CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add(new EntityIDCriteria(openSAMLContext.entityId())); criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); try {
/** * Check that required credential criteria are available. * * @param criteriaSet the credential criteria set to evaluate */ protected void checkCriteriaRequirements(CriteriaSet criteriaSet) { EntityIDCriteria entityCriteria = criteriaSet.get(EntityIDCriteria.class); if (entityCriteria == null) { log.error("EntityIDCriteria was not specified in the criteria set, resolution can not be attempted"); throw new IllegalArgumentException("No EntityIDCriteria was available in criteria set"); } }
/** * Utility method to build a new set of credential criteria based on the KeyInfo of an EncryptedData or * EncryptedKey, and any additional static criteria which might have been supplied to the decrypter. * * @param encryptedType an EncryptedData or EncryptedKey for which to resolve decryption credentials * @param staticCriteria static set of credential criteria to add to the new criteria set * @return the new credential criteria set */ private CriteriaSet buildCredentialCriteria(EncryptedType encryptedType, CriteriaSet staticCriteria) { CriteriaSet newCriteriaSet = new CriteriaSet(); // This is the main criteria based on the encrypted type's KeyInfo newCriteriaSet.add(new KeyInfoCriteria(encryptedType.getKeyInfo())); // Also attemtpt to dynamically construct key criteria based on information // in the encrypted object Set<Criteria> keyCriteria = buildKeyCriteria(encryptedType); if (keyCriteria != null && !keyCriteria.isEmpty()) { newCriteriaSet.addAll(keyCriteria); } // Add any static criteria which may have been supplied to the decrypter if (staticCriteria != null && !staticCriteria.isEmpty()) { newCriteriaSet.addAll(staticCriteria); } // If don't have a usage criteria yet from static criteria, add encryption usage if (!newCriteriaSet.contains(UsageCriteria.class)) { newCriteriaSet.add(new UsageCriteria(UsageType.ENCRYPTION)); } return newCriteriaSet; }
private Credential resolveCredential(String entityId) { try { return keyManager.resolveSingle(new CriteriaSet(new EntityIDCriteria(entityId))); } catch (SecurityException e) { throw new RuntimeException(e); } }
/** * A convenience constructor for constructing and adding a single criteria. * * @param criteria a single criteria */ public CriteriaSet(Criteria criteria) { super(); add(criteria); }
/** * Check the parameters for required values. * * @param untrustedCredential the signature to be evaluated * @param trustBasisCriteria the set of trusted credential criteria * @throws SecurityException thrown if required values are absent or otherwise invalid */ protected void checkParams(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException { if (untrustedCredential == null) { throw new SecurityException("Untrusted credential was null"); } if (trustBasisCriteria == null) { throw new SecurityException("Trust basis criteria set was null"); } if (trustBasisCriteria.isEmpty()) { throw new SecurityException("Trust basis criteria set was empty"); } }
CriteriaSet keyInfoCriteriaSet = new CriteriaSet(keyInfoCriteria);
/** * A convenience constructor for constructing and adding a single criteria. * * @param criteria a single criteria */ public CriteriaSet(Criteria criteria) { super(); add(criteria); }
/** * Check the parameters for required values. * * @param untrustedCredential the credential to be evaluated * @param trustBasisCriteria the set of trusted credential criteria * @throws SecurityException thrown if required values are absent or otherwise invalid */ protected void checkParams(Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException { if (untrustedCredential == null) { throw new SecurityException("Untrusted credential was null"); } if (trustBasisCriteria == null) { throw new SecurityException("Trust basis criteria set was null"); } if (trustBasisCriteria.isEmpty()) { throw new SecurityException("Trust basis criteria set was empty"); } }
/** {@inheritDoc} */ protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext) throws SecurityPolicyException { CriteriaSet criteriaSet = new CriteriaSet(); if (!DatatypeHelper.isEmpty(entityID)) { criteriaSet.add(new EntityIDCriteria(entityID)); } criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); return criteriaSet; }
/** * Utility method to build a new set of credential criteria based on the KeyInfo of an EncryptedData or * EncryptedKey, and any additional static criteria which might have been supplied to the decrypter. * * @param encryptedType an EncryptedData or EncryptedKey for which to resolve decryption credentials * @param staticCriteria static set of credential criteria to add to the new criteria set * @return the new credential criteria set */ private CriteriaSet buildCredentialCriteria(EncryptedType encryptedType, CriteriaSet staticCriteria) { CriteriaSet newCriteriaSet = new CriteriaSet(); // This is the main criteria based on the encrypted type's KeyInfo newCriteriaSet.add(new KeyInfoCriteria(encryptedType.getKeyInfo())); // Also attemtpt to dynamically construct key criteria based on information // in the encrypted object Set<Criteria> keyCriteria = buildKeyCriteria(encryptedType); if (keyCriteria != null && !keyCriteria.isEmpty()) { newCriteriaSet.addAll(keyCriteria); } // Add any static criteria which may have been supplied to the decrypter if (staticCriteria != null && !staticCriteria.isEmpty()) { newCriteriaSet.addAll(staticCriteria); } // If don't have a usage criteria yet from static criteria, add encryption usage if (!newCriteriaSet.contains(UsageCriteria.class)) { newCriteriaSet.add(new UsageCriteria(UsageType.ENCRYPTION)); } return newCriteriaSet; }
/** * Resolve credentials from local resolver using key name criteria. * * @param keyName the key name criteria * @return collection of local credentials identified by the specified key name * @throws SecurityException thrown if there is a problem resolving credentials from the * local credential resolver */ protected Collection<? extends Credential> resolveByKeyName(String keyName) throws SecurityException { ArrayList<Credential> localCreds = new ArrayList<Credential>(); CriteriaSet criteriaSet = new CriteriaSet( new KeyNameCriteria(keyName) ); for (Credential cred : getLocalCredentialResolver().resolve(criteriaSet)) { if (isLocalCredential(cred)) { localCreds.add(cred); } } return localCreds; }
/** * Check that required credential criteria are available. * * @param criteriaSet the credential criteria set to evaluate */ protected void checkCriteriaRequirements(CriteriaSet criteriaSet) { EntityIDCriteria entityCriteria = criteriaSet.get(EntityIDCriteria.class); if (entityCriteria == null) { log.error("EntityIDCriteria was not specified in the criteria set, resolution can not be attempted"); throw new IllegalArgumentException("No EntityIDCriteria was available in criteria set"); } }
/** {@inheritDoc} */ protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext) throws SecurityPolicyException { if (!(messageContext instanceof SAMLMessageContext)) { log.error("Supplied message context was not an instance of SAMLMessageContext, can not build criteria set from SAML metadata parameters"); throw new SecurityPolicyException("Supplied message context was not an instance of SAMLMessageContext"); } SAMLMessageContext samlContext = (SAMLMessageContext) messageContext; CriteriaSet criteriaSet = super.buildCriteriaSet(entityID, messageContext); MetadataCriteria mdCriteria = new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext.getInboundSAMLProtocol()); criteriaSet.add(mdCriteria); return criteriaSet; } }
/** * Check the parameters for required values. * * @param untrustedCredential the credential to be evaluated * @param trustBasisCriteria the set of trusted credential criteria * @throws SecurityException thrown if required values are absent or otherwise invalid */ protected void checkParams(Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException { if (untrustedCredential == null) { throw new SecurityException("Untrusted credential was null"); } if (trustBasisCriteria == null) { throw new SecurityException("Trust basis criteria set was null"); } if (trustBasisCriteria.isEmpty()) { throw new SecurityException("Trust basis criteria set was empty"); } }
private static CriteriaSet buildCriteriaSet(String issuer) { CriteriaSet criteriaSet = new CriteriaSet(); if (!DatatypeHelper.isEmpty(issuer)) { criteriaSet.add(new EntityIDCriteria(issuer)); } criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); return criteriaSet; }
String metadataEntryName, boolean isEntityGroup) { CriteriaSet newCriteriaSet = new CriteriaSet(); newCriteriaSet.addAll( getDefaultCriteria() ); if (!newCriteriaSet.contains(UsageCriteria.class)) { newCriteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
/** * Resolve credentials from local resolver using key name criteria. * * @param keyName the key name criteria * @return collection of local credentials identified by the specified key name * @throws SecurityException thrown if there is a problem resolving credentials from the * local credential resolver */ protected Collection<? extends Credential> resolveByKeyName(String keyName) throws SecurityException { ArrayList<Credential> localCreds = new ArrayList<Credential>(); CriteriaSet criteriaSet = new CriteriaSet( new KeyNameCriteria(keyName) ); for (Credential cred : getLocalCredentialResolver().resolve(criteriaSet)) { if (isLocalCredential(cred)) { localCreds.add(cred); } } return localCreds; }
/** * Check that all necessary credential criteria are available. * * @param criteriaSet the credential set to evaluate */ protected void checkCriteriaRequirements(CriteriaSet criteriaSet) { EntityIDCriteria entityCriteria = criteriaSet.get(EntityIDCriteria.class); MetadataCriteria mdCriteria = criteriaSet.get(MetadataCriteria.class); if (entityCriteria == null) { throw new IllegalArgumentException("Entity criteria must be supplied"); } if (mdCriteria == null) { throw new IllegalArgumentException("SAML metadata criteria must be supplied"); } if (DatatypeHelper.isEmpty(entityCriteria.getEntityID())) { throw new IllegalArgumentException("Credential owner entity ID criteria value must be supplied"); } if (mdCriteria.getRole() == null) { throw new IllegalArgumentException("Credential metadata role criteria value must be supplied"); } }
/** * Check the signature and credential criteria for required values. * * @param signature the signature to be evaluated * @param trustBasisCriteria the set of trusted credential criteria * @throws SecurityException thrown if required values are absent or otherwise invalid */ protected void checkParams(Signature signature, CriteriaSet trustBasisCriteria) throws SecurityException { if (signature == null) { throw new SecurityException("Signature was null"); } if (trustBasisCriteria == null) { throw new SecurityException("Trust basis criteria set was null"); } if (trustBasisCriteria.isEmpty()) { throw new SecurityException("Trust basis criteria set was empty"); } }