本文整理汇总了Java中org.opensaml.xml.signature.SignatureTrustEngine类的典型用法代码示例。如果您正苦于以下问题:Java SignatureTrustEngine类的具体用法?Java SignatureTrustEngine怎么用?Java SignatureTrustEngine使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
SignatureTrustEngine类属于org.opensaml.xml.signature包,在下文中一共展示了SignatureTrustEngine类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Java代码示例。
示例1: validateSignature
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/**
* @param queryString
* @param issuer
* @param alias
* @param domainName
* @return
* @throws SecurityException
* @throws IdentitySAML2SSOException
*/
@Override
public boolean validateSignature(String queryString, String issuer, String alias,
String domainName) throws SecurityException,
IdentitySAML2SSOException {
byte[] signature = getSignature(queryString);
byte[] signedContent = getSignedContent(queryString);
String algorithmUri = getSigAlg(queryString);
CriteriaSet criteriaSet = buildCriteriaSet(issuer);
// creating the SAML2HTTPRedirectDeflateSignatureRule
X509CredentialImpl credential =
SAMLSSOUtil.getX509CredentialImplForTenant(domainName,
alias);
List<Credential> credentials = new ArrayList<Credential>();
credentials.add(credential);
CollectionCredentialResolver credResolver = new CollectionCredentialResolver(credentials);
KeyInfoCredentialResolver kiResolver = SecurityHelper.buildBasicInlineKeyInfoResolver();
SignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver);
return engine.validate(signature, signedContent, algorithmUri, criteriaSet, null);
}
开发者ID:wso2-attic,项目名称:carbon-identity,代码行数:31,代码来源:SAML2HTTPRedirectDeflateSignatureValidator.java
示例2: setUp
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/** {@inheritDoc} */
protected void setUp() throws Exception {
super.setUp();
// Trust engine setup
issuer = "SomeCoolIssuer";
trustedCredentials = new ArrayList<Credential>();
trustedCredentials.add(otherCred1);
credResolver = new CollectionCredentialResolver(trustedCredentials);
KeyInfoCredentialResolver kiResolver = SecurityTestHelper.buildBasicInlineKeyInfoResolver();
SignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver);
rule = new SAML2HTTPRedirectDeflateSignatureRule(engine);
messageContext.setInboundMessageIssuer(issuer);
((SAMLMessageContext) messageContext).setInboundSAMLMessageAuthenticated(false);
messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
}
开发者ID:apigee,项目名称:java-opensaml2,代码行数:22,代码来源:SAML2HTTPRedirectDeflateSignatureSecurityPolicyRuleTest.java
示例3: setUp
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/** {@inheritDoc} */
protected void setUp() throws Exception {
super.setUp();
// Trust engine setup
issuer = "SomeCoolIssuer";
trustedCredentials = new ArrayList<Credential>();
trustedCredentials.add(otherCred1);
credResolver = new CollectionCredentialResolver(trustedCredentials);
KeyInfoCredentialResolver kiResolver = SecurityTestHelper.buildBasicInlineKeyInfoResolver();
SignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver);
rule = new SAML2HTTPPostSimpleSignRule(engine, parser, kiResolver);
messageContext.setInboundMessageIssuer(issuer);
((SAMLMessageContext) messageContext).setInboundSAMLMessageAuthenticated(false);
messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
}
开发者ID:apigee,项目名称:java-opensaml2,代码行数:22,代码来源:SAML2HTTPPostSimpleSignSecurityPolicyRuleTest.java
示例4: testEntityDescriptor
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
public void testEntityDescriptor() throws UnmarshallingException, CertificateException, XMLParserException {
X509Certificate cert = SecurityTestHelper.buildJavaX509Cert(openIDCertBase64);
X509Credential cred = SecurityHelper.getSimpleCredential(cert, null);
StaticCredentialResolver credResolver = new StaticCredentialResolver(cred);
SignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credResolver,
Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
Document mdDoc = parser.parse(SignatureValidationFilterTest.class.getResourceAsStream(openIDFileValid));
XMLObject xmlObject =
unmarshallerFactory.getUnmarshaller(mdDoc.getDocumentElement()).unmarshall(mdDoc.getDocumentElement());
assertTrue(xmlObject instanceof EntityDescriptor);
EntityDescriptor ed = (EntityDescriptor) xmlObject;
assertTrue(ed.isSigned());
assertNotNull("Signature was null", ed.getSignature());
SignatureValidationFilter filter = new SignatureValidationFilter(trustEngine);
try {
filter.doFilter(ed);
} catch (FilterException e) {
fail("Filter failed validation, should have succeeded: " + e.getMessage());
}
}
开发者ID:apigee,项目名称:java-opensaml2,代码行数:23,代码来源:SignatureValidationFilterTest.java
示例5: testEntityDescriptorInvalid
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
public void testEntityDescriptorInvalid() throws UnmarshallingException, CertificateException, XMLParserException {
X509Certificate cert = SecurityTestHelper.buildJavaX509Cert(openIDCertBase64);
X509Credential cred = SecurityHelper.getSimpleCredential(cert, null);
StaticCredentialResolver credResolver = new StaticCredentialResolver(cred);
SignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credResolver,
Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
Document mdDoc = parser.parse(SignatureValidationFilterTest.class.getResourceAsStream(openIDFileInvalid));
XMLObject xmlObject =
unmarshallerFactory.getUnmarshaller(mdDoc.getDocumentElement()).unmarshall(mdDoc.getDocumentElement());
assertTrue(xmlObject instanceof EntityDescriptor);
EntityDescriptor ed = (EntityDescriptor) xmlObject;
assertTrue(ed.isSigned());
assertNotNull("Signature was null", ed.getSignature());
SignatureValidationFilter filter = new SignatureValidationFilter(trustEngine);
try {
filter.doFilter(xmlObject);
fail("Filter passed validation, should have failed");
} catch (FilterException e) {
// do nothing, should fail
}
}
开发者ID:apigee,项目名称:java-opensaml2,代码行数:24,代码来源:SignatureValidationFilterTest.java
示例6: validate
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/** {@inheritDoc} */
public boolean validate(Signature token, CriteriaSet trustBasisCriteria) throws SecurityException {
for (SignatureTrustEngine engine : engines) {
if (engine.validate(token, trustBasisCriteria)) {
log.debug("Signature was trusted by chain member: {}", engine.getClass().getName());
return true;
}
}
return false;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:11,代码来源:ChainingSignatureTrustEngine.java
示例7: validateSignature
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/**
* Validate the simple signature.
*
* @param signature the signature value
* @param signedContent the content that was signed
* @param algorithmURI the signature algorithm URI which was used to sign the content
* @param criteriaSet criteria used to describe and/or resolve the information which serves as the basis for trust
* evaluation
* @param candidateCredentials the request-derived candidate credential(s) containing the validation key for the
* signature (optional)
* @return true if signature can be verified successfully, false otherwise
*
* @throws SecurityPolicyException thrown if there are errors during the signature validation process
*
*/
protected boolean validateSignature(byte[] signature, byte[] signedContent, String algorithmURI,
CriteriaSet criteriaSet, List<Credential> candidateCredentials) throws SecurityPolicyException {
SignatureTrustEngine engine = getTrustEngine();
// Some bindings allow candidate signing credentials to be supplied (e.g. via ds:KeyInfo), some do not.
// So have 2 slightly different cases.
try {
if (candidateCredentials == null || candidateCredentials.isEmpty()) {
if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, null)) {
log.debug("Simple signature validation (with no request-derived credentials) was successful");
return true;
} else {
log.warn("Simple signature validation (with no request-derived credentials) failed");
return false;
}
} else {
for (Credential cred : candidateCredentials) {
if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, cred)) {
log.debug("Simple signature validation succeeded with a request-derived credential");
return true;
}
}
log.warn("Signature validation using request-derived credentials failed");
return false;
}
} catch (SecurityException e) {
log.warn("There was an error evaluating the request's simple signature using the trust engine", e);
throw new SecurityPolicyException("Error during trust engine evaluation of the simple signature", e);
}
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:47,代码来源:BaseSAMLSimpleSignatureSecurityPolicyRule.java
示例8: SignatureValidationFilter
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/**
* Constructor.
*
* @param engine the trust engine used to validate signatures on incoming metadata.
*/
public SignatureValidationFilter(SignatureTrustEngine engine) {
if (engine == null) {
throw new IllegalArgumentException("Signature trust engine may not be null");
}
signatureTrustEngine = engine;
sigValidator = new SAMLSignatureProfileValidator();
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:14,代码来源:SignatureValidationFilter.java
示例9: validateSignature
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/**
* Validate the simple signature.
*
* @param signature the signature value
* @param signedContent the content that was signed
* @param algorithmURI the signature algorithm URI which was used to sign the content
* @param criteriaSet criteria used to describe and/or resolve the information which serves as the basis for trust
* evaluation
* @param candidateCredentials the request-derived candidate credential(s) containing the validation key for the
* signature (optional)
* @return true if signature can be verified successfully, false otherwise
*
* @throws SecurityPolicyException thrown if there are errors during the signature validation process
*
*/
protected boolean validateSignature(byte[] signature, byte[] signedContent, String algorithmURI,
CriteriaSet criteriaSet, List<Credential> candidateCredentials) throws SecurityPolicyException {
SignatureTrustEngine engine = getTrustEngine();
// Some bindings allow candidate signing credentials to be supplied (e.g. via ds:KeyInfo), some do not.
// So have 2 slightly different cases.
try {
if (candidateCredentials == null || candidateCredentials.isEmpty()) {
if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, null)) {
log.debug("Simple signature validation (with no request-derived credentials) was successful");
return true;
} else {
log.error("Simple signature validation (with no request-derived credentials) failed");
return false;
}
} else {
for (Credential cred : candidateCredentials) {
if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, cred)) {
log.debug("Simple signature validation succeeded with a request-derived credential");
return true;
}
}
log.error("Signature validation using request-derived credentials failed");
return false;
}
} catch (SecurityException e) {
log.error("There was an error evaluating the request's simple signature using the trust engine", e);
throw new SecurityPolicyException("Error during trust engine evaluation of the simple signature", e);
}
}
开发者ID:apigee,项目名称:java-opensaml2,代码行数:47,代码来源:BaseSAMLSimpleSignatureSecurityPolicyRule.java
示例10: validateSignature
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/**
* Validate the simple signature.
*
* @param signature the signature value
* @param signedContent the content that was signed
* @param algorithmURI the signature algorithm URI which was used to sign the content
* @param criteriaSet criteria used to describe and/or resolve the information which serves as the basis for trust
* evaluation
* @param candidateCredentials the request-derived candidate credential(s) containing the validation key for the
* signature (optional)
* @return true if signature can be verified successfully, false otherwise
*
* @throws SecurityPolicyException thrown if there are errors during the signature validation process
*
*/
protected boolean validateSignature(byte[] signature, byte[] signedContent, String algorithmURI,
CriteriaSet criteriaSet, List<Credential> candidateCredentials) throws SecurityPolicyException {
SignatureTrustEngine engine = getTrustEngine();
// Some bindings allow candidate signing credentials to be supplied (e.g. via ds:KeyInfo), some do not.
// So have 2 slightly different cases.
try {
if (candidateCredentials == null || candidateCredentials.isEmpty()) {
if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, null)) {
log.debug("Simple signature validation (with no request-derived credentials) was successful");
return true;
} else {
log.warn("Simple signature validation (with no request-derived credentials) failed");
return false;
}
} else {
for (Credential cred : candidateCredentials) {
if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, cred)) {
log.debug("Simple signature validation succeeded with a request-derived credential");
return true;
}
}
log.warn("Signature validation using request-derived credentials failed");
return false;
}
} catch (org.opensaml.xml.security.SecurityException e) {
log.warn("There was an error evaluating the request's simple signature using the trust engine", e);
throw new SecurityPolicyException("Error during trust engine evaluation of the simple signature", e);
}
}
开发者ID:brainysmith,项目名称:idp-play-bridge,代码行数:47,代码来源:BaseSAMLSimpleSignatureSecurityPolicyRuleExtended.java
示例11: ChainingSignatureTrustEngine
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/** Constructor. */
public ChainingSignatureTrustEngine() {
engines = new ArrayList<SignatureTrustEngine>();
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:5,代码来源:ChainingSignatureTrustEngine.java
示例12: SAMLResponseValidator
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
public SAMLResponseValidator(SignatureTrustEngine trustEngine, Decrypter decrypter, String callbackUrl) {
this.trustEngine = trustEngine;
this.decrypter = decrypter;
this.callbackUrl = callbackUrl;
}
开发者ID:milinda,项目名称:play-samlsso,代码行数:6,代码来源:SAMLResponseValidator.java
示例13: SAML2HTTPRedirectDeflateSignatureRuleExtended
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
public SAML2HTTPRedirectDeflateSignatureRuleExtended(SignatureTrustEngine engine) {
super(engine);
}
开发者ID:brainysmith,项目名称:idp-play-bridge,代码行数:4,代码来源:SAML2HTTPRedirectDeflateSignatureRuleExtended.java
示例14: getSignatureTrustEngine
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
@Override
public SignatureTrustEngine getSignatureTrustEngine() {
return this.signatureTrustEngine;
}
开发者ID:mxbossard,项目名称:java-saml2-sp,代码行数:5,代码来源:BasicIdpConfig.java
示例15: SAML2HTTPPostSimpleSignRule
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/**
* Constructor.
*
* @param engine the trust engine to use
* @param parserPool the parser pool used to parse the KeyInfo request parameter
* @param keyInfoCredResolver the KeyInfo credential resovler to use to extract credentials from the KeyInfo request
* parameter
*/
public SAML2HTTPPostSimpleSignRule(SignatureTrustEngine engine, ParserPool parserPool,
KeyInfoCredentialResolver keyInfoCredResolver) {
super(engine);
parser = parserPool;
keyInfoResolver = keyInfoCredResolver;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:15,代码来源:SAML2HTTPPostSimpleSignRule.java
示例16: SAML2HTTPPostSimpleSignRuleExtended
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/**
* Constructor.
*
* @param engine the trust engine to use
* @param parserPool the parser pool used to parse the KeyInfo request parameter
* @param keyInfoCredResolver the KeyInfo credential resovler to use to extract credentials from the KeyInfo request
* parameter
*/
public SAML2HTTPPostSimpleSignRuleExtended(SignatureTrustEngine engine, ParserPool parserPool,
KeyInfoCredentialResolver keyInfoCredResolver) {
super(engine);
parser = parserPool;
keyInfoResolver = keyInfoCredResolver;
}
开发者ID:brainysmith,项目名称:idp-play-bridge,代码行数:15,代码来源:SAML2HTTPPostSimpleSignRuleExtended.java
示例17: getChain
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/**
* Get the list of configured trust engines which constitute the trust evaluation chain.
*
* @return the modifiable list of trust engines in the chain
*/
public List<SignatureTrustEngine> getChain() {
return engines;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:9,代码来源:ChainingSignatureTrustEngine.java
示例18: BaseSAMLSimpleSignatureSecurityPolicyRule
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/**
* Constructor.
*
* @param engine the signature trust engine to use for signature validataion
*/
protected BaseSAMLSimpleSignatureSecurityPolicyRule(SignatureTrustEngine engine) {
trustEngine = engine;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:9,代码来源:BaseSAMLSimpleSignatureSecurityPolicyRule.java
示例19: getTrustEngine
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/**
* Gets the engine used to validate the signature.
*
* @return engine engine used to validate the signature
*/
protected SignatureTrustEngine getTrustEngine() {
return trustEngine;
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:9,代码来源:BaseSAMLSimpleSignatureSecurityPolicyRule.java
示例20: SAML2HTTPRedirectDeflateSignatureRule
import org.opensaml.xml.signature.SignatureTrustEngine; //导入依赖的package包/类
/**
* Constructor.
*
* @param engine the trust engine to use
*/
public SAML2HTTPRedirectDeflateSignatureRule(SignatureTrustEngine engine) {
super(engine);
}
开发者ID:lamsfoundation,项目名称:lams,代码行数:9,代码来源:SAML2HTTPRedirectDeflateSignatureRule.java
注:本文中的org.opensaml.xml.signature.SignatureTrustEngine类示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论