本文整理汇总了Java中org.opensaml.xml.security.x509.BasicX509Credential类的典型用法代码示例。如果您正苦于以下问题:Java BasicX509Credential类的具体用法?Java BasicX509Credential怎么用?Java BasicX509Credential使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
BasicX509Credential类属于org.opensaml.xml.security.x509包,在下文中一共展示了BasicX509Credential类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: decryptAssertion
import org.opensaml.xml.security.x509.BasicX509Credential; //导入依赖的package包/类
protected Assertion decryptAssertion(EncryptedAssertion encryptedAssertion, KeyStore.PrivateKeyEntry keystoreEntry) {
BasicX509Credential decryptionCredential = new BasicX509Credential();
decryptionCredential.setPrivateKey(keystoreEntry.getPrivateKey());
StaticKeyInfoCredentialResolver resolver = new StaticKeyInfoCredentialResolver(decryptionCredential);
ChainingEncryptedKeyResolver keyResolver = new ChainingEncryptedKeyResolver();
keyResolver.getResolverChain().add(new InlineEncryptedKeyResolver());
keyResolver.getResolverChain().add(new EncryptedElementTypeEncryptedKeyResolver());
keyResolver.getResolverChain().add(new SimpleRetrievalMethodEncryptedKeyResolver());
Decrypter decrypter = new Decrypter(null, resolver, keyResolver);
decrypter.setRootInNewDocument(true);
Assertion assertion = null;
try {
assertion = decrypter.decrypt(encryptedAssertion);
} catch (DecryptionException e) {
raiseSamlValidationError("Unable to decrypt SAML assertion", null);
}
return assertion;
}
示例2: processTrustedCertificateEntry
import org.opensaml.xml.security.x509.BasicX509Credential; //导入依赖的package包/类
/**
* Build an X509Credential from a keystore trusted certificate entry.
*
* @param trustedCertEntry the entry being processed
* @param entityID the entityID to set
* @param usage the usage type to set
* @return new X509Credential instance
*/
protected X509Credential processTrustedCertificateEntry(KeyStore.TrustedCertificateEntry trustedCertEntry,
String entityID, UsageType usage) {
log.debug("Processing TrustedCertificateEntry from keystore");
BasicX509Credential credential = new BasicX509Credential();
credential.setEntityId(entityID);
credential.setUsageType(usage);
X509Certificate cert = (X509Certificate) trustedCertEntry.getTrustedCertificate();
credential.setEntityCertificate(cert);
ArrayList<X509Certificate> certChain = new ArrayList<X509Certificate>();
certChain.add(cert);
credential.setEntityCertificateChain(certChain);
return credential;
}
示例3: processPrivateKeyEntry
import org.opensaml.xml.security.x509.BasicX509Credential; //导入依赖的package包/类
/**
* Build an X509Credential from a keystore private key entry.
*
* @param privateKeyEntry the entry being processed
* @param entityID the entityID to set
* @param usage the usage type to set
* @return new X509Credential instance
*/
protected X509Credential processPrivateKeyEntry(KeyStore.PrivateKeyEntry privateKeyEntry, String entityID,
UsageType usage) {
log.debug("Processing PrivateKeyEntry from keystore");
BasicX509Credential credential = new BasicX509Credential();
credential.setEntityId(entityID);
credential.setUsageType(usage);
credential.setPrivateKey(privateKeyEntry.getPrivateKey());
credential.setEntityCertificate((X509Certificate) privateKeyEntry.getCertificate());
credential.setEntityCertificateChain(Arrays.asList((X509Certificate[]) privateKeyEntry.getCertificateChain()));
return credential;
}
示例4: createBasicCredentials
import org.opensaml.xml.security.x509.BasicX509Credential; //导入依赖的package包/类
/**
* Create basic credentials needed to generate signature using EntitlementServiceComponent
*
* @return basicX509Credential
*/
private static BasicX509Credential createBasicCredentials() {
Certificate certificate = null;
PrivateKey issuerPK = null;
KeyStoreManager keyMan = KeyStoreManager.getInstance(-1234);
try {
certificate = keyMan.getDefaultPrimaryCertificate();
issuerPK = keyMan.getDefaultPrivateKey();
} catch (Exception e) {
log.error("Error occurred while getting the KeyStore from KeyManger.", e);
}
BasicX509Credential basicCredential = new BasicX509Credential();
basicCredential.setEntityCertificate((java.security.cert.X509Certificate) certificate);
basicCredential.setPrivateKey(issuerPK);
return basicCredential;
}
示例5: main
import org.opensaml.xml.security.x509.BasicX509Credential; //导入依赖的package包/类
public static void main(String[] args) {
ClientModel model = new ClientModel();
CredentialRepository rep = new CredentialRepository();
BasicX509Credential credential = rep.getCredential(model.getCertificate(), model.getCertificatePassword());
TrustClient client = new TrustClient(null, credential, null);
client.setAppliesTo(model.getServiceUrl());
client.setUseReferenceForDelegateToken(false);
client.setUseActAs(false);
client.setEndpoint(model.getLocalStsUrl());
UsernameToken ut = SAMLUtil.buildXMLObject(UsernameToken.class);
Username username = SAMLUtil.buildXMLObject(Username.class);
username.setValue("jre");
ut.setUsername(username);
Password pw = SAMLUtil.buildXMLObject(Password.class);
pw.setValue("dild42");
ut.getUnknownXMLObjects().add(pw);
client.setSecurityToken(ut);
client.getToken();
}
示例6: testInvalidSignature
import org.opensaml.xml.security.x509.BasicX509Credential; //导入依赖的package包/类
@Test(expected=ValidationException.class)
public void testInvalidSignature() throws Exception {
env.setAction("action");
BasicX509Credential credential = TestHelper.getCredential();
Element e = env.sign(credential);
Element actionElement = (Element) e.getElementsByTagNameNS(WSAddressingConstants.WSA_NS, "Action").item(0);
actionElement.setTextContent("test");
Envelope envelope = (Envelope) SAMLUtil.unmarshallElementFromString(XMLHelper.nodeToString(e));
Security sec = (Security) envelope.getHeader().getUnknownXMLObjects(Security.ELEMENT_NAME).get(0);
Signature signature = (Signature) sec.getUnknownXMLObjects(Signature.DEFAULT_ELEMENT_NAME).get(0);
SignatureValidator validator = new SignatureValidator(credential);
validator.validate(signature);
}
示例7: onSetUp
import org.opensaml.xml.security.x509.BasicX509Credential; //导入依赖的package包/类
@Before
public final void onSetUp() throws Exception {
req = mock(HttpServletRequest.class);
res = mock(HttpServletResponse.class);
when(res.getOutputStream()).thenReturn(new ServletOutputStream() {
public void write(int b) throws IOException {}
});
session = mock(HttpSession.class);
when(req.getSession()).thenReturn(session);
when(session.getId()).thenReturn(UUID.randomUUID().toString());
EntityDescriptor desc = (EntityDescriptor) SAMLUtil.unmarshallElement(getClass().getResourceAsStream("SPMetadata.xml"));
sh = mock(SessionHandler.class);
CredentialRepository rep = new CredentialRepository();
BasicX509Credential credential = rep.getCredential("test/test.pkcs12", "Test1234");
cfg = new MapConfiguration(new HashMap<String, Object>() {{
put("oiosaml-sp.assertion.validator", Validator.class.getName());
put(Constants.PROP_HOME, "/home");
}});
IdpMetadata idp = new IdpMetadata("http://schemas.xmlsoap.org/ws/2006/12/federation", (EntityDescriptor)SAMLUtil.unmarshallElement(getClass().getResourceAsStream("IdPMetadata.xml")));
rc = new RequestContext(req, res, idp, new SPMetadata(desc, "http://schemas.xmlsoap.org/ws/2006/12/federation"), credential, cfg, sh, null);
}
示例8: createCredential
import org.opensaml.xml.security.x509.BasicX509Credential; //导入依赖的package包/类
/**
* Read credentials from a inputstream.
*
* The stream can either point to a PKCS12 keystore or a JKS keystore.
* The store is converted into a {@link Credential} including the private key.
* @param input Stream pointing to the certificate store.
* @param password Password for the store. The same password is also used for the certificate.
*
* @return The {@link Credential}
*/
public static BasicX509Credential createCredential(KeyStore ks, String password) {
BasicX509Credential credential = new BasicX509Credential();
try {
Enumeration<String> eAliases = ks.aliases();
while (eAliases.hasMoreElements()) {
String strAlias = eAliases.nextElement();
if (ks.isKeyEntry(strAlias)) {
PrivateKey privateKey = (PrivateKey) ks.getKey(strAlias, password.toCharArray());
credential.setPrivateKey(privateKey);
credential.setEntityCertificate((X509Certificate) ks.getCertificate(strAlias));
PublicKey publicKey = ks.getCertificate(strAlias).getPublicKey();
if (log.isDebugEnabled())
log.debug("publicKey..:" + publicKey + ", privateKey: " + privateKey);
credential.setPublicKey(publicKey);
}
}
} catch (GeneralSecurityException e) {
throw new WrappedException(Layer.CLIENT, e);
}
return credential;
}
示例9: testGetCredential
import org.opensaml.xml.security.x509.BasicX509Credential; //导入依赖的package包/类
@Test
public void testGetCredential() throws Exception {
Credential cred = TestHelper.getCredential();
X509Certificate cert = TestHelper.getCertificate(cred);
ByteArrayOutputStream bos = generateKeystore(cred, cert);
BasicX509Credential newCredential = CredentialRepository.createCredential(getKeystore(new ByteArrayInputStream(bos.toByteArray())), "test");
assertTrue(Arrays.equals(cred.getPublicKey().getEncoded(), newCredential.getPublicKey().getEncoded()));
assertTrue(Arrays.equals(cred.getPrivateKey().getEncoded(), newCredential.getPrivateKey().getEncoded()));
KeyStore store = KeyStore.getInstance("JKS");
store.load(null, null);
store.setKeyEntry("saml", cred.getPrivateKey(), "test".toCharArray(), new Certificate[] { cert });
bos = new ByteArrayOutputStream();
store.store(bos, "test".toCharArray());
bos.close();
newCredential = CredentialRepository.createCredential(getKeystore(new ByteArrayInputStream(bos.toByteArray())), "test");
assertTrue(Arrays.equals(cred.getPublicKey().getEncoded(), newCredential.getPublicKey().getEncoded()));
assertTrue(Arrays.equals(cred.getPrivateKey().getEncoded(), newCredential.getPrivateKey().getEncoded()));
}
示例10: testGetMetadata
import org.opensaml.xml.security.x509.BasicX509Credential; //导入依赖的package包/类
@Test
public void testGetMetadata() throws Exception {
SPMetadata metadata = TestHelper.buildSPMetadata();
BasicX509Credential credential = TestHelper.getCredential();
String xml = metadata.getMetadata(credential, true);
assertNotNull(xml);
EntityDescriptor desc = (EntityDescriptor) SAMLUtil.unmarshallElementFromString(xml);
assertNotNull(desc);
assertEquals(metadata.getEntityID(), desc.getEntityID());
assertNotNull(desc.getSignature());
new OIOSamlObject(desc).verifySignature(credential.getPublicKey());
}
示例11: setUp
import org.opensaml.xml.security.x509.BasicX509Credential; //导入依赖的package包/类
@Before
public void setUp() throws Exception {
BasicX509Credential cred = TestHelper.getCredential();
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
X509Certificate cert = TestHelper.getCertificate(cred);
cred.setEntityCertificate(cert);
ks.setKeyEntry("oiosaml", credential.getPrivateKey(), "password".toCharArray(), new Certificate[] { cert });
File tmp = File.createTempFile("test", "test");
tmp.deleteOnExit();
FileOutputStream os = new FileOutputStream(tmp);
ks.store(os, "password".toCharArray());
os.close();
props = new HashMap<String, String>();
props.put(Constants.PROP_CERTIFICATE_LOCATION, tmp.getName());
props.put(Constants.PROP_CERTIFICATE_PASSWORD, "password");
//FileConfiguration.setSystemConfiguration(TestHelper.buildConfiguration(props));
IdpMetadata.setMetadata(new IdpMetadata(SAMLConstants.SAML20P_NS, TestHelper.buildEntityDescriptor(cred)));
SPMetadata.setMetadata(spMetadata);
}
示例12: SAML2HTTPRedirectDeflateSignatureSecurityPolicyRuleTest
import org.opensaml.xml.security.x509.BasicX509Credential; //导入依赖的package包/类
/** Constructor.
* @throws CertificateException
* @throws KeyException */
public SAML2HTTPRedirectDeflateSignatureSecurityPolicyRuleTest() throws CertificateException, KeyException {
signingCert = SecurityTestHelper.buildJavaX509Cert(signingCertBase64);
signingPrivateKey = SecurityTestHelper.buildJavaRSAPrivateKey(signingPrivateKeyBase64);
signingX509Cred = new BasicX509Credential();
signingX509Cred.setEntityCertificate(signingCert);
signingX509Cred.setPrivateKey(signingPrivateKey);
signingX509Cred.setEntityId(issuer);
otherCert1 = SecurityTestHelper.buildJavaX509Cert(otherCert1Base64);
otherCred1 = new BasicX509Credential();
otherCred1.setEntityCertificate(otherCert1);
otherCred1.setEntityId("other-1");
}
开发者ID:apigee,项目名称:java-opensaml2,代码行数:19,代码来源:SAML2HTTPRedirectDeflateSignatureSecurityPolicyRuleTest.java
示例13: SAML2HTTPPostSimpleSignSecurityPolicyRuleTest
import org.opensaml.xml.security.x509.BasicX509Credential; //导入依赖的package包/类
/** Constructor.
* @throws Exception */
public SAML2HTTPPostSimpleSignSecurityPolicyRuleTest() throws Exception {
signingCert = SecurityTestHelper.buildJavaX509Cert(signingCertBase64);
signingPrivateKey = SecurityTestHelper.buildJavaRSAPrivateKey(signingPrivateKeyBase64);
signingX509Cred = new BasicX509Credential();
signingX509Cred.setEntityCertificate(signingCert);
signingX509Cred.setPrivateKey(signingPrivateKey);
signingX509Cred.setEntityId(issuer);
otherCert1 = SecurityTestHelper.buildJavaX509Cert(otherCert1Base64);
otherCred1 = new BasicX509Credential();
otherCred1.setEntityCertificate(otherCert1);
otherCred1.setEntityId("other-1");
velocityEngine = new VelocityEngine();
velocityEngine = new VelocityEngine();
velocityEngine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
velocityEngine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
velocityEngine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
velocityEngine.setProperty("classpath.resource.loader.class",
"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
velocityEngine.init();
}
示例14: getSigningCredential
import org.opensaml.xml.security.x509.BasicX509Credential; //导入依赖的package包/类
/**
* gets credential used to sign saml assertionts that are produced. This method
* assumes the cert and pkcs formatted primary key are on file system. this data
* could be stored elsewhere e.g keystore
*
* a credential is used to sign saml response, and includes the private key
* as well as a cert for the public key
*
* @return
* @throws Throwable
*/
public Credential getSigningCredential(String publicKeyLocation, String privateKeyLocation) throws Throwable {
// create public key (cert) portion of credential
InputStream inStream = new FileInputStream(publicKeyLocation);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate publicKey = (X509Certificate)cf.generateCertificate(inStream);
inStream.close();
// create private key
RandomAccessFile raf = new RandomAccessFile(privateKeyLocation, "r");
byte[] buf = new byte[(int)raf.length()];
raf.readFully(buf);
raf.close();
PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(buf);
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey privateKey = kf.generatePrivate(kspec);
// create credential and initialize
BasicX509Credential credential = new BasicX509Credential();
credential.setEntityCertificate(publicKey);
credential.setPrivateKey(privateKey);
return credential;
}
示例15: getSigningCredential
import org.opensaml.xml.security.x509.BasicX509Credential; //导入依赖的package包/类
/**
* getSigningCredential loads up an X509Credential from a file.
*
* @param resource the signing certificate file
* @return an X509 credential
*/
public static X509Credential getSigningCredential(final Resource resource) {
try (final InputStream inputStream = resource.getInputStream()) {
//grab the certificate file
final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
final X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(inputStream);
//get the public key from the certificate
final X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(certificate.getPublicKey().getEncoded());
//generate public key to validate signatures
final KeyFactory keyFactory = KeyFactory.getInstance("RSA");
final PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
//add the public key
final BasicX509Credential publicCredential = new BasicX509Credential();
publicCredential.setPublicKey(publicKey);
LOGGER.debug("getSigningCredential: key retrieved.");
return publicCredential;
} catch (final Exception ex) {
LOGGER.error("I/O error retrieving the signing cert: {}", ex);
return null;
}
}