当前位置: 首页>>代码示例>>Java>>正文


Java SignatureTrustEngine.validate方法代码示例

本文整理汇总了Java中org.opensaml.xml.signature.SignatureTrustEngine.validate方法的典型用法代码示例。如果您正苦于以下问题:Java SignatureTrustEngine.validate方法的具体用法?Java SignatureTrustEngine.validate怎么用?Java SignatureTrustEngine.validate使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在org.opensaml.xml.signature.SignatureTrustEngine的用法示例。


在下文中一共展示了SignatureTrustEngine.validate方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。

示例1: validateSignature

import org.opensaml.xml.signature.SignatureTrustEngine; //导入方法依赖的package包/类
/**
 * @param queryString
 * @param issuer
 * @param alias
 * @param domainName
 * @return
 * @throws SecurityException
 * @throws IdentitySAML2SSOException
 */
@Override
public boolean validateSignature(String queryString, String issuer, String alias,
                                 String domainName) throws SecurityException,
        IdentitySAML2SSOException {
    byte[] signature = getSignature(queryString);
    byte[] signedContent = getSignedContent(queryString);
    String algorithmUri = getSigAlg(queryString);
    CriteriaSet criteriaSet = buildCriteriaSet(issuer);

    // creating the SAML2HTTPRedirectDeflateSignatureRule
    X509CredentialImpl credential =
            SAMLSSOUtil.getX509CredentialImplForTenant(domainName,
                    alias);

    List<Credential> credentials = new ArrayList<Credential>();
    credentials.add(credential);
    CollectionCredentialResolver credResolver = new CollectionCredentialResolver(credentials);
    KeyInfoCredentialResolver kiResolver = SecurityHelper.buildBasicInlineKeyInfoResolver();
    SignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver);
    return engine.validate(signature, signedContent, algorithmUri, criteriaSet, null);
}
 
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:31,代码来源:SAML2HTTPRedirectDeflateSignatureValidator.java

示例2: validate

import org.opensaml.xml.signature.SignatureTrustEngine; //导入方法依赖的package包/类
/** {@inheritDoc} */
public boolean validate(Signature token, CriteriaSet trustBasisCriteria) throws SecurityException {
    for (SignatureTrustEngine engine : engines) {
        if (engine.validate(token, trustBasisCriteria)) {
            log.debug("Signature was trusted by chain member: {}", engine.getClass().getName());
            return true;
        }
    }
    return false;
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:11,代码来源:ChainingSignatureTrustEngine.java

示例3: validateSignature

import org.opensaml.xml.signature.SignatureTrustEngine; //导入方法依赖的package包/类
/**
 * Validate the simple signature.
 * 
 * @param signature the signature value
 * @param signedContent the content that was signed
 * @param algorithmURI the signature algorithm URI which was used to sign the content
 * @param criteriaSet criteria used to describe and/or resolve the information which serves as the basis for trust
 *            evaluation
 * @param candidateCredentials the request-derived candidate credential(s) containing the validation key for the
 *            signature (optional)
 * @return true if signature can be verified successfully, false otherwise
 * 
 * @throws SecurityPolicyException thrown if there are errors during the signature validation process
 * 
 */
protected boolean validateSignature(byte[] signature, byte[] signedContent, String algorithmURI,
        CriteriaSet criteriaSet, List<Credential> candidateCredentials) throws SecurityPolicyException {

    SignatureTrustEngine engine = getTrustEngine();

    // Some bindings allow candidate signing credentials to be supplied (e.g. via ds:KeyInfo), some do not.
    // So have 2 slightly different cases.
    try {
        if (candidateCredentials == null || candidateCredentials.isEmpty()) {
            if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, null)) {
                log.debug("Simple signature validation (with no request-derived credentials) was successful");
                return true;
            } else {
                log.warn("Simple signature validation (with no request-derived credentials) failed");
                return false;
            }
        } else {
            for (Credential cred : candidateCredentials) {
                if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, cred)) {
                    log.debug("Simple signature validation succeeded with a request-derived credential");
                    return true;
                }
            }
            log.warn("Signature validation using request-derived credentials failed");
            return false;
        }
    } catch (SecurityException e) {
        log.warn("There was an error evaluating the request's simple signature using the trust engine", e);
        throw new SecurityPolicyException("Error during trust engine evaluation of the simple signature", e);
    }
}
 
开发者ID:lamsfoundation,项目名称:lams,代码行数:47,代码来源:BaseSAMLSimpleSignatureSecurityPolicyRule.java

示例4: validateSignature

import org.opensaml.xml.signature.SignatureTrustEngine; //导入方法依赖的package包/类
/**
 * Validate the simple signature.
 * 
 * @param signature the signature value
 * @param signedContent the content that was signed
 * @param algorithmURI the signature algorithm URI which was used to sign the content
 * @param criteriaSet criteria used to describe and/or resolve the information which serves as the basis for trust
 *            evaluation
 * @param candidateCredentials the request-derived candidate credential(s) containing the validation key for the
 *            signature (optional)
 * @return true if signature can be verified successfully, false otherwise
 * 
 * @throws SecurityPolicyException thrown if there are errors during the signature validation process
 * 
 */
protected boolean validateSignature(byte[] signature, byte[] signedContent, String algorithmURI,
        CriteriaSet criteriaSet, List<Credential> candidateCredentials) throws SecurityPolicyException {

    SignatureTrustEngine engine = getTrustEngine();

    // Some bindings allow candidate signing credentials to be supplied (e.g. via ds:KeyInfo), some do not.
    // So have 2 slightly different cases.
    try {
        if (candidateCredentials == null || candidateCredentials.isEmpty()) {
            if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, null)) {
                log.debug("Simple signature validation (with no request-derived credentials) was successful");
                return true;
            } else {
                log.error("Simple signature validation (with no request-derived credentials) failed");
                return false;
            }
        } else {
            for (Credential cred : candidateCredentials) {
                if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, cred)) {
                    log.debug("Simple signature validation succeeded with a request-derived credential");
                    return true;
                }
            }
            log.error("Signature validation using request-derived credentials failed");
            return false;
        }
    } catch (SecurityException e) {
        log.error("There was an error evaluating the request's simple signature using the trust engine", e);
        throw new SecurityPolicyException("Error during trust engine evaluation of the simple signature", e);
    }
}
 
开发者ID:apigee,项目名称:java-opensaml2,代码行数:47,代码来源:BaseSAMLSimpleSignatureSecurityPolicyRule.java

示例5: validateSignature

import org.opensaml.xml.signature.SignatureTrustEngine; //导入方法依赖的package包/类
/**
 * Validate the simple signature.
 *
 * @param signature the signature value
 * @param signedContent the content that was signed
 * @param algorithmURI the signature algorithm URI which was used to sign the content
 * @param criteriaSet criteria used to describe and/or resolve the information which serves as the basis for trust
 *            evaluation
 * @param candidateCredentials the request-derived candidate credential(s) containing the validation key for the
 *            signature (optional)
 * @return true if signature can be verified successfully, false otherwise
 *
 * @throws SecurityPolicyException thrown if there are errors during the signature validation process
 *
 */
protected boolean validateSignature(byte[] signature, byte[] signedContent, String algorithmURI,
                                    CriteriaSet criteriaSet, List<Credential> candidateCredentials) throws SecurityPolicyException {

    SignatureTrustEngine engine = getTrustEngine();

    // Some bindings allow candidate signing credentials to be supplied (e.g. via ds:KeyInfo), some do not.
    // So have 2 slightly different cases.
    try {
        if (candidateCredentials == null || candidateCredentials.isEmpty()) {
            if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, null)) {
                log.debug("Simple signature validation (with no request-derived credentials) was successful");
                return true;
            } else {
                log.warn("Simple signature validation (with no request-derived credentials) failed");
                return false;
            }
        } else {
            for (Credential cred : candidateCredentials) {
                if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, cred)) {
                    log.debug("Simple signature validation succeeded with a request-derived credential");
                    return true;
                }
            }
            log.warn("Signature validation using request-derived credentials failed");
            return false;
        }
    } catch (org.opensaml.xml.security.SecurityException e) {
        log.warn("There was an error evaluating the request's simple signature using the trust engine", e);
        throw new SecurityPolicyException("Error during trust engine evaluation of the simple signature", e);
    }
}
 
开发者ID:brainysmith,项目名称:idp-play-bridge,代码行数:47,代码来源:BaseSAMLSimpleSignatureSecurityPolicyRuleExtended.java


注:本文中的org.opensaml.xml.signature.SignatureTrustEngine.validate方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。