本文整理汇总了Java中org.opensaml.xml.security.SecurityHelper类的典型用法代码示例。如果您正苦于以下问题:Java SecurityHelper类的具体用法?Java SecurityHelper怎么用?Java SecurityHelper使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
SecurityHelper类属于org.opensaml.xml.security包,在下文中一共展示了SecurityHelper类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: signObject
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* Signs a single XMLObject.
*
* @param signature the signature to computer the signature on
* @throws SignatureException thrown if there is an error computing the signature
*/
public static void signObject(Signature signature) throws SignatureException {
Logger log = getLogger();
try {
XMLSignature xmlSignature = ((SignatureImpl) signature).getXMLSignature();
if (xmlSignature == null) {
log.error("Unable to compute signature, Signature XMLObject does not have the XMLSignature "
+ "created during marshalling.");
throw new SignatureException("XMLObject does not have an XMLSignature instance, unable to compute signature");
}
log.debug("Computing signature over XMLSignature object");
xmlSignature.sign(SecurityHelper.extractSigningKey(signature.getSigningCredential()));
} catch (XMLSecurityException e) {
log.error("An error occured computing the digital signature", e);
throw new SignatureException("Signature computation error", e);
}
}
示例2: checkParams
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* Check key encryption parameters for consistency and required values.
*
* @param kekParams the key encryption parameters to check
* @param allowEmpty if false, a null parameter is treated as an error
*
* @throws EncryptionException thrown if any parameters are missing or have invalid values
*/
protected void checkParams(KeyEncryptionParameters kekParams, boolean allowEmpty) throws EncryptionException {
if (kekParams == null) {
if (allowEmpty) {
return;
} else {
log.error("Key encryption parameters are required");
throw new EncryptionException("Key encryption parameters are required");
}
}
Key key = SecurityHelper.extractEncryptionKey(kekParams.getEncryptionCredential());
if (key == null) {
log.error("Key encryption credential and contained key are required");
throw new EncryptionException("Key encryption credential and contained key are required");
} else if (key instanceof DSAPublicKey) {
log.error("Attempt made to use DSA key for encrypted key transport");
throw new EncryptionException("DSA keys may not be used for encrypted key transport");
} else if (key instanceof ECPublicKey) {
log.error("Attempt made to use EC key for encrypted key transport");
throw new EncryptionException("EC keys may not be used for encrypted key transport");
} else if (DatatypeHelper.isEmpty(kekParams.getAlgorithm())) {
log.error("Key encryption algorithm URI is required");
throw new EncryptionException("Key encryption algorithm URI is required");
}
}
示例3: validateSignature
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* @param queryString
* @param issuer
* @param alias
* @param domainName
* @return
* @throws SecurityException
* @throws IdentitySAML2SSOException
*/
@Override
public boolean validateSignature(String queryString, String issuer, String alias,
String domainName) throws SecurityException,
IdentitySAML2SSOException {
byte[] signature = getSignature(queryString);
byte[] signedContent = getSignedContent(queryString);
String algorithmUri = getSigAlg(queryString);
CriteriaSet criteriaSet = buildCriteriaSet(issuer);
// creating the SAML2HTTPRedirectDeflateSignatureRule
X509CredentialImpl credential =
SAMLSSOUtil.getX509CredentialImplForTenant(domainName,
alias);
List<Credential> credentials = new ArrayList<Credential>();
credentials.add(credential);
CollectionCredentialResolver credResolver = new CollectionCredentialResolver(credentials);
KeyInfoCredentialResolver kiResolver = SecurityHelper.buildBasicInlineKeyInfoResolver();
SignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver);
return engine.validate(signature, signedContent, algorithmUri, criteriaSet, null);
}
示例4: doEncryptedAssertion
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
@Override
public EncryptedAssertion doEncryptedAssertion(Assertion assertion, X509Credential cred, String alias, String encryptionAlgorithm) throws IdentityException {
try {
Credential symmetricCredential = SecurityHelper.getSimpleCredential(
SecurityHelper.generateSymmetricKey(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256));
EncryptionParameters encParams = new EncryptionParameters();
encParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256);
encParams.setEncryptionCredential(symmetricCredential);
KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
keyEncryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
keyEncryptionParameters.setEncryptionCredential(cred);
Encrypter encrypter = new Encrypter(encParams, keyEncryptionParameters);
encrypter.setKeyPlacement(Encrypter.KeyPlacement.INLINE);
EncryptedAssertion encrypted = encrypter.encrypt(assertion);
return encrypted;
} catch (Exception e) {
throw IdentityException.error("Error while Encrypting Assertion", e);
}
}
示例5: getSigningCredential
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* Gets the signing credential from the keystore.
*
* @param keystore keystore to fetch the key from
* @param alias the key alias
* @param keyPass password for the key
*
* @return the signing credential or null
*/
private static Credential getSigningCredential(KeyStore keystore, String alias, String keyPass) {
alias = DatatypeHelper.safeTrimOrNullString(alias);
if (alias == null) {
log.error("Key alias may not be null or empty");
System.exit(1);
}
keyPass = DatatypeHelper.safeTrimOrNullString(keyPass);
if (keyPass == null) {
log.error("Private key password may not be null or empty");
System.exit(1);
}
KeyStore.PasswordProtection keyPassParam = new KeyStore.PasswordProtection(keyPass.toCharArray());
try {
KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry) keystore.getEntry(alias, keyPassParam);
return SecurityHelper.getSimpleCredential(pkEntry.getCertificate().getPublicKey(), pkEntry.getPrivateKey());
} catch (Exception e) {
log.error("Unable to retrieve private key " + alias, e);
}
return null;
}
示例6: getVerificationCredential
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* Gets a simple credential containing the public key associated with the named certificate.
*
* @param keystore the keystore from which to get the key
* @param alias the name of the certificate from which to get the key
*
* @return a simple credential containing the public key or null
*/
private static Credential getVerificationCredential(KeyStore keystore, String alias) {
alias = DatatypeHelper.safeTrimOrNullString(alias);
if (alias == null) {
log.error("Key alias may not be null or empty");
System.exit(1);
}
try {
Certificate cert = keystore.getCertificate(alias);
return SecurityHelper.getSimpleCredential(cert.getPublicKey(), null);
} catch (Exception e) {
log.error("Unable to retrieve certificate " + alias, e);
System.exit(1);
}
return null;
}
示例7: testEntityDescriptor
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
public void testEntityDescriptor() throws UnmarshallingException, CertificateException, XMLParserException {
X509Certificate cert = SecurityTestHelper.buildJavaX509Cert(openIDCertBase64);
X509Credential cred = SecurityHelper.getSimpleCredential(cert, null);
StaticCredentialResolver credResolver = new StaticCredentialResolver(cred);
SignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credResolver,
Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
Document mdDoc = parser.parse(SignatureValidationFilterTest.class.getResourceAsStream(openIDFileValid));
XMLObject xmlObject =
unmarshallerFactory.getUnmarshaller(mdDoc.getDocumentElement()).unmarshall(mdDoc.getDocumentElement());
assertTrue(xmlObject instanceof EntityDescriptor);
EntityDescriptor ed = (EntityDescriptor) xmlObject;
assertTrue(ed.isSigned());
assertNotNull("Signature was null", ed.getSignature());
SignatureValidationFilter filter = new SignatureValidationFilter(trustEngine);
try {
filter.doFilter(ed);
} catch (FilterException e) {
fail("Filter failed validation, should have succeeded: " + e.getMessage());
}
}
示例8: testEntityDescriptorInvalid
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
public void testEntityDescriptorInvalid() throws UnmarshallingException, CertificateException, XMLParserException {
X509Certificate cert = SecurityTestHelper.buildJavaX509Cert(openIDCertBase64);
X509Credential cred = SecurityHelper.getSimpleCredential(cert, null);
StaticCredentialResolver credResolver = new StaticCredentialResolver(cred);
SignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credResolver,
Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
Document mdDoc = parser.parse(SignatureValidationFilterTest.class.getResourceAsStream(openIDFileInvalid));
XMLObject xmlObject =
unmarshallerFactory.getUnmarshaller(mdDoc.getDocumentElement()).unmarshall(mdDoc.getDocumentElement());
assertTrue(xmlObject instanceof EntityDescriptor);
EntityDescriptor ed = (EntityDescriptor) xmlObject;
assertTrue(ed.isSigned());
assertNotNull("Signature was null", ed.getSignature());
SignatureValidationFilter filter = new SignatureValidationFilter(trustEngine);
try {
filter.doFilter(xmlObject);
fail("Filter passed validation, should have failed");
} catch (FilterException e) {
// do nothing, should fail
}
}
示例9: setUp
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/** {@inheritDoc} */
protected void setUp() throws Exception {
super.setUp();
KeyPair keyPair = SecurityTestHelper.generateKeyPair("RSA", 1024, null);
goodCredential = SecurityHelper.getSimpleCredential(keyPair.getPublic(), keyPair.getPrivate());
keyPair = SecurityTestHelper.generateKeyPair("RSA", 1024, null);
badCredential = SecurityHelper.getSimpleCredential(keyPair.getPublic(), null);
assertionBuilder = (AssertionBuilder) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
issuerBuilder = (IssuerBuilder) builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
authnStatementBuilder = (AuthnStatementBuilder) builderFactory.getBuilder(AuthnStatement.DEFAULT_ELEMENT_NAME);
signatureBuilder = (SignatureBuilder) builderFactory.getBuilder(Signature.DEFAULT_ELEMENT_NAME);
idGenerator = new SecureRandomIdentifierGenerator();
}
示例10: getSigningCredential
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* Read signing key
*
* @return
* @throws IOException
* @throws KeyStoreException
* @throws NoSuchAlgorithmException
* @throws CertificateException
* @throws UnrecoverableKeyException
* @throws MissingPropertyException
*/
private Credential getSigningCredential(Properties _cfg) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, MissingPropertyException {
if (this._signingCredential == null) { // check configuration
checkPropertySet(_cfg,CFG_KEYSTORE_PATH);
checkPropertySet(_cfg,CFG_KEYSTORE_PASSWORD);
checkPropertySet(_cfg,CFG_KEYSTORE_ALIAS);
// load keystore
KeyStore ks = KeyStore.getInstance(getCfg(_cfg, CFG_KEYSTORE_TYPE, "JKS"));
ks.load(getClass().getResourceAsStream(getCfg(_cfg,CFG_KEYSTORE_PATH)), getCfg(_cfg,CFG_KEYSTORE_PASSWORD).toCharArray());
// load key data
PrivateKey pk = (PrivateKey) ks.getKey(getCfg(_cfg,CFG_KEYSTORE_ALIAS), getCfg(_cfg,CFG_KEYSTORE_PASSWORD).toCharArray());
X509Certificate pubKey = (X509Certificate) ks.getCertificate("sts");
OAuthTracer.trace(OAuthTracer.TEXT_TYPE, "Signing key", pubKey.getSubjectDN().getName());
// create credential object
Credential cred = SecurityHelper.getSimpleCredential(pubKey.getPublicKey(), pk);
this._signingCredential = cred;
}
return this._signingCredential;
}
示例11: buildSignature
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* Build a SAML2 signature with signing credentials.
*
* @return the SAML2 signature.
*/
protected Signature buildSignature(final boolean withoutKeyInfo) {
Signature signature = this.signatureBuilder.buildObject();
try {
SecurityHelper.prepareSignatureParams(signature, this.spSigningCredential,
Configuration.getGlobalSecurityConfiguration(), null);
signature.setSigningCredential(this.spSigningCredential);
// FIX MBD: Remove key info which is optional to save request length
if (withoutKeyInfo) {
signature.setKeyInfo(null);
}
} catch (final SecurityException e) {
this.logger.error("Error while building signature !", e);
signature = null;
}
return signature;
}
示例12: getDigitalSignature
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
public Signature getDigitalSignature(KeyStore.PrivateKeyEntry keystoreEntry) {
Signature signature = (Signature) Configuration.getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME)
.buildObject(Signature.DEFAULT_ELEMENT_NAME);
Credential signingCredential = initializeCredentialsFromKeystore(keystoreEntry);
signature.setSigningCredential(signingCredential);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
SecurityConfiguration secConfig = Configuration.getGlobalSecurityConfiguration();
try {
SecurityHelper.prepareSignatureParams(signature, signingCredential, secConfig, null);
} catch (org.opensaml.xml.security.SecurityException ex) {
LOG.error("Error composing artifact resolution request: Failed to generate digital signature");
throw new IllegalArgumentException("Couldn't compose artifact resolution request", ex);
}
return signature;
}
示例13: determineEntityCertificate
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* Determines the certificate, from the collection, associated with the private key.
*
* @param certs certificates to check
* @param privateKey entity's private key
*
* @return the certificate associated with entity's private key or null if not certificate in the collection is
* associated with the given private key
*
* @throws SecurityException thrown if the public or private keys checked are of an unsupported type
*
* @since 1.2
*/
public static X509Certificate determineEntityCertificate(Collection<X509Certificate> certs, PrivateKey privateKey)
throws SecurityException {
if (certs == null || privateKey == null) {
return null;
}
for (X509Certificate certificate : certs) {
try {
if (SecurityHelper.matchKeyPair(certificate.getPublicKey(), privateKey)) {
return certificate;
}
} catch (SecurityException e) {
// An exception here is just a false match.
// Java 7 apparently throws in this case.
}
}
return null;
}
示例14: buildBasicCredential
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* Construct a basic credential containing the specified key and set of key names.
*
* @param key the key to include in the credential
* @param keyNames the key names to include in the credential
* @return a basic credential with the specified key and key names
* @throws SecurityException if there is an error building the credential
*/
protected Credential buildBasicCredential(Key key, Set<String> keyNames) throws SecurityException {
if (key == null) {
log.debug("Key supplied was null, could not build credential");
return null;
}
BasicCredential basicCred = new BasicCredential();
basicCred.getKeyNames().addAll(keyNames);
if (key instanceof PublicKey) {
basicCred.setPublicKey((PublicKey) key);
} else if (key instanceof SecretKey) {
basicCred.setSecretKey((SecretKey) key);
} else if (key instanceof PrivateKey) {
// This would be unusual for most KeyInfo use cases,
// but go ahead and try and handle it
PrivateKey privateKey = (PrivateKey) key;
try {
PublicKey publicKey = SecurityHelper.derivePublicKey(privateKey);
if (publicKey != null) {
basicCred.setPublicKey(publicKey);
basicCred.setPrivateKey(privateKey);
} else {
log.error("Failed to derive public key from private key");
return null;
}
} catch (KeyException e) {
log.error("Could not derive public key from private key", e);
return null;
}
} else {
log.error(String.format("Key was of an unsupported type '%s'", key.getClass().getName()));
return null;
}
return basicCred;
}
示例15: buildX509Digest
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* Build an {@link X509Digest} containing the digest of the specified certificate.
*
* @param javaCert the Java X509Certificate to digest
* @param algorithmURI digest algorithm URI
* @return a new X509Digest object
* @throws NoSuchAlgorithmException if the algorithm specified cannot be used
* @throws CertificateEncodingException if the certificate cannot be encoded
*/
public static X509Digest buildX509Digest(X509Certificate javaCert, String algorithmURI)
throws NoSuchAlgorithmException, CertificateEncodingException {
String jceAlg = SecurityHelper.getAlgorithmIDFromURI(algorithmURI);
if (jceAlg == null) {
throw new NoSuchAlgorithmException("No JCE algorithm found for " + algorithmURI);
}
MessageDigest md = MessageDigest.getInstance(jceAlg);
byte[] hash = md.digest(javaCert.getEncoded());
X509Digest xmlDigest = (X509Digest) Configuration.getBuilderFactory()
.getBuilder(X509Digest.DEFAULT_ELEMENT_NAME)
.buildObject(X509Digest.DEFAULT_ELEMENT_NAME);
xmlDigest.setAlgorithm(algorithmURI);
xmlDigest.setValue(Base64.encodeBytes(hash));
return xmlDigest;
}