本文整理汇总了Java中org.opensaml.xml.security.criteria.UsageCriteria类的典型用法代码示例。如果您正苦于以下问题:Java UsageCriteria类的具体用法?Java UsageCriteria怎么用?Java UsageCriteria使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
UsageCriteria类属于org.opensaml.xml.security.criteria包,在下文中一共展示了UsageCriteria类的13个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。
示例1: buildCriteriaSet
import org.opensaml.xml.security.criteria.UsageCriteria; //导入依赖的package包/类
/** {@inheritDoc} */
protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext)
throws SecurityPolicyException {
if (!(messageContext instanceof SAMLMessageContext)) {
log.error("Supplied message context was not an instance of SAMLMessageContext, can not build criteria set from SAML metadata parameters");
throw new SecurityPolicyException("Supplied message context was not an instance of SAMLMessageContext");
}
SAMLMessageContext samlContext = (SAMLMessageContext) messageContext;
CriteriaSet criteriaSet = new CriteriaSet();
if (! DatatypeHelper.isEmpty(entityID)) {
criteriaSet.add(new EntityIDCriteria(entityID) );
}
MetadataCriteria mdCriteria =
new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext.getInboundSAMLProtocol());
criteriaSet.add(mdCriteria);
criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
return criteriaSet;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:24,代码来源:BaseSAMLXMLSignatureSecurityPolicyRule.java
示例2: buildCriteriaSet
import org.opensaml.xml.security.criteria.UsageCriteria; //导入依赖的package包/类
/**
* Build a criteria set suitable for input to the trust engine.
*
* @param entityID the candidate issuer entity ID which is being evaluated
* @param samlContext the message context which is being evaluated
* @return a newly constructly set of criteria suitable for the configured trust engine
* @throws SecurityPolicyException thrown if criteria set can not be constructed
*/
protected CriteriaSet buildCriteriaSet(String entityID, SAMLMessageContext samlContext)
throws SecurityPolicyException {
CriteriaSet criteriaSet = new CriteriaSet();
if (!DatatypeHelper.isEmpty(entityID)) {
criteriaSet.add(new EntityIDCriteria(entityID));
}
MetadataCriteria mdCriteria = new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext
.getInboundSAMLProtocol());
criteriaSet.add(mdCriteria);
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
return criteriaSet;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:25,代码来源:BaseSAMLSimpleSignatureSecurityPolicyRule.java
示例3: buildCriteriaSet
import org.opensaml.xml.security.criteria.UsageCriteria; //导入依赖的package包/类
/**
* Build the criteria set which will be used as input to the configured trust engine.
*
* @param signedMetadata the metadata element whose signature is being verified
* @param metadataEntryName the EntityDescriptor entityID or EntitiesDescriptor Name
* of the signature being evaluated
* @param isEntityGroup flag indicating whether the signed object is a metadata group (EntitiesDescriptor)
* @return the newly constructed criteria set
*/
protected CriteriaSet buildCriteriaSet(SignableXMLObject signedMetadata,
String metadataEntryName, boolean isEntityGroup) {
CriteriaSet newCriteriaSet = new CriteriaSet();
if (getDefaultCriteria() != null) {
newCriteriaSet.addAll( getDefaultCriteria() );
}
//TODO how to handle adding dynamic entity ID (or other) criteria (if at all?),
if (!newCriteriaSet.contains(UsageCriteria.class)) {
newCriteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
}
return newCriteriaSet;
}
开发者ID:apigee,项目名称:java-opensaml2,代码行数:27,代码来源:SignatureValidationFilter.java
示例4: buildCriteriaSet
import org.opensaml.xml.security.criteria.UsageCriteria; //导入依赖的package包/类
/**
* Build a criteria set suitable for input to the trust engine.
*
* @param entityID the candidate issuer entity ID which is being evaluated
* @param samlContext the message context which is being evaluated
* @return a newly constructly set of criteria suitable for the configured trust engine
* @throws SecurityPolicyException thrown if criteria set can not be constructed
*/
protected CriteriaSet buildCriteriaSet(String entityID, SAMLMessageContext samlContext)
throws SecurityPolicyException {
CriteriaSet criteriaSet = new CriteriaSet();
if (!DatatypeHelper.isEmpty(entityID)) {
criteriaSet.add(new EntityIDCriteria(entityID));
}
MetadataCriteria mdCriteria = new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext
.getInboundSAMLProtocol());
criteriaSet.add(mdCriteria);
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
return criteriaSet;
}
开发者ID:brainysmith,项目名称:idp-play-bridge,代码行数:25,代码来源:BaseSAMLSimpleSignatureSecurityPolicyRuleExtended.java
示例5: buildCriteriaSet
import org.opensaml.xml.security.criteria.UsageCriteria; //导入依赖的package包/类
/** {@inheritDoc} */
protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext)
throws SecurityPolicyException {
CriteriaSet criteriaSet = new CriteriaSet();
if (!DatatypeHelper.isEmpty(entityID)) {
criteriaSet.add(new EntityIDCriteria(entityID));
}
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
return criteriaSet;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:14,代码来源:ClientCertAuthRule.java
示例6: EvaluableUsageCredentialCriteria
import org.opensaml.xml.security.criteria.UsageCriteria; //导入依赖的package包/类
/**
* Constructor.
*
* @param criteria the criteria which is the basis for evaluation
*/
public EvaluableUsageCredentialCriteria(UsageCriteria criteria) {
if (criteria == null) {
throw new NullPointerException("Criteria instance may not be null");
}
usage = criteria.getUsage();
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:12,代码来源:EvaluableUsageCredentialCriteria.java
示例7: validate
import org.opensaml.xml.security.criteria.UsageCriteria; //导入依赖的package包/类
/** {@inheritDoc} */
public boolean validate(Signature signature, CriteriaSet trustBasisCriteria) throws SecurityException {
checkParams(signature, trustBasisCriteria);
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.addAll(trustBasisCriteria);
if (!criteriaSet.contains(UsageCriteria.class)) {
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
}
String jcaAlgorithm = SecurityHelper.getKeyAlgorithmFromURI(signature.getSignatureAlgorithm());
if (!DatatypeHelper.isEmpty(jcaAlgorithm)) {
criteriaSet.add(new KeyAlgorithmCriteria(jcaAlgorithm), true);
}
Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(criteriaSet);
if (validate(signature, trustedCredentials)) {
return true;
}
// If the credentials extracted from Signature's KeyInfo (if any) did not verify the
// signature and/or establish trust, as a fall back attempt to verify the signature with
// the trusted credentials directly.
log.debug("Attempting to verify signature using trusted credentials");
for (Credential trustedCredential : trustedCredentials) {
if (verifySignature(signature, trustedCredential)) {
log.debug("Successfully verified signature using resolved trusted credential");
return true;
}
}
log.debug("Failed to verify signature using either KeyInfo-derived or directly trusted credentials");
return false;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:36,代码来源:ExplicitKeySignatureTrustEngine.java
示例8: buildCredentialCriteria
import org.opensaml.xml.security.criteria.UsageCriteria; //导入依赖的package包/类
/**
* Utility method to build a new set of credential criteria based on the KeyInfo of an EncryptedData or
* EncryptedKey, and any additional static criteria which might have been supplied to the decrypter.
*
* @param encryptedType an EncryptedData or EncryptedKey for which to resolve decryption credentials
* @param staticCriteria static set of credential criteria to add to the new criteria set
* @return the new credential criteria set
*/
private CriteriaSet buildCredentialCriteria(EncryptedType encryptedType, CriteriaSet staticCriteria) {
CriteriaSet newCriteriaSet = new CriteriaSet();
// This is the main criteria based on the encrypted type's KeyInfo
newCriteriaSet.add(new KeyInfoCriteria(encryptedType.getKeyInfo()));
// Also attemtpt to dynamically construct key criteria based on information
// in the encrypted object
Set<Criteria> keyCriteria = buildKeyCriteria(encryptedType);
if (keyCriteria != null && !keyCriteria.isEmpty()) {
newCriteriaSet.addAll(keyCriteria);
}
// Add any static criteria which may have been supplied to the decrypter
if (staticCriteria != null && !staticCriteria.isEmpty()) {
newCriteriaSet.addAll(staticCriteria);
}
// If don't have a usage criteria yet from static criteria, add encryption usage
if (!newCriteriaSet.contains(UsageCriteria.class)) {
newCriteriaSet.add(new UsageCriteria(UsageType.ENCRYPTION));
}
return newCriteriaSet;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:35,代码来源:Decrypter.java
示例9: resolveFromSource
import org.opensaml.xml.security.criteria.UsageCriteria; //导入依赖的package包/类
/** {@inheritDoc} */
protected Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet) throws SecurityException {
checkCriteriaRequirements(criteriaSet);
String entityID = criteriaSet.get(EntityIDCriteria.class).getEntityID();
MetadataCriteria mdCriteria = criteriaSet.get(MetadataCriteria.class);
QName role = mdCriteria.getRole();
String protocol = mdCriteria.getProtocol();
UsageCriteria usageCriteria = criteriaSet.get(UsageCriteria.class);
UsageType usage = null;
if (usageCriteria != null) {
usage = usageCriteria.getUsage();
} else {
usage = UsageType.UNSPECIFIED;
}
// See Jira issue SIDP-229.
log.debug("Forcing on-demand metadata provider refresh if necessary");
try {
metadata.getMetadata();
} catch (MetadataProviderException e) {
// don't care about errors at this level
}
MetadataCacheKey cacheKey = new MetadataCacheKey(entityID, role, protocol, usage);
Collection<Credential> credentials = retrieveFromCache(cacheKey);
if (credentials == null) {
credentials = retrieveFromMetadata(entityID, role, protocol, usage);
cacheCredentials(cacheKey, credentials);
}
return credentials;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:36,代码来源:MetadataCredentialResolver.java
示例10: buildCriteriaSet
import org.opensaml.xml.security.criteria.UsageCriteria; //导入依赖的package包/类
/**
* Build the criteria set which will be used as input to the configured trust engine.
*
* @param signedMetadata the metadata element whose signature is being verified
* @param metadataEntryName the EntityDescriptor entityID, EntitiesDescriptor Name,
* AffiliationDescriptor affiliationOwnerID,
* or RoleDescriptor {@link #getRoleIDToken(String, RoleDescriptor)}
* corresponding to the element whose signature is being evaluated.
* This is used exclusively for logging/debugging purposes and
* should not be used operationally (e.g. for building the criteria set).
* @param isEntityGroup flag indicating whether the signed object is a metadata group (EntitiesDescriptor)
* @return the newly constructed criteria set
*/
protected CriteriaSet buildCriteriaSet(SignableXMLObject signedMetadata,
String metadataEntryName, boolean isEntityGroup) {
CriteriaSet newCriteriaSet = new CriteriaSet();
if (getDefaultCriteria() != null) {
newCriteriaSet.addAll( getDefaultCriteria() );
}
if (!newCriteriaSet.contains(UsageCriteria.class)) {
newCriteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
}
// TODO how to handle adding dynamic entity ID and/or other criteria for trust engine consumption?
//
// Have 4 signed metadata types:
// 1) EntitiesDescriptor
// 2) EntityDescriptor
// 3) RoleDescriptor
// 4) AffiliationDescriptor
//
// Logic will likely vary for how to specify criteria to trust engine for different types + specific use cases,
// e.g. for federation metadata publishers of EntitiesDescriptors vs. "self-signed" EntityDescriptors.
// May need to delegate to more specialized subclasses.
return newCriteriaSet;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:41,代码来源:SignatureValidationFilter.java
示例11: buildCriteriaSet
import org.opensaml.xml.security.criteria.UsageCriteria; //导入依赖的package包/类
/**
* Build a criteria set suitable for input to the trust engine.
*
* @param issuer
* @return
* @throws SecurityPolicyException
*/
private static CriteriaSet buildCriteriaSet(String issuer) {
CriteriaSet criteriaSet = new CriteriaSet();
if (!DatatypeHelper.isEmpty(issuer)) {
criteriaSet.add(new EntityIDCriteria(issuer));
}
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
return criteriaSet;
}
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:16,代码来源:SAML2HTTPRedirectDeflateSignatureValidator.java
示例12: resolveFromSource
import org.opensaml.xml.security.criteria.UsageCriteria; //导入依赖的package包/类
/** {@inheritDoc} */
protected Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet) throws SecurityException {
checkCriteriaRequirements(criteriaSet);
String entityID = criteriaSet.get(EntityIDCriteria.class).getEntityID();
MetadataCriteria mdCriteria = criteriaSet.get(MetadataCriteria.class);
QName role = mdCriteria.getRole();
String protocol = mdCriteria.getProtocol();
UsageCriteria usageCriteria = criteriaSet.get(UsageCriteria.class);
UsageType usage = null;
if (usageCriteria != null) {
usage = usageCriteria.getUsage();
} else {
usage = UsageType.UNSPECIFIED;
}
MetadataCacheKey cacheKey = new MetadataCacheKey(entityID, role, protocol, usage);
Collection<Credential> credentials = retrieveFromCache(cacheKey);
if (credentials == null) {
credentials = retrieveFromMetadata(entityID, role, protocol, usage);
cacheCredentials(cacheKey, credentials);
}
return credentials;
}
开发者ID:apigee,项目名称:java-opensaml2,代码行数:28,代码来源:MetadataCredentialResolver.java
示例13: validateResponseSignature
import org.opensaml.xml.security.criteria.UsageCriteria; //导入依赖的package包/类
/**
* 09-03-2014(Milinda) - Copied from pac4j and modify to make it work in this code.
* @param samlResponse
* @param messageContext
* @throws Exception
*/
private void validateResponseSignature(Response samlResponse, SAMLMessageContext messageContext) throws Exception {
if (!samlResponse.isSigned()) {
return;
}
SAMLSignatureProfileValidator signatureProfileValidator = new SAMLSignatureProfileValidator();
try {
signatureProfileValidator.validate(samlResponse.getSignature());
} catch (ValidationException ve) {
log.error("SAML response contains invalid signature profile.");
throw new Exception("Invalid SAML response.", ve);
}
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));
criteriaSet.add(new EntityIDCriteria(messageContext.getPeerEntityId()));
boolean valid;
try {
valid = trustEngine.validate(samlResponse.getSignature(), criteriaSet);
} catch (Exception e) {
throw new Exception("SAML response signature validation failed.", e);
}
if (!valid) {
log.error("Invalid signature in SAML response.");
throw new Exception("Invalid SAML response.");
}
messageContext.setInboundSAMLMessageAuthenticated(true);
}
开发者ID:milinda,项目名称:play-samlsso,代码行数:41,代码来源:SAMLResponseValidator.java
注:本文中的org.opensaml.xml.security.criteria.UsageCriteria类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论