本文整理汇总了Java中org.opensaml.xml.security.CriteriaSet.add方法的典型用法代码示例。如果您正苦于以下问题:Java CriteriaSet.add方法的具体用法?Java CriteriaSet.add怎么用?Java CriteriaSet.add使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.opensaml.xml.security.CriteriaSet的用法示例。
在下文中一共展示了CriteriaSet.add方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: buildCriteriaSet
import org.opensaml.xml.security.CriteriaSet; //导入方法依赖的package包/类
/** {@inheritDoc} */
protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext)
throws SecurityPolicyException {
if (!(messageContext instanceof SAMLMessageContext)) {
log.error("Supplied message context was not an instance of SAMLMessageContext, can not build criteria set from SAML metadata parameters");
throw new SecurityPolicyException("Supplied message context was not an instance of SAMLMessageContext");
}
SAMLMessageContext samlContext = (SAMLMessageContext) messageContext;
CriteriaSet criteriaSet = new CriteriaSet();
if (! DatatypeHelper.isEmpty(entityID)) {
criteriaSet.add(new EntityIDCriteria(entityID) );
}
MetadataCriteria mdCriteria =
new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext.getInboundSAMLProtocol());
criteriaSet.add(mdCriteria);
criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
return criteriaSet;
}
示例2: buildCriteriaSet
import org.opensaml.xml.security.CriteriaSet; //导入方法依赖的package包/类
/**
* Build a criteria set suitable for input to the trust engine.
*
* @param entityID the candidate issuer entity ID which is being evaluated
* @param samlContext the message context which is being evaluated
* @return a newly constructly set of criteria suitable for the configured trust engine
* @throws SecurityPolicyException thrown if criteria set can not be constructed
*/
protected CriteriaSet buildCriteriaSet(String entityID, SAMLMessageContext samlContext)
throws SecurityPolicyException {
CriteriaSet criteriaSet = new CriteriaSet();
if (!DatatypeHelper.isEmpty(entityID)) {
criteriaSet.add(new EntityIDCriteria(entityID));
}
MetadataCriteria mdCriteria = new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext
.getInboundSAMLProtocol());
criteriaSet.add(mdCriteria);
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
return criteriaSet;
}
示例3: buildCriteriaSet
import org.opensaml.xml.security.CriteriaSet; //导入方法依赖的package包/类
/** {@inheritDoc} */
protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext)
throws SecurityPolicyException {
if (!(messageContext instanceof SAMLMessageContext)) {
log.error("Supplied message context was not an instance of SAMLMessageContext, can not build criteria set from SAML metadata parameters");
throw new SecurityPolicyException("Supplied message context was not an instance of SAMLMessageContext");
}
SAMLMessageContext samlContext = (SAMLMessageContext) messageContext;
CriteriaSet criteriaSet = super.buildCriteriaSet(entityID, messageContext);
MetadataCriteria mdCriteria =
new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext.getInboundSAMLProtocol());
criteriaSet.add(mdCriteria);
return criteriaSet;
}
示例4: buildCriteriaSet
import org.opensaml.xml.security.CriteriaSet; //导入方法依赖的package包/类
/**
* Build the criteria set which will be used as input to the configured trust engine.
*
* @param signedMetadata the metadata element whose signature is being verified
* @param metadataEntryName the EntityDescriptor entityID or EntitiesDescriptor Name
* of the signature being evaluated
* @param isEntityGroup flag indicating whether the signed object is a metadata group (EntitiesDescriptor)
* @return the newly constructed criteria set
*/
protected CriteriaSet buildCriteriaSet(SignableXMLObject signedMetadata,
String metadataEntryName, boolean isEntityGroup) {
CriteriaSet newCriteriaSet = new CriteriaSet();
if (getDefaultCriteria() != null) {
newCriteriaSet.addAll( getDefaultCriteria() );
}
//TODO how to handle adding dynamic entity ID (or other) criteria (if at all?),
if (!newCriteriaSet.contains(UsageCriteria.class)) {
newCriteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
}
return newCriteriaSet;
}
示例5: buildCriteriaSet
import org.opensaml.xml.security.CriteriaSet; //导入方法依赖的package包/类
/** {@inheritDoc} */
protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext)
throws SecurityPolicyException {
CriteriaSet criteriaSet = new CriteriaSet();
if (!DatatypeHelper.isEmpty(entityID)) {
criteriaSet.add(new EntityIDCriteria(entityID));
}
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
return criteriaSet;
}
示例6: validate
import org.opensaml.xml.security.CriteriaSet; //导入方法依赖的package包/类
/** {@inheritDoc} */
public boolean validate(Signature signature, CriteriaSet trustBasisCriteria) throws SecurityException {
checkParams(signature, trustBasisCriteria);
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.addAll(trustBasisCriteria);
if (!criteriaSet.contains(UsageCriteria.class)) {
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
}
String jcaAlgorithm = SecurityHelper.getKeyAlgorithmFromURI(signature.getSignatureAlgorithm());
if (!DatatypeHelper.isEmpty(jcaAlgorithm)) {
criteriaSet.add(new KeyAlgorithmCriteria(jcaAlgorithm), true);
}
Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(criteriaSet);
if (validate(signature, trustedCredentials)) {
return true;
}
// If the credentials extracted from Signature's KeyInfo (if any) did not verify the
// signature and/or establish trust, as a fall back attempt to verify the signature with
// the trusted credentials directly.
log.debug("Attempting to verify signature using trusted credentials");
for (Credential trustedCredential : trustedCredentials) {
if (verifySignature(signature, trustedCredential)) {
log.debug("Successfully verified signature using resolved trusted credential");
return true;
}
}
log.debug("Failed to verify signature using either KeyInfo-derived or directly trusted credentials");
return false;
}
示例7: buildCredentialCriteria
import org.opensaml.xml.security.CriteriaSet; //导入方法依赖的package包/类
/**
* Utility method to build a new set of credential criteria based on the KeyInfo of an EncryptedData or
* EncryptedKey, and any additional static criteria which might have been supplied to the decrypter.
*
* @param encryptedType an EncryptedData or EncryptedKey for which to resolve decryption credentials
* @param staticCriteria static set of credential criteria to add to the new criteria set
* @return the new credential criteria set
*/
private CriteriaSet buildCredentialCriteria(EncryptedType encryptedType, CriteriaSet staticCriteria) {
CriteriaSet newCriteriaSet = new CriteriaSet();
// This is the main criteria based on the encrypted type's KeyInfo
newCriteriaSet.add(new KeyInfoCriteria(encryptedType.getKeyInfo()));
// Also attemtpt to dynamically construct key criteria based on information
// in the encrypted object
Set<Criteria> keyCriteria = buildKeyCriteria(encryptedType);
if (keyCriteria != null && !keyCriteria.isEmpty()) {
newCriteriaSet.addAll(keyCriteria);
}
// Add any static criteria which may have been supplied to the decrypter
if (staticCriteria != null && !staticCriteria.isEmpty()) {
newCriteriaSet.addAll(staticCriteria);
}
// If don't have a usage criteria yet from static criteria, add encryption usage
if (!newCriteriaSet.contains(UsageCriteria.class)) {
newCriteriaSet.add(new UsageCriteria(UsageType.ENCRYPTION));
}
return newCriteriaSet;
}
示例8: buildCriteriaSet
import org.opensaml.xml.security.CriteriaSet; //导入方法依赖的package包/类
/**
* Build the criteria set which will be used as input to the configured trust engine.
*
* @param signedMetadata the metadata element whose signature is being verified
* @param metadataEntryName the EntityDescriptor entityID, EntitiesDescriptor Name,
* AffiliationDescriptor affiliationOwnerID,
* or RoleDescriptor {@link #getRoleIDToken(String, RoleDescriptor)}
* corresponding to the element whose signature is being evaluated.
* This is used exclusively for logging/debugging purposes and
* should not be used operationally (e.g. for building the criteria set).
* @param isEntityGroup flag indicating whether the signed object is a metadata group (EntitiesDescriptor)
* @return the newly constructed criteria set
*/
protected CriteriaSet buildCriteriaSet(SignableXMLObject signedMetadata,
String metadataEntryName, boolean isEntityGroup) {
CriteriaSet newCriteriaSet = new CriteriaSet();
if (getDefaultCriteria() != null) {
newCriteriaSet.addAll( getDefaultCriteria() );
}
if (!newCriteriaSet.contains(UsageCriteria.class)) {
newCriteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
}
// TODO how to handle adding dynamic entity ID and/or other criteria for trust engine consumption?
//
// Have 4 signed metadata types:
// 1) EntitiesDescriptor
// 2) EntityDescriptor
// 3) RoleDescriptor
// 4) AffiliationDescriptor
//
// Logic will likely vary for how to specify criteria to trust engine for different types + specific use cases,
// e.g. for federation metadata publishers of EntitiesDescriptors vs. "self-signed" EntityDescriptors.
// May need to delegate to more specialized subclasses.
return newCriteriaSet;
}
示例9: buildCriteriaSet
import org.opensaml.xml.security.CriteriaSet; //导入方法依赖的package包/类
/**
* Build a criteria set suitable for input to the trust engine.
*
* @param issuer
* @return
* @throws SecurityPolicyException
*/
private static CriteriaSet buildCriteriaSet(String issuer) {
CriteriaSet criteriaSet = new CriteriaSet();
if (!DatatypeHelper.isEmpty(issuer)) {
criteriaSet.add(new EntityIDCriteria(issuer));
}
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
return criteriaSet;
}
示例10: setUp
import org.opensaml.xml.security.CriteriaSet; //导入方法依赖的package包/类
/** {@inheritDoc} */
protected void setUp() throws Exception {
super.setUp();
idpRSAPubKey = SecurityTestHelper.buildJavaRSAPublicKey(idpRSAPubKeyBase64);
idpDSACert = SecurityTestHelper.buildJavaX509Cert(idpDSACertBase64);
idpRSACert = SecurityTestHelper.buildJavaX509Cert(idpRSACertBase64);
keyAuthorityCert = SecurityTestHelper.buildJavaX509Cert(keyAuthorityCertBase64);
Document mdDoc = parser.parse(MetadataCredentialResolverTest.class.getResourceAsStream(mdFileName));
mdProvider = new DOMMetadataProvider(mdDoc.getDocumentElement());
mdProvider.initialize();
//For testing, use default KeyInfo resolver from global security config, per metadata resolver constructor
origGlobalSecurityConfig = Configuration.getGlobalSecurityConfiguration();
BasicSecurityConfiguration newSecConfig = new BasicSecurityConfiguration();
newSecConfig.setDefaultKeyInfoCredentialResolver( SecurityTestHelper.buildBasicInlineKeyInfoResolver() );
Configuration.setGlobalSecurityConfiguration(newSecConfig);
mdResolver = new MetadataCredentialResolver(mdProvider);
entityCriteria = new EntityIDCriteria(idpEntityID);
// by default set protocol to null
mdCriteria = new MetadataCriteria(idpRole, null);
criteriaSet = new CriteriaSet();
criteriaSet.add(entityCriteria);
criteriaSet.add(mdCriteria);
}
示例11: validateToken
import org.opensaml.xml.security.CriteriaSet; //导入方法依赖的package包/类
private static boolean validateToken(SignableSAMLObject samlToken)
throws SecurityException, ValidationException,
ConfigurationException, UnmarshallingException,
CertificateException, KeyException {
samlToken.validate(true);
Signature signature = samlToken.getSignature();
KeyInfo keyInfo = signature.getKeyInfo();
X509Certificate pubKey = (X509Certificate) KeyInfoHelper
.getCertificates(keyInfo).get(0);
BasicX509Credential cred = new BasicX509Credential();
cred.setEntityCertificate(pubKey);
cred.setEntityId("signing-entity-ID");
ArrayList<Credential> trustedCredentials = new ArrayList<Credential>();
trustedCredentials.add(cred);
CollectionCredentialResolver credResolver = new CollectionCredentialResolver(
trustedCredentials);
KeyInfoCredentialResolver kiResolver = SecurityTestHelper
.buildBasicInlineKeyInfoResolver();
ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(
credResolver, kiResolver);
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new EntityIDCriteria("signing-entity-ID"));
return engine.validate(signature, criteriaSet);
}
示例12: getSpCredentials
import org.opensaml.xml.security.CriteriaSet; //导入方法依赖的package包/类
public static Credential getSpCredentials() throws SecurityException {
MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory.getFactory();
MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(spMetaDataProvider);
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));
criteriaSet.add(new EntityIDCriteria(MockIDPProperties.getSpEntityId()));
return credentialResolver.resolveSingle(criteriaSet);
}
示例13: process
import org.opensaml.xml.security.CriteriaSet; //导入方法依赖的package包/类
/** {@inheritDoc} */
public Collection<Credential> process(KeyInfoCredentialResolver resolver, XMLObject keyInfoChild,
CriteriaSet criteriaSet, KeyInfoResolutionContext kiContext) throws SecurityException {
KeyInfoReference ref = getKeyInfoReference(keyInfoChild);
if (ref == null) {
return null;
}
log.debug("Attempting to follow same-document KeyInfoReference");
XMLObject target = ref.resolveIDFromRoot(ref.getURI().substring(1));
if (target == null) {
log.warn("KeyInfoReference URI could not be dereferenced");
return null;
} else if (!(target instanceof KeyInfo)) {
log.warn("The product of dereferencing the KeyInfoReference was not a KeyInfo");
return null;
} else if (!((KeyInfo) target).getXMLObjects(KeyInfoReference.DEFAULT_ELEMENT_NAME).isEmpty()) {
log.warn("The dereferenced KeyInfo contained a KeyInfoReference, cannot process");
return null;
}
log.debug("Recursively processing KeyInfoReference referent");
// Copy the existing CriteriaSet, excluding the KeyInfoCriteria, which is reset to the target.
CriteriaSet newCriteria = new CriteriaSet();
newCriteria.add(new KeyInfoCriteria((KeyInfo) target));
for (Criteria crit : criteriaSet) {
if (!(crit instanceof KeyInfoCriteria)) {
newCriteria.add(crit);
}
}
// Resolve the new target and copy the results into a collection to return.
Iterable<Credential> creds = resolver.resolve(newCriteria);
if (creds != null) {
Collection<Credential> result = new ArrayList<Credential>();
for (Credential c : creds) {
result.add(c);
}
return result;
}
return null;
}
示例14: retrieveFromMetadata
import org.opensaml.xml.security.CriteriaSet; //导入方法依赖的package包/类
/**
* Retrieves credentials from the provided metadata.
*
* @param entityID entityID of the credential owner
* @param role role in which the entity is operating
* @param protocol protocol over which the entity is operating (may be null)
* @param usage intended usage of resolved credentials
*
* @return the resolved credentials or null
*
* @throws SecurityException thrown if the key, certificate, or CRL information is represented in an unsupported
* format
*/
protected Collection<Credential> retrieveFromMetadata(String entityID, QName role, String protocol, UsageType usage)
throws SecurityException {
log.debug("Attempting to retrieve credentials from metadata for entity: {}", entityID);
Collection<Credential> credentials = new HashSet<Credential>(3);
List<RoleDescriptor> roleDescriptors = getRoleDescriptors(entityID, role, protocol);
if(roleDescriptors == null || roleDescriptors.isEmpty()){
return credentials;
}
for (RoleDescriptor roleDescriptor : roleDescriptors) {
List<KeyDescriptor> keyDescriptors = roleDescriptor.getKeyDescriptors();
if(keyDescriptors == null || keyDescriptors.isEmpty()){
return credentials;
}
for (KeyDescriptor keyDescriptor : keyDescriptors) {
UsageType mdUsage = keyDescriptor.getUse();
if (mdUsage == null) {
mdUsage = UsageType.UNSPECIFIED;
}
if (matchUsage(mdUsage, usage)) {
if (keyDescriptor.getKeyInfo() != null) {
CriteriaSet critSet = new CriteriaSet();
critSet.add(new KeyInfoCriteria(keyDescriptor.getKeyInfo()));
Iterable<Credential> creds = getKeyInfoCredentialResolver().resolve(critSet);
if(credentials == null){
continue;
}
for (Credential cred : creds) {
if (cred instanceof BasicCredential) {
BasicCredential basicCred = (BasicCredential) cred;
basicCred.setEntityId(entityID);
basicCred.setUsageType(mdUsage);
basicCred.getCredentalContextSet().add(new SAMLMDCredentialContext(keyDescriptor));
}
credentials.add(cred);
}
}
}
}
}
return credentials;
}
示例15: retrieveFromMetadata
import org.opensaml.xml.security.CriteriaSet; //导入方法依赖的package包/类
/**
* Retrieves credentials from the provided metadata.
*
* @param entityID entityID of the credential owner
* @param role role in which the entity is operating
* @param protocol protocol over which the entity is operating (may be null)
* @param usage intended usage of resolved credentials
*
* @return the resolved credentials or null
*
* @throws SecurityException thrown if the key, certificate, or CRL information is represented in an unsupported
* format
*/
protected Collection<Credential> retrieveFromMetadata(String entityID, QName role, String protocol, UsageType usage)
throws SecurityException {
log.debug("Attempting to retrieve credentials from metadata for entity: {}", entityID);
Collection<Credential> credentials = new HashSet<Credential>();
List<RoleDescriptor> roleDescriptors = getRoleDescriptors(entityID, role, protocol);
if(roleDescriptors == null || roleDescriptors.isEmpty()){
return credentials;
}
for (RoleDescriptor roleDescriptor : roleDescriptors) {
List<KeyDescriptor> keyDescriptors = roleDescriptor.getKeyDescriptors();
if(keyDescriptors == null || keyDescriptors.isEmpty()){
return credentials;
}
for (KeyDescriptor keyDescriptor : keyDescriptors) {
UsageType mdUsage = keyDescriptor.getUse();
if (mdUsage == null) {
mdUsage = UsageType.UNSPECIFIED;
}
if (matchUsage(mdUsage, usage)) {
if (keyDescriptor.getKeyInfo() != null) {
CriteriaSet critSet = new CriteriaSet();
critSet.add(new KeyInfoCriteria(keyDescriptor.getKeyInfo()));
Iterable<Credential> creds = getKeyInfoCredentialResolver().resolve(critSet);
if(credentials == null){
continue;
}
for (Credential cred : creds) {
if (cred instanceof BasicCredential) {
BasicCredential basicCred = (BasicCredential) cred;
basicCred.setEntityId(entityID);
basicCred.setUsageType(mdUsage);
basicCred.getCredentalContextSet().add(new SAMLMDCredentialContext(keyDescriptor));
}
credentials.add(cred);
}
}
}
}
}
return credentials;
}