本文整理汇总了Java中net.shibboleth.utilities.java.support.resolver.CriteriaSet.add方法的典型用法代码示例。如果您正苦于以下问题:Java CriteriaSet.add方法的具体用法?Java CriteriaSet.add怎么用?Java CriteriaSet.add使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类net.shibboleth.utilities.java.support.resolver.CriteriaSet的用法示例。
在下文中一共展示了CriteriaSet.add方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: buildSignatureSigningParameters
import net.shibboleth.utilities.java.support.resolver.CriteriaSet; //导入方法依赖的package包/类
/**
* Build signature signing parameters signature signing parameters.
*
* @param descriptor the descriptor
* @return the signature signing parameters
* @throws SAMLException the saml exception
*/
protected SignatureSigningParameters buildSignatureSigningParameters(final RoleDescriptor descriptor) throws SAMLException {
try {
final CriteriaSet criteria = new CriteriaSet();
criteria.add(new SignatureSigningConfigurationCriterion(getSignatureSigningConfiguration()));
criteria.add(new RoleDescriptorCriterion(descriptor));
final SAMLMetadataSignatureSigningParametersResolver resolver = new SAMLMetadataSignatureSigningParametersResolver();
LOGGER.debug("Resolving signature signing parameters for [{}]", descriptor.getElementQName().getLocalPart());
final SignatureSigningParameters params = resolver.resolveSingle(criteria);
if (params == null) {
throw new SAMLException("No signature signing parameter is available");
}
LOGGER.debug("Created signature signing parameters."
+ "\nSignature algorithm: [{}]"
+ "\nSignature canonicalization algorithm: [{}]"
+ "\nSignature reference digest methods: [{}]",
params.getSignatureAlgorithm(), params.getSignatureCanonicalizationAlgorithm(),
params.getSignatureReferenceDigestMethod());
return params;
} catch (final Exception e) {
throw new SAMLException(e.getMessage(), e);
}
}
示例2: getSigningCredential
import net.shibboleth.utilities.java.support.resolver.CriteriaSet; //导入方法依赖的package包/类
private Credential getSigningCredential(final RoleDescriptorResolver resolver, final RequestAbstractType profileRequest) {
try {
final MetadataCredentialResolver kekCredentialResolver = new MetadataCredentialResolver();
final SignatureValidationConfiguration config = getSignatureValidationConfiguration();
kekCredentialResolver.setRoleDescriptorResolver(resolver);
kekCredentialResolver.setKeyInfoCredentialResolver(
DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver());
kekCredentialResolver.initialize();
final CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new SignatureValidationConfigurationCriterion(config));
criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
buildEntityCriteriaForSigningCredential(profileRequest, criteriaSet);
return kekCredentialResolver.resolveSingle(criteriaSet);
} catch (final Exception e) {
throw Throwables.propagate(e);
}
}
示例3: get
import net.shibboleth.utilities.java.support.resolver.CriteriaSet; //导入方法依赖的package包/类
private static Optional<SamlRegisteredServiceServiceProviderMetadataFacade> get(final SamlRegisteredServiceCachingMetadataResolver resolver,
final SamlRegisteredService registeredService,
final String entityID,
final CriteriaSet criterions) {
LOGGER.info("Adapting SAML metadata for CAS service [{}] issued by [{}]",
registeredService.getName(), entityID);
try {
criterions.add(new BindingCriterion(Collections.singletonList(SAMLConstants.SAML2_POST_BINDING_URI)));
criterions.add(new EntityIdCriterion(entityID));
LOGGER.info("Locating metadata for entityID [{}] with binding [{}] by attempting to run through the metadata chain...",
entityID, SAMLConstants.SAML2_POST_BINDING_URI);
final ChainingMetadataResolver chainingMetadataResolver = resolver.resolve(registeredService);
LOGGER.info("Resolved metadata chain for service [{}]. Filtering the chain by entity ID [{}] and binding [{}]",
registeredService.getServiceId(), entityID, SAMLConstants.SAML2_POST_BINDING_URI);
final EntityDescriptor entityDescriptor = chainingMetadataResolver.resolveSingle(criterions);
if (entityDescriptor == null) {
LOGGER.debug("Cannot find entity [{}] in metadata provider.", entityID);
return Optional.empty();
}
LOGGER.debug("Located EntityDescriptor in metadata for [{}]", entityID);
final SPSSODescriptor ssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
if (ssoDescriptor != null) {
LOGGER.debug("Located SPSSODescriptor in metadata for [{}]. Metadata is valid until [{}]",
entityID, ssoDescriptor.getValidUntil());
return Optional.of(new SamlRegisteredServiceServiceProviderMetadataFacade(ssoDescriptor, entityDescriptor, chainingMetadataResolver));
}
LOGGER.warn("Could not locate SPSSODescriptor in the metadata for [{}]", entityID);
return Optional.empty();
} catch (final Exception e) {
throw new RuntimeException(e.getMessage(), e);
}
}
示例4: addContext
import net.shibboleth.utilities.java.support.resolver.CriteriaSet; //导入方法依赖的package包/类
protected final void addContext(final SAML2MetadataResolver entityId, final BaseContext parentContext,
final QName elementName) {
final EntityDescriptor entityDescriptor;
final RoleDescriptor roleDescriptor;
try {
final CriteriaSet set = new CriteriaSet();
set.add(new EntityIdCriterion(entityId.getEntityId()));
entityDescriptor = this.metadata.resolveSingle(set);
if (entityDescriptor == null) {
throw new SAMLException("Cannot find entity " + entityId + " in metadata provider");
}
final List<RoleDescriptor> list = entityDescriptor.getRoleDescriptors(elementName,
SAMLConstants.SAML20P_NS);
roleDescriptor = CommonHelper.isNotEmpty(list) ? list.get(0) : null;
if (roleDescriptor == null) {
throw new SAMLException("Cannot find entity " + entityId + " or role "
+ elementName + " in metadata provider");
}
} catch (final ResolverException e) {
throw new SAMLException("An error occured while getting IDP descriptors", e);
}
final SAMLMetadataContext mdCtx = parentContext.getSubcontext(SAMLMetadataContext.class, true);
mdCtx.setEntityDescriptor(entityDescriptor);
mdCtx.setRoleDescriptor(roleDescriptor);
}
示例5: build
import net.shibboleth.utilities.java.support.resolver.CriteriaSet; //导入方法依赖的package包/类
@Override
public SignatureSigningParameters build(final SSODescriptor descriptor) {
try {
final CriteriaSet criteria = new CriteriaSet();
criteria.add(new SignatureSigningConfigurationCriterion(
getSignatureSigningConfiguration()));
criteria.add(new RoleDescriptorCriterion(descriptor));
final SAMLMetadataSignatureSigningParametersResolver resolver =
new SAMLMetadataSignatureSigningParametersResolver();
final SignatureSigningParameters params = resolver.resolveSingle(criteria);
augmentSignatureSigningParameters(params);
if (params == null) {
throw new SAMLException("Could not determine the signature parameters");
}
logger.info("Created signature signing parameters." +
"\nSignature algorithm: {}" +
"\nSignature canonicalization algorithm: {}" +
"\nSignature reference digest methods: {}",
params.getSignatureAlgorithm(), params.getSignatureCanonicalizationAlgorithm(),
params.getSignatureReferenceDigestMethod());
return params;
} catch (final Exception e) {
throw new SAMLException(e);
}
}
示例6: getCredential
import net.shibboleth.utilities.java.support.resolver.CriteriaSet; //导入方法依赖的package包/类
@Override
public final Credential getCredential() {
try {
final CriteriaSet cs = new CriteriaSet();
final EntityIdCriterion criteria = new EntityIdCriterion(this.privateKey);
cs.add(criteria);
final X509Credential creds = (X509Credential) this.credentialResolver.resolveSingle(cs);
return creds;
} catch (final ResolverException e) {
throw new SAMLException("Can't obtain SP private key", e);
}
}
示例7: initializeCriteria
import net.shibboleth.utilities.java.support.resolver.CriteriaSet; //导入方法依赖的package包/类
protected CriteriaSet initializeCriteria() {
final CriteriaSet criteria = new CriteriaSet();
criteria.add(new ClientIDCriterion(new ClientID(clientIdValue)));
return criteria;
}
开发者ID:CSCfi,项目名称:shibboleth-idp-oidc-extension,代码行数:6,代码来源:StorageServiceClientInformationManagerTest.java
示例8: getKeyEncryptionCredential
import net.shibboleth.utilities.java.support.resolver.CriteriaSet; //导入方法依赖的package包/类
/**
* Gets key encryption credential.
*
* @param peerEntityId the peer entity id
* @param adaptor the adaptor
* @param service the service
* @return the key encryption credential
* @throws Exception the exception
*/
protected Credential getKeyEncryptionCredential(final String peerEntityId,
final SamlRegisteredServiceServiceProviderMetadataFacade adaptor,
final SamlRegisteredService service) throws Exception {
final SamlIdPProperties idp = casProperties.getAuthn().getSamlIdp();
final BasicEncryptionConfiguration config =
DefaultSecurityConfigurationBootstrap.buildDefaultEncryptionConfiguration();
if (this.overrideBlackListedEncryptionAlgorithms != null && !this.overrideBlackListedEncryptionAlgorithms.isEmpty()) {
config.setBlacklistedAlgorithms(this.overrideBlackListedEncryptionAlgorithms);
}
if (this.overrideWhiteListedAlgorithms != null && !this.overrideWhiteListedAlgorithms.isEmpty()) {
config.setWhitelistedAlgorithms(this.overrideWhiteListedAlgorithms);
}
if (this.overrideDataEncryptionAlgorithms != null && !this.overrideDataEncryptionAlgorithms.isEmpty()) {
config.setDataEncryptionAlgorithms(this.overrideDataEncryptionAlgorithms);
}
if (this.overrideKeyEncryptionAlgorithms != null && !this.overrideKeyEncryptionAlgorithms.isEmpty()) {
config.setKeyTransportEncryptionAlgorithms(this.overrideKeyEncryptionAlgorithms);
}
LOGGER.debug("Encryption blacklisted algorithms: [{}]", config.getBlacklistedAlgorithms());
LOGGER.debug("Encryption key algorithms: [{}]", config.getKeyTransportEncryptionAlgorithms());
LOGGER.debug("Signature data algorithms: [{}]", config.getDataEncryptionAlgorithms());
LOGGER.debug("Encryption whitelisted algorithms: [{}]", config.getWhitelistedAlgorithms());
final MetadataCredentialResolver kekCredentialResolver = new MetadataCredentialResolver();
final List<KeyInfoProvider> providers = new ArrayList<>();
providers.add(new RSAKeyValueProvider());
providers.add(new DSAKeyValueProvider());
providers.add(new InlineX509DataProvider());
providers.add(new DEREncodedKeyValueProvider());
providers.add(new KeyInfoReferenceProvider());
final BasicProviderKeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(providers);
kekCredentialResolver.setKeyInfoCredentialResolver(keyInfoResolver);
final PredicateRoleDescriptorResolver roleDescriptorResolver = new PredicateRoleDescriptorResolver(adaptor.getMetadataResolver());
roleDescriptorResolver.setSatisfyAnyPredicates(true);
roleDescriptorResolver.setUseDefaultPredicateRegistry(true);
roleDescriptorResolver.setRequireValidMetadata(idp.getMetadata().isRequireValidMetadata());
roleDescriptorResolver.initialize();
kekCredentialResolver.setRoleDescriptorResolver(roleDescriptorResolver);
kekCredentialResolver.initialize();
final CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new EncryptionConfigurationCriterion(config));
criteriaSet.add(new EntityIdCriterion(peerEntityId));
criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION));
LOGGER.debug("Attempting to resolve the encryption key for entity id [{}]", peerEntityId);
return kekCredentialResolver.resolveSingle(criteriaSet);
}
示例9: buildEntityCriteriaForSigningCredential
import net.shibboleth.utilities.java.support.resolver.CriteriaSet; //导入方法依赖的package包/类
@Override
protected void buildEntityCriteriaForSigningCredential(final RequestAbstractType profileRequest, final CriteriaSet criteriaSet) {
criteriaSet.add(new EntityIdCriterion(casSamlIdPMetadataResolver.getId()));
criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
}
示例10: getAssertionConsumerServiceFor
import net.shibboleth.utilities.java.support.resolver.CriteriaSet; //导入方法依赖的package包/类
/**
* Gets assertion consumer service for.
*
* @param authnRequest the authn request
* @param servicesManager the services manager
* @param resolver the resolver
* @return the assertion consumer service for
*/
public static AssertionConsumerService getAssertionConsumerServiceFor(final AuthnRequest authnRequest,
final ServicesManager servicesManager,
final SamlRegisteredServiceCachingMetadataResolver resolver) {
try {
final AssertionConsumerService acs = new AssertionConsumerServiceBuilder().buildObject();
if (authnRequest.getAssertionConsumerServiceIndex() != null) {
final String issuer = getIssuerFromSamlRequest(authnRequest);
final MetadataResolver samlResolver = getMetadataResolverForAllSamlServices(servicesManager, issuer, resolver);
final CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new EntityIdCriterion(issuer));
criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
criteriaSet.add(new BindingCriterion(Arrays.asList(SAMLConstants.SAML2_POST_BINDING_URI)));
final Iterable<EntityDescriptor> it = samlResolver.resolve(criteriaSet);
it.forEach(entityDescriptor -> {
final SPSSODescriptor spssoDescriptor = entityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
final List<AssertionConsumerService> acsEndpoints = spssoDescriptor.getAssertionConsumerServices();
if (acsEndpoints.isEmpty()) {
throw new RuntimeException("Metadata resolved for entity id " + issuer + " has no defined ACS endpoints");
}
final int acsIndex = authnRequest.getAssertionConsumerServiceIndex();
if (acsIndex + 1 > acsEndpoints.size()) {
throw new RuntimeException("AssertionConsumerService index specified in the request " + acsIndex + " is invalid "
+ "since the total endpoints available to " + issuer + " is " + acsEndpoints.size());
}
final AssertionConsumerService foundAcs = acsEndpoints.get(acsIndex);
acs.setBinding(foundAcs.getBinding());
acs.setLocation(foundAcs.getLocation());
acs.setResponseLocation(foundAcs.getResponseLocation());
acs.setIndex(acsIndex);
});
} else {
acs.setBinding(authnRequest.getProtocolBinding());
acs.setLocation(authnRequest.getAssertionConsumerServiceURL());
acs.setResponseLocation(authnRequest.getAssertionConsumerServiceURL());
acs.setIndex(0);
acs.setIsDefault(Boolean.TRUE);
}
LOGGER.debug("Resolved AssertionConsumerService from the request is [{}]", acs);
if (StringUtils.isBlank(acs.getBinding())) {
throw new SamlException("AssertionConsumerService has no protocol binding defined");
}
if (StringUtils.isBlank(acs.getLocation()) && StringUtils.isBlank(acs.getResponseLocation())) {
throw new SamlException("AssertionConsumerService has no location or response location defined");
}
return acs;
} catch (final Exception e) {
throw new RuntimeException(new SamlException(e.getMessage(), e));
}
}
示例11: buildEntityCriteriaForSigningCredential
import net.shibboleth.utilities.java.support.resolver.CriteriaSet; //导入方法依赖的package包/类
/**
* Build entity criteria for signing credential.
*
* @param profileRequest the profile request
* @param criteriaSet the criteria set
*/
protected void buildEntityCriteriaForSigningCredential(final RequestAbstractType profileRequest, final CriteriaSet criteriaSet) {
criteriaSet.add(new EntityIdCriterion(SamlIdPUtils.getIssuerFromSamlRequest(profileRequest)));
criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
}