本文整理汇总了Java中org.opensaml.security.credential.UsageType类的典型用法代码示例。如果您正苦于以下问题:Java UsageType类的具体用法?Java UsageType怎么用?Java UsageType使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
UsageType类属于org.opensaml.security.credential包,在下文中一共展示了UsageType类的14个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getSigningCredential
import org.opensaml.security.credential.UsageType; //导入依赖的package包/类
private Credential getSigningCredential(final RoleDescriptorResolver resolver, final RequestAbstractType profileRequest) {
try {
final MetadataCredentialResolver kekCredentialResolver = new MetadataCredentialResolver();
final SignatureValidationConfiguration config = getSignatureValidationConfiguration();
kekCredentialResolver.setRoleDescriptorResolver(resolver);
kekCredentialResolver.setKeyInfoCredentialResolver(
DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver());
kekCredentialResolver.initialize();
final CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new SignatureValidationConfigurationCriterion(config));
criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
buildEntityCriteriaForSigningCredential(profileRequest, criteriaSet);
return kekCredentialResolver.resolveSingle(criteriaSet);
} catch (final Exception e) {
throw Throwables.propagate(e);
}
}
示例2: getUsageType
import org.opensaml.security.credential.UsageType; //导入依赖的package包/类
/**
* Convert jwk key usage type to shibboleth usage type.
*
* @param jwk
* containing usage type.
* @return usage type.
*/
private UsageType getUsageType(JWK jwk) {
switch (jwk.getKeyUse()) {
case ENCRYPTION:
return UsageType.ENCRYPTION;
case SIGNATURE:
return UsageType.SIGNING;
default:
return UsageType.UNSPECIFIED;
}
}
示例3: extractSigningCerts
import org.opensaml.security.credential.UsageType; //导入依赖的package包/类
private List<Certificate> extractSigningCerts(List<KeyDescriptor> keyDescriptors, String entityId) {
return keyDescriptors
.stream()
.filter(keyDescriptor -> keyDescriptor.getUse() == UsageType.SIGNING)
.map(keyDescriptor -> keyDescriptor.getKeyInfo().getX509Datas())
.flatMap(List::stream)
.map(X509Data::getX509Certificates)
.flatMap(List::stream)
.map(x509Certificate -> new Certificate(entityId, x509Certificate.getValue(), Certificate.KeyUse.Signing))
.collect(Collectors.toList());
}
示例4: getHubEncryptionCertificate
import org.opensaml.security.credential.UsageType; //导入依赖的package包/类
private Certificate getHubEncryptionCertificate(EntityDescriptor entityDescriptor) {
KeyDescriptor hubEncryptionKey = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS).getKeyDescriptors()
.stream()
.filter(input1 -> input1.getUse() == UsageType.ENCRYPTION) //there should only be one and only one hub encryption key
.findFirst()
.get();
X509Certificate x509Certificate = hubEncryptionKey.getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0);
return new Certificate(entityDescriptor.getEntityID(), x509Certificate.getValue(), Certificate.KeyUse.Encryption);
}
示例5: getPublicKeys
import org.opensaml.security.credential.UsageType; //导入依赖的package包/类
private Optional<PublicKey> getPublicKeys(EntityDescriptor entityDescriptor) {
return entityDescriptor
.getSPSSODescriptor(SAMLConstants.SAML20P_NS)
.getKeyDescriptors()
.stream()
.filter(keyDescriptor -> keyDescriptor.getUse() == UsageType.ENCRYPTION)
.flatMap(this::getCertificateFromKeyDescriptor)
.map(publicKeyFactory::create)
.findFirst();
}
示例6: getKeyDescriptor
import org.opensaml.security.credential.UsageType; //导入依赖的package包/类
protected final KeyDescriptor getKeyDescriptor(final UsageType type, final KeyInfo key) {
final SAMLObjectBuilder<KeyDescriptor> builder = (SAMLObjectBuilder<KeyDescriptor>)
Configuration.getBuilderFactory()
.getBuilder(KeyDescriptor.DEFAULT_ELEMENT_NAME);
final KeyDescriptor descriptor = builder.buildObject();
descriptor.setUse(type);
descriptor.setKeyInfo(key);
return descriptor;
}
示例7: transformUsageType
import org.opensaml.security.credential.UsageType; //导入依赖的package包/类
private Certificate.KeyUse transformUsageType(UsageType usageType) {
switch (usageType) {
case ENCRYPTION:
return Certificate.KeyUse.Encryption;
case SIGNING:
return Certificate.KeyUse.Signing;
case UNSPECIFIED:
SamlValidationSpecificationFailure failure = SamlTransformationErrorFactory.unsupportedKey(usageType.toString());
throw new SamlTransformationErrorException(failure.getErrorMessage(), failure.getLogLevel());
default:
throw new IllegalArgumentException("SamlObjectParser will have failed before reaching here.");
}
}
示例8: shouldGenerateValidMetadataFromLocalConfiguration
import org.opensaml.security.credential.UsageType; //导入依赖的package包/类
@Test
public void shouldGenerateValidMetadataFromLocalConfiguration() throws Exception {
HTTPMetadataResolver httpMetadataResolver = new HTTPMetadataResolver(new Timer(), HttpClientBuilder.create().build(),
"http://localhost:" + applicationRule.getLocalPort() + "/matching-service/SAML2/metadata");
BasicParserPool basicParserPool = new BasicParserPool();
basicParserPool.initialize();
httpMetadataResolver.setParserPool(basicParserPool);
httpMetadataResolver.setId("test id");
httpMetadataResolver.initialize();
httpMetadataResolver.refresh();
EntityDescriptor descriptor = httpMetadataResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(TEST_RP_MS)));
AttributeAuthorityDescriptor attributeAuthorityDescriptor = descriptor.getAttributeAuthorityDescriptor(SAMLConstants.SAML20P_NS);
Map<UsageType, List<KeyDescriptor>> keysByUsage = attributeAuthorityDescriptor.getKeyDescriptors().stream()
.collect(groupingBy(KeyDescriptor::getUse));
assertThat(keysByUsage.get(UsageType.SIGNING)).hasSize(2);
assertThat(keysByUsage.get(UsageType.ENCRYPTION)).hasSize(1);
assertThat(getCertificateNames(keysByUsage, UsageType.SIGNING)).contains(MSA_SIGNING_PRIMARY, MSA_SIGNING_SECONDARY);
assertThat(getCertificateNames(keysByUsage, UsageType.ENCRYPTION)).contains(MSA_ENCRYPTION_PRIMARY);
IDPSSODescriptor idpssoDescriptor = descriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
assertThat(idpssoDescriptor).isNotNull();
assertThat(idpssoDescriptor.getSingleSignOnServices()).hasSize(1);
keysByUsage = idpssoDescriptor.getKeyDescriptors().stream().collect(groupingBy(KeyDescriptor::getUse));
assertThat(keysByUsage.get(UsageType.SIGNING)).hasSize(2);
assertThat(getCertificateNames(keysByUsage, UsageType.SIGNING)).contains(MSA_SIGNING_PRIMARY, MSA_SIGNING_SECONDARY);
}
开发者ID:alphagov,项目名称:verify-matching-service-adapter,代码行数:33,代码来源:MatchingServiceAdapterMetadataAppRuleTest.java
示例9: getUsageType
import org.opensaml.security.credential.UsageType; //导入依赖的package包/类
@Override
public UsageType getUsageType() {
return null;
}
示例10: getKeyEncryptionCredential
import org.opensaml.security.credential.UsageType; //导入依赖的package包/类
/**
* Gets key encryption credential.
*
* @param peerEntityId the peer entity id
* @param adaptor the adaptor
* @param service the service
* @return the key encryption credential
* @throws Exception the exception
*/
protected Credential getKeyEncryptionCredential(final String peerEntityId,
final SamlRegisteredServiceServiceProviderMetadataFacade adaptor,
final SamlRegisteredService service) throws Exception {
final SamlIdPProperties idp = casProperties.getAuthn().getSamlIdp();
final BasicEncryptionConfiguration config =
DefaultSecurityConfigurationBootstrap.buildDefaultEncryptionConfiguration();
if (this.overrideBlackListedEncryptionAlgorithms != null && !this.overrideBlackListedEncryptionAlgorithms.isEmpty()) {
config.setBlacklistedAlgorithms(this.overrideBlackListedEncryptionAlgorithms);
}
if (this.overrideWhiteListedAlgorithms != null && !this.overrideWhiteListedAlgorithms.isEmpty()) {
config.setWhitelistedAlgorithms(this.overrideWhiteListedAlgorithms);
}
if (this.overrideDataEncryptionAlgorithms != null && !this.overrideDataEncryptionAlgorithms.isEmpty()) {
config.setDataEncryptionAlgorithms(this.overrideDataEncryptionAlgorithms);
}
if (this.overrideKeyEncryptionAlgorithms != null && !this.overrideKeyEncryptionAlgorithms.isEmpty()) {
config.setKeyTransportEncryptionAlgorithms(this.overrideKeyEncryptionAlgorithms);
}
LOGGER.debug("Encryption blacklisted algorithms: [{}]", config.getBlacklistedAlgorithms());
LOGGER.debug("Encryption key algorithms: [{}]", config.getKeyTransportEncryptionAlgorithms());
LOGGER.debug("Signature data algorithms: [{}]", config.getDataEncryptionAlgorithms());
LOGGER.debug("Encryption whitelisted algorithms: [{}]", config.getWhitelistedAlgorithms());
final MetadataCredentialResolver kekCredentialResolver = new MetadataCredentialResolver();
final List<KeyInfoProvider> providers = new ArrayList<>();
providers.add(new RSAKeyValueProvider());
providers.add(new DSAKeyValueProvider());
providers.add(new InlineX509DataProvider());
providers.add(new DEREncodedKeyValueProvider());
providers.add(new KeyInfoReferenceProvider());
final BasicProviderKeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(providers);
kekCredentialResolver.setKeyInfoCredentialResolver(keyInfoResolver);
final PredicateRoleDescriptorResolver roleDescriptorResolver = new PredicateRoleDescriptorResolver(adaptor.getMetadataResolver());
roleDescriptorResolver.setSatisfyAnyPredicates(true);
roleDescriptorResolver.setUseDefaultPredicateRegistry(true);
roleDescriptorResolver.setRequireValidMetadata(idp.getMetadata().isRequireValidMetadata());
roleDescriptorResolver.initialize();
kekCredentialResolver.setRoleDescriptorResolver(roleDescriptorResolver);
kekCredentialResolver.initialize();
final CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new EncryptionConfigurationCriterion(config));
criteriaSet.add(new EntityIdCriterion(peerEntityId));
criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION));
LOGGER.debug("Attempting to resolve the encryption key for entity id [{}]", peerEntityId);
return kekCredentialResolver.resolveSingle(criteriaSet);
}
示例11: buildSPSSODescriptor
import org.opensaml.security.credential.UsageType; //导入依赖的package包/类
protected final SPSSODescriptor buildSPSSODescriptor() {
final SAMLObjectBuilder<SPSSODescriptor> builder = (SAMLObjectBuilder<SPSSODescriptor>) this.builderFactory
.getBuilder(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
final SPSSODescriptor spDescriptor = builder.buildObject();
spDescriptor.setAuthnRequestsSigned(this.authnRequestSigned);
spDescriptor.setWantAssertionsSigned(this.wantAssertionSigned);
spDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
spDescriptor.addSupportedProtocol(SAMLConstants.SAML10P_NS);
spDescriptor.addSupportedProtocol(SAMLConstants.SAML11P_NS);
final SAMLObjectBuilder<Extensions> builderExt =
(SAMLObjectBuilder<Extensions>) this.builderFactory
.getBuilder(Extensions.DEFAULT_ELEMENT_NAME);
final Extensions extensions = builderExt.buildObject();
extensions.getNamespaceManager().registerAttributeName(RequestInitiator.DEFAULT_ELEMENT_NAME);
final SAMLObjectBuilder<RequestInitiator> builderReq =
(SAMLObjectBuilder<RequestInitiator>) this.builderFactory
.getBuilder(RequestInitiator.DEFAULT_ELEMENT_NAME);
final RequestInitiator requestInitiator = builderReq.buildObject();
requestInitiator.setLocation(this.requestInitiatorLocation);
requestInitiator.setBinding(RequestInitiator.DEFAULT_ELEMENT_NAME.getNamespaceURI());
extensions.getUnknownXMLObjects().add(requestInitiator);
spDescriptor.setExtensions(extensions);
spDescriptor.getNameIDFormats().addAll(buildNameIDFormat());
int index = 0;
spDescriptor.getAssertionConsumerServices().add(
getAssertionConsumerService(SAMLConstants.SAML2_POST_BINDING_URI, index++,
this.defaultACSIndex == index));
if (credentialProvider != null) {
spDescriptor.getKeyDescriptors().add(getKeyDescriptor(UsageType.SIGNING,
this.credentialProvider.getKeyInfo()));
spDescriptor.getKeyDescriptors().add(getKeyDescriptor(UsageType.ENCRYPTION,
this.credentialProvider.getKeyInfo()));
}
return spDescriptor;
}
示例12: getCertificateNames
import org.opensaml.security.credential.UsageType; //导入依赖的package包/类
private List<String> getCertificateNames(Map<UsageType, List<KeyDescriptor>> keysByUsage, UsageType keyUsage) {
return keysByUsage.get(keyUsage).stream()
.flatMap(kd -> kd.getKeyInfo().getKeyNames().stream())
.map(XSString::getValue)
.collect(Collectors.toList());
}
开发者ID:alphagov,项目名称:verify-matching-service-adapter,代码行数:7,代码来源:MatchingServiceAdapterMetadataAppRuleTest.java
示例13: getUsageType
import org.opensaml.security.credential.UsageType; //导入依赖的package包/类
@Nullable
@Override
public UsageType getUsageType() {
return null;
}
示例14: importMetaData
import org.opensaml.security.credential.UsageType; //导入依赖的package包/类
private static void importMetaData(KeyStore ks, EntityDescriptor ed,
IDPSSODescriptor idp, AuthMechType currentMechanism,
HashMap<String, ParamType> params) throws Base64DecodingException,
CertificateException, KeyStoreException {
setProperty("entityID",ed.getEntityID(),params,currentMechanism);
setProperty("entityID",ed.getEntityID(),params,currentMechanism);
for (SingleSignOnService sso : idp.getSingleSignOnServices() ) {
if (sso.getBinding().equalsIgnoreCase("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
setProperty("idpURL",sso.getLocation(),params,currentMechanism);
} else if (sso.getBinding().equalsIgnoreCase("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")) {
setProperty("idpRedirURL",sso.getLocation(),params,currentMechanism);
}
}
for (SingleLogoutService slo : idp.getSingleLogoutServices()) {
if (slo.getBinding().equalsIgnoreCase("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect")) {
setProperty("idpRedirLogoutURL",slo.getLocation(),params,currentMechanism);
}
}
for (KeyDescriptor kd : idp.getKeyDescriptors()) {
if (kd.getUse().equals(UsageType.SIGNING)) {
String base64 = kd.getKeyInfo().getX509Datas().get(0).getX509Certificates().get(0).getValue();
String name = "verify-" + ed.getEntityID() + "-idp-sig";
ByteArrayInputStream bais = new ByteArrayInputStream(Base64.decode(base64));
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Collection<? extends Certificate> c = cf.generateCertificates(bais);
if (c.size() > 1) {
int j = 0;
Iterator<? extends Certificate> i = c.iterator();
while (i.hasNext()) {
Certificate certificate = (Certificate) i.next();
ks.setCertificateEntry(name + "-" + j, certificate);
}
} else {
ks.setCertificateEntry(name, c.iterator().next());
}
setProperty("idpSigKeyName",name,params,currentMechanism);
}
}
}