本文整理汇总了Java中org.opensaml.xml.security.CriteriaSet类的典型用法代码示例。如果您正苦于以下问题:Java CriteriaSet类的具体用法?Java CriteriaSet怎么用?Java CriteriaSet使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
CriteriaSet类属于org.opensaml.xml.security包,在下文中一共展示了CriteriaSet类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: buildCriteriaSet
import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/** {@inheritDoc} */
protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext)
throws SecurityPolicyException {
if (!(messageContext instanceof SAMLMessageContext)) {
log.error("Supplied message context was not an instance of SAMLMessageContext, can not build criteria set from SAML metadata parameters");
throw new SecurityPolicyException("Supplied message context was not an instance of SAMLMessageContext");
}
SAMLMessageContext samlContext = (SAMLMessageContext) messageContext;
CriteriaSet criteriaSet = new CriteriaSet();
if (! DatatypeHelper.isEmpty(entityID)) {
criteriaSet.add(new EntityIDCriteria(entityID) );
}
MetadataCriteria mdCriteria =
new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext.getInboundSAMLProtocol());
criteriaSet.add(mdCriteria);
criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
return criteriaSet;
}
示例2: validate
import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/** {@inheritDoc} */
public boolean validate(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria)
throws SecurityException {
log.debug("Attempting PKIX validation of untrusted credential");
if (untrustedCredential == null) {
log.error("X.509 credential was null, unable to perform validation");
return false;
}
if (untrustedCredential.getEntityCertificate() == null) {
log.error("Untrusted X.509 credential's entity certificate was null, unable to perform validation");
return false;
}
Set<String> trustedNames = null;
if (pkixResolver.supportsTrustedNameResolution()) {
trustedNames = pkixResolver.resolveTrustedNames(trustBasisCriteria);
} else {
log.debug("PKIX resolver does not support resolution of trusted names, skipping name checking");
}
return validate(untrustedCredential, trustedNames, pkixResolver.resolve(trustBasisCriteria));
}
示例3: processKeyInfoChild
import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
* Process the given KeyInfo child with the registered providers.
*
* The child element is processed by each provider in the ordered list of providers. The credential or credentials
* resolved by the first provider to successfully do so are returned and processing of the child element is
* terminated.
*
* @param kiContext KeyInfo resolution context
* @param criteriaSet the credential criteria used to resolve credentials
* @param keyInfoChild the KeyInfo to evaluate
* @return the collection of resolved credentials, or null
* @throws SecurityException thrown if there is a provider error processing the KeyInfo child
*/
protected Collection<Credential> processKeyInfoChild(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet,
XMLObject keyInfoChild) throws SecurityException {
for (KeyInfoProvider provider : getProviders()) {
if (!provider.handles(keyInfoChild)) {
log.debug("Provider {} doesn't handle objects of type {}, skipping", provider.getClass().getName(),
keyInfoChild.getElementQName());
continue;
}
log.debug("Processing KeyInfo child {} with provider {}", keyInfoChild.getElementQName(), provider
.getClass().getName());
Collection<Credential> creds = provider.process(this, keyInfoChild, criteriaSet, kiContext);
if (creds != null && !creds.isEmpty()) {
log.debug("Credentials successfully extracted from child {} by provider {}", keyInfoChild
.getElementQName(), provider.getClass().getName());
return creds;
}
}
return null;
}
示例4: initResolutionContext
import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
* Initialize the resolution context that will be used by the providers.
*
* The supplied KeyInfo object is stored in the context, as well as the values of any {@link KeyName} children
* present. Finally if a credential is resolveble by any registered provider from a plain {@link KeyValue} child,
* the key from that credential is also stored in the context.
*
* @param kiContext KeyInfo resolution context
* @param keyInfo the KeyInfo to evaluate
* @param criteriaSet the credential criteria used to resolve credentials
* @throws SecurityException thrown if there is an error processing the KeyValue children
*/
protected void initResolutionContext(KeyInfoResolutionContext kiContext, KeyInfo keyInfo, CriteriaSet criteriaSet)
throws SecurityException {
kiContext.setKeyInfo(keyInfo);
// Extract all KeyNames
kiContext.getKeyNames().addAll(KeyInfoHelper.getKeyNames(keyInfo));
log.debug("Found {} key names: {}", kiContext.getKeyNames().size(), kiContext.getKeyNames());
// Extract the Credential based on the (singular) key from an existing KeyValue(s).
resolveKeyValue(kiContext, criteriaSet, keyInfo.getKeyValues());
// Extract the Credential based on the (singular) key from an existing DEREncodedKeyValue(s).
resolveKeyValue(kiContext, criteriaSet, keyInfo.getXMLObjects(DEREncodedKeyValue.DEFAULT_ELEMENT_NAME));
}
示例5: resolveKeyValue
import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
* Resolve the key from any KeyValue or DEREncodedKeyValue element that may be present, and store the resulting
* key in the resolution context.
*
* Each element is processed in turn in document order. Each element will be processed by each provider in
* the ordered list of registered providers. The key from the first credential successfully resolved
* will be stored in the resolution context.
*
* Note: This resolver implementation assumes that KeyInfo will not be abused via-a-vis the Signature
* specificiation, and that therefore all elements (if there are even more than one) will all resolve to the
* same key value. The KeyInfo might, for example have multiple KeyValue children, containing different
* representations of the same key. Therefore, only the first credential derived will be be utilized.
*
* @param kiContext KeyInfo resolution context
* @param criteriaSet the credential criteria used to resolve credentials
* @param keyValues the KeyValue or DEREncodedKeyValue children to evaluate
* @throws SecurityException thrown if there is an error resolving the key from the KeyValue
*/
protected void resolveKeyValue(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet,
List<? extends XMLObject> keyValues) throws SecurityException {
for (XMLObject keyValue : keyValues) {
if (!(keyValue instanceof KeyValue) && !(keyValue instanceof DEREncodedKeyValue)) {
continue;
}
Collection<Credential> creds = processKeyInfoChild(kiContext, criteriaSet, keyValue);
if (creds != null) {
for (Credential cred : creds) {
Key key = extractKeyValue(cred);
if (key != null) {
kiContext.setKey(key);
log.debug("Found a credential based on a KeyValue/DEREncodedKeyValue having key type: {}",
key.getAlgorithm());
return;
}
}
}
}
}
示例6: postProcess
import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/** {@inheritDoc} */
protected void postProcess(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet,
List<Credential> credentials) throws SecurityException {
ArrayList<Credential> localCreds = new ArrayList<Credential>();
for (Credential cred : credentials) {
if (isLocalCredential(cred)) {
localCreds.add(cred);
} else if (cred.getPublicKey() != null) {
localCreds.addAll(resolveByPublicKey(cred.getPublicKey()));
}
}
// Also resolve local creds based on any key names that are known
for (String keyName : kiContext.getKeyNames()) {
localCreds.addAll(resolveByKeyName(keyName));
}
credentials.clear();
credentials.addAll(localCreds);
}
示例7: getEvaluableCriteria
import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
* Extract the evaluable credential criteria from the criteria set.
*
* @param criteriaSet the set of credential criteria to process.
* @return a set of evaluable Credential criteria
* @throws SecurityException thrown if there is an error obtaining an instance of EvaluableCredentialCriteria
* from the EvaluableCredentialCriteriaRegistry
*/
private Set<EvaluableCriteria<Credential>> getEvaluableCriteria(CriteriaSet criteriaSet) throws SecurityException {
Set<EvaluableCriteria<Credential>> evaluable = new HashSet<EvaluableCriteria<Credential>>(criteriaSet.size());
for (Criteria criteria : criteriaSet) {
if (criteria instanceof EvaluableCredentialCriteria) {
evaluable.add((EvaluableCredentialCriteria) criteria);
} else {
EvaluableCredentialCriteria evaluableCriteria =
EvaluableCredentialCriteriaRegistry.getEvaluator(criteria);
if (evaluableCriteria != null) {
evaluable.add(evaluableCriteria);
}
}
}
return evaluable;
}
示例8: checkParamsRaw
import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
* Check the signature and credential criteria for required values.
*
* @param signature the signature to be evaluated
* @param content the data over which the signature was computed
* @param algorithmURI the signing algorithm URI which was used
* @param trustBasisCriteria the set of trusted credential criteria
* @throws SecurityException thrown if required values are absent or otherwise invalid
*/
protected void checkParamsRaw(byte[] signature, byte[] content, String algorithmURI, CriteriaSet trustBasisCriteria)
throws SecurityException {
if (signature == null || signature.length == 0) {
throw new SecurityException("Signature byte array was null or empty");
}
if (content == null || content.length == 0) {
throw new SecurityException("Content byte array was null or empty");
}
if (DatatypeHelper.isEmpty(algorithmURI)) {
throw new SecurityException("Signature algorithm was null or empty");
}
if (trustBasisCriteria == null) {
throw new SecurityException("Trust basis criteria set was null");
}
if (trustBasisCriteria.isEmpty()) {
throw new SecurityException("Trust basis criteria set was empty");
}
}
示例9: resolveValidationInfo
import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
* Resolve and return a set of trusted validation information.
*
* @param trustBasisCriteria criteria used to describe and/or resolve the information which serves as the basis for
* trust evaluation
* @return a pair consisting of an optional set of trusted names, and an iterable of trusted
* PKIXValidationInformation
* @throws SecurityException thrown if there is an error resolving the information from the trusted resolver
*/
protected Pair<Set<String>, Iterable<PKIXValidationInformation>> resolveValidationInfo(
CriteriaSet trustBasisCriteria) throws SecurityException {
Set<String> trustedNames = null;
if (pkixResolver.supportsTrustedNameResolution()) {
trustedNames = pkixResolver.resolveTrustedNames(trustBasisCriteria);
} else {
log.debug("PKIX resolver does not support resolution of trusted names, skipping name checking");
}
Iterable<PKIXValidationInformation> validationInfoSet = pkixResolver.resolve(trustBasisCriteria);
Pair<Set<String>, Iterable<PKIXValidationInformation>> validationPair =
new Pair<Set<String>, Iterable<PKIXValidationInformation>>(trustedNames, validationInfoSet);
return validationPair;
}
示例10: checkCriteriaRequirements
import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
* Check that all necessary credential criteria are available.
*
* @param criteriaSet the credential set to evaluate
*/
protected void checkCriteriaRequirements(CriteriaSet criteriaSet) {
EntityIDCriteria entityCriteria = criteriaSet.get(EntityIDCriteria.class);
MetadataCriteria mdCriteria = criteriaSet.get(MetadataCriteria.class);
if (entityCriteria == null) {
throw new IllegalArgumentException("Entity criteria must be supplied");
}
if (mdCriteria == null) {
throw new IllegalArgumentException("SAML metadata criteria must be supplied");
}
if (DatatypeHelper.isEmpty(entityCriteria.getEntityID())) {
throw new IllegalArgumentException("Credential owner entity ID criteria value must be supplied");
}
if (mdCriteria.getRole() == null) {
throw new IllegalArgumentException("Credential metadata role criteria value must be supplied");
}
}
示例11: buildCriteriaSet
import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
* Build a criteria set suitable for input to the trust engine.
*
* @param entityID the candidate issuer entity ID which is being evaluated
* @param samlContext the message context which is being evaluated
* @return a newly constructly set of criteria suitable for the configured trust engine
* @throws SecurityPolicyException thrown if criteria set can not be constructed
*/
protected CriteriaSet buildCriteriaSet(String entityID, SAMLMessageContext samlContext)
throws SecurityPolicyException {
CriteriaSet criteriaSet = new CriteriaSet();
if (!DatatypeHelper.isEmpty(entityID)) {
criteriaSet.add(new EntityIDCriteria(entityID));
}
MetadataCriteria mdCriteria = new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext
.getInboundSAMLProtocol());
criteriaSet.add(mdCriteria);
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
return criteriaSet;
}
示例12: buildCriteriaSet
import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/** {@inheritDoc} */
protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext)
throws SecurityPolicyException {
if (!(messageContext instanceof SAMLMessageContext)) {
log.error("Supplied message context was not an instance of SAMLMessageContext, can not build criteria set from SAML metadata parameters");
throw new SecurityPolicyException("Supplied message context was not an instance of SAMLMessageContext");
}
SAMLMessageContext samlContext = (SAMLMessageContext) messageContext;
CriteriaSet criteriaSet = super.buildCriteriaSet(entityID, messageContext);
MetadataCriteria mdCriteria =
new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext.getInboundSAMLProtocol());
criteriaSet.add(mdCriteria);
return criteriaSet;
}
示例13: validateSignature
import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
* @param queryString
* @param issuer
* @param alias
* @param domainName
* @return
* @throws SecurityException
* @throws IdentitySAML2SSOException
*/
@Override
public boolean validateSignature(String queryString, String issuer, String alias,
String domainName) throws SecurityException,
IdentitySAML2SSOException {
byte[] signature = getSignature(queryString);
byte[] signedContent = getSignedContent(queryString);
String algorithmUri = getSigAlg(queryString);
CriteriaSet criteriaSet = buildCriteriaSet(issuer);
// creating the SAML2HTTPRedirectDeflateSignatureRule
X509CredentialImpl credential =
SAMLSSOUtil.getX509CredentialImplForTenant(domainName,
alias);
List<Credential> credentials = new ArrayList<Credential>();
credentials.add(credential);
CollectionCredentialResolver credResolver = new CollectionCredentialResolver(credentials);
KeyInfoCredentialResolver kiResolver = SecurityHelper.buildBasicInlineKeyInfoResolver();
SignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver);
return engine.validate(signature, signedContent, algorithmUri, criteriaSet, null);
}
示例14: resolveFromSource
import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
@Override
public Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet) throws SecurityException {
try {
credentialSet = new HashSet<Credential>();
Enumeration<String> en = keyStore.aliases();
while (en.hasMoreElements()) {
String alias = en.nextElement();
X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
Credential credential = new X509CredentialImpl(cert);
if (criteriaSet.get(EntityIDCriteria.class) != null) {
if (criteriaSet.get(EntityIDCriteria.class).getEntityID().equals(alias)) {
credentialSet.add(credential);
break;
}
} else {
credentialSet.add(credential);
}
}
return credentialSet;
} catch (KeyStoreException e) {
log.error(e);
throw new SecurityException("Error reading certificates from key store");
}
}
示例15: buildCriteriaSet
import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
* Build the criteria set which will be used as input to the configured trust engine.
*
* @param signedMetadata the metadata element whose signature is being verified
* @param metadataEntryName the EntityDescriptor entityID or EntitiesDescriptor Name
* of the signature being evaluated
* @param isEntityGroup flag indicating whether the signed object is a metadata group (EntitiesDescriptor)
* @return the newly constructed criteria set
*/
protected CriteriaSet buildCriteriaSet(SignableXMLObject signedMetadata,
String metadataEntryName, boolean isEntityGroup) {
CriteriaSet newCriteriaSet = new CriteriaSet();
if (getDefaultCriteria() != null) {
newCriteriaSet.addAll( getDefaultCriteria() );
}
//TODO how to handle adding dynamic entity ID (or other) criteria (if at all?),
if (!newCriteriaSet.contains(UsageCriteria.class)) {
newCriteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
}
return newCriteriaSet;
}