本文整理汇总了Java中org.opensaml.saml.saml2.metadata.KeyDescriptor类的典型用法代码示例。如果您正苦于以下问题:Java KeyDescriptor类的具体用法?Java KeyDescriptor怎么用?Java KeyDescriptor使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
KeyDescriptor类属于org.opensaml.saml.saml2.metadata包,在下文中一共展示了KeyDescriptor类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getAttributeAuthorityDescriptor
import org.opensaml.saml.saml2.metadata.KeyDescriptor; //导入依赖的package包/类
private RoleDescriptor getAttributeAuthorityDescriptor(OpenSamlXmlObjectFactory openSamlXmlObjectFactory) {
final AttributeAuthorityDescriptor attributeAuthorityDescriptor = openSamlXmlObjectFactory.createAttributeAuthorityDescriptor();
attributeAuthorityDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
final AttributeService attributeService = openSamlXmlObjectFactory.createAttributeService();
attributeService.setLocation(msaConfiguration.getMatchingServiceAdapterExternalUrl().toASCIIString());
attributeService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
attributeAuthorityDescriptor.getAttributeServices().add(attributeService);
Collection<Certificate> certificates = new ArrayList<>();
certificates.addAll(certificateStore.getSigningCertificates());
certificates.addAll(certificateStore.getEncryptionCertificates());
final List<KeyDescriptor> keyDescriptors = keyDescriptorsUnmarshaller.fromCertificates(certificates);
attributeAuthorityDescriptor.getKeyDescriptors().addAll(keyDescriptors);
return attributeAuthorityDescriptor;
}
开发者ID:alphagov,项目名称:verify-matching-service-adapter,代码行数:18,代码来源:MatchingServiceAdapterMetadataRepository.java
示例2: badHubEntityDescriptor
import org.opensaml.saml.saml2.metadata.KeyDescriptor; //导入依赖的package包/类
private EntityDescriptor badHubEntityDescriptor() {
X509Certificate x509CertificateOne = X509CertificateBuilder.aX509Certificate().withCert(TestCertificateStrings.UNCHAINED_PUBLIC_CERT).build();
X509Data x509DataOne = X509DataBuilder.aX509Data().withX509Certificate(x509CertificateOne).build();
KeyInfo signingOne = KeyInfoBuilder.aKeyInfo().withKeyName("signing_one").withX509Data(x509DataOne).build();
KeyDescriptor keyDescriptorOne = KeyDescriptorBuilder.aKeyDescriptor().withKeyInfo(signingOne).build();
SPSSODescriptor spssoDescriptor = SPSSODescriptorBuilder.anSpServiceDescriptor()
.addKeyDescriptor(keyDescriptorOne)
.withoutDefaultSigningKey()
.withoutDefaultEncryptionKey().build();
try {
return EntityDescriptorBuilder.anEntityDescriptor()
.withEntityId(HUB_ENTITY_ID)
.addSpServiceDescriptor(spssoDescriptor)
.withIdpSsoDescriptor(null)
.withValidUntil(DateTime.now().plusHours(1))
.withSignature(null)
.withoutSigning()
.build();
} catch (MarshallingException | SignatureException e) {
throw propagate(e);
}
}
开发者ID:alphagov,项目名称:verify-matching-service-adapter,代码行数:23,代码来源:MatchingServiceAdapterFailingMetadataAppRuleTest.java
示例3: extractSigningCerts
import org.opensaml.saml.saml2.metadata.KeyDescriptor; //导入依赖的package包/类
private List<Certificate> extractSigningCerts(List<KeyDescriptor> keyDescriptors, String entityId) {
return keyDescriptors
.stream()
.filter(keyDescriptor -> keyDescriptor.getUse() == UsageType.SIGNING)
.map(keyDescriptor -> keyDescriptor.getKeyInfo().getX509Datas())
.flatMap(List::stream)
.map(X509Data::getX509Certificates)
.flatMap(List::stream)
.map(x509Certificate -> new Certificate(entityId, x509Certificate.getValue(), Certificate.KeyUse.Signing))
.collect(Collectors.toList());
}
示例4: getHubEncryptionCertificate
import org.opensaml.saml.saml2.metadata.KeyDescriptor; //导入依赖的package包/类
private Certificate getHubEncryptionCertificate(EntityDescriptor entityDescriptor) {
KeyDescriptor hubEncryptionKey = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS).getKeyDescriptors()
.stream()
.filter(input1 -> input1.getUse() == UsageType.ENCRYPTION) //there should only be one and only one hub encryption key
.findFirst()
.get();
X509Certificate x509Certificate = hubEncryptionKey.getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0);
return new Certificate(entityDescriptor.getEntityID(), x509Certificate.getValue(), Certificate.KeyUse.Encryption);
}
示例5: createCountryEntityDescriptor
import org.opensaml.saml.saml2.metadata.KeyDescriptor; //导入依赖的package包/类
public static EntityDescriptor createCountryEntityDescriptor(String entityID) {
Signature entityDescriptorSignature = createSignature();
KeyDescriptor keyDescriptor = KeyDescriptorBuilder.aKeyDescriptor().withX509ForSigning(TEST_PUBLIC_CERT).build();
IDPSSODescriptor idpssoDescriptor = IdpSsoDescriptorBuilder
.anIdpSsoDescriptor()
.addKeyDescriptor(keyDescriptor)
.build();
try {
return getEntityDescriptor(entityID, idpssoDescriptor, entityDescriptorSignature);
} catch (MarshallingException | SignatureException e) {
throw Throwables.propagate(e);
}
}
示例6: getKeyDescriptor
import org.opensaml.saml.saml2.metadata.KeyDescriptor; //导入依赖的package包/类
protected final KeyDescriptor getKeyDescriptor(final UsageType type, final KeyInfo key) {
final SAMLObjectBuilder<KeyDescriptor> builder = (SAMLObjectBuilder<KeyDescriptor>)
Configuration.getBuilderFactory()
.getBuilder(KeyDescriptor.DEFAULT_ELEMENT_NAME);
final KeyDescriptor descriptor = builder.buildObject();
descriptor.setUse(type);
descriptor.setKeyInfo(key);
return descriptor;
}
示例7: toCertificate
import org.opensaml.saml.saml2.metadata.KeyDescriptor; //导入依赖的package包/类
private Certificate toCertificate(KeyDescriptor keyDescriptor) {
String entityId = null;
if (!keyDescriptor.getKeyInfo().getKeyNames().isEmpty()) {
entityId = keyDescriptor.getKeyInfo().getKeyNames().get(0).getValue();
}
return transformCertificate(entityId, keyDescriptor);
}
示例8: shouldGenerateValidMetadataFromLocalConfiguration
import org.opensaml.saml.saml2.metadata.KeyDescriptor; //导入依赖的package包/类
@Test
public void shouldGenerateValidMetadataFromLocalConfiguration() throws Exception {
HTTPMetadataResolver httpMetadataResolver = new HTTPMetadataResolver(new Timer(), HttpClientBuilder.create().build(),
"http://localhost:" + applicationRule.getLocalPort() + "/matching-service/SAML2/metadata");
BasicParserPool basicParserPool = new BasicParserPool();
basicParserPool.initialize();
httpMetadataResolver.setParserPool(basicParserPool);
httpMetadataResolver.setId("test id");
httpMetadataResolver.initialize();
httpMetadataResolver.refresh();
EntityDescriptor descriptor = httpMetadataResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(TEST_RP_MS)));
AttributeAuthorityDescriptor attributeAuthorityDescriptor = descriptor.getAttributeAuthorityDescriptor(SAMLConstants.SAML20P_NS);
Map<UsageType, List<KeyDescriptor>> keysByUsage = attributeAuthorityDescriptor.getKeyDescriptors().stream()
.collect(groupingBy(KeyDescriptor::getUse));
assertThat(keysByUsage.get(UsageType.SIGNING)).hasSize(2);
assertThat(keysByUsage.get(UsageType.ENCRYPTION)).hasSize(1);
assertThat(getCertificateNames(keysByUsage, UsageType.SIGNING)).contains(MSA_SIGNING_PRIMARY, MSA_SIGNING_SECONDARY);
assertThat(getCertificateNames(keysByUsage, UsageType.ENCRYPTION)).contains(MSA_ENCRYPTION_PRIMARY);
IDPSSODescriptor idpssoDescriptor = descriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
assertThat(idpssoDescriptor).isNotNull();
assertThat(idpssoDescriptor.getSingleSignOnServices()).hasSize(1);
keysByUsage = idpssoDescriptor.getKeyDescriptors().stream().collect(groupingBy(KeyDescriptor::getUse));
assertThat(keysByUsage.get(UsageType.SIGNING)).hasSize(2);
assertThat(getCertificateNames(keysByUsage, UsageType.SIGNING)).contains(MSA_SIGNING_PRIMARY, MSA_SIGNING_SECONDARY);
}
开发者ID:alphagov,项目名称:verify-matching-service-adapter,代码行数:33,代码来源:MatchingServiceAdapterMetadataAppRuleTest.java
示例9: getKeyDescriptors
import org.opensaml.saml.saml2.metadata.KeyDescriptor; //导入依赖的package包/类
public List<KeyDescriptor> getKeyDescriptors() {
return this.ssoDescriptor.getKeyDescriptors();
}
示例10: getCertificateFromKeyDescriptor
import org.opensaml.saml.saml2.metadata.KeyDescriptor; //导入依赖的package包/类
private Stream<X509Certificate> getCertificateFromKeyDescriptor(KeyDescriptor keyDescriptor) {
return keyDescriptor.getKeyInfo()
.getX509Datas()
.stream()
.flatMap(x509Data -> x509Data.getX509Certificates().stream());
}
示例11: transformCertificate
import org.opensaml.saml.saml2.metadata.KeyDescriptor; //导入依赖的package包/类
private Certificate transformCertificate(String entityId, KeyDescriptor keyDescriptor) {
String x509Certificate = keyDescriptor.getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0).getValue();
final Certificate.KeyUse keyUse = transformUsageType(keyDescriptor.getUse());
return new Certificate(entityId, x509Certificate, keyUse);
}
示例12: getKeyDescriptors
import org.opensaml.saml.saml2.metadata.KeyDescriptor; //导入依赖的package包/类
private Collection<? extends KeyDescriptor> getKeyDescriptors() {
Collection<Certificate> certificates = new ArrayList<>();
certificates.addAll(certificateStore.getSigningCertificates());
return keyDescriptorsUnmarshaller.fromCertificates(certificates);
}
开发者ID:alphagov,项目名称:verify-matching-service-adapter,代码行数:6,代码来源:MatchingServiceAdapterMetadataRepository.java
示例13: getCertificateNames
import org.opensaml.saml.saml2.metadata.KeyDescriptor; //导入依赖的package包/类
private List<String> getCertificateNames(Map<UsageType, List<KeyDescriptor>> keysByUsage, UsageType keyUsage) {
return keysByUsage.get(keyUsage).stream()
.flatMap(kd -> kd.getKeyInfo().getKeyNames().stream())
.map(XSString::getValue)
.collect(Collectors.toList());
}
开发者ID:alphagov,项目名称:verify-matching-service-adapter,代码行数:7,代码来源:MatchingServiceAdapterMetadataAppRuleTest.java
示例14: importMetaData
import org.opensaml.saml.saml2.metadata.KeyDescriptor; //导入依赖的package包/类
private static void importMetaData(KeyStore ks, EntityDescriptor ed,
IDPSSODescriptor idp, AuthMechType currentMechanism,
HashMap<String, ParamType> params) throws Base64DecodingException,
CertificateException, KeyStoreException {
setProperty("entityID",ed.getEntityID(),params,currentMechanism);
setProperty("entityID",ed.getEntityID(),params,currentMechanism);
for (SingleSignOnService sso : idp.getSingleSignOnServices() ) {
if (sso.getBinding().equalsIgnoreCase("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
setProperty("idpURL",sso.getLocation(),params,currentMechanism);
} else if (sso.getBinding().equalsIgnoreCase("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")) {
setProperty("idpRedirURL",sso.getLocation(),params,currentMechanism);
}
}
for (SingleLogoutService slo : idp.getSingleLogoutServices()) {
if (slo.getBinding().equalsIgnoreCase("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")) {
setProperty("idpRedirLogoutURL",slo.getLocation(),params,currentMechanism);
}
}
for (KeyDescriptor kd : idp.getKeyDescriptors()) {
if (kd.getUse().equals(UsageType.SIGNING)) {
String base64 = kd.getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0).getValue();
String name = "verify-" + ed.getEntityID() + "-idp-sig";
ByteArrayInputStream bais = new ByteArrayInputStream(Base64.decode(base64));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Collection<? extends Certificate> c = cf.generateCertificates(bais);
if (c.size() > 1) {
int j = 0;
Iterator<? extends Certificate> i = c.iterator();
while (i.hasNext()) {
Certificate certificate = (Certificate) i.next();
ks.setCertificateEntry(name + "-" + j, certificate);
}
} else {
ks.setCertificateEntry(name, c.iterator().next());
}
setProperty("idpSigKeyName",name,params,currentMechanism);
}
}
}
示例15: getMetadata
import org.opensaml.saml.saml2.metadata.KeyDescriptor; //导入依赖的package包/类
@PreAuthorize("isAuthenticated()")
public void getMetadata(final String spEntityID, final String urlContext, final OutputStream os) {
check();
try {
EntityDescriptor spEntityDescriptor = new EntityDescriptorBuilder().buildObject();
spEntityDescriptor.setEntityID(spEntityID);
SPSSODescriptor spSSODescriptor = new SPSSODescriptorBuilder().buildObject();
spSSODescriptor.setWantAssertionsSigned(true);
spSSODescriptor.setAuthnRequestsSigned(true);
spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
X509KeyInfoGeneratorFactory keyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
keyInfoGeneratorFactory.setEmitEntityCertificate(true);
KeyInfoGenerator keyInfoGenerator = keyInfoGeneratorFactory.newInstance();
keyInfoGenerator.generate(loader.getCredential());
KeyDescriptor keyDescriptor = new KeyDescriptorBuilder().buildObject();
keyDescriptor.setKeyInfo(keyInfoGenerator.generate(loader.getCredential()));
spSSODescriptor.getKeyDescriptors().add(keyDescriptor);
NameIDFormat nameIDFormat = new NameIDFormatBuilder().buildObject();
nameIDFormat.setFormat(NameIDType.PERSISTENT);
spSSODescriptor.getNameIDFormats().add(nameIDFormat);
nameIDFormat = new NameIDFormatBuilder().buildObject();
nameIDFormat.setFormat(NameIDType.TRANSIENT);
spSSODescriptor.getNameIDFormats().add(nameIDFormat);
for (SAML2BindingType bindingType : SAML2BindingType.values()) {
AssertionConsumerService assertionConsumerService = new AssertionConsumerServiceBuilder().buildObject();
assertionConsumerService.setIndex(bindingType.ordinal());
assertionConsumerService.setBinding(bindingType.getUri());
assertionConsumerService.setLocation(getAssertionConsumerURL(spEntityID, urlContext));
spSSODescriptor.getAssertionConsumerServices().add(assertionConsumerService);
spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
String sloUrl = spEntityID + urlContext + "/logout";
validateUrl(sloUrl);
SingleLogoutService singleLogoutService = new SingleLogoutServiceBuilder().buildObject();
singleLogoutService.setBinding(bindingType.getUri());
singleLogoutService.setLocation(sloUrl);
singleLogoutService.setResponseLocation(sloUrl);
spSSODescriptor.getSingleLogoutServices().add(singleLogoutService);
}
spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
saml2rw.sign(spEntityDescriptor);
saml2rw.write(new OutputStreamWriter(os), spEntityDescriptor, true);
} catch (Exception e) {
LOG.error("While getting SP metadata", e);
SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
sce.getElements().add(e.getMessage());
throw sce;
}
}