当前位置: 首页>>代码示例>>Java>>正文


Java Credential类代码示例

本文整理汇总了Java中org.opensaml.xml.security.credential.Credential的典型用法代码示例。如果您正苦于以下问题:Java Credential类的具体用法?Java Credential怎么用?Java Credential使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。


Credential类属于org.opensaml.xml.security.credential包,在下文中一共展示了Credential类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: getSignatureAlgorithmURI

import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
 * Gets the signature algorithm URI to use with the given signing credential.
 * 
 * @param credential the credential that will be used to sign the message
 * @param config the SecurityConfiguration to use (may be null)
 * 
 * @return signature algorithm to use with the given signing credential
 * 
 * @throws MessageEncodingException thrown if the algorithm URI could not be derived from the supplied credential
 */
protected String getSignatureAlgorithmURI(Credential credential, SecurityConfiguration config)
        throws MessageEncodingException {

    SecurityConfiguration secConfig;
    if (config != null) {
        secConfig = config;
    } else {
        secConfig = Configuration.getGlobalSecurityConfiguration();
    }

    String signAlgo = secConfig.getSignatureAlgorithmURI(credential);

    if (signAlgo == null) {
        throw new MessageEncodingException("The signing credential's algorithm URI could not be derived");
    }

    return signAlgo;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:29,代码来源:HTTPRedirectDeflateEncoder.java

示例2: getKeyInfoGenerator

import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
 * Obtains a {@link KeyInfoGenerator} for the specified {@link Credential}.
 * 
 * <p>
 * The KeyInfoGenerator returned is based on the {@link NamedKeyInfoGeneratorManager} defined by the specified
 * security configuration via {@link SecurityConfiguration#getKeyInfoGeneratorManager()}, and is determined by the
 * type of the signing credential and an optional KeyInfo generator manager name. If the latter is ommited, the
 * default manager ({@link NamedKeyInfoGeneratorManager#getDefaultManager()}) of the security configuration's
 * named generator manager will be used.
 * </p>
 * 
 * <p>
 * The generator is determined by the specified {@link SecurityConfiguration}. If a security configuration is not
 * supplied, the global security configuration ({@link Configuration#getGlobalSecurityConfiguration()}) will be
 * used.
 * </p>
 * 
 * @param credential the credential for which a generator is desired
 * @param config the SecurityConfiguration to use (may be null)
 * @param keyInfoGenName the named KeyInfoGeneratorManager configuration to use (may be null)
 * @return a KeyInfoGenerator appropriate for the specified credential
 */
public static KeyInfoGenerator getKeyInfoGenerator(Credential credential, SecurityConfiguration config,
        String keyInfoGenName) {

    SecurityConfiguration secConfig;
    if (config != null) {
        secConfig = config;
    } else {
        secConfig = Configuration.getGlobalSecurityConfiguration();
    }

    NamedKeyInfoGeneratorManager kiMgr = secConfig.getKeyInfoGeneratorManager();
    if (kiMgr != null) {
        KeyInfoGeneratorFactory kiFactory = null;
        if (DatatypeHelper.isEmpty(keyInfoGenName)) {
            kiFactory = kiMgr.getDefaultManager().getFactory(credential);
        } else {
            kiFactory = kiMgr.getFactory(keyInfoGenName, credential);
        }
        if (kiFactory != null) {
            return kiFactory.newInstance();
        }
    }
    return null;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:47,代码来源:SecurityHelper.java

示例3: validate

import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
 * Evaluate trust.
 * 
 * @param untrustedCredential the untrusted X509Credential to evaluate
 * @param trustedCredentials basis for trust
 * @return true if trust can be established, false otherwise
 */
public boolean validate(X509Credential untrustedCredential, Iterable<Credential> trustedCredentials) {

    for (Credential trustedCredential : trustedCredentials) {
        if (!(trustedCredential instanceof X509Credential)) {
            log.debug("Skipping evaluation against trusted, non-X509Credential");
            continue;
        }
        X509Credential trustedX509Credential = (X509Credential) trustedCredential;
        if (validate(untrustedCredential, trustedX509Credential)) {
            return true;
        }
    }

    return false;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:23,代码来源:ExplicitX509CertificateTrustEvaluator.java

示例4: sign

import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
 * Compute the signature or MAC value over the supplied input.
 * 
 * It is up to the caller to ensure that the specified algorithm ID and isMAC flag are consistent with the type of
 * signing key supplied in the signing credential.
 * 
 * @param signingCredential the credential containing the signing key
 * @param jcaAlgorithmID the Java JCA algorithm ID to use
 * @param isMAC flag indicating whether the operation to be performed is a signature or MAC computation
 * @param input the input over which to compute the signature
 * @return the computed signature or MAC value
 * @throws SecurityException throw if the computation process results in an error
 */
public static byte[] sign(Credential signingCredential, String jcaAlgorithmID, boolean isMAC, byte[] input)
        throws SecurityException {
    Logger log = getLogger();

    Key signingKey = SecurityHelper.extractSigningKey(signingCredential);
    if (signingKey == null) {
        log.error("No signing key supplied in signing credential for signature computation");
        throw new SecurityException("No signing key supplied in signing credential");
    }

    if (isMAC) {
        return signMAC(signingKey, jcaAlgorithmID, input);
    } else if (signingKey instanceof PrivateKey) {
        return sign((PrivateKey) signingKey, jcaAlgorithmID, input);
    } else {
        log.error("No PrivateKey present in signing credential for signature computation");
        throw new SecurityException("No PrivateKey supplied for signing");
    }
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:33,代码来源:SigningUtil.java

示例5: verify

import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
 * Verify the signature value computed over the supplied input against the supplied signature value.
 * 
 * It is up to the caller to ensure that the specified algorithm ID and isMAC flag are consistent with the type of
 * verification credential supplied.
 * 
 * @param verificationCredential the credential containing the verification key
 * @param jcaAlgorithmID the Java JCA algorithm ID to use
 * @param isMAC flag indicating whether the operation to be performed is a signature or MAC computation
 * @param signature the computed signature value received from the signer
 * @param input the input over which the signature is computed and verified
 * @return true if the signature value computed over the input using the supplied key and algorithm ID is identical
 *         to the supplied signature value
 * @throws SecurityException thrown if the signature computation or verification process results in an error
 */
public static boolean verify(Credential verificationCredential, String jcaAlgorithmID, boolean isMAC,
        byte[] signature, byte[] input) throws SecurityException {
    Logger log = getLogger();

    Key verificationKey = SecurityHelper.extractVerificationKey(verificationCredential);
    if (verificationKey == null) {
        log.error("No verification key supplied in verification credential for signature verification");
        throw new SecurityException("No verification key supplied in verification credential");
    }

    if (isMAC) {
        return verifyMAC(verificationKey, jcaAlgorithmID, signature, input);
    } else if (verificationKey instanceof PublicKey) {
        return verify((PublicKey) verificationKey, jcaAlgorithmID, signature, input);
    } else {
        log.error("No PublicKey present in verification credential for signature verification");
        throw new SecurityException("No PublicKey supplied for signature verification");
    }
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:35,代码来源:SigningUtil.java

示例6: retrieveFromCache

import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
 * Retrieves pre-resolved credentials from the cache.
 * 
 * @param cacheKey the key to the metadata cache
 * 
 * @return the collection of cached credentials or null
 */
protected Collection<Credential> retrieveFromCache(MetadataCacheKey cacheKey) {
    log.debug("Attempting to retrieve credentials from cache using index: {}", cacheKey);
    Lock readLock = getReadWriteLock().readLock();
    readLock.lock();
    log.trace("Read lock over cache acquired");
    try {
        if (cache.containsKey(cacheKey)) {
            SoftReference<Collection<Credential>> reference = cache.get(cacheKey);
            if (reference.get() != null) {
                log.debug("Retrieved credentials from cache using index: {}", cacheKey);
                return reference.get();
            }
        }
    } finally {
        readLock.unlock();
        log.trace("Read lock over cache released");
    }

    log.debug("Unable to retrieve credentials from cache using index: {}", cacheKey);
    return null;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:29,代码来源:MetadataCredentialResolver.java

示例7: processKeyInfoChild

import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
 * Process the given KeyInfo child with the registered providers.
 * 
 * The child element is processed by each provider in the ordered list of providers. The credential or credentials
 * resolved by the first provider to successfully do so are returned and processing of the child element is
 * terminated.
 * 
 * @param kiContext KeyInfo resolution context
 * @param criteriaSet the credential criteria used to resolve credentials
 * @param keyInfoChild the KeyInfo to evaluate
 * @return the collection of resolved credentials, or null
 * @throws SecurityException thrown if there is a provider error processing the KeyInfo child
 */
protected Collection<Credential> processKeyInfoChild(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet,
        XMLObject keyInfoChild) throws SecurityException {

    for (KeyInfoProvider provider : getProviders()) {

        if (!provider.handles(keyInfoChild)) {
            log.debug("Provider {} doesn't handle objects of type {}, skipping", provider.getClass().getName(),
                    keyInfoChild.getElementQName());
            continue;
        }

        log.debug("Processing KeyInfo child {} with provider {}", keyInfoChild.getElementQName(), provider
                .getClass().getName());
        Collection<Credential> creds = provider.process(this, keyInfoChild, criteriaSet, kiContext);

        if (creds != null && !creds.isEmpty()) {
            log.debug("Credentials successfully extracted from child {} by provider {}", keyInfoChild
                    .getElementQName(), provider.getClass().getName());
            return creds;
        }
    }
    return null;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:37,代码来源:BasicProviderKeyInfoCredentialResolver.java

示例8: resolveKeyValue

import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
 * Resolve the key from any KeyValue or DEREncodedKeyValue element that may be present, and store the resulting
 * key in the resolution context.
 * 
 * Each element is processed in turn in document order. Each element will be processed by each provider in
 * the ordered list of registered providers. The key from the first credential successfully resolved
 * will be stored in the resolution context.
 * 
 * Note: This resolver implementation assumes that KeyInfo will not be abused via-a-vis the Signature
 * specificiation, and that therefore all elements (if there are even more than one) will all resolve to the
 * same key value. The KeyInfo might, for example have multiple KeyValue children, containing different
 * representations of the same key. Therefore, only the first credential derived will be be utilized.
 * 
 * @param kiContext KeyInfo resolution context
 * @param criteriaSet the credential criteria used to resolve credentials
 * @param keyValues the KeyValue or DEREncodedKeyValue children to evaluate
 * @throws SecurityException thrown if there is an error resolving the key from the KeyValue
 */
protected void resolveKeyValue(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet,
        List<? extends XMLObject> keyValues) throws SecurityException {

    for (XMLObject keyValue : keyValues) {
        if (!(keyValue instanceof KeyValue) && !(keyValue instanceof DEREncodedKeyValue)) {
            continue;
        }
        Collection<Credential> creds = processKeyInfoChild(kiContext, criteriaSet, keyValue);
        if (creds != null) {
            for (Credential cred : creds) {
                Key key = extractKeyValue(cred);
                if (key != null) {
                    kiContext.setKey(key);
                    log.debug("Found a credential based on a KeyValue/DEREncodedKeyValue having key type: {}",
                            key.getAlgorithm());
                    return;
                }
            }
        }
    }
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:40,代码来源:BasicProviderKeyInfoCredentialResolver.java

示例9: extractKeyValue

import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
 * Utility method to extract any key that might be present in the specified Credential.
 * 
 * @param cred the Credential to evaluate
 * @return the Key contained in the credential, or null if it does not contain a key.
 */
protected Key extractKeyValue(Credential cred) {
    if (cred == null) {
        return null;
    }
    if (cred.getPublicKey() != null) {
        return cred.getPublicKey();
    }
    // This could happen if key is derived, e.g. key agreement, etc
    if (cred.getSecretKey() != null) {
        return cred.getSecretKey();
    }
    // Perhaps unlikely, but go ahead and check
    if (cred.getPrivateKey() != null) {
        return cred.getPrivateKey();
    }
    return null;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:24,代码来源:BasicProviderKeyInfoCredentialResolver.java

示例10: extractKeyValue

import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/**
 * Utility method to extract any key that might be present in the specified Credential.
 * 
 * @param cred the Credential to evaluate
 * @return the Key contained in the credential, or null if it does not contain a key.
 */
protected Key extractKeyValue(Credential cred) {
    if (cred == null) {
        return null;
    }
    if (cred.getPublicKey() != null) {
        return cred.getPublicKey();
    } 
    // This could happen if key is derived, e.g. key agreement, etc
    if (cred.getSecretKey() != null) {
        return cred.getSecretKey();
    }
    // Perhaps unlikely, but go ahead and check
    if (cred.getPrivateKey() != null) {
        return cred.getPrivateKey(); 
    }
    return null;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:24,代码来源:AbstractKeyInfoProvider.java

示例11: postProcess

import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/** {@inheritDoc} */
protected void postProcess(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet,
        List<Credential> credentials) throws SecurityException {
    
    ArrayList<Credential> localCreds = new ArrayList<Credential>();
    
    for (Credential cred : credentials) {
        if (isLocalCredential(cred)) {
            localCreds.add(cred);
        } else if (cred.getPublicKey() != null) {
           localCreds.addAll(resolveByPublicKey(cred.getPublicKey()));
        }
    }
    
    // Also resolve local creds based on any key names that are known
    for (String keyName : kiContext.getKeyNames()) {
        localCreds.addAll(resolveByKeyName(keyName));
    }
    
    credentials.clear();
    credentials.addAll(localCreds);
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:23,代码来源:LocalKeyInfoCredentialResolver.java

示例12: evaluate

import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/** {@inheritDoc} */
public Boolean evaluate(Credential target) {
    if (target == null) {
        log.error("Credential target was null");
        return null;
    }
    if (!(target instanceof X509Credential)) {
        log.info("Credential is not an X509Credential, does not satisfy subject name criteria");
        return Boolean.FALSE;
    }
    X509Credential x509Cred = (X509Credential) target;

    X509Certificate entityCert = x509Cred.getEntityCertificate();
    if (entityCert == null) {
        log.info("X509Credential did not contain an entity certificate, does not satisfy criteria");
        return Boolean.FALSE;
    }

    Boolean result = entityCert.getSubjectX500Principal().equals(subjectName);
    return result;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:22,代码来源:EvaluableX509SubjectNameCredentialCriteria.java

示例13: evaluate

import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/** {@inheritDoc} */
public Boolean evaluate(Credential target) {
    if (target == null) {
        log.error("Credential target was null");
        return null;
    }
    Key key = getKey(target);
    if (key == null) {
        log.info("Could not evaluate criteria, credential contained no key");
        return null;
    }
    String algorithm = DatatypeHelper.safeTrimOrNullString(key.getAlgorithm());
    if (algorithm == null) {
        log.info("Could not evaluate criteria, key does not specify an algorithm via getAlgorithm()");
        return null;
    }

    Boolean result = keyAlgorithm.equals(algorithm);
    return result;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:21,代码来源:EvaluableKeyAlgorithmCredentialCriteria.java

示例14: evaluate

import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/** {@inheritDoc} */
public Boolean evaluate(Credential target) {
    if (target == null) {
        log.error("Credential target was null");
        return null;
    }
    if (!(target instanceof X509Credential)) {
        log.info("Credential is not an X509Credential, does not satisfy issuer name and serial number criteria");
        return Boolean.FALSE;
    }
    X509Credential x509Cred = (X509Credential) target;

    X509Certificate entityCert = x509Cred.getEntityCertificate();
    if (entityCert == null) {
        log.info("X509Credential did not contain an entity certificate, does not satisfy criteria");
        return Boolean.FALSE;
    }

    if (!entityCert.getIssuerX500Principal().equals(issuer)) {
        return false;
    }
    Boolean result = entityCert.getSerialNumber().equals(serialNumber);
    return result;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:25,代码来源:EvaluableX509IssuerSerialCredentialCriteria.java

示例15: evaluate

import org.opensaml.xml.security.credential.Credential; //导入依赖的package包/类
/** {@inheritDoc} */
public Boolean evaluate(Credential target) {
    if (target == null) {
        log.error("Credential target was null");
        return null;
    }
    if (!(target instanceof X509Credential)) {
        log.info("Credential is not an X509Credential, can not evaluate X509CertSelector criteria");
        return Boolean.FALSE;
    }
    X509Credential x509Cred = (X509Credential) target;

    X509Certificate entityCert = x509Cred.getEntityCertificate();
    if (entityCert == null) {
        log.info("X509Credential did not contain an entity certificate, can not evaluate X509CertSelector criteria");
        return Boolean.FALSE;
    }

    Boolean result = certSelector.match(entityCert);
    return result;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:22,代码来源:EvaluableX509CertSelectorCredentialCriteria.java


注:本文中的org.opensaml.xml.security.credential.Credential类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。