Signature Algorithm
        Returns:
        the signed document in string format
        Throws:
        javax.xml.parsers.ParserConfigurationException
        org.apache.xml.security.exceptions.XMLSecurityException
        javax.xml.xpath.XPathExpressionException

      • validateBinarySignature

        public static java.lang.Boolean validateBinarySignature​(java.lang.String signedQuery,
                                                        byte[] signature,
                                                        java.security.cert.X509Certificate cert,
                                                        java.lang.String signAlg)
                                                 throws java.security.NoSuchAlgorithmException,
                                                        java.security.NoSuchProviderException,
                                                        java.security.InvalidKeyException,
                                                        java.security.SignatureException
        Validates signed binary data (Used to validate GET Signature).
        Parameters:
        signedQuery - The element we should validate
        signature - The signature that will be validate
        cert - The public certificate
        signAlg - Signature Algorithm
        Returns:
        the signed document in string format
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.NoSuchProviderException
        java.security.InvalidKeyException
        java.security.SignatureException

      • validateBinarySignature

        public static java.lang.Boolean validateBinarySignature​(java.lang.String signedQuery,
                                                        byte[] signature,
                                                        java.util.List<java.security.cert.X509Certificate> certList,
                                                        java.lang.String signAlg)
                                                 throws java.security.NoSuchAlgorithmException,
                                                        java.security.NoSuchProviderException,
                                                        java.security.InvalidKeyException,
                                                        java.security.SignatureException
        Validates signed binary data (Used to validate GET Signature).
        Parameters:
        signedQuery - The element we should validate
        signature - The signature that will be validate
        certList - The List of certificates
        signAlg - Signature Algorithm
        Returns:
        the signed document in string format
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.NoSuchProviderException
        java.security.InvalidKeyException
        java.security.SignatureException

      • getStatus

        public static SamlResponseStatus getStatus​(java.lang.String statusXpath,
                                           org.w3c.dom.Document dom)
                                    throws ValidationError
        Get Status from a Response
        Parameters:
        dom - The Response as XML
        Returns:
        SamlResponseStatus
        Throws:
        java.lang.IllegalArgumentException
        ValidationError

      • generateNameId

        public static java.lang.String generateNameId​(java.lang.String value,
                                              java.lang.String spnq,
                                              java.lang.String format,
                                              java.lang.String nq,
                                              java.security.cert.X509Certificate cert)
        Generates a nameID.
        Parameters:
        value - The value
        spnq - SP Name Qualifier
        format - SP Format
        nq - Name Qualifier
        cert - IdP Public certificate to encrypt the nameID
        Returns:
        Xml contained in the document.

      • generateNameId

        public static java.lang.String generateNameId​(java.lang.String value,
                                              java.lang.String spnq,
                                              java.lang.String format,
                                              java.security.cert.X509Certificate cert)
        Generates a nameID.
        Parameters:
        value - The value
        spnq - SP Name Qualifier
        format - SP Format
        cert - IdP Public certificate to encrypt the nameID
        Returns:
        Xml contained in the document.

      • generateNameId

        public static java.lang.String generateNameId​(java.lang.String value,
                                              java.lang.String spnq,
                                              java.lang.String format)
        Generates a nameID.
        Parameters:
        value - The value
        spnq - SP Name Qualifier
        format - SP Format
        Returns:
        Xml contained in the document.

      • generateNameId

        public static java.lang.String generateNameId​(java.lang.String value)
        Generates a nameID.
        Parameters:
        value - The value
        Returns:
        Xml contained in the document.

      • generateSymmetricKey

        private static javax.crypto.SecretKey generateSymmetricKey()
                                                    throws java.lang.Exception
        Method to generate a symmetric key for encryption
        Returns:
        the symmetric key
        Throws:
        java.lang.Exception

      • generateUniqueID

        public static java.lang.String generateUniqueID​(java.lang.String prefix)
        Generates a unique string (used for example as ID of assertions)
        Parameters:
        prefix - Prefix for the Unique ID. Use property onelogin.saml2.unique_id_prefix to set this.
        Returns:
        A unique string

      • generateUniqueID

        public static java.lang.String generateUniqueID()
        Generates a unique string (used for example as ID of assertions)
        Returns:
        A unique string

      • parseDuration

        public static long parseDuration​(java.lang.String duration)
                          throws java.lang.IllegalArgumentException
        Interprets a ISO8601 duration value relative to a current time timestamp.
        Parameters:
        duration - The duration, as a string.
        Returns:
        int The new timestamp, after the duration is applied.
        Throws:
        java.lang.IllegalArgumentException

      • parseDuration

        public static long parseDuration​(java.lang.String durationString,
                                 long timestamp)
                          throws java.lang.IllegalArgumentException
        Interprets a ISO8601 duration value relative to a given timestamp.
        Parameters:
        durationString - The duration, as a string.
        timestamp - The unix timestamp we should apply the duration to.
        Returns:
        the new timestamp, after the duration is applied In Seconds.
        Throws:
        java.lang.IllegalArgumentException

      • getCurrentTimeStamp

        public static java.lang.Long getCurrentTimeStamp()
        Returns:
        the unix timestamp that matches the current time.

      • getExpireTime

        public static long getExpireTime​(java.lang.String cacheDuration,
                                 java.lang.String validUntil)
        Compare 2 dates and return the the earliest
        Parameters:
        cacheDuration - The duration, as a string.
        validUntil - The valid until date, as a string
        Returns:
        the expiration time (timestamp format).

      • getExpireTime

        public static long getExpireTime​(java.lang.String cacheDuration,
                                 long validUntil)
        Compare 2 dates and return the the earliest
        Parameters:
        cacheDuration - The duration, as a string.
        validUntil - The valid until date, as a timestamp
        Returns:
        the expiration time (timestamp format).

      • formatDateTime

        public static java.lang.String formatDateTime​(long timeInMillis)
        Create string form time In Millis with format yyyy-MM-ddTHH:mm:ssZ
        Parameters:
        timeInMillis - The time in Millis
        Returns:
        string with format yyyy-MM-ddTHH:mm:ssZ

      • formatDateTime

        public static java.lang.String formatDateTime​(long time,
                                              boolean millis)
        Create string form time In Millis with format yyyy-MM-ddTHH:mm:ssZ
        Parameters:
        time - The time
        millis - Defines if the time is in Millis
        Returns:
        string with format yyyy-MM-ddTHH:mm:ssZ

      • parseDateTime

        public static org.joda.time.DateTime parseDateTime​(java.lang.String dateTime)
        Create calendar form string with format yyyy-MM-ddTHH:mm:ssZ // yyyy-MM-ddTHH:mm:ss.SSSZ
        Parameters:
        dateTime - string with format yyyy-MM-ddTHH:mm:ssZ // yyyy-MM-ddTHH:mm:ss.SSSZ
        Returns:
        datetime

      • toXml

        public static java.lang.String toXml​(java.lang.String text)
        Escape a text so that it can be safely used within an XML element contents or attribute value.
        Parameters:
        text - the text to escape
        Returns:
        the escaped text (null if the input is null)

      • toStringUtf8

        private static java.lang.String toStringUtf8​(byte[] bytes)

      • toBytesUtf8

        private static byte[] toBytesUtf8​(java.lang.String str)