本文整理汇总了Java中org.opensaml.xml.security.credential.Credential类的典型用法代码示例。如果您正苦于以下问题:Java Credential类的具体用法?Java Credential怎么用?Java Credential使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
Credential类属于org.opensaml.xml.security.credential包,在下文中一共展示了Credential类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: getSignatureAlgorithmURI
import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
* Gets the signature algorithm URI to use with the given signing credential.
*
* @param credential the credential that will be used to sign the message
* @param config the SecurityConfiguration to use (may be null)
*
* @return signature algorithm to use with the given signing credential
*
* @throws MessageEncodingException thrown if the algorithm URI could not be derived from the supplied credential
*/
protected String getSignatureAlgorithmURI(Credential credential, SecurityConfiguration config)
throws MessageEncodingException {
SecurityConfiguration secConfig;
if (config != null) {
secConfig = config;
} else {
secConfig = Configuration.getGlobalSecurityConfiguration();
}
String signAlgo = secConfig.getSignatureAlgorithmURI(credential);
if (signAlgo == null) {
throw new MessageEncodingException("The signing credential's algorithm URI could not be derived");
}
return signAlgo;
}
示例2: getKeyInfoGenerator
import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
* Obtains a {@link KeyInfoGenerator} for the specified {@link Credential}.
*
* <p>
* The KeyInfoGenerator returned is based on the {@link NamedKeyInfoGeneratorManager} defined by the specified
* security configuration via {@link SecurityConfiguration#getKeyInfoGeneratorManager()}, and is determined by the
* type of the signing credential and an optional KeyInfo generator manager name. If the latter is ommited, the
* default manager ({@link NamedKeyInfoGeneratorManager#getDefaultManager()}) of the security configuration's
* named generator manager will be used.
* </p>
*
* <p>
* The generator is determined by the specified {@link SecurityConfiguration}. If a security configuration is not
* supplied, the global security configuration ({@link Configuration#getGlobalSecurityConfiguration()}) will be
* used.
* </p>
*
* @param credential the credential for which a generator is desired
* @param config the SecurityConfiguration to use (may be null)
* @param keyInfoGenName the named KeyInfoGeneratorManager configuration to use (may be null)
* @return a KeyInfoGenerator appropriate for the specified credential
*/
public static KeyInfoGenerator getKeyInfoGenerator(Credential credential, SecurityConfiguration config,
String keyInfoGenName) {
SecurityConfiguration secConfig;
if (config != null) {
secConfig = config;
} else {
secConfig = Configuration.getGlobalSecurityConfiguration();
}
NamedKeyInfoGeneratorManager kiMgr = secConfig.getKeyInfoGeneratorManager();
if (kiMgr != null) {
KeyInfoGeneratorFactory kiFactory = null;
if (DatatypeHelper.isEmpty(keyInfoGenName)) {
kiFactory = kiMgr.getDefaultManager().getFactory(credential);
} else {
kiFactory = kiMgr.getFactory(keyInfoGenName, credential);
}
if (kiFactory != null) {
return kiFactory.newInstance();
}
}
return null;
}
示例3: validate
import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
* Evaluate trust.
*
* @param untrustedCredential the untrusted X509Credential to evaluate
* @param trustedCredentials basis for trust
* @return true if trust can be established, false otherwise
*/
public boolean validate(X509Credential untrustedCredential, Iterable<Credential> trustedCredentials) {
for (Credential trustedCredential : trustedCredentials) {
if (!(trustedCredential instanceof X509Credential)) {
log.debug("Skipping evaluation against trusted, non-X509Credential");
continue;
}
X509Credential trustedX509Credential = (X509Credential) trustedCredential;
if (validate(untrustedCredential, trustedX509Credential)) {
return true;
}
}
return false;
}
示例4: sign
import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
* Compute the signature or MAC value over the supplied input.
*
* It is up to the caller to ensure that the specified algorithm ID and isMAC flag are consistent with the type of
* signing key supplied in the signing credential.
*
* @param signingCredential the credential containing the signing key
* @param jcaAlgorithmID the Java JCA algorithm ID to use
* @param isMAC flag indicating whether the operation to be performed is a signature or MAC computation
* @param input the input over which to compute the signature
* @return the computed signature or MAC value
* @throws SecurityException throw if the computation process results in an error
*/
public static byte[] sign(Credential signingCredential, String jcaAlgorithmID, boolean isMAC, byte[] input)
throws SecurityException {
Logger log = getLogger();
Key signingKey = SecurityHelper.extractSigningKey(signingCredential);
if (signingKey == null) {
log.error("No signing key supplied in signing credential for signature computation");
throw new SecurityException("No signing key supplied in signing credential");
}
if (isMAC) {
return signMAC(signingKey, jcaAlgorithmID, input);
} else if (signingKey instanceof PrivateKey) {
return sign((PrivateKey) signingKey, jcaAlgorithmID, input);
} else {
log.error("No PrivateKey present in signing credential for signature computation");
throw new SecurityException("No PrivateKey supplied for signing");
}
}
示例5: verify
import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
* Verify the signature value computed over the supplied input against the supplied signature value.
*
* It is up to the caller to ensure that the specified algorithm ID and isMAC flag are consistent with the type of
* verification credential supplied.
*
* @param verificationCredential the credential containing the verification key
* @param jcaAlgorithmID the Java JCA algorithm ID to use
* @param isMAC flag indicating whether the operation to be performed is a signature or MAC computation
* @param signature the computed signature value received from the signer
* @param input the input over which the signature is computed and verified
* @return true if the signature value computed over the input using the supplied key and algorithm ID is identical
* to the supplied signature value
* @throws SecurityException thrown if the signature computation or verification process results in an error
*/
public static boolean verify(Credential verificationCredential, String jcaAlgorithmID, boolean isMAC,
byte[] signature, byte[] input) throws SecurityException {
Logger log = getLogger();
Key verificationKey = SecurityHelper.extractVerificationKey(verificationCredential);
if (verificationKey == null) {
log.error("No verification key supplied in verification credential for signature verification");
throw new SecurityException("No verification key supplied in verification credential");
}
if (isMAC) {
return verifyMAC(verificationKey, jcaAlgorithmID, signature, input);
} else if (verificationKey instanceof PublicKey) {
return verify((PublicKey) verificationKey, jcaAlgorithmID, signature, input);
} else {
log.error("No PublicKey present in verification credential for signature verification");
throw new SecurityException("No PublicKey supplied for signature verification");
}
}
示例6: retrieveFromCache
import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
* Retrieves pre-resolved credentials from the cache.
*
* @param cacheKey the key to the metadata cache
*
* @return the collection of cached credentials or null
*/
protected Collection<Credential> retrieveFromCache(MetadataCacheKey cacheKey) {
log.debug("Attempting to retrieve credentials from cache using index: {}", cacheKey);
Lock readLock = getReadWriteLock().readLock();
readLock.lock();
log.trace("Read lock over cache acquired");
try {
if (cache.containsKey(cacheKey)) {
SoftReference<Collection<Credential>> reference = cache.get(cacheKey);
if (reference.get() != null) {
log.debug("Retrieved credentials from cache using index: {}", cacheKey);
return reference.get();
}
}
} finally {
readLock.unlock();
log.trace("Read lock over cache released");
}
log.debug("Unable to retrieve credentials from cache using index: {}", cacheKey);
return null;
}
示例7: processKeyInfoChild
import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
* Process the given KeyInfo child with the registered providers.
*
* The child element is processed by each provider in the ordered list of providers. The credential or credentials
* resolved by the first provider to successfully do so are returned and processing of the child element is
* terminated.
*
* @param kiContext KeyInfo resolution context
* @param criteriaSet the credential criteria used to resolve credentials
* @param keyInfoChild the KeyInfo to evaluate
* @return the collection of resolved credentials, or null
* @throws SecurityException thrown if there is a provider error processing the KeyInfo child
*/
protected Collection<Credential> processKeyInfoChild(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet,
XMLObject keyInfoChild) throws SecurityException {
for (KeyInfoProvider provider : getProviders()) {
if (!provider.handles(keyInfoChild)) {
log.debug("Provider {} doesn't handle objects of type {}, skipping", provider.getClass().getName(),
keyInfoChild.getElementQName());
continue;
}
log.debug("Processing KeyInfo child {} with provider {}", keyInfoChild.getElementQName(), provider
.getClass().getName());
Collection<Credential> creds = provider.process(this, keyInfoChild, criteriaSet, kiContext);
if (creds != null && !creds.isEmpty()) {
log.debug("Credentials successfully extracted from child {} by provider {}", keyInfoChild
.getElementQName(), provider.getClass().getName());
return creds;
}
}
return null;
}
示例8: resolveKeyValue
import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
* Resolve the key from any KeyValue or DEREncodedKeyValue element that may be present, and store the resulting
* key in the resolution context.
*
* Each element is processed in turn in document order. Each element will be processed by each provider in
* the ordered list of registered providers. The key from the first credential successfully resolved
* will be stored in the resolution context.
*
* Note: This resolver implementation assumes that KeyInfo will not be abused via-a-vis the Signature
* specificiation, and that therefore all elements (if there are even more than one) will all resolve to the
* same key value. The KeyInfo might, for example have multiple KeyValue children, containing different
* representations of the same key. Therefore, only the first credential derived will be be utilized.
*
* @param kiContext KeyInfo resolution context
* @param criteriaSet the credential criteria used to resolve credentials
* @param keyValues the KeyValue or DEREncodedKeyValue children to evaluate
* @throws SecurityException thrown if there is an error resolving the key from the KeyValue
*/
protected void resolveKeyValue(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet,
List<? extends XMLObject> keyValues) throws SecurityException {
for (XMLObject keyValue : keyValues) {
if (!(keyValue instanceof KeyValue) && !(keyValue instanceof DEREncodedKeyValue)) {
continue;
}
Collection<Credential> creds = processKeyInfoChild(kiContext, criteriaSet, keyValue);
if (creds != null) {
for (Credential cred : creds) {
Key key = extractKeyValue(cred);
if (key != null) {
kiContext.setKey(key);
log.debug("Found a credential based on a KeyValue/DEREncodedKeyValue having key type: {}",
key.getAlgorithm());
return;
}
}
}
}
}
示例9: extractKeyValue
import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
* Utility method to extract any key that might be present in the specified Credential.
*
* @param cred the Credential to evaluate
* @return the Key contained in the credential, or null if it does not contain a key.
*/
protected Key extractKeyValue(Credential cred) {
if (cred == null) {
return null;
}
if (cred.getPublicKey() != null) {
return cred.getPublicKey();
}
// This could happen if key is derived, e.g. key agreement, etc
if (cred.getSecretKey() != null) {
return cred.getSecretKey();
}
// Perhaps unlikely, but go ahead and check
if (cred.getPrivateKey() != null) {
return cred.getPrivateKey();
}
return null;
}
示例10: extractKeyValue
import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
* Utility method to extract any key that might be present in the specified Credential.
*
* @param cred the Credential to evaluate
* @return the Key contained in the credential, or null if it does not contain a key.
*/
protected Key extractKeyValue(Credential cred) {
if (cred == null) {
return null;
}
if (cred.getPublicKey() != null) {
return cred.getPublicKey();
}
// This could happen if key is derived, e.g. key agreement, etc
if (cred.getSecretKey() != null) {
return cred.getSecretKey();
}
// Perhaps unlikely, but go ahead and check
if (cred.getPrivateKey() != null) {
return cred.getPrivateKey();
}
return null;
}
示例11: postProcess
import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/** {@inheritDoc} */
protected void postProcess(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet,
List<Credential> credentials) throws SecurityException {
ArrayList<Credential> localCreds = new ArrayList<Credential>();
for (Credential cred : credentials) {
if (isLocalCredential(cred)) {
localCreds.add(cred);
} else if (cred.getPublicKey() != null) {
localCreds.addAll(resolveByPublicKey(cred.getPublicKey()));
}
}
// Also resolve local creds based on any key names that are known
for (String keyName : kiContext.getKeyNames()) {
localCreds.addAll(resolveByKeyName(keyName));
}
credentials.clear();
credentials.addAll(localCreds);
}
示例12: evaluate
import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/** {@inheritDoc} */
public Boolean evaluate(Credential target) {
if (target == null) {
log.error("Credential target was null");
return null;
}
if (!(target instanceof X509Credential)) {
log.info("Credential is not an X509Credential, does not satisfy subject name criteria");
return Boolean.FALSE;
}
X509Credential x509Cred = (X509Credential) target;
X509Certificate entityCert = x509Cred.getEntityCertificate();
if (entityCert == null) {
log.info("X509Credential did not contain an entity certificate, does not satisfy criteria");
return Boolean.FALSE;
}
Boolean result = entityCert.getSubjectX500Principal().equals(subjectName);
return result;
}
示例13: evaluate
import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/** {@inheritDoc} */
public Boolean evaluate(Credential target) {
if (target == null) {
log.error("Credential target was null");
return null;
}
Key key = getKey(target);
if (key == null) {
log.info("Could not evaluate criteria, credential contained no key");
return null;
}
String algorithm = DatatypeHelper.safeTrimOrNullString(key.getAlgorithm());
if (algorithm == null) {
log.info("Could not evaluate criteria, key does not specify an algorithm via getAlgorithm()");
return null;
}
Boolean result = keyAlgorithm.equals(algorithm);
return result;
}
示例14: evaluate
import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/** {@inheritDoc} */
public Boolean evaluate(Credential target) {
if (target == null) {
log.error("Credential target was null");
return null;
}
if (!(target instanceof X509Credential)) {
log.info("Credential is not an X509Credential, does not satisfy issuer name and serial number criteria");
return Boolean.FALSE;
}
X509Credential x509Cred = (X509Credential) target;
X509Certificate entityCert = x509Cred.getEntityCertificate();
if (entityCert == null) {
log.info("X509Credential did not contain an entity certificate, does not satisfy criteria");
return Boolean.FALSE;
}
if (!entityCert.getIssuerX500Principal().equals(issuer)) {
return false;
}
Boolean result = entityCert.getSerialNumber().equals(serialNumber);
return result;
}
示例15: evaluate
import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/** {@inheritDoc} */
public Boolean evaluate(Credential target) {
if (target == null) {
log.error("Credential target was null");
return null;
}
if (!(target instanceof X509Credential)) {
log.info("Credential is not an X509Credential, can not evaluate X509CertSelector criteria");
return Boolean.FALSE;
}
X509Credential x509Cred = (X509Credential) target;
X509Certificate entityCert = x509Cred.getEntityCertificate();
if (entityCert == null) {
log.info("X509Credential did not contain an entity certificate, can not evaluate X509CertSelector criteria");
return Boolean.FALSE;
}
Boolean result = certSelector.match(entityCert);
return result;
}