本文整理汇总了Java中org.opensaml.xml.signature.SignatureTrustEngine.validate方法的典型用法代码示例。如果您正苦于以下问题:Java SignatureTrustEngine.validate方法的具体用法?Java SignatureTrustEngine.validate怎么用?Java SignatureTrustEngine.validate使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类org.opensaml.xml.signature.SignatureTrustEngine
的用法示例。
在下文中一共展示了SignatureTrustEngine.validate方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: validateSignature
import org.opensaml.xml.signature.SignatureTrustEngine; //导入方法依赖的package包/类
/**
* @param queryString
* @param issuer
* @param alias
* @param domainName
* @return
* @throws SecurityException
* @throws IdentitySAML2SSOException
*/
@Override
public boolean validateSignature(String queryString, String issuer, String alias,
String domainName) throws SecurityException,
IdentitySAML2SSOException {
byte[] signature = getSignature(queryString);
byte[] signedContent = getSignedContent(queryString);
String algorithmUri = getSigAlg(queryString);
CriteriaSet criteriaSet = buildCriteriaSet(issuer);
// creating the SAML2HTTPRedirectDeflateSignatureRule
X509CredentialImpl credential =
SAMLSSOUtil.getX509CredentialImplForTenant(domainName,
alias);
List<Credential> credentials = new ArrayList<Credential>();
credentials.add(credential);
CollectionCredentialResolver credResolver = new CollectionCredentialResolver(credentials);
KeyInfoCredentialResolver kiResolver = SecurityHelper.buildBasicInlineKeyInfoResolver();
SignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver);
return engine.validate(signature, signedContent, algorithmUri, criteriaSet, null);
}
示例2: validate
import org.opensaml.xml.signature.SignatureTrustEngine; //导入方法依赖的package包/类
/** {@inheritDoc} */
public boolean validate(Signature token, CriteriaSet trustBasisCriteria) throws SecurityException {
for (SignatureTrustEngine engine : engines) {
if (engine.validate(token, trustBasisCriteria)) {
log.debug("Signature was trusted by chain member: {}", engine.getClass().getName());
return true;
}
}
return false;
}
示例3: validateSignature
import org.opensaml.xml.signature.SignatureTrustEngine; //导入方法依赖的package包/类
/**
* Validate the simple signature.
*
* @param signature the signature value
* @param signedContent the content that was signed
* @param algorithmURI the signature algorithm URI which was used to sign the content
* @param criteriaSet criteria used to describe and/or resolve the information which serves as the basis for trust
* evaluation
* @param candidateCredentials the request-derived candidate credential(s) containing the validation key for the
* signature (optional)
* @return true if signature can be verified successfully, false otherwise
*
* @throws SecurityPolicyException thrown if there are errors during the signature validation process
*
*/
protected boolean validateSignature(byte[] signature, byte[] signedContent, String algorithmURI,
CriteriaSet criteriaSet, List<Credential> candidateCredentials) throws SecurityPolicyException {
SignatureTrustEngine engine = getTrustEngine();
// Some bindings allow candidate signing credentials to be supplied (e.g. via ds:KeyInfo), some do not.
// So have 2 slightly different cases.
try {
if (candidateCredentials == null || candidateCredentials.isEmpty()) {
if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, null)) {
log.debug("Simple signature validation (with no request-derived credentials) was successful");
return true;
} else {
log.warn("Simple signature validation (with no request-derived credentials) failed");
return false;
}
} else {
for (Credential cred : candidateCredentials) {
if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, cred)) {
log.debug("Simple signature validation succeeded with a request-derived credential");
return true;
}
}
log.warn("Signature validation using request-derived credentials failed");
return false;
}
} catch (SecurityException e) {
log.warn("There was an error evaluating the request's simple signature using the trust engine", e);
throw new SecurityPolicyException("Error during trust engine evaluation of the simple signature", e);
}
}
示例4: validateSignature
import org.opensaml.xml.signature.SignatureTrustEngine; //导入方法依赖的package包/类
/**
* Validate the simple signature.
*
* @param signature the signature value
* @param signedContent the content that was signed
* @param algorithmURI the signature algorithm URI which was used to sign the content
* @param criteriaSet criteria used to describe and/or resolve the information which serves as the basis for trust
* evaluation
* @param candidateCredentials the request-derived candidate credential(s) containing the validation key for the
* signature (optional)
* @return true if signature can be verified successfully, false otherwise
*
* @throws SecurityPolicyException thrown if there are errors during the signature validation process
*
*/
protected boolean validateSignature(byte[] signature, byte[] signedContent, String algorithmURI,
CriteriaSet criteriaSet, List<Credential> candidateCredentials) throws SecurityPolicyException {
SignatureTrustEngine engine = getTrustEngine();
// Some bindings allow candidate signing credentials to be supplied (e.g. via ds:KeyInfo), some do not.
// So have 2 slightly different cases.
try {
if (candidateCredentials == null || candidateCredentials.isEmpty()) {
if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, null)) {
log.debug("Simple signature validation (with no request-derived credentials) was successful");
return true;
} else {
log.error("Simple signature validation (with no request-derived credentials) failed");
return false;
}
} else {
for (Credential cred : candidateCredentials) {
if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, cred)) {
log.debug("Simple signature validation succeeded with a request-derived credential");
return true;
}
}
log.error("Signature validation using request-derived credentials failed");
return false;
}
} catch (SecurityException e) {
log.error("There was an error evaluating the request's simple signature using the trust engine", e);
throw new SecurityPolicyException("Error during trust engine evaluation of the simple signature", e);
}
}
示例5: validateSignature
import org.opensaml.xml.signature.SignatureTrustEngine; //导入方法依赖的package包/类
/**
* Validate the simple signature.
*
* @param signature the signature value
* @param signedContent the content that was signed
* @param algorithmURI the signature algorithm URI which was used to sign the content
* @param criteriaSet criteria used to describe and/or resolve the information which serves as the basis for trust
* evaluation
* @param candidateCredentials the request-derived candidate credential(s) containing the validation key for the
* signature (optional)
* @return true if signature can be verified successfully, false otherwise
*
* @throws SecurityPolicyException thrown if there are errors during the signature validation process
*
*/
protected boolean validateSignature(byte[] signature, byte[] signedContent, String algorithmURI,
CriteriaSet criteriaSet, List<Credential> candidateCredentials) throws SecurityPolicyException {
SignatureTrustEngine engine = getTrustEngine();
// Some bindings allow candidate signing credentials to be supplied (e.g. via ds:KeyInfo), some do not.
// So have 2 slightly different cases.
try {
if (candidateCredentials == null || candidateCredentials.isEmpty()) {
if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, null)) {
log.debug("Simple signature validation (with no request-derived credentials) was successful");
return true;
} else {
log.warn("Simple signature validation (with no request-derived credentials) failed");
return false;
}
} else {
for (Credential cred : candidateCredentials) {
if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, cred)) {
log.debug("Simple signature validation succeeded with a request-derived credential");
return true;
}
}
log.warn("Signature validation using request-derived credentials failed");
return false;
}
} catch (org.opensaml.xml.security.SecurityException e) {
log.warn("There was an error evaluating the request's simple signature using the trust engine", e);
throw new SecurityPolicyException("Error during trust engine evaluation of the simple signature", e);
}
}
开发者ID:brainysmith,项目名称:idp-play-bridge,代码行数:47,代码来源:BaseSAMLSimpleSignatureSecurityPolicyRuleExtended.java