当前位置: 首页>>代码示例>>Java>>正文


Java CriteriaSet类代码示例

本文整理汇总了Java中org.opensaml.xml.security.CriteriaSet的典型用法代码示例。如果您正苦于以下问题:Java CriteriaSet类的具体用法?Java CriteriaSet怎么用?Java CriteriaSet使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。


CriteriaSet类属于org.opensaml.xml.security包,在下文中一共展示了CriteriaSet类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: buildCriteriaSet

import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/** {@inheritDoc} */
protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext)
    throws SecurityPolicyException {
    if (!(messageContext instanceof SAMLMessageContext)) {
        log.error("Supplied message context was not an instance of SAMLMessageContext, can not build criteria set from SAML metadata parameters");
        throw new SecurityPolicyException("Supplied message context was not an instance of SAMLMessageContext");
    }
    
    SAMLMessageContext samlContext = (SAMLMessageContext) messageContext;
    
    CriteriaSet criteriaSet = new CriteriaSet();
    if (! DatatypeHelper.isEmpty(entityID)) {
        criteriaSet.add(new EntityIDCriteria(entityID) );
    }
    
    MetadataCriteria mdCriteria = 
        new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext.getInboundSAMLProtocol());
    criteriaSet.add(mdCriteria);
    
    criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
    
    return criteriaSet;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:24,代码来源:BaseSAMLXMLSignatureSecurityPolicyRule.java

示例2: validate

import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/** {@inheritDoc} */
public boolean validate(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria)
    throws SecurityException {
    
    log.debug("Attempting PKIX validation of untrusted credential");

    if (untrustedCredential == null) {
        log.error("X.509 credential was null, unable to perform validation");
        return false;
    }

    if (untrustedCredential.getEntityCertificate() == null) {
        log.error("Untrusted X.509 credential's entity certificate was null, unable to perform validation");
        return false;
    }

    Set<String> trustedNames = null;
    if (pkixResolver.supportsTrustedNameResolution()) {
        trustedNames = pkixResolver.resolveTrustedNames(trustBasisCriteria);
    } else {
        log.debug("PKIX resolver does not support resolution of trusted names, skipping name checking");
    }

    return validate(untrustedCredential, trustedNames, pkixResolver.resolve(trustBasisCriteria));
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:26,代码来源:PKIXX509CredentialTrustEngine.java

示例3: processKeyInfoChild

import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
 * Process the given KeyInfo child with the registered providers.
 * 
 * The child element is processed by each provider in the ordered list of providers. The credential or credentials
 * resolved by the first provider to successfully do so are returned and processing of the child element is
 * terminated.
 * 
 * @param kiContext KeyInfo resolution context
 * @param criteriaSet the credential criteria used to resolve credentials
 * @param keyInfoChild the KeyInfo to evaluate
 * @return the collection of resolved credentials, or null
 * @throws SecurityException thrown if there is a provider error processing the KeyInfo child
 */
protected Collection<Credential> processKeyInfoChild(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet,
        XMLObject keyInfoChild) throws SecurityException {

    for (KeyInfoProvider provider : getProviders()) {

        if (!provider.handles(keyInfoChild)) {
            log.debug("Provider {} doesn't handle objects of type {}, skipping", provider.getClass().getName(),
                    keyInfoChild.getElementQName());
            continue;
        }

        log.debug("Processing KeyInfo child {} with provider {}", keyInfoChild.getElementQName(), provider
                .getClass().getName());
        Collection<Credential> creds = provider.process(this, keyInfoChild, criteriaSet, kiContext);

        if (creds != null && !creds.isEmpty()) {
            log.debug("Credentials successfully extracted from child {} by provider {}", keyInfoChild
                    .getElementQName(), provider.getClass().getName());
            return creds;
        }
    }
    return null;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:37,代码来源:BasicProviderKeyInfoCredentialResolver.java

示例4: initResolutionContext

import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
 * Initialize the resolution context that will be used by the providers.
 * 
 * The supplied KeyInfo object is stored in the context, as well as the values of any {@link KeyName} children
 * present. Finally if a credential is resolveble by any registered provider from a plain {@link KeyValue} child,
 * the key from that credential is also stored in the context.
 * 
 * @param kiContext KeyInfo resolution context
 * @param keyInfo the KeyInfo to evaluate
 * @param criteriaSet the credential criteria used to resolve credentials
 * @throws SecurityException thrown if there is an error processing the KeyValue children
 */
protected void initResolutionContext(KeyInfoResolutionContext kiContext, KeyInfo keyInfo, CriteriaSet criteriaSet)
        throws SecurityException {

    kiContext.setKeyInfo(keyInfo);

    // Extract all KeyNames
    kiContext.getKeyNames().addAll(KeyInfoHelper.getKeyNames(keyInfo));
    log.debug("Found {} key names: {}", kiContext.getKeyNames().size(), kiContext.getKeyNames());

    // Extract the Credential based on the (singular) key from an existing KeyValue(s).
    resolveKeyValue(kiContext, criteriaSet, keyInfo.getKeyValues());

    // Extract the Credential based on the (singular) key from an existing DEREncodedKeyValue(s).
    resolveKeyValue(kiContext, criteriaSet, keyInfo.getXMLObjects(DEREncodedKeyValue.DEFAULT_ELEMENT_NAME));
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:28,代码来源:BasicProviderKeyInfoCredentialResolver.java

示例5: resolveKeyValue

import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
 * Resolve the key from any KeyValue or DEREncodedKeyValue element that may be present, and store the resulting
 * key in the resolution context.
 * 
 * Each element is processed in turn in document order. Each element will be processed by each provider in
 * the ordered list of registered providers. The key from the first credential successfully resolved
 * will be stored in the resolution context.
 * 
 * Note: This resolver implementation assumes that KeyInfo will not be abused via-a-vis the Signature
 * specificiation, and that therefore all elements (if there are even more than one) will all resolve to the
 * same key value. The KeyInfo might, for example have multiple KeyValue children, containing different
 * representations of the same key. Therefore, only the first credential derived will be be utilized.
 * 
 * @param kiContext KeyInfo resolution context
 * @param criteriaSet the credential criteria used to resolve credentials
 * @param keyValues the KeyValue or DEREncodedKeyValue children to evaluate
 * @throws SecurityException thrown if there is an error resolving the key from the KeyValue
 */
protected void resolveKeyValue(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet,
        List<? extends XMLObject> keyValues) throws SecurityException {

    for (XMLObject keyValue : keyValues) {
        if (!(keyValue instanceof KeyValue) && !(keyValue instanceof DEREncodedKeyValue)) {
            continue;
        }
        Collection<Credential> creds = processKeyInfoChild(kiContext, criteriaSet, keyValue);
        if (creds != null) {
            for (Credential cred : creds) {
                Key key = extractKeyValue(cred);
                if (key != null) {
                    kiContext.setKey(key);
                    log.debug("Found a credential based on a KeyValue/DEREncodedKeyValue having key type: {}",
                            key.getAlgorithm());
                    return;
                }
            }
        }
    }
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:40,代码来源:BasicProviderKeyInfoCredentialResolver.java

示例6: postProcess

import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/** {@inheritDoc} */
protected void postProcess(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet,
        List<Credential> credentials) throws SecurityException {
    
    ArrayList<Credential> localCreds = new ArrayList<Credential>();
    
    for (Credential cred : credentials) {
        if (isLocalCredential(cred)) {
            localCreds.add(cred);
        } else if (cred.getPublicKey() != null) {
           localCreds.addAll(resolveByPublicKey(cred.getPublicKey()));
        }
    }
    
    // Also resolve local creds based on any key names that are known
    for (String keyName : kiContext.getKeyNames()) {
        localCreds.addAll(resolveByKeyName(keyName));
    }
    
    credentials.clear();
    credentials.addAll(localCreds);
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:23,代码来源:LocalKeyInfoCredentialResolver.java

示例7: getEvaluableCriteria

import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
 * Extract the evaluable credential criteria from the criteria set.
 * 
 * @param criteriaSet the set of credential criteria to process.
 * @return a set of evaluable Credential criteria
 * @throws SecurityException thrown if there is an error obtaining an instance of EvaluableCredentialCriteria
 *                           from the EvaluableCredentialCriteriaRegistry
 */
private Set<EvaluableCriteria<Credential>> getEvaluableCriteria(CriteriaSet criteriaSet) throws SecurityException {
    Set<EvaluableCriteria<Credential>> evaluable = new HashSet<EvaluableCriteria<Credential>>(criteriaSet.size());
    for (Criteria criteria : criteriaSet) {
        if (criteria instanceof EvaluableCredentialCriteria) {
            evaluable.add((EvaluableCredentialCriteria) criteria);
        } else {
            EvaluableCredentialCriteria evaluableCriteria = 
                EvaluableCredentialCriteriaRegistry.getEvaluator(criteria);
            if (evaluableCriteria != null) {
                evaluable.add(evaluableCriteria);
            }
        }
    }
    return evaluable;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:24,代码来源:AbstractCriteriaFilteringCredentialResolver.java

示例8: checkParamsRaw

import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
 * Check the signature and credential criteria for required values.
 * 
 * @param signature the signature to be evaluated
 * @param content the data over which the signature was computed
 * @param algorithmURI the signing algorithm URI which was used
 * @param trustBasisCriteria the set of trusted credential criteria
 * @throws SecurityException thrown if required values are absent or otherwise invalid
 */
protected void checkParamsRaw(byte[] signature, byte[] content, String algorithmURI, CriteriaSet trustBasisCriteria)
        throws SecurityException {

    if (signature == null || signature.length == 0) {
        throw new SecurityException("Signature byte array was null or empty");
    }
    if (content == null || content.length == 0) {
        throw new SecurityException("Content byte array was null or empty");
    }
    if (DatatypeHelper.isEmpty(algorithmURI)) {
        throw new SecurityException("Signature algorithm was null or empty");
    }
    if (trustBasisCriteria == null) {
        throw new SecurityException("Trust basis criteria set was null");
    }
    if (trustBasisCriteria.isEmpty()) {
        throw new SecurityException("Trust basis criteria set was empty");
    }
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:29,代码来源:BaseSignatureTrustEngine.java

示例9: resolveValidationInfo

import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
 * Resolve and return a set of trusted validation information.
 * 
 * @param trustBasisCriteria criteria used to describe and/or resolve the information which serves as the basis for
 *            trust evaluation
 * @return a pair consisting of an optional set of trusted names, and an iterable of trusted
 *         PKIXValidationInformation
 * @throws SecurityException thrown if there is an error resolving the information from the trusted resolver
 */
protected Pair<Set<String>, Iterable<PKIXValidationInformation>> resolveValidationInfo(
        CriteriaSet trustBasisCriteria) throws SecurityException {

    Set<String> trustedNames = null;
    if (pkixResolver.supportsTrustedNameResolution()) {
        trustedNames = pkixResolver.resolveTrustedNames(trustBasisCriteria);
    } else {
        log.debug("PKIX resolver does not support resolution of trusted names, skipping name checking");
    }
    Iterable<PKIXValidationInformation> validationInfoSet = pkixResolver.resolve(trustBasisCriteria);

    Pair<Set<String>, Iterable<PKIXValidationInformation>> validationPair = 
        new Pair<Set<String>, Iterable<PKIXValidationInformation>>(trustedNames, validationInfoSet);

    return validationPair;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:26,代码来源:PKIXSignatureTrustEngine.java

示例10: checkCriteriaRequirements

import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
 * Check that all necessary credential criteria are available.
 * 
 * @param criteriaSet the credential set to evaluate
 */
protected void checkCriteriaRequirements(CriteriaSet criteriaSet) {
    EntityIDCriteria entityCriteria = criteriaSet.get(EntityIDCriteria.class);
    MetadataCriteria mdCriteria = criteriaSet.get(MetadataCriteria.class);
    if (entityCriteria == null) {
        throw new IllegalArgumentException("Entity criteria must be supplied");
    }
    if (mdCriteria == null) {
        throw new IllegalArgumentException("SAML metadata criteria must be supplied");
    }
    if (DatatypeHelper.isEmpty(entityCriteria.getEntityID())) {
        throw new IllegalArgumentException("Credential owner entity ID criteria value must be supplied");
    }
    if (mdCriteria.getRole() == null) {
        throw new IllegalArgumentException("Credential metadata role criteria value must be supplied");
    }
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:22,代码来源:MetadataCredentialResolver.java

示例11: buildCriteriaSet

import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
 * Build a criteria set suitable for input to the trust engine.
 * 
 * @param entityID the candidate issuer entity ID which is being evaluated
 * @param samlContext the message context which is being evaluated
 * @return a newly constructly set of criteria suitable for the configured trust engine
 * @throws SecurityPolicyException thrown if criteria set can not be constructed
 */
protected CriteriaSet buildCriteriaSet(String entityID, SAMLMessageContext samlContext)
        throws SecurityPolicyException {

    CriteriaSet criteriaSet = new CriteriaSet();
    if (!DatatypeHelper.isEmpty(entityID)) {
        criteriaSet.add(new EntityIDCriteria(entityID));
    }

    MetadataCriteria mdCriteria = new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext
            .getInboundSAMLProtocol());
    criteriaSet.add(mdCriteria);

    criteriaSet.add(new UsageCriteria(UsageType.SIGNING));

    return criteriaSet;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:25,代码来源:BaseSAMLSimpleSignatureSecurityPolicyRule.java

示例12: buildCriteriaSet

import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/** {@inheritDoc} */
protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext) 
    throws SecurityPolicyException {
    
    if (!(messageContext instanceof SAMLMessageContext)) {
        log.error("Supplied message context was not an instance of SAMLMessageContext, can not build criteria set from SAML metadata parameters");
        throw new SecurityPolicyException("Supplied message context was not an instance of SAMLMessageContext");
    }
    
    SAMLMessageContext samlContext = (SAMLMessageContext) messageContext;

    CriteriaSet criteriaSet = super.buildCriteriaSet(entityID, messageContext);
    MetadataCriteria mdCriteria = 
        new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext.getInboundSAMLProtocol());
    criteriaSet.add(mdCriteria);

    return criteriaSet;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:19,代码来源:SAMLMDClientCertAuthRule.java

示例13: validateSignature

import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
 * @param queryString
 * @param issuer
 * @param alias
 * @param domainName
 * @return
 * @throws SecurityException
 * @throws IdentitySAML2SSOException
 */
@Override
public boolean validateSignature(String queryString, String issuer, String alias,
                                 String domainName) throws SecurityException,
        IdentitySAML2SSOException {
    byte[] signature = getSignature(queryString);
    byte[] signedContent = getSignedContent(queryString);
    String algorithmUri = getSigAlg(queryString);
    CriteriaSet criteriaSet = buildCriteriaSet(issuer);

    // creating the SAML2HTTPRedirectDeflateSignatureRule
    X509CredentialImpl credential =
            SAMLSSOUtil.getX509CredentialImplForTenant(domainName,
                    alias);

    List<Credential> credentials = new ArrayList<Credential>();
    credentials.add(credential);
    CollectionCredentialResolver credResolver = new CollectionCredentialResolver(credentials);
    KeyInfoCredentialResolver kiResolver = SecurityHelper.buildBasicInlineKeyInfoResolver();
    SignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver);
    return engine.validate(signature, signedContent, algorithmUri, criteriaSet, null);
}
 
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:31,代码来源:SAML2HTTPRedirectDeflateSignatureValidator.java

示例14: resolveFromSource

import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
@Override
public Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet) throws SecurityException {
    try {
        credentialSet = new HashSet<Credential>();
        Enumeration<String> en = keyStore.aliases();
        while (en.hasMoreElements()) {
            String alias = en.nextElement();
            X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
            Credential credential = new X509CredentialImpl(cert);
            if (criteriaSet.get(EntityIDCriteria.class) != null) {
                if (criteriaSet.get(EntityIDCriteria.class).getEntityID().equals(alias)) {
                    credentialSet.add(credential);
                    break;
                }
            } else {
                credentialSet.add(credential);
            }
        }
        return credentialSet;
    } catch (KeyStoreException e) {
        log.error(e);
        throw new SecurityException("Error reading certificates from key store");
    }
}
 
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:25,代码来源:CarbonKeyStoreCredentialResolver.java

示例15: buildCriteriaSet

import org.opensaml.xml.security.CriteriaSet; //导入依赖的package包/类
/**
 * Build the criteria set which will be used as input to the configured trust engine.
 * 
 * @param signedMetadata the metadata element whose signature is being verified
 * @param metadataEntryName the EntityDescriptor entityID or EntitiesDescriptor Name 
 *                          of the signature being evaluated
 * @param isEntityGroup flag indicating whether the signed object is a metadata group (EntitiesDescriptor)
 * @return the newly constructed criteria set
 */
protected CriteriaSet buildCriteriaSet(SignableXMLObject signedMetadata,
        String metadataEntryName, boolean isEntityGroup) {
    
    CriteriaSet newCriteriaSet = new CriteriaSet();
    
    if (getDefaultCriteria() != null) {
        newCriteriaSet.addAll( getDefaultCriteria() );
    }
    
    //TODO how to handle adding dynamic entity ID (or other) criteria (if at all?),
    
    if (!newCriteriaSet.contains(UsageCriteria.class)) {
        newCriteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
    }
    
    return newCriteriaSet;
}
 
开发者ID:apigee,项目名称:java-opensaml2,代码行数:27,代码来源:SignatureValidationFilter.java


注:本文中的org.opensaml.xml.security.CriteriaSet类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。