samlutil.java

1. 如何生成自签名的KeyStore以及导出供SP使用的公钥 C:>keytool -v -genkey -alias idp -keystore idp.jks -keyalg RSA -

package samlsso.servlet;

import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.Date;
import java.util.Iterator;

import org.apache.xml.security.signature.XMLSignature;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLNameIdentifier;
import org.opensaml.SAMLPOSTProfile;
import org.opensaml.SAMLResponse;


/**
 *
 * @author maxq
 * @version 0.9
 */
public final class SAMLUtil {

  /**
   * 
   */
  private String path;
  
  /**
   * 
   */
  private String alias;
    
  /**
   * 
   */
  private char[] password;
  
  /**
   * 
   */
  private KeyStore ks;

  /**
   * 
   * @param mypath
   * @param mypassword
   * @param alias
   * @throws Exception
   */
  public SAMLUtil( String mypath, String mypassword, String alias) throws Exception {
    // Initialize properties here
    this.password= mypassword.toCharArray();
    this.alias= alias;
    ks= KeyStore.getInstance( "JKS");
    FileInputStream fis= new FileInputStream( mypath);
    try {
      ks.load( fis, password);
    }finally {
      try { 
        if ( fis!= null) fis.close();
      }catch (Exception ex) {}
    }
  }

  /**
   * 
   * @param authUser
   * @param useConditions
   * @return
   * @throws Exception
   */
  public SAMLResponse getSAMLResponse( String authUser, boolean useConditions) throws Exception {
    SAMLResponse r = SAMLPOSTProfile.prepare(
        "www.opensaml.org",
        "www.opensaml.org",
        null,
        new SAMLNameIdentifier( authUser, null, null),
        null,
        "www.opensaml.org",
        new Date(),
        null);

    Iterator i = r.getAssertions();
    ((SAMLAssertion)i.next()).sign(
        XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,
        ks.getKey( alias, password),
        null);
    r.sign(
        XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,
        ks.getKey(alias,password),
        null);

    return r;
  }

}