当前位置: 首页>>代码示例>>Java>>正文


Java SignatureTrustEngine类代码示例

本文整理汇总了Java中org.opensaml.xml.signature.SignatureTrustEngine的典型用法代码示例。如果您正苦于以下问题:Java SignatureTrustEngine类的具体用法?Java SignatureTrustEngine怎么用?Java SignatureTrustEngine使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。


SignatureTrustEngine类属于org.opensaml.xml.signature包,在下文中一共展示了SignatureTrustEngine类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: validateSignature

import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/**
 * @param queryString
 * @param issuer
 * @param alias
 * @param domainName
 * @return
 * @throws SecurityException
 * @throws IdentitySAML2SSOException
 */
@Override
public boolean validateSignature(String queryString, String issuer, String alias,
                                 String domainName) throws SecurityException,
        IdentitySAML2SSOException {
    byte[] signature = getSignature(queryString);
    byte[] signedContent = getSignedContent(queryString);
    String algorithmUri = getSigAlg(queryString);
    CriteriaSet criteriaSet = buildCriteriaSet(issuer);

    // creating the SAML2HTTPRedirectDeflateSignatureRule
    X509CredentialImpl credential =
            SAMLSSOUtil.getX509CredentialImplForTenant(domainName,
                    alias);

    List<Credential> credentials = new ArrayList<Credential>();
    credentials.add(credential);
    CollectionCredentialResolver credResolver = new CollectionCredentialResolver(credentials);
    KeyInfoCredentialResolver kiResolver = SecurityHelper.buildBasicInlineKeyInfoResolver();
    SignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver);
    return engine.validate(signature, signedContent, algorithmUri, criteriaSet, null);
}
 
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:31,代码来源:SAML2HTTPRedirectDeflateSignatureValidator.java

示例2: setUp

import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/** {@inheritDoc} */
protected void setUp() throws Exception {
    super.setUp();
    
    // Trust engine setup
    issuer = "SomeCoolIssuer";
    
    trustedCredentials = new ArrayList<Credential>();
    trustedCredentials.add(otherCred1);
    
    credResolver = new CollectionCredentialResolver(trustedCredentials);
    
    KeyInfoCredentialResolver kiResolver = SecurityTestHelper.buildBasicInlineKeyInfoResolver();
    SignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver);
    
    rule = new SAML2HTTPRedirectDeflateSignatureRule(engine);
    
    messageContext.setInboundMessageIssuer(issuer);
    ((SAMLMessageContext) messageContext).setInboundSAMLMessageAuthenticated(false);
    messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
}
 
开发者ID:apigee,项目名称:java-opensaml2,代码行数:22,代码来源:SAML2HTTPRedirectDeflateSignatureSecurityPolicyRuleTest.java

示例3: setUp

import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/** {@inheritDoc} */
protected void setUp() throws Exception {
    super.setUp();
    
    // Trust engine setup
    issuer = "SomeCoolIssuer";
    
    trustedCredentials = new ArrayList<Credential>();
    trustedCredentials.add(otherCred1);
    
    credResolver = new CollectionCredentialResolver(trustedCredentials);
    
    KeyInfoCredentialResolver kiResolver = SecurityTestHelper.buildBasicInlineKeyInfoResolver();
    SignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver);
    
    rule = new SAML2HTTPPostSimpleSignRule(engine, parser, kiResolver);
    
    messageContext.setInboundMessageIssuer(issuer);
    ((SAMLMessageContext) messageContext).setInboundSAMLMessageAuthenticated(false);
    messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
}
 
开发者ID:apigee,项目名称:java-opensaml2,代码行数:22,代码来源:SAML2HTTPPostSimpleSignSecurityPolicyRuleTest.java

示例4: testEntityDescriptor

import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
public void testEntityDescriptor() throws UnmarshallingException, CertificateException, XMLParserException {
    X509Certificate cert = SecurityTestHelper.buildJavaX509Cert(openIDCertBase64);
    X509Credential cred = SecurityHelper.getSimpleCredential(cert, null);
    StaticCredentialResolver credResolver = new StaticCredentialResolver(cred);
    SignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credResolver, 
            Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
    
    Document mdDoc = parser.parse(SignatureValidationFilterTest.class.getResourceAsStream(openIDFileValid));
    XMLObject xmlObject = 
        unmarshallerFactory.getUnmarshaller(mdDoc.getDocumentElement()).unmarshall(mdDoc.getDocumentElement());
    assertTrue(xmlObject instanceof EntityDescriptor);
    EntityDescriptor ed = (EntityDescriptor) xmlObject;
    assertTrue(ed.isSigned());
    assertNotNull("Signature was null", ed.getSignature());
    
    SignatureValidationFilter filter = new SignatureValidationFilter(trustEngine);
    try {
        filter.doFilter(ed);
    } catch (FilterException e) {
        fail("Filter failed validation, should have succeeded: " + e.getMessage());
    }
}
 
开发者ID:apigee,项目名称:java-opensaml2,代码行数:23,代码来源:SignatureValidationFilterTest.java

示例5: testEntityDescriptorInvalid

import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
public void testEntityDescriptorInvalid() throws UnmarshallingException, CertificateException, XMLParserException {
    X509Certificate cert = SecurityTestHelper.buildJavaX509Cert(openIDCertBase64);
    X509Credential cred = SecurityHelper.getSimpleCredential(cert, null);
    StaticCredentialResolver credResolver = new StaticCredentialResolver(cred);
    SignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credResolver, 
            Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
    
    Document mdDoc = parser.parse(SignatureValidationFilterTest.class.getResourceAsStream(openIDFileInvalid));
    XMLObject xmlObject = 
        unmarshallerFactory.getUnmarshaller(mdDoc.getDocumentElement()).unmarshall(mdDoc.getDocumentElement());
    assertTrue(xmlObject instanceof EntityDescriptor);
    EntityDescriptor ed = (EntityDescriptor) xmlObject;
    assertTrue(ed.isSigned());
    assertNotNull("Signature was null", ed.getSignature());
    
    SignatureValidationFilter filter = new SignatureValidationFilter(trustEngine);
    try {
        filter.doFilter(xmlObject);
        fail("Filter passed validation, should have failed");
    } catch (FilterException e) {
        // do nothing, should fail
    }
}
 
开发者ID:apigee,项目名称:java-opensaml2,代码行数:24,代码来源:SignatureValidationFilterTest.java

示例6: validate

import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/** {@inheritDoc} */
public boolean validate(Signature token, CriteriaSet trustBasisCriteria) throws SecurityException {
    for (SignatureTrustEngine engine : engines) {
        if (engine.validate(token, trustBasisCriteria)) {
            log.debug("Signature was trusted by chain member: {}", engine.getClass().getName());
            return true;
        }
    }
    return false;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:11,代码来源:ChainingSignatureTrustEngine.java

示例7: validateSignature

import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/**
 * Validate the simple signature.
 * 
 * @param signature the signature value
 * @param signedContent the content that was signed
 * @param algorithmURI the signature algorithm URI which was used to sign the content
 * @param criteriaSet criteria used to describe and/or resolve the information which serves as the basis for trust
 *            evaluation
 * @param candidateCredentials the request-derived candidate credential(s) containing the validation key for the
 *            signature (optional)
 * @return true if signature can be verified successfully, false otherwise
 * 
 * @throws SecurityPolicyException thrown if there are errors during the signature validation process
 * 
 */
protected boolean validateSignature(byte[] signature, byte[] signedContent, String algorithmURI,
        CriteriaSet criteriaSet, List<Credential> candidateCredentials) throws SecurityPolicyException {

    SignatureTrustEngine engine = getTrustEngine();

    // Some bindings allow candidate signing credentials to be supplied (e.g. via ds:KeyInfo), some do not.
    // So have 2 slightly different cases.
    try {
        if (candidateCredentials == null || candidateCredentials.isEmpty()) {
            if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, null)) {
                log.debug("Simple signature validation (with no request-derived credentials) was successful");
                return true;
            } else {
                log.warn("Simple signature validation (with no request-derived credentials) failed");
                return false;
            }
        } else {
            for (Credential cred : candidateCredentials) {
                if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, cred)) {
                    log.debug("Simple signature validation succeeded with a request-derived credential");
                    return true;
                }
            }
            log.warn("Signature validation using request-derived credentials failed");
            return false;
        }
    } catch (SecurityException e) {
        log.warn("There was an error evaluating the request's simple signature using the trust engine", e);
        throw new SecurityPolicyException("Error during trust engine evaluation of the simple signature", e);
    }
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:47,代码来源:BaseSAMLSimpleSignatureSecurityPolicyRule.java

示例8: SignatureValidationFilter

import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/**
 * Constructor.
 * 
 * @param engine the trust engine used to validate signatures on incoming metadata.
 */
public SignatureValidationFilter(SignatureTrustEngine engine) {
    if (engine == null) {
        throw new IllegalArgumentException("Signature trust engine may not be null");
    }

    signatureTrustEngine = engine;
    sigValidator = new SAMLSignatureProfileValidator();
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:14,代码来源:SignatureValidationFilter.java

示例9: validateSignature

import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/**
 * Validate the simple signature.
 * 
 * @param signature the signature value
 * @param signedContent the content that was signed
 * @param algorithmURI the signature algorithm URI which was used to sign the content
 * @param criteriaSet criteria used to describe and/or resolve the information which serves as the basis for trust
 *            evaluation
 * @param candidateCredentials the request-derived candidate credential(s) containing the validation key for the
 *            signature (optional)
 * @return true if signature can be verified successfully, false otherwise
 * 
 * @throws SecurityPolicyException thrown if there are errors during the signature validation process
 * 
 */
protected boolean validateSignature(byte[] signature, byte[] signedContent, String algorithmURI,
        CriteriaSet criteriaSet, List<Credential> candidateCredentials) throws SecurityPolicyException {

    SignatureTrustEngine engine = getTrustEngine();

    // Some bindings allow candidate signing credentials to be supplied (e.g. via ds:KeyInfo), some do not.
    // So have 2 slightly different cases.
    try {
        if (candidateCredentials == null || candidateCredentials.isEmpty()) {
            if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, null)) {
                log.debug("Simple signature validation (with no request-derived credentials) was successful");
                return true;
            } else {
                log.error("Simple signature validation (with no request-derived credentials) failed");
                return false;
            }
        } else {
            for (Credential cred : candidateCredentials) {
                if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, cred)) {
                    log.debug("Simple signature validation succeeded with a request-derived credential");
                    return true;
                }
            }
            log.error("Signature validation using request-derived credentials failed");
            return false;
        }
    } catch (SecurityException e) {
        log.error("There was an error evaluating the request's simple signature using the trust engine", e);
        throw new SecurityPolicyException("Error during trust engine evaluation of the simple signature", e);
    }
}
 
开发者ID:apigee,项目名称:java-opensaml2,代码行数:47,代码来源:BaseSAMLSimpleSignatureSecurityPolicyRule.java

示例10: validateSignature

import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/**
 * Validate the simple signature.
 *
 * @param signature the signature value
 * @param signedContent the content that was signed
 * @param algorithmURI the signature algorithm URI which was used to sign the content
 * @param criteriaSet criteria used to describe and/or resolve the information which serves as the basis for trust
 *            evaluation
 * @param candidateCredentials the request-derived candidate credential(s) containing the validation key for the
 *            signature (optional)
 * @return true if signature can be verified successfully, false otherwise
 *
 * @throws SecurityPolicyException thrown if there are errors during the signature validation process
 *
 */
protected boolean validateSignature(byte[] signature, byte[] signedContent, String algorithmURI,
                                    CriteriaSet criteriaSet, List<Credential> candidateCredentials) throws SecurityPolicyException {

    SignatureTrustEngine engine = getTrustEngine();

    // Some bindings allow candidate signing credentials to be supplied (e.g. via ds:KeyInfo), some do not.
    // So have 2 slightly different cases.
    try {
        if (candidateCredentials == null || candidateCredentials.isEmpty()) {
            if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, null)) {
                log.debug("Simple signature validation (with no request-derived credentials) was successful");
                return true;
            } else {
                log.warn("Simple signature validation (with no request-derived credentials) failed");
                return false;
            }
        } else {
            for (Credential cred : candidateCredentials) {
                if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, cred)) {
                    log.debug("Simple signature validation succeeded with a request-derived credential");
                    return true;
                }
            }
            log.warn("Signature validation using request-derived credentials failed");
            return false;
        }
    } catch (org.opensaml.xml.security.SecurityException e) {
        log.warn("There was an error evaluating the request's simple signature using the trust engine", e);
        throw new SecurityPolicyException("Error during trust engine evaluation of the simple signature", e);
    }
}
 
开发者ID:brainysmith,项目名称:idp-play-bridge,代码行数:47,代码来源:BaseSAMLSimpleSignatureSecurityPolicyRuleExtended.java

示例11: ChainingSignatureTrustEngine

import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/** Constructor. */
public ChainingSignatureTrustEngine() {
    engines = new ArrayList<SignatureTrustEngine>();
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:5,代码来源:ChainingSignatureTrustEngine.java

示例12: SAMLResponseValidator

import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
public SAMLResponseValidator(SignatureTrustEngine trustEngine, Decrypter decrypter, String callbackUrl) {
    this.trustEngine = trustEngine;
    this.decrypter = decrypter;
    this.callbackUrl = callbackUrl;
}
 
开发者ID:milinda,项目名称:play-samlsso,代码行数:6,代码来源:SAMLResponseValidator.java

示例13: SAML2HTTPRedirectDeflateSignatureRuleExtended

import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
public SAML2HTTPRedirectDeflateSignatureRuleExtended(SignatureTrustEngine engine) {
    super(engine);
}
 
开发者ID:brainysmith,项目名称:idp-play-bridge,代码行数:4,代码来源:SAML2HTTPRedirectDeflateSignatureRuleExtended.java

示例14: getSignatureTrustEngine

import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
@Override
public SignatureTrustEngine getSignatureTrustEngine() {
	return this.signatureTrustEngine;
}
 
开发者ID:mxbossard,项目名称:java-saml2-sp,代码行数:5,代码来源:BasicIdpConfig.java

示例15: SAML2HTTPPostSimpleSignRule

import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/**
 * Constructor.
 * 
 * @param engine the trust engine to use
 * @param parserPool the parser pool used to parse the KeyInfo request parameter
 * @param keyInfoCredResolver the KeyInfo credential resovler to use to extract credentials from the KeyInfo request
 *            parameter
 */
public SAML2HTTPPostSimpleSignRule(SignatureTrustEngine engine, ParserPool parserPool,
        KeyInfoCredentialResolver keyInfoCredResolver) {
    super(engine);
    parser = parserPool;
    keyInfoResolver = keyInfoCredResolver;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:15,代码来源:SAML2HTTPPostSimpleSignRule.java


注:本文中的org.opensaml.xml.signature.SignatureTrustEngine类示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。