本文整理汇总了Java中org.opensaml.xml.security.SecurityHelper类的典型用法代码示例。如果您正苦于以下问题:Java SecurityHelper类的具体用法?Java SecurityHelper怎么用?Java SecurityHelper使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
SecurityHelper类属于org.opensaml.xml.security包,在下文中一共展示了SecurityHelper类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。
示例1: signObject
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* Signs a single XMLObject.
*
* @param signature the signature to computer the signature on
* @throws SignatureException thrown if there is an error computing the signature
*/
public static void signObject(Signature signature) throws SignatureException {
Logger log = getLogger();
try {
XMLSignature xmlSignature = ((SignatureImpl) signature).getXMLSignature();
if (xmlSignature == null) {
log.error("Unable to compute signature, Signature XMLObject does not have the XMLSignature "
+ "created during marshalling.");
throw new SignatureException("XMLObject does not have an XMLSignature instance, unable to compute signature");
}
log.debug("Computing signature over XMLSignature object");
xmlSignature.sign(SecurityHelper.extractSigningKey(signature.getSigningCredential()));
} catch (XMLSecurityException e) {
log.error("An error occured computing the digital signature", e);
throw new SignatureException("Signature computation error", e);
}
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:24,代码来源:Signer.java
示例2: checkParams
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* Check key encryption parameters for consistency and required values.
*
* @param kekParams the key encryption parameters to check
* @param allowEmpty if false, a null parameter is treated as an error
*
* @throws EncryptionException thrown if any parameters are missing or have invalid values
*/
protected void checkParams(KeyEncryptionParameters kekParams, boolean allowEmpty) throws EncryptionException {
if (kekParams == null) {
if (allowEmpty) {
return;
} else {
log.error("Key encryption parameters are required");
throw new EncryptionException("Key encryption parameters are required");
}
}
Key key = SecurityHelper.extractEncryptionKey(kekParams.getEncryptionCredential());
if (key == null) {
log.error("Key encryption credential and contained key are required");
throw new EncryptionException("Key encryption credential and contained key are required");
} else if (key instanceof DSAPublicKey) {
log.error("Attempt made to use DSA key for encrypted key transport");
throw new EncryptionException("DSA keys may not be used for encrypted key transport");
} else if (key instanceof ECPublicKey) {
log.error("Attempt made to use EC key for encrypted key transport");
throw new EncryptionException("EC keys may not be used for encrypted key transport");
} else if (DatatypeHelper.isEmpty(kekParams.getAlgorithm())) {
log.error("Key encryption algorithm URI is required");
throw new EncryptionException("Key encryption algorithm URI is required");
}
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:33,代码来源:Encrypter.java
示例3: validateSignature
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* @param queryString
* @param issuer
* @param alias
* @param domainName
* @return
* @throws SecurityException
* @throws IdentitySAML2SSOException
*/
@Override
public boolean validateSignature(String queryString, String issuer, String alias,
String domainName) throws SecurityException,
IdentitySAML2SSOException {
byte[] signature = getSignature(queryString);
byte[] signedContent = getSignedContent(queryString);
String algorithmUri = getSigAlg(queryString);
CriteriaSet criteriaSet = buildCriteriaSet(issuer);
// creating the SAML2HTTPRedirectDeflateSignatureRule
X509CredentialImpl credential =
SAMLSSOUtil.getX509CredentialImplForTenant(domainName,
alias);
List<Credential> credentials = new ArrayList<Credential>();
credentials.add(credential);
CollectionCredentialResolver credResolver = new CollectionCredentialResolver(credentials);
KeyInfoCredentialResolver kiResolver = SecurityHelper.buildBasicInlineKeyInfoResolver();
SignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver);
return engine.validate(signature, signedContent, algorithmUri, criteriaSet, null);
}
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:31,代码来源:SAML2HTTPRedirectDeflateSignatureValidator.java
示例4: doEncryptedAssertion
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
@Override
public EncryptedAssertion doEncryptedAssertion(Assertion assertion, X509Credential cred, String alias, String encryptionAlgorithm) throws IdentityException {
try {
Credential symmetricCredential = SecurityHelper.getSimpleCredential(
SecurityHelper.generateSymmetricKey(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256));
EncryptionParameters encParams = new EncryptionParameters();
encParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256);
encParams.setEncryptionCredential(symmetricCredential);
KeyEncryptionParameters keyEncryptionParameters = new KeyEncryptionParameters();
keyEncryptionParameters.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSA15);
keyEncryptionParameters.setEncryptionCredential(cred);
Encrypter encrypter = new Encrypter(encParams, keyEncryptionParameters);
encrypter.setKeyPlacement(Encrypter.KeyPlacement.INLINE);
EncryptedAssertion encrypted = encrypter.encrypt(assertion);
return encrypted;
} catch (Exception e) {
throw IdentityException.error("Error while Encrypting Assertion", e);
}
}
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:25,代码来源:DefaultSSOEncrypter.java
示例5: getSigningCredential
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* Gets the signing credential from the keystore.
*
* @param keystore keystore to fetch the key from
* @param alias the key alias
* @param keyPass password for the key
*
* @return the signing credential or null
*/
private static Credential getSigningCredential(KeyStore keystore, String alias, String keyPass) {
alias = DatatypeHelper.safeTrimOrNullString(alias);
if (alias == null) {
log.error("Key alias may not be null or empty");
System.exit(1);
}
keyPass = DatatypeHelper.safeTrimOrNullString(keyPass);
if (keyPass == null) {
log.error("Private key password may not be null or empty");
System.exit(1);
}
KeyStore.PasswordProtection keyPassParam = new KeyStore.PasswordProtection(keyPass.toCharArray());
try {
KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry) keystore.getEntry(alias, keyPassParam);
return SecurityHelper.getSimpleCredential(pkEntry.getCertificate().getPublicKey(), pkEntry.getPrivateKey());
} catch (Exception e) {
log.error("Unable to retrieve private key " + alias, e);
}
return null;
}
开发者ID:apigee,项目名称:java-opensaml2,代码行数:32,代码来源:MetadataTool.java
示例6: getVerificationCredential
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* Gets a simple credential containing the public key associated with the named certificate.
*
* @param keystore the keystore from which to get the key
* @param alias the name of the certificate from which to get the key
*
* @return a simple credential containing the public key or null
*/
private static Credential getVerificationCredential(KeyStore keystore, String alias) {
alias = DatatypeHelper.safeTrimOrNullString(alias);
if (alias == null) {
log.error("Key alias may not be null or empty");
System.exit(1);
}
try {
Certificate cert = keystore.getCertificate(alias);
return SecurityHelper.getSimpleCredential(cert.getPublicKey(), null);
} catch (Exception e) {
log.error("Unable to retrieve certificate " + alias, e);
System.exit(1);
}
return null;
}
开发者ID:apigee,项目名称:java-opensaml2,代码行数:26,代码来源:MetadataTool.java
示例7: testEntityDescriptor
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
public void testEntityDescriptor() throws UnmarshallingException, CertificateException, XMLParserException {
X509Certificate cert = SecurityTestHelper.buildJavaX509Cert(openIDCertBase64);
X509Credential cred = SecurityHelper.getSimpleCredential(cert, null);
StaticCredentialResolver credResolver = new StaticCredentialResolver(cred);
SignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credResolver,
Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
Document mdDoc = parser.parse(SignatureValidationFilterTest.class.getResourceAsStream(openIDFileValid));
XMLObject xmlObject =
unmarshallerFactory.getUnmarshaller(mdDoc.getDocumentElement()).unmarshall(mdDoc.getDocumentElement());
assertTrue(xmlObject instanceof EntityDescriptor);
EntityDescriptor ed = (EntityDescriptor) xmlObject;
assertTrue(ed.isSigned());
assertNotNull("Signature was null", ed.getSignature());
SignatureValidationFilter filter = new SignatureValidationFilter(trustEngine);
try {
filter.doFilter(ed);
} catch (FilterException e) {
fail("Filter failed validation, should have succeeded: " + e.getMessage());
}
}
开发者ID:apigee,项目名称:java-opensaml2,代码行数:23,代码来源:SignatureValidationFilterTest.java
示例8: testEntityDescriptorInvalid
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
public void testEntityDescriptorInvalid() throws UnmarshallingException, CertificateException, XMLParserException {
X509Certificate cert = SecurityTestHelper.buildJavaX509Cert(openIDCertBase64);
X509Credential cred = SecurityHelper.getSimpleCredential(cert, null);
StaticCredentialResolver credResolver = new StaticCredentialResolver(cred);
SignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credResolver,
Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
Document mdDoc = parser.parse(SignatureValidationFilterTest.class.getResourceAsStream(openIDFileInvalid));
XMLObject xmlObject =
unmarshallerFactory.getUnmarshaller(mdDoc.getDocumentElement()).unmarshall(mdDoc.getDocumentElement());
assertTrue(xmlObject instanceof EntityDescriptor);
EntityDescriptor ed = (EntityDescriptor) xmlObject;
assertTrue(ed.isSigned());
assertNotNull("Signature was null", ed.getSignature());
SignatureValidationFilter filter = new SignatureValidationFilter(trustEngine);
try {
filter.doFilter(xmlObject);
fail("Filter passed validation, should have failed");
} catch (FilterException e) {
// do nothing, should fail
}
}
开发者ID:apigee,项目名称:java-opensaml2,代码行数:24,代码来源:SignatureValidationFilterTest.java
示例9: setUp
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/** {@inheritDoc} */
protected void setUp() throws Exception {
super.setUp();
KeyPair keyPair = SecurityTestHelper.generateKeyPair("RSA", 1024, null);
goodCredential = SecurityHelper.getSimpleCredential(keyPair.getPublic(), keyPair.getPrivate());
keyPair = SecurityTestHelper.generateKeyPair("RSA", 1024, null);
badCredential = SecurityHelper.getSimpleCredential(keyPair.getPublic(), null);
assertionBuilder = (AssertionBuilder) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
issuerBuilder = (IssuerBuilder) builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
authnStatementBuilder = (AuthnStatementBuilder) builderFactory.getBuilder(AuthnStatement.DEFAULT_ELEMENT_NAME);
signatureBuilder = (SignatureBuilder) builderFactory.getBuilder(Signature.DEFAULT_ELEMENT_NAME);
idGenerator = new SecureRandomIdentifierGenerator();
}
开发者ID:apigee,项目名称:java-opensaml2,代码行数:18,代码来源:SignedAssertionTest.java
示例10: getSigningCredential
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* Read signing key
*
* @return
* @throws IOException
* @throws KeyStoreException
* @throws NoSuchAlgorithmException
* @throws CertificateException
* @throws UnrecoverableKeyException
* @throws MissingPropertyException
*/
private Credential getSigningCredential(Properties _cfg) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, MissingPropertyException {
if (this._signingCredential == null) { // check configuration
checkPropertySet(_cfg,CFG_KEYSTORE_PATH);
checkPropertySet(_cfg,CFG_KEYSTORE_PASSWORD);
checkPropertySet(_cfg,CFG_KEYSTORE_ALIAS);
// load keystore
KeyStore ks = KeyStore.getInstance(getCfg(_cfg, CFG_KEYSTORE_TYPE, "JKS"));
ks.load(getClass().getResourceAsStream(getCfg(_cfg,CFG_KEYSTORE_PATH)), getCfg(_cfg,CFG_KEYSTORE_PASSWORD).toCharArray());
// load key data
PrivateKey pk = (PrivateKey) ks.getKey(getCfg(_cfg,CFG_KEYSTORE_ALIAS), getCfg(_cfg,CFG_KEYSTORE_PASSWORD).toCharArray());
X509Certificate pubKey = (X509Certificate) ks.getCertificate("sts");
OAuthTracer.trace(OAuthTracer.TEXT_TYPE, "Signing key", pubKey.getSubjectDN().getName());
// create credential object
Credential cred = SecurityHelper.getSimpleCredential(pubKey.getPublicKey(), pk);
this._signingCredential = cred;
}
return this._signingCredential;
}
开发者ID:mwdb,项目名称:OA2C,代码行数:30,代码来源:LocalSamlTokenFactory.java
示例11: buildSignature
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* Build a SAML2 signature with signing credentials.
*
* @return the SAML2 signature.
*/
protected Signature buildSignature(final boolean withoutKeyInfo) {
Signature signature = this.signatureBuilder.buildObject();
try {
SecurityHelper.prepareSignatureParams(signature, this.spSigningCredential,
Configuration.getGlobalSecurityConfiguration(), null);
signature.setSigningCredential(this.spSigningCredential);
// FIX MBD: Remove key info which is optional to save request length
if (withoutKeyInfo) {
signature.setKeyInfo(null);
}
} catch (final SecurityException e) {
this.logger.error("Error while building signature !", e);
signature = null;
}
return signature;
}
开发者ID:mxbossard,项目名称:java-saml2-sp,代码行数:26,代码来源:OpenSaml20SpProcessor.java
示例12: getDigitalSignature
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
public Signature getDigitalSignature(KeyStore.PrivateKeyEntry keystoreEntry) {
Signature signature = (Signature) Configuration.getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME)
.buildObject(Signature.DEFAULT_ELEMENT_NAME);
Credential signingCredential = initializeCredentialsFromKeystore(keystoreEntry);
signature.setSigningCredential(signingCredential);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
SecurityConfiguration secConfig = Configuration.getGlobalSecurityConfiguration();
try {
SecurityHelper.prepareSignatureParams(signature, signingCredential, secConfig, null);
} catch (org.opensaml.xml.security.SecurityException ex) {
LOG.error("Error composing artifact resolution request: Failed to generate digital signature");
throw new IllegalArgumentException("Couldn't compose artifact resolution request", ex);
}
return signature;
}
开发者ID:inbloom,项目名称:secure-data-service,代码行数:20,代码来源:SamlHelper.java
示例13: determineEntityCertificate
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* Determines the certificate, from the collection, associated with the private key.
*
* @param certs certificates to check
* @param privateKey entity's private key
*
* @return the certificate associated with entity's private key or null if not certificate in the collection is
* associated with the given private key
*
* @throws SecurityException thrown if the public or private keys checked are of an unsupported type
*
* @since 1.2
*/
public static X509Certificate determineEntityCertificate(Collection<X509Certificate> certs, PrivateKey privateKey)
throws SecurityException {
if (certs == null || privateKey == null) {
return null;
}
for (X509Certificate certificate : certs) {
try {
if (SecurityHelper.matchKeyPair(certificate.getPublicKey(), privateKey)) {
return certificate;
}
} catch (SecurityException e) {
// An exception here is just a false match.
// Java 7 apparently throws in this case.
}
}
return null;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:33,代码来源:X509Util.java
示例14: buildBasicCredential
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* Construct a basic credential containing the specified key and set of key names.
*
* @param key the key to include in the credential
* @param keyNames the key names to include in the credential
* @return a basic credential with the specified key and key names
* @throws SecurityException if there is an error building the credential
*/
protected Credential buildBasicCredential(Key key, Set<String> keyNames) throws SecurityException {
if (key == null) {
log.debug("Key supplied was null, could not build credential");
return null;
}
BasicCredential basicCred = new BasicCredential();
basicCred.getKeyNames().addAll(keyNames);
if (key instanceof PublicKey) {
basicCred.setPublicKey((PublicKey) key);
} else if (key instanceof SecretKey) {
basicCred.setSecretKey((SecretKey) key);
} else if (key instanceof PrivateKey) {
// This would be unusual for most KeyInfo use cases,
// but go ahead and try and handle it
PrivateKey privateKey = (PrivateKey) key;
try {
PublicKey publicKey = SecurityHelper.derivePublicKey(privateKey);
if (publicKey != null) {
basicCred.setPublicKey(publicKey);
basicCred.setPrivateKey(privateKey);
} else {
log.error("Failed to derive public key from private key");
return null;
}
} catch (KeyException e) {
log.error("Could not derive public key from private key", e);
return null;
}
} else {
log.error(String.format("Key was of an unsupported type '%s'", key.getClass().getName()));
return null;
}
return basicCred;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:47,代码来源:BasicProviderKeyInfoCredentialResolver.java
示例15: buildX509Digest
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* Build an {@link X509Digest} containing the digest of the specified certificate.
*
* @param javaCert the Java X509Certificate to digest
* @param algorithmURI digest algorithm URI
* @return a new X509Digest object
* @throws NoSuchAlgorithmException if the algorithm specified cannot be used
* @throws CertificateEncodingException if the certificate cannot be encoded
*/
public static X509Digest buildX509Digest(X509Certificate javaCert, String algorithmURI)
throws NoSuchAlgorithmException, CertificateEncodingException {
String jceAlg = SecurityHelper.getAlgorithmIDFromURI(algorithmURI);
if (jceAlg == null) {
throw new NoSuchAlgorithmException("No JCE algorithm found for " + algorithmURI);
}
MessageDigest md = MessageDigest.getInstance(jceAlg);
byte[] hash = md.digest(javaCert.getEncoded());
X509Digest xmlDigest = (X509Digest) Configuration.getBuilderFactory()
.getBuilder(X509Digest.DEFAULT_ELEMENT_NAME)
.buildObject(X509Digest.DEFAULT_ELEMENT_NAME);
xmlDigest.setAlgorithm(algorithmURI);
xmlDigest.setValue(Base64.encodeBytes(hash));
return xmlDigest;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:28,代码来源:KeyInfoHelper.java
示例16: evaluate
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/** {@inheritDoc} */
public Boolean evaluate(Credential target) {
if (target == null) {
log.error("Credential target was null");
return null;
}
Key key = getKey(target);
if (key == null) {
log.info("Could not evaluate criteria, credential contained no key");
return null;
}
Integer length = SecurityHelper.getKeyLength(key);
if (length == null) {
log.info("Could not evaluate criteria, can not determine length of key");
return null;
}
Boolean result = keyLength.equals(length);
return result;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:21,代码来源:EvaluableKeyLengthCredentialCriteria.java
示例17: validate
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/** {@inheritDoc} */
public void validate(Signature signature) throws ValidationException {
log.debug("Attempting to validate signature using key from supplied credential");
XMLSignature xmlSig = buildSignature(signature);
Key validationKey = SecurityHelper.extractVerificationKey(validationCredential);
if (validationKey == null) {
log.debug("Supplied credential contained no key suitable for signature validation");
throw new ValidationException("No key available to validate signature");
}
log.debug("Validating signature with signature algorithm URI: {}", signature.getSignatureAlgorithm());
log.debug("Validation credential key algorithm '{}', key instance class '{}'",
validationKey.getAlgorithm(), validationKey.getClass().getName());
try {
if (xmlSig.checkSignatureValue(validationKey)) {
log.debug("Signature validated with key from supplied credential");
return;
}
} catch (XMLSignatureException e) {
throw new ValidationException("Unable to evaluate key against signature", e);
}
log.debug("Signature did not validate against the credential's key");
throw new ValidationException("Signature did not validate against the credential's key");
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:30,代码来源:SignatureValidator.java
示例18: validate
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/** {@inheritDoc} */
public boolean validate(Signature signature, CriteriaSet trustBasisCriteria) throws SecurityException {
checkParams(signature, trustBasisCriteria);
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.addAll(trustBasisCriteria);
if (!criteriaSet.contains(UsageCriteria.class)) {
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
}
String jcaAlgorithm = SecurityHelper.getKeyAlgorithmFromURI(signature.getSignatureAlgorithm());
if (!DatatypeHelper.isEmpty(jcaAlgorithm)) {
criteriaSet.add(new KeyAlgorithmCriteria(jcaAlgorithm), true);
}
Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(criteriaSet);
if (validate(signature, trustedCredentials)) {
return true;
}
// If the credentials extracted from Signature's KeyInfo (if any) did not verify the
// signature and/or establish trust, as a fall back attempt to verify the signature with
// the trusted credentials directly.
log.debug("Attempting to verify signature using trusted credentials");
for (Credential trustedCredential : trustedCredentials) {
if (verifySignature(signature, trustedCredential)) {
log.debug("Successfully verified signature using resolved trusted credential");
return true;
}
}
log.debug("Failed to verify signature using either KeyInfo-derived or directly trusted credentials");
return false;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:36,代码来源:ExplicitKeySignatureTrustEngine.java
示例19: validate
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/** {@inheritDoc} */
public boolean validate(byte[] signature, byte[] content, String algorithmURI, CriteriaSet trustBasisCriteria,
Credential candidateCredential) throws SecurityException {
if (candidateCredential == null || SecurityHelper.extractVerificationKey(candidateCredential) == null) {
log.debug("Candidate credential was either not supplied or did not contain verification key");
log.debug("PKIX trust engine requires supplied key, skipping PKIX trust evaluation");
return false;
}
checkParamsRaw(signature, content, algorithmURI, trustBasisCriteria);
Pair<Set<String>, Iterable<PKIXValidationInformation>> validationPair =
resolveValidationInfo(trustBasisCriteria);
try {
if (SigningUtil.verifyWithURI(candidateCredential, algorithmURI, signature, content)) {
log.debug("Successfully verified raw signature using supplied candidate credential");
log.debug("Attempting to establish trust of supplied candidate credential");
if (evaluateTrust(candidateCredential, validationPair)) {
log.debug("Successfully established trust of supplied candidate credential");
return true;
} else {
log.debug("Failed to establish trust of supplied candidate credential");
}
} else {
log.debug("Cryptographic verification of raw signature failed with candidate credential");
}
} catch (SecurityException e) {
// Java 7 now throws this exception under conditions such as mismatched key sizes.
// Swallow this, it's logged by the verifyWithURI method already.
}
log.debug("PKIX validation of raw signature failed, "
+ "unable to establish trust of supplied verification credential");
return false;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:38,代码来源:PKIXSignatureTrustEngine.java
示例20: buildKeyAlgorithmCriteria
import org.opensaml.xml.security.SecurityHelper; //导入依赖的package包/类
/**
* Dynamically construct key algorithm credential criteria based on the specified algorithm URI.
*
* @param encAlgorithmURI the algorithm URI
* @return a new key algorithm credential criteria instance, or null if criteria could not be determined
*/
private KeyAlgorithmCriteria buildKeyAlgorithmCriteria(String encAlgorithmURI) {
if (DatatypeHelper.isEmpty(encAlgorithmURI)) {
return null;
}
String jcaKeyAlgorithm = SecurityHelper.getKeyAlgorithmFromURI(encAlgorithmURI);
if (!DatatypeHelper.isEmpty(jcaKeyAlgorithm)) {
return new KeyAlgorithmCriteria(jcaKeyAlgorithm);
}
return null;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:19,代码来源:Decrypter.java
注:本文中的org.opensaml.xml.security.SecurityHelper类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论