/** * Check the signature and credential criteria for required values. * * @param signature the signature to be evaluated * @param trustBasisCriteria the set of trusted credential criteria * @throws SecurityException thrown if required values are absent or otherwise invalid */ protected void checkParams(Signature signature, CriteriaSet trustBasisCriteria) throws SecurityException { if (signature == null) { throw new SecurityException("Signature was null"); } if (trustBasisCriteria == null) { throw new SecurityException("Trust basis criteria set was null"); } if (trustBasisCriteria.isEmpty()) { throw new SecurityException("Trust basis criteria set was empty"); } }
spSSODescriptor.getKeyDescriptors().add(encKeyDescriptor); } catch (SecurityException e) { s_logger.warn("Unable to add SP X509 descriptors:" + e.getMessage());
} catch (SecurityException e) { log.warn("Could not perform sanity check against credential public and private key: {}", e.getMessage()); throw new SecurityException("Mismatch between credential public and private key");
} catch (SecurityException e) { log.warn("Could not perform sanity check against credential public and private key: {}", e.getMessage()); throw new SecurityException("Mismatch between credential public and private key");
/** * Check the signature and credential criteria for required values. * * @param signature the signature to be evaluated * @param trustBasisCriteria the set of trusted credential criteria * @throws SecurityException thrown if required values are absent or otherwise invalid */ protected void checkParams(Signature signature, CriteriaSet trustBasisCriteria) throws SecurityException { if (signature == null) { throw new SecurityException("Signature was null"); } if (trustBasisCriteria == null) { throw new SecurityException("Trust basis criteria set was null"); } if (trustBasisCriteria.isEmpty()) { throw new SecurityException("Trust basis criteria set was empty"); } }
metadataEntryName, e.getMessage()); throw new FilterException("Error processing signature verification for metadata entry", e);
/** * Check the parameters for required values. * * @param untrustedCredential the signature to be evaluated * @param trustBasisCriteria the set of trusted credential criteria * @throws SecurityException thrown if required values are absent or otherwise invalid */ protected void checkParams(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException { if (untrustedCredential == null) { throw new SecurityException("Untrusted credential was null"); } if (trustBasisCriteria == null) { throw new SecurityException("Trust basis criteria set was null"); } if (trustBasisCriteria.isEmpty()) { throw new SecurityException("Trust basis criteria set was empty"); } }
} catch (org.opensaml.xml.security.SecurityException e) { throw new AuthenticationResponseProcessorException( "OpenSAML security error: " + e.getMessage(), e);
/** * Check the parameters for required values. * * @param untrustedCredential the credential to be evaluated * @param trustBasisCriteria the set of trusted credential criteria * @throws SecurityException thrown if required values are absent or otherwise invalid */ protected void checkParams(Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException { if (untrustedCredential == null) { throw new SecurityException("Untrusted credential was null"); } if (trustBasisCriteria == null) { throw new SecurityException("Trust basis criteria set was null"); } if (trustBasisCriteria.isEmpty()) { throw new SecurityException("Trust basis criteria set was empty"); } }
/** * Check the parameters for required values. * * @param untrustedCredential the credential to be evaluated * @param trustBasisCriteria the set of trusted credential criteria * @throws SecurityException thrown if required values are absent or otherwise invalid */ protected void checkParams(Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException { if (untrustedCredential == null) { throw new SecurityException("Untrusted credential was null"); } if (trustBasisCriteria == null) { throw new SecurityException("Trust basis criteria set was null"); } if (trustBasisCriteria.isEmpty()) { throw new SecurityException("Trust basis criteria set was empty"); } }
/** * Check the parameters for required values. * * @param untrustedCredential the signature to be evaluated * @param trustBasisCriteria the set of trusted credential criteria * @throws SecurityException thrown if required values are absent or otherwise invalid */ protected void checkParams(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException { if (untrustedCredential == null) { throw new SecurityException("Untrusted credential was null"); } if (trustBasisCriteria == null) { throw new SecurityException("Trust basis criteria set was null"); } if (trustBasisCriteria.isEmpty()) { throw new SecurityException("Trust basis criteria set was empty"); } }
/** * Check the signature and credential criteria for required values. * * @param signature the signature to be evaluated * @param content the data over which the signature was computed * @param algorithmURI the signing algorithm URI which was used * @param trustBasisCriteria the set of trusted credential criteria * @throws SecurityException thrown if required values are absent or otherwise invalid */ protected void checkParamsRaw(byte[] signature, byte[] content, String algorithmURI, CriteriaSet trustBasisCriteria) throws SecurityException { if (signature == null || signature.length == 0) { throw new SecurityException("Signature byte array was null or empty"); } if (content == null || content.length == 0) { throw new SecurityException("Content byte array was null or empty"); } if (DatatypeHelper.isEmpty(algorithmURI)) { throw new SecurityException("Signature algorithm was null or empty"); } if (trustBasisCriteria == null) { throw new SecurityException("Trust basis criteria set was null"); } if (trustBasisCriteria.isEmpty()) { throw new SecurityException("Trust basis criteria set was empty"); } }
/** * Check the signature and credential criteria for required values. * * @param signature the signature to be evaluated * @param content the data over which the signature was computed * @param algorithmURI the signing algorithm URI which was used * @param trustBasisCriteria the set of trusted credential criteria * @throws SecurityException thrown if required values are absent or otherwise invalid */ protected void checkParamsRaw(byte[] signature, byte[] content, String algorithmURI, CriteriaSet trustBasisCriteria) throws SecurityException { if (signature == null || signature.length == 0) { throw new SecurityException("Signature byte array was null or empty"); } if (content == null || content.length == 0) { throw new SecurityException("Content byte array was null or empty"); } if (DatatypeHelper.isEmpty(algorithmURI)) { throw new SecurityException("Signature algorithm was null or empty"); } if (trustBasisCriteria == null) { throw new SecurityException("Trust basis criteria set was null"); } if (trustBasisCriteria.isEmpty()) { throw new SecurityException("Trust basis criteria set was empty"); } }
/** * Extract certificates from a KeyInfo element. * * @param keyInfo the KeyInfo instance from which to extract certificates * @return a collection of X509 certificates, possibly empty * @throws SecurityException thrown if the certificate information is represented in an unsupported format */ protected List<X509Certificate> getX509Certificates(KeyInfo keyInfo) throws SecurityException { try { return KeyInfoHelper.getCertificates(keyInfo); } catch (CertificateException e) { throw new SecurityException("Error extracting certificates from KeyAuthority KeyInfo", e); } }
/** * Extract CRL's from a KeyInfo element. * * @param keyInfo the KeyInfo instance from which to extract CRL's * @return a collection of X509 CRL's, possibly empty * @throws SecurityException thrown if the CRL information is represented in an unsupported format */ protected List<X509CRL> getX509CRLs(KeyInfo keyInfo) throws SecurityException { try { return KeyInfoHelper.getCRLs(keyInfo); } catch (CRLException e) { throw new SecurityException("Error extracting CRL's from KeyAuthority KeyInfo", e); } }
/** * Extract certificates from the X509Data. * * @param x509Data the X509Data element * @return a list of X509Certificates * @throws SecurityException thrown if there is an error extracting certificates */ private List<X509Certificate> extractCertificates(X509Data x509Data) throws SecurityException { List<X509Certificate> certs = null; try { certs = KeyInfoHelper.getCertificates(x509Data); } catch (CertificateException e) { log.error("Error extracting certificates from X509Data", e); throw new SecurityException("Error extracting certificates from X509Data", e); } log.debug("Found {} X509Certificates", certs.size()); return certs; }
/** * Extract CRL's from the X509Data. * * @param x509Data the X509Data element * @return a list of X509CRLs * @throws SecurityException thrown if there is an error extracting CRL's */ private List<X509CRL> extractCRLs(X509Data x509Data) throws SecurityException { List<X509CRL> crls = null; try { crls = KeyInfoHelper.getCRLs(x509Data); } catch (CRLException e) { log.error("Error extracting CRL's from X509Data", e); throw new SecurityException("Error extracting CRL's from X509Data", e); } log.debug("Found {} X509CRLs", crls.size()); return crls; }
/** * Extract certificates from the X509Data. * * @param x509Data the X509Data element * @return a list of X509Certificates * @throws SecurityException thrown if there is an error extracting certificates */ private List<X509Certificate> extractCertificates(X509Data x509Data) throws SecurityException { List<X509Certificate> certs = null; try { certs = KeyInfoHelper.getCertificates(x509Data); } catch (CertificateException e) { log.error("Error extracting certificates from X509Data", e); throw new SecurityException("Error extracting certificates from X509Data", e); } log.debug("Found {} X509Certificates", certs.size()); return certs; }
/** * Extract CRL's from the X509Data. * * @param x509Data the X509Data element * @return a list of X509CRLs * @throws SecurityException thrown if there is an error extracting CRL's */ private List<X509CRL> extractCRLs(X509Data x509Data) throws SecurityException { List<X509CRL> crls = null; try { crls = KeyInfoHelper.getCRLs(x509Data); } catch (CRLException e) { log.error("Error extracting CRL's from X509Data", e); throw new SecurityException("Error extracting CRL's from X509Data", e); } log.debug("Found {} X509CRLs", crls.size()); return crls; }
/** * Get the XML Signature-compliant digest of an X.509 certificate. * * @param certificate an X.509 certificate * @param algorithmURI URI of digest algorithm to apply * @return the raw digest of the certificate * @throws SecurityException is algorithm is unsupported or encoding is not possible */ public static byte[] getX509Digest(X509Certificate certificate, String algorithmURI) throws SecurityException { Logger log = getLogger(); String alg = SecurityHelper.getAlgorithmIDFromURI(algorithmURI); if (alg == null) { log.error("Algorithm {} is unsupported", algorithmURI); throw new SecurityException("Algorithm " + algorithmURI + " is unsupported"); } try { MessageDigest hasher = MessageDigest.getInstance(alg); return hasher.digest(certificate.getEncoded()); } catch (CertificateEncodingException e) { log.error("Unable to encode certificate for digest operation", e); throw new SecurityException("Unable to encode certificate for digest operation", e); } catch (NoSuchAlgorithmException e) { log.error("Algorithm {} is unsupported", alg); throw new SecurityException("Algorithm " + alg + " is unsupported", e); } }