当前位置: 首页>>代码示例>>Java>>正文

Java SecurityHelper.getKeyInfoGenerator方法代码示例

本文整理汇总了Java中org.opensaml.xml.security.SecurityHelper.getKeyInfoGenerator方法的典型用法代码示例。如果您正苦于以下问题:Java SecurityHelper.getKeyInfoGenerator方法的具体用法?Java SecurityHelper.getKeyInfoGenerator怎么用?Java SecurityHelper.getKeyInfoGenerator使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在org.opensaml.xml.security.SecurityHelper的用法示例。


在下文中一共展示了SecurityHelper.getKeyInfoGenerator方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: populateVelocityContext

import org.opensaml.xml.security.SecurityHelper; //导入方法依赖的package包/类
/** {@inheritDoc} */
protected void populateVelocityContext(VelocityContext velocityContext, SAMLMessageContext messageContext,
        String endpointURL) throws MessageEncodingException {

    super.populateVelocityContext(velocityContext, messageContext, endpointURL);

    Credential signingCredential = messageContext.getOuboundSAMLMessageSigningCredential();
    if (signingCredential == null) {
        log.debug("No signing credential was supplied, skipping HTTP-Post simple signing");
        return;
    }

    // TODO pull SecurityConfiguration from SAMLMessageContext? needs to be added
    // TODO pull binding-specific keyInfoGenName from encoder setting, etc?
    String sigAlgURI = getSignatureAlgorithmURI(signingCredential, null);
    velocityContext.put("SigAlg", sigAlgURI);

    String formControlData = buildFormDataToSign(velocityContext, messageContext, sigAlgURI);
    velocityContext.put("Signature", generateSignature(signingCredential, sigAlgURI, formControlData));

    KeyInfoGenerator kiGenerator = SecurityHelper.getKeyInfoGenerator(signingCredential, null, null);
    if (kiGenerator != null) {
        String kiBase64 = buildKeyInfo(signingCredential, kiGenerator);
        if (!DatatypeHelper.isEmpty(kiBase64)) {
            velocityContext.put("KeyInfo", kiBase64);
        }
    }
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:29,代码来源:HTTPPostSimpleSignEncoder.java

示例2: generateSPDescriptor

import org.opensaml.xml.security.SecurityHelper; //导入方法依赖的package包/类
protected EntityDescriptor generateSPDescriptor(String baseUrl, Credential credential, List<?> parameters) {
	String url = baseUrl + "/WSFedConsumer";
	
	EntityDescriptor descriptor = SAMLUtil.buildXMLObject(EntityDescriptor.class);
	descriptor.setEntityID(url);
	
	SPSSODescriptor spDescriptor = SAMLUtil.buildXMLObject(SPSSODescriptor.class);
	spDescriptor.setAuthnRequestsSigned(true);
	spDescriptor.setWantAssertionsSigned(true);
	
	KeyDescriptor signingDescriptor = SAMLUtil.buildXMLObject(KeyDescriptor.class);
	signingDescriptor.setUse(UsageType.SIGNING);
	KeyDescriptor encryptionDescriptor = SAMLUtil.buildXMLObject(KeyDescriptor.class);
	encryptionDescriptor.setUse(UsageType.ENCRYPTION);

	try {
		KeyInfoGenerator gen = SecurityHelper.getKeyInfoGenerator(credential, org.opensaml.xml.Configuration.getGlobalSecurityConfiguration(), null);
		signingDescriptor.setKeyInfo(gen.generate(credential));
		encryptionDescriptor.setKeyInfo(gen.generate(credential));
	} catch (SecurityException e1) {
		throw new WrappedException(Layer.BUSINESS, e1);
	}
	spDescriptor.getKeyDescriptors().add(signingDescriptor);
	spDescriptor.getKeyDescriptors().add(encryptionDescriptor);
	
	spDescriptor.addSupportedProtocol("http://schemas.xmlsoap.org/ws/2006/12/federation");
	spDescriptor.getAssertionConsumerServices().add(SAMLUtil.createAssertionConsumerService(url, "http://schemas.xmlsoap.org/ws/2006/12/federation", 0, true));
	
	spDescriptor.getSingleLogoutServices().add(SAMLUtil.createSingleLogoutService(url, url, "http://schemas.xmlsoap.org/ws/2006/12/federation"));
	
	
	descriptor.getRoleDescriptors().add(spDescriptor);
	return descriptor;
}
开发者ID:amagdenko,项目名称:oiosaml.java,代码行数:35,代码来源:ConfigurationHandler.java

示例3: populateVelocityContext

import org.opensaml.xml.security.SecurityHelper; //导入方法依赖的package包/类
/** {@inheritDoc} */
protected void populateVelocityContext(VelocityContext velocityContext, SAMLMessageContext messageContext,
        String endpointURL) throws MessageEncodingException {

    super.populateVelocityContext(velocityContext, messageContext, endpointURL);

    Credential signingCredential = messageContext.getOuboundSAMLMessageSigningCredential();
    if (signingCredential == null) {
        log.debug("No signing credential was supplied, skipping HTTP-Post simple signing");
        return;
    }

    // TODO pull SecurityConfiguration from SAMLMessageContext? needs to be added
    // TODO pull binding-specific keyInfoGenName from encoder setting, etc?
    String sigAlgURI = getSignatureAlgorithmURI(signingCredential, null);
    velocityContext.put("SigAlg", sigAlgURI);

    String formControlData = buildFormDataToSign(velocityContext, sigAlgURI);
    velocityContext.put("Signature", generateSignature(signingCredential, sigAlgURI, formControlData));

    KeyInfoGenerator kiGenerator = SecurityHelper.getKeyInfoGenerator(signingCredential, null, null);
    if (kiGenerator != null) {
        String kiBase64 = buildKeyInfo(signingCredential, kiGenerator);
        if (!DatatypeHelper.isEmpty(kiBase64)) {
            velocityContext.put("KeyInfo", kiBase64);
        }
    }
}
开发者ID:apigee,项目名称:java-opensaml2,代码行数:29,代码来源:HTTPPostSimpleSignEncoder.java

示例4: generateIdPDescriptor

import org.opensaml.xml.security.SecurityHelper; //导入方法依赖的package包/类
private EntityDescriptor generateIdPDescriptor(String stsEntityId, String stsLocation, String stsLogoutLocation, byte[] stsKeystore) {
	EntityDescriptor descriptor = SAMLUtil.buildXMLObject(EntityDescriptor.class);
	descriptor.setEntityID(stsEntityId);

	IDPSSODescriptor desc = SAMLUtil.buildXMLObject(IDPSSODescriptor.class);
	desc.addSupportedProtocol("http://schemas.xmlsoap.org/ws/2006/12/federation");
	
	KeyDescriptor signingDescriptor = SAMLUtil.buildXMLObject(KeyDescriptor.class);
	signingDescriptor.setUse(UsageType.SIGNING);
	KeyDescriptor encryptionDescriptor = SAMLUtil.buildXMLObject(KeyDescriptor.class);
	encryptionDescriptor.setUse(UsageType.ENCRYPTION);

	try {
		CertificateFactory cf = CertificateFactory.getInstance("X.509");
		X509Certificate cert = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(stsKeystore));
		BasicX509Credential credential = new BasicX509Credential();
		credential.setEntityCertificate(cert);
		
		KeyInfoGenerator gen = SecurityHelper.getKeyInfoGenerator(credential, org.opensaml.xml.Configuration.getGlobalSecurityConfiguration(), null);
		signingDescriptor.setKeyInfo(gen.generate(credential));
		encryptionDescriptor.setKeyInfo(gen.generate(credential));
	} catch (SecurityException e1) {
		throw new WrappedException(Layer.BUSINESS, e1);
	} catch (CertificateException e) {
		throw new WrappedException(Layer.BUSINESS, e);
	}
	desc.getKeyDescriptors().add(signingDescriptor);
	desc.getKeyDescriptors().add(encryptionDescriptor);
	
	SingleSignOnService sso = SAMLUtil.buildXMLObject(SingleSignOnService.class);
	sso.setBinding("http://schemas.xmlsoap.org/ws/2006/12/federation");
	sso.setLocation(stsLocation);
	desc.getSingleSignOnServices().add(sso);

	//TODO: Check that the location should be the same
	SingleLogoutService slo = SAMLUtil.buildXMLObject(SingleLogoutService.class);
	slo.setBinding("http://schemas.xmlsoap.org/ws/2006/12/federation");
	slo.setLocation(stsLogoutLocation);
	desc.getSingleLogoutServices().add(slo);
	
	descriptor.getRoleDescriptors().add(desc);
	return descriptor;
}
开发者ID:amagdenko,项目名称:oiosaml.java,代码行数:44,代码来源:ConfigurationHandler.java

示例5: generateSPDescriptor

import org.opensaml.xml.security.SecurityHelper; //导入方法依赖的package包/类
protected EntityDescriptor generateSPDescriptor(String baseUrl, String entityId, Credential credential, String orgName, String orgUrl, String email, boolean enableArtifact, boolean enableRedirect, boolean enableSoap, boolean enablePostSLO, boolean supportOCESAttributes) {
	EntityDescriptor descriptor = SAMLUtil.buildXMLObject(EntityDescriptor.class);
	descriptor.setEntityID(entityId);
	
	SPSSODescriptor spDescriptor = SAMLUtil.buildXMLObject(SPSSODescriptor.class);
	spDescriptor.setAuthnRequestsSigned(true);
	spDescriptor.setWantAssertionsSigned(true);
	
	ContactPerson contact = SAMLUtil.buildXMLObject(ContactPerson.class);
	contact.getEmailAddresses().add(SAMLUtil.createEmail(email));
	contact.setCompany(SAMLUtil.createCompany(orgName));
	contact.setType(ContactPersonTypeEnumeration.TECHNICAL);
	
	descriptor.getContactPersons().add(contact);
	descriptor.setOrganization(SAMLUtil.createOrganization(orgName, orgName, orgUrl));
	
	KeyDescriptor signingDescriptor = SAMLUtil.buildXMLObject(KeyDescriptor.class);
	signingDescriptor.setUse(UsageType.SIGNING);
	KeyDescriptor encryptionDescriptor = SAMLUtil.buildXMLObject(KeyDescriptor.class);
	encryptionDescriptor.setUse(UsageType.ENCRYPTION);

	try {
		KeyInfoGenerator gen = SecurityHelper.getKeyInfoGenerator(credential, org.opensaml.xml.Configuration.getGlobalSecurityConfiguration(), null);
		signingDescriptor.setKeyInfo(gen.generate(credential));
		encryptionDescriptor.setKeyInfo(gen.generate(credential));
	} catch (SecurityException e1) {
		throw new WrappedException(Layer.BUSINESS, e1);
	}
	spDescriptor.getKeyDescriptors().add(signingDescriptor);
	spDescriptor.getKeyDescriptors().add(encryptionDescriptor);
	
	spDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
	spDescriptor.getAssertionConsumerServices().add(SAMLUtil.createAssertionConsumerService(baseUrl + "/SAMLAssertionConsumer", SAMLConstants.SAML2_POST_BINDING_URI, 0, true));
	if (enableArtifact) {
		spDescriptor.getAssertionConsumerServices().add(SAMLUtil.createAssertionConsumerService(baseUrl + "/SAMLAssertionConsumer", SAMLConstants.SAML2_ARTIFACT_BINDING_URI, 1, false));
	}
	if (enableRedirect) {
		spDescriptor.getAssertionConsumerServices().add(SAMLUtil.createAssertionConsumerService(baseUrl + "/SAMLAssertionConsumer", SAMLConstants.SAML2_REDIRECT_BINDING_URI, 2, false));
	}
	
	spDescriptor.getSingleLogoutServices().add(SAMLUtil.createSingleLogoutService(baseUrl + "/LogoutServiceHTTPRedirect", baseUrl + "/LogoutServiceHTTPRedirectResponse", SAMLConstants.SAML2_REDIRECT_BINDING_URI));
	
	if (enableSoap) {
		spDescriptor.getSingleLogoutServices().add(SAMLUtil.createSingleLogoutService(baseUrl + "/LogoutServiceSOAP", null, SAMLConstants.SAML2_SOAP11_BINDING_URI));
	}
	
	if(enablePostSLO) {
           spDescriptor.getSingleLogoutServices().add(SAMLUtil.createSingleLogoutService(baseUrl + "/LogoutServiceHTTPPost", baseUrl + "/LogoutServiceHTTPRedirectResponse", SAMLConstants.SAML2_POST_BINDING_URI));
	}
	
       NameIDFormat x509SubjectNameIDFormat = SAMLUtil.createNameIDFormat(OIOSAMLConstants.NAMEIDFORMAT_X509SUBJECTNAME);
       List<NameIDFormat> nameIDFormats = spDescriptor.getNameIDFormats();
       nameIDFormats.add(x509SubjectNameIDFormat);

       if (enableArtifact) {
		spDescriptor.getArtifactResolutionServices().add(SAMLUtil.createArtifactResolutionService(baseUrl + "/SAMLAssertionConsumer"));
	}
	
	if (supportOCESAttributes) {
		addAttributeConsumerService(spDescriptor, entityId);
	}
	
	descriptor.getRoleDescriptors().add(spDescriptor);
	return descriptor;
}
开发者ID:amagdenko,项目名称:oiosaml.java,代码行数:66,代码来源:ConfigurationHandler.java


注:本文中的org.opensaml.xml.security.SecurityHelper.getKeyInfoGenerator方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。