ePrivacy and GPDR Cookie Consent by Cookie Consent

Getting credentials in OpenSAML

For all cryptographic functions OpenSAML requires a Credential which is a basically a cryptographic key wrapped in an object. The Credential can contain either an symmetric key or an asymmetric key not both. The Credential can be created manually with BasicX509Credential and BasicCredential classes and then populated with the setters. But the preferred way is to use on of the many CredentialResolvers to create the credential for you. I will now show some examples of how creating credentials using the basic classes and two different resolvers.

The Basic classes has methods like SetPublicKey SetSecretKey SetEntityCertificate SetPrivateKey

By setting this you can manually create credentials

1BasicCredential credential = new BasicCredential();
2credential.setPublicKey(myJCEPublicKey);
3credential.setPrivateKey(myJCEPrivateKey);
4credential.setUsageType(UsageType.SIGNING);

And now you have a credential to use with signing.

The credential resolvers can do things easier for you by helping to extract the keys from for example a java key store(JKS) or metadata.

 1KeyStore keystore;
 2keystore = KeyStore.getInstance(KeyStore.getDefaultType());
 3FileInputStream inputStream = new FileInputStream("/path/to/my/JKS");
 4keystore.load(inputStream, "MyKeystorePassword".toCharArray());
 5inputStream.close();
 6 
 7Map<String, String> passwordMap = new HashMap<String, String>();
 8passwordMap.put("MyEntryID"), "MyEntryPassword");
 9KeyStoreCredentialResolver resolver = new KeyStoreCredentialResolver(keystore, passwordMap);
10 
11Criteria criteria = new EntityIDCriteria("MyEntryID");
12CriteriaSet criteriaSet = new CriteriaSet(criteria);
13 
14X509Credential credential = (X509Credential)resolver.resolveSingle(criteriaSet);