本文整理汇总了Java中org.opensaml.xml.security.criteria.EntityIDCriteria类的典型用法代码示例。如果您正苦于以下问题:Java EntityIDCriteria类的具体用法?Java EntityIDCriteria怎么用?Java EntityIDCriteria使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
EntityIDCriteria类属于org.opensaml.xml.security.criteria包,在下文中一共展示了EntityIDCriteria类的19个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。
示例1: buildCriteriaSet
import org.opensaml.xml.security.criteria.EntityIDCriteria; //导入依赖的package包/类
/** {@inheritDoc} */
protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext)
throws SecurityPolicyException {
if (!(messageContext instanceof SAMLMessageContext)) {
log.error("Supplied message context was not an instance of SAMLMessageContext, can not build criteria set from SAML metadata parameters");
throw new SecurityPolicyException("Supplied message context was not an instance of SAMLMessageContext");
}
SAMLMessageContext samlContext = (SAMLMessageContext) messageContext;
CriteriaSet criteriaSet = new CriteriaSet();
if (! DatatypeHelper.isEmpty(entityID)) {
criteriaSet.add(new EntityIDCriteria(entityID) );
}
MetadataCriteria mdCriteria =
new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext.getInboundSAMLProtocol());
criteriaSet.add(mdCriteria);
criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
return criteriaSet;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:24,代码来源:BaseSAMLXMLSignatureSecurityPolicyRule.java
示例2: checkCriteriaRequirements
import org.opensaml.xml.security.criteria.EntityIDCriteria; //导入依赖的package包/类
/**
* Check that all necessary credential criteria are available.
*
* @param criteriaSet the credential set to evaluate
*/
protected void checkCriteriaRequirements(CriteriaSet criteriaSet) {
EntityIDCriteria entityCriteria = criteriaSet.get(EntityIDCriteria.class);
MetadataCriteria mdCriteria = criteriaSet.get(MetadataCriteria.class);
if (entityCriteria == null) {
throw new IllegalArgumentException("Entity criteria must be supplied");
}
if (mdCriteria == null) {
throw new IllegalArgumentException("SAML metadata criteria must be supplied");
}
if (DatatypeHelper.isEmpty(entityCriteria.getEntityID())) {
throw new IllegalArgumentException("Credential owner entity ID criteria value must be supplied");
}
if (mdCriteria.getRole() == null) {
throw new IllegalArgumentException("Credential metadata role criteria value must be supplied");
}
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:22,代码来源:MetadataCredentialResolver.java
示例3: buildCriteriaSet
import org.opensaml.xml.security.criteria.EntityIDCriteria; //导入依赖的package包/类
/**
* Build a criteria set suitable for input to the trust engine.
*
* @param entityID the candidate issuer entity ID which is being evaluated
* @param samlContext the message context which is being evaluated
* @return a newly constructly set of criteria suitable for the configured trust engine
* @throws SecurityPolicyException thrown if criteria set can not be constructed
*/
protected CriteriaSet buildCriteriaSet(String entityID, SAMLMessageContext samlContext)
throws SecurityPolicyException {
CriteriaSet criteriaSet = new CriteriaSet();
if (!DatatypeHelper.isEmpty(entityID)) {
criteriaSet.add(new EntityIDCriteria(entityID));
}
MetadataCriteria mdCriteria = new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext
.getInboundSAMLProtocol());
criteriaSet.add(mdCriteria);
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
return criteriaSet;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:25,代码来源:BaseSAMLSimpleSignatureSecurityPolicyRule.java
示例4: resolveFromSource
import org.opensaml.xml.security.criteria.EntityIDCriteria; //导入依赖的package包/类
@Override
public Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet) throws SecurityException {
try {
credentialSet = new HashSet<Credential>();
Enumeration<String> en = keyStore.aliases();
while (en.hasMoreElements()) {
String alias = en.nextElement();
X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
Credential credential = new X509CredentialImpl(cert);
if (criteriaSet.get(EntityIDCriteria.class) != null) {
if (criteriaSet.get(EntityIDCriteria.class).getEntityID().equals(alias)) {
credentialSet.add(credential);
break;
}
} else {
credentialSet.add(credential);
}
}
return credentialSet;
} catch (KeyStoreException e) {
log.error(e);
throw new SecurityException("Error reading certificates from key store");
}
}
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:25,代码来源:CarbonKeyStoreCredentialResolver.java
示例5: buildCriteriaSet
import org.opensaml.xml.security.criteria.EntityIDCriteria; //导入依赖的package包/类
/**
* Build a criteria set suitable for input to the trust engine.
*
* @param entityID the candidate issuer entity ID which is being evaluated
* @param samlContext the message context which is being evaluated
* @return a newly constructly set of criteria suitable for the configured trust engine
* @throws SecurityPolicyException thrown if criteria set can not be constructed
*/
protected CriteriaSet buildCriteriaSet(String entityID, SAMLMessageContext samlContext)
throws SecurityPolicyException {
CriteriaSet criteriaSet = new CriteriaSet();
if (!DatatypeHelper.isEmpty(entityID)) {
criteriaSet.add(new EntityIDCriteria(entityID));
}
MetadataCriteria mdCriteria = new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext
.getInboundSAMLProtocol());
criteriaSet.add(mdCriteria);
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
return criteriaSet;
}
开发者ID:brainysmith,项目名称:idp-play-bridge,代码行数:25,代码来源:BaseSAMLSimpleSignatureSecurityPolicyRuleExtended.java
示例6: getIDPKeyFromKeystore
import org.opensaml.xml.security.criteria.EntityIDCriteria; //导入依赖的package包/类
private X509Credential getIDPKeyFromKeystore() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, SecurityException,
java.security.cert.CertificateException {
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream inputStream = MockIDPArtifactResolve.class.getResourceAsStream("/keystore-idp.jks");
keystore.load(inputStream, "changeit".toCharArray());
inputStream.close();
Map<String, String> passwordMap = new HashMap<String, String>();
passwordMap.put("test", "changeit");
KeyStoreCredentialResolver resolver = new KeyStoreCredentialResolver(keystore, passwordMap);
Criteria criteria = new EntityIDCriteria("test");
CriteriaSet criteriaSet = new CriteriaSet(criteria);
return (X509Credential)resolver.resolveSingle(criteriaSet);
}
开发者ID:rasmusson,项目名称:MockIDP,代码行数:17,代码来源:MockIDPArtifactResolve.java
示例7: buildCriteriaSet
import org.opensaml.xml.security.criteria.EntityIDCriteria; //导入依赖的package包/类
/** {@inheritDoc} */
protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext)
throws SecurityPolicyException {
CriteriaSet criteriaSet = new CriteriaSet();
if (!DatatypeHelper.isEmpty(entityID)) {
criteriaSet.add(new EntityIDCriteria(entityID));
}
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
return criteriaSet;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:14,代码来源:ClientCertAuthRule.java
示例8: EvaluableEntityIDCredentialCriteria
import org.opensaml.xml.security.criteria.EntityIDCriteria; //导入依赖的package包/类
/**
* Constructor.
*
* @param criteria the criteria which is the basis for evaluation
*/
public EvaluableEntityIDCredentialCriteria(EntityIDCriteria criteria) {
if (criteria == null) {
throw new NullPointerException("Criteria instance may not be null");
}
entityID = criteria.getEntityID();
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:12,代码来源:EvaluableEntityIDCredentialCriteria.java
示例9: checkCriteriaRequirements
import org.opensaml.xml.security.criteria.EntityIDCriteria; //导入依赖的package包/类
/**
* Check that required credential criteria are available.
*
* @param criteriaSet the credential criteria set to evaluate
*/
protected void checkCriteriaRequirements(CriteriaSet criteriaSet) {
EntityIDCriteria entityCriteria = criteriaSet.get(EntityIDCriteria.class);
if (entityCriteria == null) {
log.error("EntityIDCriteria was not specified in the criteria set, resolution can not be attempted");
throw new IllegalArgumentException("No EntityIDCriteria was available in criteria set");
}
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:13,代码来源:KeyStoreCredentialResolver.java
示例10: resolveFromSource
import org.opensaml.xml.security.criteria.EntityIDCriteria; //导入依赖的package包/类
/** {@inheritDoc} */
protected Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet) throws SecurityException {
checkCriteriaRequirements(criteriaSet);
String entityID = criteriaSet.get(EntityIDCriteria.class).getEntityID();
MetadataCriteria mdCriteria = criteriaSet.get(MetadataCriteria.class);
QName role = mdCriteria.getRole();
String protocol = mdCriteria.getProtocol();
UsageCriteria usageCriteria = criteriaSet.get(UsageCriteria.class);
UsageType usage = null;
if (usageCriteria != null) {
usage = usageCriteria.getUsage();
} else {
usage = UsageType.UNSPECIFIED;
}
// See Jira issue SIDP-229.
log.debug("Forcing on-demand metadata provider refresh if necessary");
try {
metadata.getMetadata();
} catch (MetadataProviderException e) {
// don't care about errors at this level
}
MetadataCacheKey cacheKey = new MetadataCacheKey(entityID, role, protocol, usage);
Collection<Credential> credentials = retrieveFromCache(cacheKey);
if (credentials == null) {
credentials = retrieveFromMetadata(entityID, role, protocol, usage);
cacheCredentials(cacheKey, credentials);
}
return credentials;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:36,代码来源:MetadataCredentialResolver.java
示例11: resolve
import org.opensaml.xml.security.criteria.EntityIDCriteria; //导入依赖的package包/类
@Override
public Iterable<Credential> resolve(final CriteriaSet criteriaSet) throws SecurityException {
return Arrays.asList(getCredential(criteriaSet.get(EntityIDCriteria.class).getEntityID()));
}
开发者ID:italia,项目名称:spid-spring,代码行数:5,代码来源:IdpKeyManager.java
示例12: buildCriteriaSet
import org.opensaml.xml.security.criteria.EntityIDCriteria; //导入依赖的package包/类
/**
* Build a criteria set suitable for input to the trust engine.
*
* @param issuer
* @return
* @throws SecurityPolicyException
*/
private static CriteriaSet buildCriteriaSet(String issuer) {
CriteriaSet criteriaSet = new CriteriaSet();
if (!DatatypeHelper.isEmpty(issuer)) {
criteriaSet.add(new EntityIDCriteria(issuer));
}
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
return criteriaSet;
}
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:16,代码来源:SAML2HTTPRedirectDeflateSignatureValidator.java
示例13: resolveFromSource
import org.opensaml.xml.security.criteria.EntityIDCriteria; //导入依赖的package包/类
/** {@inheritDoc} */
protected Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet) throws SecurityException {
checkCriteriaRequirements(criteriaSet);
String entityID = criteriaSet.get(EntityIDCriteria.class).getEntityID();
MetadataCriteria mdCriteria = criteriaSet.get(MetadataCriteria.class);
QName role = mdCriteria.getRole();
String protocol = mdCriteria.getProtocol();
UsageCriteria usageCriteria = criteriaSet.get(UsageCriteria.class);
UsageType usage = null;
if (usageCriteria != null) {
usage = usageCriteria.getUsage();
} else {
usage = UsageType.UNSPECIFIED;
}
MetadataCacheKey cacheKey = new MetadataCacheKey(entityID, role, protocol, usage);
Collection<Credential> credentials = retrieveFromCache(cacheKey);
if (credentials == null) {
credentials = retrieveFromMetadata(entityID, role, protocol, usage);
cacheCredentials(cacheKey, credentials);
}
return credentials;
}
开发者ID:apigee,项目名称:java-opensaml2,代码行数:28,代码来源:MetadataCredentialResolver.java
示例14: setUp
import org.opensaml.xml.security.criteria.EntityIDCriteria; //导入依赖的package包/类
/** {@inheritDoc} */
protected void setUp() throws Exception {
super.setUp();
idpRSAPubKey = SecurityTestHelper.buildJavaRSAPublicKey(idpRSAPubKeyBase64);
idpDSACert = SecurityTestHelper.buildJavaX509Cert(idpDSACertBase64);
idpRSACert = SecurityTestHelper.buildJavaX509Cert(idpRSACertBase64);
keyAuthorityCert = SecurityTestHelper.buildJavaX509Cert(keyAuthorityCertBase64);
Document mdDoc = parser.parse(MetadataCredentialResolverTest.class.getResourceAsStream(mdFileName));
mdProvider = new DOMMetadataProvider(mdDoc.getDocumentElement());
mdProvider.initialize();
//For testing, use default KeyInfo resolver from global security config, per metadata resolver constructor
origGlobalSecurityConfig = Configuration.getGlobalSecurityConfiguration();
BasicSecurityConfiguration newSecConfig = new BasicSecurityConfiguration();
newSecConfig.setDefaultKeyInfoCredentialResolver( SecurityTestHelper.buildBasicInlineKeyInfoResolver() );
Configuration.setGlobalSecurityConfiguration(newSecConfig);
mdResolver = new MetadataCredentialResolver(mdProvider);
entityCriteria = new EntityIDCriteria(idpEntityID);
// by default set protocol to null
mdCriteria = new MetadataCriteria(idpRole, null);
criteriaSet = new CriteriaSet();
criteriaSet.add(entityCriteria);
criteriaSet.add(mdCriteria);
}
开发者ID:apigee,项目名称:java-opensaml2,代码行数:30,代码来源:MetadataCredentialResolverTest.java
示例15: testAssertionSignature
import org.opensaml.xml.security.criteria.EntityIDCriteria; //导入依赖的package包/类
/**
* Creates a simple Assertion, signs it and then verifies the signature.
*
* @throws MarshallingException thrown if the Assertion can not be marshalled into a DOM
* @throws ValidationException thrown if the Signature does not validate
* @throws SignatureException
* @throws UnmarshallingException
* @throws SecurityException
*/
public void testAssertionSignature()
throws MarshallingException, ValidationException, SignatureException, UnmarshallingException, SecurityException{
DateTime now = new DateTime();
Assertion assertion = assertionBuilder.buildObject();
assertion.setVersion(SAMLVersion.VERSION_20);
assertion.setID(idGenerator.generateIdentifier());
assertion.setIssueInstant(now);
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue("urn:example.org:issuer");
assertion.setIssuer(issuer);
AuthnStatement authnStmt = authnStatementBuilder.buildObject();
authnStmt.setAuthnInstant(now);
assertion.getAuthnStatements().add(authnStmt);
Signature signature = signatureBuilder.buildObject();
signature.setSigningCredential(goodCredential);
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA);
assertion.setSignature(signature);
Marshaller marshaller = marshallerFactory.getMarshaller(assertion);
marshaller.marshall(assertion);
Signer.signObject(signature);
// Unmarshall new tree around DOM to avoid side effects and Apache xmlsec bug.
Assertion signedAssertion =
(Assertion) unmarshallerFactory.getUnmarshaller(assertion.getDOM()).unmarshall(assertion.getDOM());
StaticCredentialResolver credResolver = new StaticCredentialResolver(goodCredential);
KeyInfoCredentialResolver kiResolver = SecurityTestHelper.buildBasicInlineKeyInfoResolver();
ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver);
CriteriaSet criteriaSet = new CriteriaSet( new EntityIDCriteria("urn:example.org:issuer") );
assertTrue("Assertion signature was not valid",
trustEngine.validate(signedAssertion.getSignature(), criteriaSet));
}
开发者ID:apigee,项目名称:java-opensaml2,代码行数:50,代码来源:SignedAssertionTest.java
示例16: validateResponseSignature
import org.opensaml.xml.security.criteria.EntityIDCriteria; //导入依赖的package包/类
/**
* 09-03-2014(Milinda) - Copied from pac4j and modify to make it work in this code.
* @param samlResponse
* @param messageContext
* @throws Exception
*/
private void validateResponseSignature(Response samlResponse, SAMLMessageContext messageContext) throws Exception {
if (!samlResponse.isSigned()) {
return;
}
SAMLSignatureProfileValidator signatureProfileValidator = new SAMLSignatureProfileValidator();
try {
signatureProfileValidator.validate(samlResponse.getSignature());
} catch (ValidationException ve) {
log.error("SAML response contains invalid signature profile.");
throw new Exception("Invalid SAML response.", ve);
}
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));
criteriaSet.add(new EntityIDCriteria(messageContext.getPeerEntityId()));
boolean valid;
try {
valid = trustEngine.validate(samlResponse.getSignature(), criteriaSet);
} catch (Exception e) {
throw new Exception("SAML response signature validation failed.", e);
}
if (!valid) {
log.error("Invalid signature in SAML response.");
throw new Exception("Invalid SAML response.");
}
messageContext.setInboundSAMLMessageAuthenticated(true);
}
开发者ID:milinda,项目名称:play-samlsso,代码行数:41,代码来源:SAMLResponseValidator.java
示例17: validateToken
import org.opensaml.xml.security.criteria.EntityIDCriteria; //导入依赖的package包/类
private static boolean validateToken(SignableSAMLObject samlToken)
throws SecurityException, ValidationException,
ConfigurationException, UnmarshallingException,
CertificateException, KeyException {
samlToken.validate(true);
Signature signature = samlToken.getSignature();
KeyInfo keyInfo = signature.getKeyInfo();
X509Certificate pubKey = (X509Certificate) KeyInfoHelper
.getCertificates(keyInfo).get(0);
BasicX509Credential cred = new BasicX509Credential();
cred.setEntityCertificate(pubKey);
cred.setEntityId("signing-entity-ID");
ArrayList<Credential> trustedCredentials = new ArrayList<Credential>();
trustedCredentials.add(cred);
CollectionCredentialResolver credResolver = new CollectionCredentialResolver(
trustedCredentials);
KeyInfoCredentialResolver kiResolver = SecurityTestHelper
.buildBasicInlineKeyInfoResolver();
ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(
credResolver, kiResolver);
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new EntityIDCriteria("signing-entity-ID"));
return engine.validate(signature, criteriaSet);
}
开发者ID:vbossica,项目名称:azurebox-sso,代码行数:32,代码来源:SamlTokenValidator.java
示例18: getSpCredentials
import org.opensaml.xml.security.criteria.EntityIDCriteria; //导入依赖的package包/类
public static Credential getSpCredentials() throws SecurityException {
MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory.getFactory();
MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(spMetaDataProvider);
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));
criteriaSet.add(new EntityIDCriteria(MockIDPProperties.getSpEntityId()));
return credentialResolver.resolveSingle(criteriaSet);
}
开发者ID:rasmusson,项目名称:MockIDP,代码行数:11,代码来源:MockIDPSPMetadata.java
示例19: getCredential
import org.opensaml.xml.security.criteria.EntityIDCriteria; //导入依赖的package包/类
/**
* @param certName
* @return
* @throws NoSuchAlgorithmException
* @throws CertificateException
* @throws FileNotFoundException
* @throws IOException
* @throws SecurityException
*/
public static Credential getCredential(String certName)
throws NoSuchAlgorithmException, CertificateException,
FileNotFoundException, IOException, SecurityException {
LOGGER
.entering(KeyStoreTool.class.getName(), "getCredential",
certName);
Credential credential = null;
if (certName != null && certName.length() > 0) {
Map<String, String> passwords = new HashMap<String, String>();
passwords.put(certName, Configuration.getInstance()
.getKeystorePassword());
KeyStoreCredentialResolver keyStoreCredentialResolver = new KeyStoreCredentialResolver(
keyStore, passwords);
try {
credential = keyStoreCredentialResolver
.resolveSingle(new CriteriaSet(new EntityIDCriteria(
certName)));
} catch (Exception e) {
LOGGER.throwing(KeyStoreTool.class.getName(), "getCredential", e);
}
}
LOGGER.exiting(KeyStoreTool.class.getName(), "getCredential",
credential);
return credential;
}
开发者ID:vetsin,项目名称:SamlSnort,代码行数:37,代码来源:KeyStoreTool.java
注:本文中的org.opensaml.xml.security.criteria.EntityIDCriteria类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论