本文整理汇总了Java中org.opensaml.xml.security.SecurityException类的典型用法代码示例。如果您正苦于以下问题:Java SecurityException类的具体用法?Java SecurityException怎么用?Java SecurityException使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
SecurityException类属于org.opensaml.xml.security包,在下文中一共展示了SecurityException类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getRoleDescriptors
import org.opensaml.xml.security.SecurityException; //导入依赖的package包/类
/**
* Get the list of metadata role descriptors which match the given entityID, role and protocol.
*
* @param entityID entity ID of the credential owner
* @param role role in which the entity is operating
* @param protocol protocol over which the entity is operating (may be null)
* @return a list of role descriptors matching the given parameters, or null
* @throws SecurityException thrown if there is an error retrieving role descriptors from the metadata provider
*/
protected List<RoleDescriptor> getRoleDescriptors(String entityID, QName role, String protocol)
throws SecurityException {
try {
if (log.isDebugEnabled()) {
log.debug("Retrieving metadata for entity '{}' in role '{}' for protocol '{}'",
new Object[] {entityID, role, protocol});
}
if (DatatypeHelper.isEmpty(protocol)) {
return metadata.getRole(entityID, role);
} else {
RoleDescriptor roleDescriptor = metadata.getRole(entityID, role, protocol);
if (roleDescriptor == null) {
return null;
}
List<RoleDescriptor> roles = new ArrayList<RoleDescriptor>();
roles.add(roleDescriptor);
return roles;
}
} catch (MetadataProviderException e) {
log.error("Unable to read metadata from provider", e);
throw new SecurityException("Unable to read metadata provider", e);
}
}
示例2: processSecurityPolicy
import org.opensaml.xml.security.SecurityException; //导入依赖的package包/类
/**
* Process any {@link SecurityPolicy}s which can be resolved for the message context.
*
* @param messageContext the message context to process
* @throws SecurityException thrown if the decoded message does not meet the required security constraints
*/
protected void processSecurityPolicy(MessageContext messageContext) throws SecurityException {
SecurityPolicyResolver policyResolver = messageContext.getSecurityPolicyResolver();
if (policyResolver != null) {
Iterable<SecurityPolicy> securityPolicies = policyResolver.resolve(messageContext);
if (securityPolicies != null) {
for (SecurityPolicy policy : securityPolicies) {
if (policy != null) {
log.debug("Evaluating security policy of type '{}' for decoded message", policy.getClass()
.getName());
policy.evaluate(messageContext);
}
}
} else {
log.debug("No security policy resolved for this message context, no security policy evaluation attempted");
}
} else {
log.debug("No security policy resolver attached to this message context, no security policy evaluation attempted");
}
}
示例3: send
import org.opensaml.xml.security.SecurityException; //导入依赖的package包/类
/** {@inheritDoc} */
public void send(String endpoint, SOAPMessageContext messageContext) throws SOAPException, SecurityException {
PostMethod post = null;
try {
post = createPostMethod(endpoint, (HttpSOAPRequestParameters) messageContext.getSOAPRequestParameters(),
(Envelope) messageContext.getOutboundMessage());
int result = httpClient.executeMethod(post);
log.debug("Received HTTP status code of {} when POSTing SOAP message to {}", result, endpoint);
if (result == HttpStatus.SC_OK) {
processSuccessfulResponse(post, messageContext);
} else if (result == HttpStatus.SC_INTERNAL_SERVER_ERROR) {
processFaultResponse(post, messageContext);
} else {
throw new SOAPClientException("Received " + result + " HTTP response status code from HTTP request to "
+ endpoint);
}
} catch (IOException e) {
throw new SOAPClientException("Unable to send request to " + endpoint, e);
} finally {
if (post != null) {
post.releaseConnection();
}
}
}
示例4: processEntityCertificate
import org.opensaml.xml.security.SecurityException; //导入依赖的package包/类
/** Process the value of {@link X509Credential#getEntityCertificate()}.
*
* @param keyInfo the KeyInfo that is being built
* @param x509Data the X509Data that is being built
* @param credential the Credential that is being processed
* @throws SecurityException thrown if the certificate data can not be encoded from the Java certificate object
*/
protected void processEntityCertificate(KeyInfo keyInfo, X509Data x509Data, X509Credential credential)
throws SecurityException {
if (credential.getEntityCertificate() == null) {
return;
}
java.security.cert.X509Certificate javaCert = credential.getEntityCertificate();
processCertX509DataOptions(x509Data, javaCert);
processCertKeyNameOptions(keyInfo, javaCert);
// The cert chain includes the entity cert, so don't add a duplicate
if (options.emitEntityCertificate && ! options.emitEntityCertificateChain) {
try {
X509Certificate xmlCert = KeyInfoHelper.buildX509Certificate(javaCert);
x509Data.getX509Certificates().add(xmlCert);
} catch (CertificateEncodingException e) {
throw new SecurityException("Error generating X509Certificate element "
+ "from credential's end-entity certificate", e);
}
}
}
示例5: processEntityCertificateChain
import org.opensaml.xml.security.SecurityException; //导入依赖的package包/类
/** Process the value of {@link X509Credential#getEntityCertificateChain()}.
*
* @param keyInfo the KeyInfo that is being built
* @param x509Data the X509Data that is being built
* @param credential the Credential that is being processed
* @throws SecurityException thrown if the certificate data can not be encoded from the Java certificate object
*/
protected void processEntityCertificateChain(KeyInfo keyInfo, X509Data x509Data, X509Credential credential)
throws SecurityException {
if (options.emitEntityCertificateChain && credential.getEntityCertificateChain() != null) {
for (java.security.cert.X509Certificate javaCert : credential.getEntityCertificateChain()) {
try {
X509Certificate xmlCert = KeyInfoHelper.buildX509Certificate(javaCert);
x509Data.getX509Certificates().add(xmlCert);
} catch (CertificateEncodingException e) {
throw new SecurityException("Error generating X509Certificate element "
+ "from a certificate in credential's certificate chain", e);
}
}
}
}
示例6: processCRLs
import org.opensaml.xml.security.SecurityException; //导入依赖的package包/类
/** Process the value of {@link X509Credential#getCRLs()}.
*
* @param keyInfo the KeyInfo that is being built
* @param x509Data the X509Data that is being built
* @param credential the Credential that is being processed
* @throws SecurityException thrown if the CRL data can not be encoded from the Java certificate object
*/
protected void processCRLs(KeyInfo keyInfo, X509Data x509Data, X509Credential credential)
throws SecurityException {
if (options.emitCRLs && credential.getCRLs() != null) {
for (java.security.cert.X509CRL javaCRL : credential.getCRLs()) {
try {
X509CRL xmlCRL = KeyInfoHelper.buildX509CRL(javaCRL);
x509Data.getX509CRLs().add(xmlCRL);
} catch (CRLException e) {
throw new SecurityException("Error generating X509CRL element "
+ "from a CRL in credential's CRL list", e);
}
}
}
}
示例7: validate
import org.opensaml.xml.security.SecurityException; //导入依赖的package包/类
/** {@inheritDoc} */
public boolean validate(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria)
throws SecurityException {
log.debug("Attempting PKIX validation of untrusted credential");
if (untrustedCredential == null) {
log.error("X.509 credential was null, unable to perform validation");
return false;
}
if (untrustedCredential.getEntityCertificate() == null) {
log.error("Untrusted X.509 credential's entity certificate was null, unable to perform validation");
return false;
}
Set<String> trustedNames = null;
if (pkixResolver.supportsTrustedNameResolution()) {
trustedNames = pkixResolver.resolveTrustedNames(trustBasisCriteria);
} else {
log.debug("PKIX resolver does not support resolution of trusted names, skipping name checking");
}
return validate(untrustedCredential, trustedNames, pkixResolver.resolve(trustBasisCriteria));
}
示例8: evaluate
import org.opensaml.xml.security.SecurityException; //导入依赖的package包/类
/**
* {@inheritDoc}
*
* <p>
* If the set of trusted names is null or empty, or if no supported name types are configured to be
* checked, then the evaluation is considered successful.
* </p>
*
*/
@SuppressWarnings("unchecked")
public boolean evaluate(X509Credential credential, Set<String> trustedNames) throws SecurityException {
if (!isNameCheckingActive()) {
log.debug("No trusted name options are active, skipping name evaluation");
return true;
} else if (trustedNames == null || trustedNames.isEmpty()) {
log.debug("Supplied trusted names are null or empty, skipping name evaluation");
return true;
}
if (log.isDebugEnabled()) {
log.debug("Checking trusted names against credential: {}",
X509Util.getIdentifiersToken(credential, x500DNHandler));
log.debug("Trusted names being evaluated are: {}",
trustedNames.toString());
}
return processNameChecks(credential, trustedNames);
}
示例9: processKeyInfoChild
import org.opensaml.xml.security.SecurityException; //导入依赖的package包/类
/**
* Process the given KeyInfo child with the registered providers.
*
* The child element is processed by each provider in the ordered list of providers. The credential or credentials
* resolved by the first provider to successfully do so are returned and processing of the child element is
* terminated.
*
* @param kiContext KeyInfo resolution context
* @param criteriaSet the credential criteria used to resolve credentials
* @param keyInfoChild the KeyInfo to evaluate
* @return the collection of resolved credentials, or null
* @throws SecurityException thrown if there is a provider error processing the KeyInfo child
*/
protected Collection<Credential> processKeyInfoChild(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet,
XMLObject keyInfoChild) throws SecurityException {
for (KeyInfoProvider provider : getProviders()) {
if (!provider.handles(keyInfoChild)) {
log.debug("Provider {} doesn't handle objects of type {}, skipping", provider.getClass().getName(),
keyInfoChild.getElementQName());
continue;
}
log.debug("Processing KeyInfo child {} with provider {}", keyInfoChild.getElementQName(), provider
.getClass().getName());
Collection<Credential> creds = provider.process(this, keyInfoChild, criteriaSet, kiContext);
if (creds != null && !creds.isEmpty()) {
log.debug("Credentials successfully extracted from child {} by provider {}", keyInfoChild
.getElementQName(), provider.getClass().getName());
return creds;
}
}
return null;
}
示例10: initResolutionContext
import org.opensaml.xml.security.SecurityException; //导入依赖的package包/类
/**
* Initialize the resolution context that will be used by the providers.
*
* The supplied KeyInfo object is stored in the context, as well as the values of any {@link KeyName} children
* present. Finally if a credential is resolveble by any registered provider from a plain {@link KeyValue} child,
* the key from that credential is also stored in the context.
*
* @param kiContext KeyInfo resolution context
* @param keyInfo the KeyInfo to evaluate
* @param criteriaSet the credential criteria used to resolve credentials
* @throws SecurityException thrown if there is an error processing the KeyValue children
*/
protected void initResolutionContext(KeyInfoResolutionContext kiContext, KeyInfo keyInfo, CriteriaSet criteriaSet)
throws SecurityException {
kiContext.setKeyInfo(keyInfo);
// Extract all KeyNames
kiContext.getKeyNames().addAll(KeyInfoHelper.getKeyNames(keyInfo));
log.debug("Found {} key names: {}", kiContext.getKeyNames().size(), kiContext.getKeyNames());
// Extract the Credential based on the (singular) key from an existing KeyValue(s).
resolveKeyValue(kiContext, criteriaSet, keyInfo.getKeyValues());
// Extract the Credential based on the (singular) key from an existing DEREncodedKeyValue(s).
resolveKeyValue(kiContext, criteriaSet, keyInfo.getXMLObjects(DEREncodedKeyValue.DEFAULT_ELEMENT_NAME));
}
示例11: resolveKeyValue
import org.opensaml.xml.security.SecurityException; //导入依赖的package包/类
/**
* Resolve the key from any KeyValue or DEREncodedKeyValue element that may be present, and store the resulting
* key in the resolution context.
*
* Each element is processed in turn in document order. Each element will be processed by each provider in
* the ordered list of registered providers. The key from the first credential successfully resolved
* will be stored in the resolution context.
*
* Note: This resolver implementation assumes that KeyInfo will not be abused via-a-vis the Signature
* specificiation, and that therefore all elements (if there are even more than one) will all resolve to the
* same key value. The KeyInfo might, for example have multiple KeyValue children, containing different
* representations of the same key. Therefore, only the first credential derived will be be utilized.
*
* @param kiContext KeyInfo resolution context
* @param criteriaSet the credential criteria used to resolve credentials
* @param keyValues the KeyValue or DEREncodedKeyValue children to evaluate
* @throws SecurityException thrown if there is an error resolving the key from the KeyValue
*/
protected void resolveKeyValue(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet,
List<? extends XMLObject> keyValues) throws SecurityException {
for (XMLObject keyValue : keyValues) {
if (!(keyValue instanceof KeyValue) && !(keyValue instanceof DEREncodedKeyValue)) {
continue;
}
Collection<Credential> creds = processKeyInfoChild(kiContext, criteriaSet, keyValue);
if (creds != null) {
for (Credential cred : creds) {
Key key = extractKeyValue(cred);
if (key != null) {
kiContext.setKey(key);
log.debug("Found a credential based on a KeyValue/DEREncodedKeyValue having key type: {}",
key.getAlgorithm());
return;
}
}
}
}
}
示例12: findCertFromDigest
import org.opensaml.xml.security.SecurityException; //导入依赖的package包/类
/**
* Find the certificate from the chain that matches one of the specified digests.
*
* @param certs list of certificates to evaluate
* @param digests X509 digests to use as search criteria
* @return the matching certificate, or null
*/
protected X509Certificate findCertFromDigest(List<X509Certificate> certs, List<XMLObject> digests) {
byte[] certValue;
byte[] xmlValue;
for (XMLObject xo : digests) {
if (!(xo instanceof X509Digest)) {
continue;
}
X509Digest digest = (X509Digest) xo;
if (!DatatypeHelper.isEmpty(digest.getValue())) {
xmlValue = Base64.decode(digest.getValue());
for (X509Certificate cert : certs) {
try {
certValue = X509Util.getX509Digest(cert, digest.getAlgorithm());
if (certValue != null && Arrays.equals(xmlValue, certValue)) {
return cert;
}
} catch (SecurityException e) {
// Ignore as no match.
}
}
}
}
return null;
}
示例13: postProcess
import org.opensaml.xml.security.SecurityException; //导入依赖的package包/类
/** {@inheritDoc} */
protected void postProcess(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet,
List<Credential> credentials) throws SecurityException {
ArrayList<Credential> localCreds = new ArrayList<Credential>();
for (Credential cred : credentials) {
if (isLocalCredential(cred)) {
localCreds.add(cred);
} else if (cred.getPublicKey() != null) {
localCreds.addAll(resolveByPublicKey(cred.getPublicKey()));
}
}
// Also resolve local creds based on any key names that are known
for (String keyName : kiContext.getKeyNames()) {
localCreds.addAll(resolveByKeyName(keyName));
}
credentials.clear();
credentials.addAll(localCreds);
}
示例14: getNextCredentialIterator
import org.opensaml.xml.security.SecurityException; //导入依赖的package包/类
/**
* Get the iterator from the next resolver in the chain.
*
* @return an iterator of credentials
*/
private Iterator<Credential> getNextCredentialIterator() {
while (resolverIterator.hasNext()) {
currentResolver = resolverIterator.next();
log.debug("Getting credential iterator from next resolver in chain: {}", currentResolver.getClass().toString());
try {
return currentResolver.resolve(critSet).iterator();
} catch (SecurityException e) {
log.error(String.format("Error resolving credentials from chaining resolver member '%s'",
currentResolver.getClass().getName()), e);
if (resolverIterator.hasNext()) {
log.error("Will attempt to resolve credentials from next member of resolver chain");
}
}
}
log.debug("No more credential resolvers available in the resolver chain");
currentResolver = null;
return null;
}
示例15: buildCredential
import org.opensaml.xml.security.SecurityException; //导入依赖的package包/类
/**
* Build a credential instance from the key store entry.
*
* @param keyStoreEntry the key store entry to process
* @param entityID the entityID to include in the credential
* @param usage the usage type to include in the credential
* @return the new credential instance, appropriate to the type of key store entry being processed
* @throws SecurityException throw if there is a problem building a credential from the key store entry
*/
protected Credential buildCredential(KeyStore.Entry keyStoreEntry, String entityID, UsageType usage)
throws SecurityException {
log.debug("Building credential from keystore entry for entityID {}, usage type {}", entityID, usage);
Credential credential = null;
if (keyStoreEntry instanceof KeyStore.PrivateKeyEntry) {
credential = processPrivateKeyEntry((KeyStore.PrivateKeyEntry) keyStoreEntry, entityID, keystoreUsage);
} else if (keyStoreEntry instanceof KeyStore.TrustedCertificateEntry) {
credential = processTrustedCertificateEntry((KeyStore.TrustedCertificateEntry) keyStoreEntry, entityID,
keystoreUsage);
} else if (keyStoreEntry instanceof KeyStore.SecretKeyEntry) {
credential = processSecretKeyEntry((KeyStore.SecretKeyEntry) keyStoreEntry, entityID, keystoreUsage);
} else {
throw new SecurityException("KeyStore entry was of an unsupported type: "
+ keyStoreEntry.getClass().getName());
}
return credential;
}