当前位置: 首页>>代码示例>>Java>>正文

Java X509Credential类代码示例

本文整理汇总了Java中org.opensaml.xml.security.x509.X509Credential的典型用法代码示例。如果您正苦于以下问题:Java X509Credential类的具体用法?Java X509Credential怎么用?Java X509Credential使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。


X509Credential类属于org.opensaml.xml.security.x509包,在下文中一共展示了X509Credential类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: setSignatureRaw

import org.opensaml.xml.security.x509.X509Credential; //导入依赖的package包/类
private static Signature setSignatureRaw(String signatureAlgorithm, X509Credential cred) throws SSOAgentException {
    Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
    signature.setSigningCredential(cred);
    signature.setSignatureAlgorithm(signatureAlgorithm);
    signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

    try {
        KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
        org.opensaml.xml.signature.X509Certificate cert =
                (org.opensaml.xml.signature.X509Certificate) buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
        String value =
                org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded());
        cert.setValue(value);
        data.getX509Certificates().add(cert);
        keyInfo.getX509Datas().add(data);
        signature.setKeyInfo(keyInfo);
        return signature;

    } catch (CertificateEncodingException e) {
        throw new SSOAgentException("Error getting certificate", e);
    }
}
开发者ID:wso2-extensions,项目名称:identity-agent-sso,代码行数:24,代码来源:SSOAgentUtils.java

示例2: setSignature

import org.opensaml.xml.security.x509.X509Credential; //导入依赖的package包/类
/**
 * Sign the SAML AuthnRequest message
 *
 * @param logoutRequest
 * @param signatureAlgorithm
 * @param cred
 * @return
 * @throws SSOAgentException
 */
public static LogoutRequest setSignature(LogoutRequest logoutRequest, String signatureAlgorithm,
                                         X509Credential cred) throws SSOAgentException {
    try {
        Signature signature = setSignatureRaw(signatureAlgorithm,cred);

        logoutRequest.setSignature(signature);

        List<Signature> signatureList = new ArrayList<Signature>();
        signatureList.add(signature);

        // Marshall and Sign
        MarshallerFactory marshallerFactory =
                org.opensaml.xml.Configuration.getMarshallerFactory();
        Marshaller marshaller = marshallerFactory.getMarshaller(logoutRequest);

        marshaller.marshall(logoutRequest);

        org.apache.xml.security.Init.init();
        Signer.signObjects(signatureList);
        return logoutRequest;

    } catch (Exception e) {
        throw new SSOAgentException("Error while signing the Logout Request message", e);
    }
}
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:35,代码来源:SSOAgentUtils.java

示例3: evaluateSubjectDN

import org.opensaml.xml.security.x509.X509Credential; //导入依赖的package包/类
/**
 * Evaluate the presenter entity ID as derived from the cert subject DN.
 * 
 * @param requestCredential the X509Credential derived from the request
 * @param messageContext the message context being evaluated
 * @return a presenter entity ID which was successfully evaluated by the trust engine
 * @throws SecurityPolicyException thrown if there is error during processing
 */
protected String evaluateSubjectDN(X509Credential requestCredential, MessageContext messageContext)
        throws SecurityPolicyException {

    log.debug("Evaluating client cert by deriving presenter as cert subject DN");
    X509Certificate certificate = requestCredential.getEntityCertificate();
    String candidatePresenter = getSubjectName(certificate);
    if (candidatePresenter != null) {
        if (evaluate(requestCredential, candidatePresenter, messageContext)) {
            log.info("Authentication succeeded for presenter entity ID derived from subject DN {}",
                    candidatePresenter);
            return candidatePresenter;
        }
    }
    return null;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:24,代码来源:ClientCertAuthRule.java

示例4: evaluateSubjectAltNames

import org.opensaml.xml.security.x509.X509Credential; //导入依赖的package包/类
/**
 * Evaluate the presenter entity ID as derived from the cert subject alternative names specified by types enumerated
 * in {@link CertificateNameOptions#getSubjectAltNames()}.
 * 
 * @param requestCredential the X509Credential derived from the request
 * @param messageContext the message context being evaluated
 * @return a presenter entity ID which was successfully evaluated by the trust engine
 * @throws SecurityPolicyException thrown if there is error during processing
 */
protected String evaluateSubjectAltNames(X509Credential requestCredential, MessageContext messageContext)
        throws SecurityPolicyException {

    log.debug("Evaluating client cert by deriving presenter from subject alt names");
    X509Certificate certificate = requestCredential.getEntityCertificate();
    for (Integer altNameType : certNameOptions.getSubjectAltNames()) {
        log.debug("Evaluating alt names of type: {}", altNameType.toString());
        List<String> altNames = getAltNames(certificate, altNameType);
        for (String altName : altNames) {
            if (evaluate(requestCredential, altName, messageContext)) {
                log.info("Authentication succeeded for presenter entity ID derived from subject alt name {}",
                        altName);
                return altName;
            }
        }
    }
    return null;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:28,代码来源:ClientCertAuthRule.java

示例5: validate

import org.opensaml.xml.security.x509.X509Credential; //导入依赖的package包/类
/**
 * Evaluate trust.
 * 
 * @param untrustedCredential the untrusted X509Credential to evaluate
 * @param trustedCredential basis for trust
 * @return true if trust can be established, false otherwise
 */
public boolean validate(X509Credential untrustedCredential, X509Credential trustedCredential) {

    X509Certificate untrustedCertificate = untrustedCredential.getEntityCertificate();
    X509Certificate trustedCertificate = trustedCredential.getEntityCertificate();
    if (untrustedCertificate == null) {
        log.debug("Untrusted credential contained no entity certificate, unable to evaluate");
        return false;
    } else if (trustedCertificate == null) {
        log.debug("Trusted credential contained no entity certificate, unable to evaluate");
        return false;
    }

    if (validate(untrustedCertificate, trustedCertificate)) {
        log.debug("Successfully validated untrusted credential against trusted certificate");
        return true;
    }
    
    log.debug("Failed to validate untrusted credential against trusted certificate");
    return false;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:28,代码来源:ExplicitX509CertificateTrustEvaluator.java

示例6: evaluate

import org.opensaml.xml.security.x509.X509Credential; //导入依赖的package包/类
/** {@inheritDoc} */
public Boolean evaluate(Credential target) {
    if (target == null) {
        log.error("Credential target was null");
        return null;
    }
    if (!(target instanceof X509Credential)) {
        log.info("Credential is not an X509Credential, does not satisfy subject name criteria");
        return Boolean.FALSE;
    }
    X509Credential x509Cred = (X509Credential) target;

    X509Certificate entityCert = x509Cred.getEntityCertificate();
    if (entityCert == null) {
        log.info("X509Credential did not contain an entity certificate, does not satisfy criteria");
        return Boolean.FALSE;
    }

    Boolean result = entityCert.getSubjectX500Principal().equals(subjectName);
    return result;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:22,代码来源:EvaluableX509SubjectNameCredentialCriteria.java

示例7: evaluate

import org.opensaml.xml.security.x509.X509Credential; //导入依赖的package包/类
/** {@inheritDoc} */
public Boolean evaluate(Credential target) {
    if (target == null) {
        log.error("Credential target was null");
        return null;
    }
    if (!(target instanceof X509Credential)) {
        log.info("Credential is not an X509Credential, does not satisfy issuer name and serial number criteria");
        return Boolean.FALSE;
    }
    X509Credential x509Cred = (X509Credential) target;

    X509Certificate entityCert = x509Cred.getEntityCertificate();
    if (entityCert == null) {
        log.info("X509Credential did not contain an entity certificate, does not satisfy criteria");
        return Boolean.FALSE;
    }

    if (!entityCert.getIssuerX500Principal().equals(issuer)) {
        return false;
    }
    Boolean result = entityCert.getSerialNumber().equals(serialNumber);
    return result;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:25,代码来源:EvaluableX509IssuerSerialCredentialCriteria.java

示例8: evaluate

import org.opensaml.xml.security.x509.X509Credential; //导入依赖的package包/类
/** {@inheritDoc} */
public Boolean evaluate(Credential target) {
    if (target == null) {
        log.error("Credential target was null");
        return null;
    }
    if (!(target instanceof X509Credential)) {
        log.info("Credential is not an X509Credential, can not evaluate X509CertSelector criteria");
        return Boolean.FALSE;
    }
    X509Credential x509Cred = (X509Credential) target;

    X509Certificate entityCert = x509Cred.getEntityCertificate();
    if (entityCert == null) {
        log.info("X509Credential did not contain an entity certificate, can not evaluate X509CertSelector criteria");
        return Boolean.FALSE;
    }

    Boolean result = certSelector.match(entityCert);
    return result;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:22,代码来源:EvaluableX509CertSelectorCredentialCriteria.java

示例9: processTrustedCertificateEntry

import org.opensaml.xml.security.x509.X509Credential; //导入依赖的package包/类
/**
 * Build an X509Credential from a keystore trusted certificate entry.
 * 
 * @param trustedCertEntry the entry being processed
 * @param entityID the entityID to set
 * @param usage the usage type to set
 * @return new X509Credential instance
 */
protected X509Credential processTrustedCertificateEntry(KeyStore.TrustedCertificateEntry trustedCertEntry,
        String entityID, UsageType usage) {

    log.debug("Processing TrustedCertificateEntry from keystore");

    BasicX509Credential credential = new BasicX509Credential();
    credential.setEntityId(entityID);
    credential.setUsageType(usage);

    X509Certificate cert = (X509Certificate) trustedCertEntry.getTrustedCertificate();

    credential.setEntityCertificate(cert);

    ArrayList<X509Certificate> certChain = new ArrayList<X509Certificate>();
    certChain.add(cert);
    credential.setEntityCertificateChain(certChain);

    return credential;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:28,代码来源:KeyStoreCredentialResolver.java

示例10: processPrivateKeyEntry

import org.opensaml.xml.security.x509.X509Credential; //导入依赖的package包/类
/**
 * Build an X509Credential from a keystore private key entry.
 * 
 * @param privateKeyEntry the entry being processed
 * @param entityID the entityID to set
 * @param usage the usage type to set
 * @return new X509Credential instance
 */
protected X509Credential processPrivateKeyEntry(KeyStore.PrivateKeyEntry privateKeyEntry, String entityID,
        UsageType usage) {

    log.debug("Processing PrivateKeyEntry from keystore");

    BasicX509Credential credential = new BasicX509Credential();
    credential.setEntityId(entityID);
    credential.setUsageType(usage);

    credential.setPrivateKey(privateKeyEntry.getPrivateKey());

    credential.setEntityCertificate((X509Certificate) privateKeyEntry.getCertificate());
    credential.setEntityCertificateChain(Arrays.asList((X509Certificate[]) privateKeyEntry.getCertificateChain()));

    return credential;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:25,代码来源:KeyStoreCredentialResolver.java

示例11: setSignatureValue

import org.opensaml.xml.security.x509.X509Credential; //导入依赖的package包/类
/**
 * Add signature to any singable XML object.
 * @param xmlObject Singable xml object.
 * @param signatureAlgorithm Signature algorithm to be used.
 * @param cred X509 Credentials.
 * @param <T> Singable XML object with signature.
 * @return Singable XML object with signature.
 * @throws SSOAgentException If error occurred.
 */
public static <T extends SignableXMLObject> T setSignatureValue(T xmlObject, String signatureAlgorithm,
                                                                X509Credential cred)
        throws SSOAgentException {

    try {
        Signature signature = setSignatureRaw(signatureAlgorithm, cred);
        xmlObject.setSignature(signature);

        List<Signature> signatureList = new ArrayList<>();
        signatureList.add(signature);

        // Marshall and Sign
        MarshallerFactory marshallerFactory =
                org.opensaml.xml.Configuration.getMarshallerFactory();
        Marshaller marshaller = marshallerFactory.getMarshaller(xmlObject);

        marshaller.marshall(xmlObject);

        org.apache.xml.security.Init.init();
        Signer.signObjects(signatureList);
        return xmlObject;
    } catch (Exception e) {
        throw new SSOAgentException("Error while signing the SAML Request message", e);
    }
}
开发者ID:wso2-extensions,项目名称:identity-agent-sso,代码行数:35,代码来源:SSOAgentUtils.java

示例12: addDeflateSignatureToHTTPQueryString

import org.opensaml.xml.security.x509.X509Credential; //导入依赖的package包/类
public static void addDeflateSignatureToHTTPQueryString(StringBuilder httpQueryString,
                                                        X509Credential cred) throws SSOAgentException {
    doBootstrap();
    try {
        httpQueryString.append("&SigAlg="
                + URLEncoder.encode(XMLSignature.ALGO_ID_SIGNATURE_RSA, "UTF-8").trim());

        java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
        signature.initSign(cred.getPrivateKey());
        signature.update(httpQueryString.toString().getBytes(Charset.forName("UTF-8")));
        byte[] signatureByteArray = signature.sign();

        String signatureBase64encodedString = Base64.encodeBytes(signatureByteArray,
                Base64.DONT_BREAK_LINES);
        httpQueryString.append("&Signature="
                + URLEncoder.encode(signatureBase64encodedString, "UTF-8").trim());
    } catch (Exception e) {
        throw new SSOAgentException("Error applying SAML2 Redirect Binding signature", e);
    }
}
开发者ID:wso2-extensions,项目名称:identity-agent-sso,代码行数:21,代码来源:SSOAgentUtils.java

示例13: TrustClient

import org.opensaml.xml.security.x509.X509Credential; //导入依赖的package包/类
public TrustClient(UserAttribute eprAttribute, X509Credential credential, PublicKey stsKey, boolean eprIsBase64) {
	super(credential);
	if (eprAttribute != null) {
		log.debug("EPR Attribute: " + eprAttribute);
		if (eprIsBase64) {
			this.epr = (EndpointReference)SAMLUtil.unmarshallElement(new ByteArrayInputStream(eprAttribute.getBase64Value()));
		} else {
			this.epr = (EndpointReference)SAMLUtil.unmarshallElementFromString(eprAttribute.getValue());
		}
	} else {
		this.epr = null;
	}
	this.stsKey = stsKey;
	if (this.epr != null) {
		endpoint = this.epr.getAddress().getValue();
	}
}
开发者ID:amagdenko,项目名称:oiosaml.java,代码行数:18,代码来源:TrustClient.java

示例14: handleGet

import org.opensaml.xml.security.x509.X509Credential; //导入依赖的package包/类
public void handleGet(RequestContext context) throws ServletException, IOException {
	X509Credential cred = (X509Credential) context.getCredential();
	try {
		String cert = Base64.encodeBytes(cred.getEntityCertificate().getEncoded());
		
		HttpServletResponse res = context.getResponse();
		res.setContentType("text/plain");
		PrintWriter pw = res.getWriter();
		pw.println("-----BEGIN CERTIFICATE-----");
		pw.println(cert);
		pw.println("-----END CERTIFICATE-----");
		pw.close();
	} catch (CertificateEncodingException e) {
		throw new ServletException(e);
	}
}
开发者ID:amagdenko,项目名称:oiosaml.java,代码行数:17,代码来源:CertificateHandler.java

示例15: checkCRLSignature

import org.opensaml.xml.security.x509.X509Credential; //导入依赖的package包/类
/**
 * Check whether a certificate revocation list (CRL) has a valid signature.
 * 
 * @param crl
 * @param certificate
 * @param conf
 * @return true if signature is valid, otherwise false.
 * @throws IOException
 * @throws KeyStoreException
 * @throws IllegalStateException
 * @throws CertificateException
 * @throws NoSuchAlgorithmException
 * @throws WrappedException
 */
private boolean checkCRLSignature(X509CRL crl, X509Certificate certificate, Configuration conf)
		throws WrappedException, NoSuchAlgorithmException, CertificateException, IllegalStateException,
		KeyStoreException, IOException {
	if (conf.getString(Constants.PROP_CRL_TRUSTSTORE, null) == null)
		return true;

	CredentialRepository cr = new CredentialRepository();
	cr.getCertificate(SAMLConfigurationFactory.getConfiguration().getKeystore(),
			conf.getString(Constants.PROP_CRL_TRUSTSTORE_PASSWORD), null);

	for (X509Credential cred : cr.getCredentials()) {
		try {
			crl.verify(cred.getPublicKey());
		} catch (Exception e) {
			log.debug("CRL not signed by " + cred);
			return false;
		}
	}

	return true;
}
开发者ID:amagdenko,项目名称:oiosaml.java,代码行数:36,代码来源:CRLChecker.java


注:本文中的org.opensaml.xml.security.x509.X509Credential类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。