本文整理汇总了Java中org.opensaml.security.x509.BasicX509Credential类的典型用法代码示例。如果您正苦于以下问题:Java BasicX509Credential类的具体用法?Java BasicX509Credential怎么用?Java BasicX509Credential使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
BasicX509Credential类属于org.opensaml.security.x509包,在下文中一共展示了BasicX509Credential类的12个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: isTrusted
import org.opensaml.security.x509.BasicX509Credential; //导入依赖的package包/类
@Override
public boolean isTrusted(final X509Certificate[] certificates, final String authType)
throws CertificateException {
if (certificates == null || certificates.length < 1) {
return false;
}
// Assume the first certificate is the end-entity cert
try {
log.debug("Validating cert {} issued by {}",
certificates[0].getSubjectDN().getName(),
certificates[0].getIssuerDN().getName());
return trustEngine.validate(new BasicX509Credential(certificates[0]), new CriteriaSet());
} catch (SecurityException e) {
throw new CertificateException("X509 validation error", e);
}
}
示例2: getSigningCredential
import org.opensaml.security.x509.BasicX509Credential; //导入依赖的package包/类
/**
* getSigningCredential loads up an X509Credential from a file.
*
* @param resource the signing certificate file
* @return an X509 credential
*/
private Credential getSigningCredential(final Resource resource) {
try (InputStream inputStream = resource.getInputStream()) {
final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
final X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(inputStream);
final Credential publicCredential = new BasicX509Credential(certificate);
logger.debug("getSigningCredential: key retrieved.");
return publicCredential;
} catch (final Exception ex) {
logger.error(ex.getMessage(), ex);
return null;
}
}
示例3: getEncryptionCredential
import org.opensaml.security.x509.BasicX509Credential; //导入依赖的package包/类
private Credential getEncryptionCredential(final WsFederationConfiguration config) {
try {
// This will need to contain the private keypair in PEM format
final BufferedReader br = new BufferedReader(new InputStreamReader(config.getEncryptionPrivateKey().getInputStream()));
Security.addProvider(new BouncyCastleProvider());
final PEMParser pemParser = new PEMParser(br);
final Object privateKeyPemObject = pemParser.readObject();
final JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(new BouncyCastleProvider());
final KeyPair kp;
if (privateKeyPemObject instanceof PEMEncryptedKeyPair) {
final PEMEncryptedKeyPair ckp = (PEMEncryptedKeyPair) privateKeyPemObject;
final PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder()
.build(config.getEncryptionPrivateKeyPassword().toCharArray());
kp = converter.getKeyPair(ckp.decryptKeyPair(decProv));
} else {
kp = converter.getKeyPair((PEMKeyPair) privateKeyPemObject);
}
final X509CertParser certParser = new X509CertParser();
// This is the certificate shared with ADFS in DER format, i.e certificate.crt
certParser.engineInit(config.getEncryptionCertificate().getInputStream());
final X509CertificateObject cert = (X509CertificateObject) certParser.engineRead();
return new BasicX509Credential(cert, kp.getPrivate());
} catch (final Exception e) {
throw Throwables.propagate(e);
}
}
示例4: getSigningCredential
import org.opensaml.security.x509.BasicX509Credential; //导入依赖的package包/类
/**
* getSigningCredential loads up an X509Credential from a file.
*
* @param resource the signing certificate file
* @return an X509 credential
*/
private static Credential getSigningCredential(final Resource resource) {
try(InputStream inputStream = resource.getInputStream()) {
final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
final X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(inputStream);
final Credential publicCredential = new BasicX509Credential(certificate);
LOGGER.debug("getSigningCredential: key retrieved.");
return publicCredential;
} catch (final Exception ex) {
LOGGER.error(ex.getMessage(), ex);
}
return null;
}
示例5: run_shouldThrowCertChainValidationExceptionOnResponse
import org.opensaml.security.x509.BasicX509Credential; //导入依赖的package包/类
@Test
public void run_shouldThrowCertChainValidationExceptionOnResponse() throws Exception {
when(attributeQueryRequestClient.sendQuery(any(Element.class), anyString(), any(SessionId.class), any(URI.class))).thenReturn(matchingServiceResponse);
final BasicX509Credential x509Credential = new BasicX509Credential(
new X509CertificateFactory().createCertificate(UNCHAINED_PUBLIC_CERT),
new PrivateKeyFactory().createPrivateKey(Base64.decode(UNCHAINED_PRIVATE_KEY.getBytes())));
Response response = aResponse().withSigningCredential(x509Credential).withIssuer(anIssuer().withIssuerId("issuer-id").build()).build();
when(elementToResponseTransformer.apply(matchingServiceResponse)).thenReturn(response);
executeAttributeQueryRequest.execute(sessionId, attributeQueryContainerDto);
verify(matchingResponseSignatureValidator).validate(response, AttributeAuthorityDescriptor.DEFAULT_ELEMENT_NAME);
}
示例6: getSigningCredential
import org.opensaml.security.x509.BasicX509Credential; //导入依赖的package包/类
/**
* getSigningCredential loads up an X509Credential from a file.
*
* @param resource the signing certificate file
* @return an X509 credential
*/
private Credential getSigningCredential(final Resource resource) {
try (final InputStream inputStream = resource.getInputStream()) {
final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
final X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(inputStream);
final Credential publicCredential = new BasicX509Credential(certificate);
logger.debug("getSigningCredential: key retrieved.");
return publicCredential;
} catch (final Exception ex) {
logger.error(ex.getMessage(), ex);
return null;
}
}
示例7: getSignatureSigningConfiguration
import org.opensaml.security.x509.BasicX509Credential; //导入依赖的package包/类
/**
* Gets signature signing configuration.
*
* @return the signature signing configuration
* @throws Exception the exception
*/
protected SignatureSigningConfiguration getSignatureSigningConfiguration() throws Exception {
final BasicSignatureSigningConfiguration config =
DefaultSecurityConfigurationBootstrap.buildDefaultSignatureSigningConfiguration();
final SamlIdPProperties samlIdp = casProperties.getAuthn().getSamlIdp();
if (this.overrideBlackListedSignatureAlgorithms != null
&& !samlIdp.getAlgs().getOverrideBlackListedSignatureSigningAlgorithms().isEmpty()) {
config.setBlacklistedAlgorithms(this.overrideBlackListedSignatureAlgorithms);
}
if (this.overrideSignatureAlgorithms != null && !this.overrideSignatureAlgorithms.isEmpty()) {
config.setSignatureAlgorithms(this.overrideSignatureAlgorithms);
}
if (this.overrideSignatureReferenceDigestMethods != null && !this.overrideSignatureReferenceDigestMethods.isEmpty()) {
config.setSignatureReferenceDigestMethods(this.overrideSignatureReferenceDigestMethods);
}
if (this.overrideWhiteListedAlgorithms != null && !this.overrideWhiteListedAlgorithms.isEmpty()) {
config.setWhitelistedAlgorithms(this.overrideWhiteListedAlgorithms);
}
if (StringUtils.isNotBlank(samlIdp.getAlgs().getOverrideSignatureCanonicalizationAlgorithm())) {
config.setSignatureCanonicalizationAlgorithm(samlIdp.getAlgs().getOverrideSignatureCanonicalizationAlgorithm());
}
LOGGER.debug("Signature signing blacklisted algorithms: [{}]", config.getBlacklistedAlgorithms());
LOGGER.debug("Signature signing signature algorithms: [{}]", config.getSignatureAlgorithms());
LOGGER.debug("Signature signing signature canonicalization algorithm: [{}]", config.getSignatureCanonicalizationAlgorithm());
LOGGER.debug("Signature signing whitelisted algorithms: [{}]", config.getWhitelistedAlgorithms());
LOGGER.debug("Signature signing reference digest methods: [{}]", config.getSignatureReferenceDigestMethods());
final PrivateKey privateKey = getSigningPrivateKey();
final X509Certificate certificate = getSigningCertificate();
final List<Credential> creds = new ArrayList<>();
creds.add(new BasicX509Credential(certificate, privateKey));
config.setSigningCredentials(creds);
LOGGER.debug("Signature signing credentials configured");
return config;
}
示例8: getEncryptionCredential
import org.opensaml.security.x509.BasicX509Credential; //导入依赖的package包/类
private static Credential getEncryptionCredential(final WsFederationConfiguration config) {
try {
// This will need to contain the private keypair in PEM format
LOGGER.debug("Locating encryption credential private key [{}]", config.getEncryptionPrivateKey());
final BufferedReader br = new BufferedReader(new InputStreamReader(
config.getEncryptionPrivateKey().getInputStream(), StandardCharsets.UTF_8));
Security.addProvider(new BouncyCastleProvider());
LOGGER.debug("Parsing credential private key");
final PEMParser pemParser = new PEMParser(br);
final Object privateKeyPemObject = pemParser.readObject();
final JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(new BouncyCastleProvider());
final KeyPair kp;
if (privateKeyPemObject instanceof PEMEncryptedKeyPair) {
LOGGER.debug("Encryption private key is an encrypted keypair");
final PEMEncryptedKeyPair ckp = (PEMEncryptedKeyPair) privateKeyPemObject;
final PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder()
.build(config.getEncryptionPrivateKeyPassword().toCharArray());
LOGGER.debug("Attempting to decrypt the encrypted keypair based on the provided encryption private key password");
kp = converter.getKeyPair(ckp.decryptKeyPair(decProv));
} else {
LOGGER.debug("Extracting a keypair from the private key");
kp = converter.getKeyPair((PEMKeyPair) privateKeyPemObject);
}
final X509CertParser certParser = new X509CertParser();
// This is the certificate shared with ADFS in DER format, i.e certificate.crt
LOGGER.debug("Locating encryption certificate [{}]", config.getEncryptionCertificate());
certParser.engineInit(config.getEncryptionCertificate().getInputStream());
LOGGER.debug("Invoking certificate engine to parse the certificate [{}]", config.getEncryptionCertificate());
final X509CertificateObject cert = (X509CertificateObject) certParser.engineRead();
LOGGER.debug("Creating final credential based on the certificate [{}] and the private key", cert.getIssuerDN());
return new BasicX509Credential(cert, kp.getPrivate());
} catch (final Exception e) {
throw Throwables.propagate(e);
}
}
示例9: EidasAttributeQueryAssertionValidator
import org.opensaml.security.x509.BasicX509Credential; //导入依赖的package包/类
public EidasAttributeQueryAssertionValidator(final MetadataResolver metadataResolver,
final CertificateValidator certificateValidator,
final CertificateExtractor certificateExtractor,
final X509CertificateFactory x509CertificateFactory,
final DateTimeComparator dateTimeComparator,
final String typeOfAssertion,
final String hubConnectorEntityId,
final Duration ttl,
final Duration clockDelta) {
super(
false,
new CompositeValidator<>(
true,
new IssuerValidator<>(
generateMissingIssuerMessage(typeOfAssertion),
generateEmptyIssuerMessage(typeOfAssertion),
Assertion::getIssuer
),
new SamlDigitalSignatureValidator<>(
generateInvalidSignatureMessage(typeOfAssertion),
assertion -> new MetadataCertificatesRepository(metadataResolver, certificateValidator, certificateExtractor)
.getIdpSigningCertificates(assertion.getIssuer().getValue()).stream()
.map(Certificate::getCertificate)
.map(x509CertificateFactory::createCertificate)
.map(BasicX509Credential::new)
.collect(Collectors.toList()),
Assertion::getIssuer,
IDPSSODescriptor.DEFAULT_ELEMENT_NAME
)
),
new SubjectValidator<>(Assertion::getSubject, dateTimeComparator),
IssueInstantJodaDateTimeValidator(
globalMessage("expired.message", "Issue Instant time-to-live has been exceeded"),
globalMessage("issue.instance.in.future", "Issue Instant is in the future"),
Assertion::getIssueInstant,
ttl,
clockDelta
),
new CompositeValidator<>(
true,
new FixedErrorValidator<>(a -> a.getAuthnStatements().size() != 1, generateWrongNumberOfAuthnStatementsMessage(typeOfAssertion)),
new AuthnStatementValidator<>(a -> a.getAuthnStatements().get(0), dateTimeComparator)
),
new ConditionsValidator<>(Assertion::getConditions, hubConnectorEntityId),
new CompositeValidator<>(
true,
new FixedErrorValidator<>(a -> a.getAttributeStatements().size() != 1 , generateWrongNumberOfAttributeStatementsMessage(typeOfAssertion)),
new AttributeStatementValidator<>(a -> a.getAttributeStatements().get(0))
)
);
}
开发者ID:alphagov,项目名称:verify-matching-service-adapter,代码行数:52,代码来源:EidasAttributeQueryAssertionValidator.java
示例10: EidasAttributeQueryValidator
import org.opensaml.security.x509.BasicX509Credential; //导入依赖的package包/类
public EidasAttributeQueryValidator(MetadataResolver verifyMetadataResolver,
MetadataResolver countryMetadataResolver,
CertificateValidator verifyHubCertificateValidator,
CertificateValidator countryMetadataCertificateValidator,
CertificateExtractor certificateExtractor,
X509CertificateFactory x509CertificateFactory,
DateTimeComparator dateTimeComparator,
AssertionDecrypter assertionDecrypter,
final String hubConnectorEntityId) {
super(
false,
new CompositeValidator<>(
true,
new IssuerValidator<>(DEFAULT_ISSUER_REQUIRED_MESSAGE, DEFAULT_ISSUER_EMPTY_MESSAGE, AttributeQuery::getIssuer),
new SamlDigitalSignatureValidator<>(
DEFAULT_INVALID_SIGNATURE_MESSAGE,
attributeQuery -> new MetadataCertificatesRepository(verifyMetadataResolver, verifyHubCertificateValidator, certificateExtractor)
.getHubSigningCertificates(attributeQuery.getIssuer().getValue()).stream()
.map(Certificate::getCertificate)
.map(x509CertificateFactory::createCertificate)
.map(BasicX509Credential::new)
.collect(Collectors.toList()),
AttributeQuery::getIssuer,
SPSSODescriptor.DEFAULT_ELEMENT_NAME
)
),
new CompositeValidator<>(
true,
new FixedErrorValidator<>(aqr -> getEncryptedAssertions(aqr).size() != 1, DEFAULT_ENCRYPTED_ASSERTIONS_MISSING_MESSAGE),
new CompositeValidator<>(
aqr -> assertionDecrypter.decryptAssertions(() -> getEncryptedAssertions(aqr)).get(0),
new EidasAttributeQueryAssertionValidator(
countryMetadataResolver,
countryMetadataCertificateValidator,
certificateExtractor,
x509CertificateFactory,
dateTimeComparator,
IDENTITY_ASSERTION,
hubConnectorEntityId,
Duration.parse("PT20M"),
Duration.parse("PT1M"))
)
)
);
}
示例11: createCredentialProvider
import org.opensaml.security.x509.BasicX509Credential; //导入依赖的package包/类
private Function<AttributeQuery, Iterable<Credential>> createCredentialProvider(final String certificate) {
return aqr -> Arrays.asList(
new X509CertificateFactory().createCertificate(certificate)
).stream().map(BasicX509Credential::new).collect(Collectors.toList());
}
开发者ID:alphagov,项目名称:verify-matching-service-adapter,代码行数:6,代码来源:SamlDigitalSignatureValidatorTest.java
示例12: generateSignedAssertion
import org.opensaml.security.x509.BasicX509Credential; //导入依赖的package包/类
private Element generateSignedAssertion(String id) throws Exception {
if (this.sigCert == null) {
throw new Exception("No signature key found");
}
Assertion assertion = generateAssertion(id);
BasicX509Credential signingCredential = CredentialSupport.getSimpleCredential(this.sigCert, this.sigKey);
Signature signature = (Signature) OpenSAMLUtils.buildSAMLObject(Signature.class);
signature.setSigningCredential(signingCredential);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
assertion.setSignature(signature);
Element e = null;
try {
e = XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(assertion).marshall(assertion);
} catch (MarshallingException e1) {
throw new RuntimeException(e1);
}
Signer.signObject(signature);
////System.out.println(XMLHelper.nodeToString(e));
AssertionBuilder ab = new AssertionBuilder();
return e;
////System.out.println(XMLHelper.nodeToString(e));
//return assertion;
/*
//BasicCredential sigCred = new BasicCredential();
//sigCred.setPrivateKey(sigKey);
//sigCred.setEntityCertificate(this.cert);
//sigCred.setUsageType(UsageType.SIGNING);
KeyInfoBuilder kib = new KeyInfoBuilder();
KeyInfo ki = kib.buildObject();
signature.setSigningCredential(cred);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
signature.setKeyInfo(ki);
assertion.setSignature(signature);
try {
Configuration.getMarshallerFactory().getMarshaller(assertion).marshall(assertion);
} catch (MarshallingException e) {
throw new Exception("Could not generate assertion",e);
}
try {
Signer.signObject(signature);
} catch (SignatureException e) {
throw new Exception("Could not sign assertion",e);
}
return assertion;*/
}