public Iterable<Credential> resolve(CriteriaSet criteriaSet) throws org.opensaml.xml.security.SecurityException { return credentialResolver.resolve(criteriaSet); }
try { Credential signingCredential = openSAMLContext.keyStoreCredentialResolver().resolveSingle(criteriaSet); String relayState = authState; LOG.debug("Sending authnRequest to {}", target);
/** * Get the iterator from the next resolver in the chain. * * @return an iterator of credentials */ private Iterator<Credential> getNextCredentialIterator() { while (resolverIterator.hasNext()) { currentResolver = resolverIterator.next(); log.debug("Getting credential iterator from next resolver in chain: {}", currentResolver.getClass().toString()); try { return currentResolver.resolve(critSet).iterator(); } catch (SecurityException e) { log.error(String.format("Error resolving credentials from chaining resolver member '%s'", currentResolver.getClass().getName()), e); if (resolverIterator.hasNext()) { log.error("Will attempt to resolve credentials from next member of resolver chain"); } } } log.debug("No more credential resolvers available in the resolver chain"); currentResolver = null; return null; }
public Credential resolveSingle(CriteriaSet criteriaSet) throws SecurityException { return credentialResolver.resolveSingle(criteriaSet); }
/** * Get the iterator from the next resolver in the chain. * * @return an iterator of credentials */ private Iterator<Credential> getNextCredentialIterator() { while (resolverIterator.hasNext()) { currentResolver = resolverIterator.next(); log.debug("Getting credential iterator from next resolver in chain: {}", currentResolver.getClass().toString()); try { return currentResolver.resolve(critSet).iterator(); } catch (SecurityException e) { log.error(String.format("Error resolving credentials from chaining resolver member '%s'", currentResolver.getClass().getName()), e); if (resolverIterator.hasNext()) { log.error("Will attempt to resolve credentials from next member of resolver chain"); } } } log.debug("No more credential resolvers available in the resolver chain"); currentResolver = null; return null; }
/** {@inheritDoc} */ public boolean validate(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException { checkParams(untrustedCredential, trustBasisCriteria); log.debug("Attempting to validate untrusted credential"); Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(trustBasisCriteria); return trustEvaluator.validate(untrustedCredential, trustedCredentials); }
/** {@inheritDoc} */ public boolean validate(X509Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException { checkParams(untrustedCredential, trustBasisCriteria); log.debug("Attempting to validate untrusted credential"); Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(trustBasisCriteria); return trustEvaluator.validate(untrustedCredential, trustedCredentials); }
/** {@inheritDoc} */ public boolean validate(Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException { checkParams(untrustedCredential, trustBasisCriteria); log.debug("Attempting to validate untrusted credential"); Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(trustBasisCriteria); return trustEvaluator.validate(untrustedCredential, trustedCredentials); }
/** {@inheritDoc} */ public boolean validate(Credential untrustedCredential, CriteriaSet trustBasisCriteria) throws SecurityException { checkParams(untrustedCredential, trustBasisCriteria); log.debug("Attempting to validate untrusted credential"); Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(trustBasisCriteria); return trustEvaluator.validate(untrustedCredential, trustedCredentials); }
/** * Resolve credentials from local resolver using key name criteria. * * @param keyName the key name criteria * @return collection of local credentials identified by the specified key name * @throws SecurityException thrown if there is a problem resolving credentials from the * local credential resolver */ protected Collection<? extends Credential> resolveByKeyName(String keyName) throws SecurityException { ArrayList<Credential> localCreds = new ArrayList<Credential>(); CriteriaSet criteriaSet = new CriteriaSet( new KeyNameCriteria(keyName) ); for (Credential cred : getLocalCredentialResolver().resolve(criteriaSet)) { if (isLocalCredential(cred)) { localCreds.add(cred); } } return localCreds; }
/** * Resolve credentials from local resolver using key name criteria. * * @param keyName the key name criteria * @return collection of local credentials identified by the specified key name * @throws SecurityException thrown if there is a problem resolving credentials from the * local credential resolver */ protected Collection<? extends Credential> resolveByKeyName(String keyName) throws SecurityException { ArrayList<Credential> localCreds = new ArrayList<Credential>(); CriteriaSet criteriaSet = new CriteriaSet( new KeyNameCriteria(keyName) ); for (Credential cred : getLocalCredentialResolver().resolve(criteriaSet)) { if (isLocalCredential(cred)) { localCreds.add(cred); } } return localCreds; }
/** * Resolve credentials from local resolver using public key criteria. * * @param publicKey the public key criteria * @return collection of local credentials which contain the private key * corresponding to the specified public key * @throws SecurityException thrown if there is a problem resolving credentials from the * local credential resolver */ protected Collection<? extends Credential> resolveByPublicKey(PublicKey publicKey) throws SecurityException { ArrayList<Credential> localCreds = new ArrayList<Credential>(); CriteriaSet criteriaSet = new CriteriaSet( new PublicKeyCriteria(publicKey) ); for (Credential cred : getLocalCredentialResolver().resolve(criteriaSet)) { if (isLocalCredential(cred)) { localCreds.add(cred); } } return localCreds; }
/** * Resolve credentials from local resolver using public key criteria. * * @param publicKey the public key criteria * @return collection of local credentials which contain the private key * corresponding to the specified public key * @throws SecurityException thrown if there is a problem resolving credentials from the * local credential resolver */ protected Collection<? extends Credential> resolveByPublicKey(PublicKey publicKey) throws SecurityException { ArrayList<Credential> localCreds = new ArrayList<Credential>(); CriteriaSet criteriaSet = new CriteriaSet( new PublicKeyCriteria(publicKey) ); for (Credential cred : getLocalCredentialResolver().resolve(criteriaSet)) { if (isLocalCredential(cred)) { localCreds.add(cred); } } return localCreds; }
Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(criteriaSet);
Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(criteriaSet);
/** {@inheritDoc} */ public boolean validate(Signature signature, CriteriaSet trustBasisCriteria) throws SecurityException { checkParams(signature, trustBasisCriteria); CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.addAll(trustBasisCriteria); if (!criteriaSet.contains(UsageCriteria.class)) { criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); } String jcaAlgorithm = SecurityHelper.getKeyAlgorithmFromURI(signature.getSignatureAlgorithm()); if (!DatatypeHelper.isEmpty(jcaAlgorithm)) { criteriaSet.add(new KeyAlgorithmCriteria(jcaAlgorithm), true); } Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(criteriaSet); if (validate(signature, trustedCredentials)) { return true; } // If the credentials extracted from Signature's KeyInfo (if any) did not verify the // signature and/or establish trust, as a fall back attempt to verify the signature with // the trusted credentials directly. log.debug("Attempting to verify signature using trusted credentials"); for (Credential trustedCredential : trustedCredentials) { if (verifySignature(signature, trustedCredential)) { log.debug("Successfully verified signature using resolved trusted credential"); return true; } } log.debug("Failed to verify signature using either KeyInfo-derived or directly trusted credentials"); return false; }
/** {@inheritDoc} */ public boolean validate(Signature signature, CriteriaSet trustBasisCriteria) throws SecurityException { checkParams(signature, trustBasisCriteria); CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.addAll(trustBasisCriteria); if (!criteriaSet.contains(UsageCriteria.class)) { criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); } String jcaAlgorithm = SecurityHelper.getKeyAlgorithmFromURI(signature.getSignatureAlgorithm()); if (!DatatypeHelper.isEmpty(jcaAlgorithm)) { criteriaSet.add(new KeyAlgorithmCriteria(jcaAlgorithm), true); } Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(criteriaSet); if (validate(signature, trustedCredentials)) { return true; } // If the credentials extracted from Signature's KeyInfo (if any) did not verify the // signature and/or establish trust, as a fall back attempt to verify the signature with // the trusted credentials directly. log.debug("Attempting to verify signature using trusted credentials"); for (Credential trustedCredential : trustedCredentials) { if (verifySignature(signature, trustedCredential)) { log.debug("Successfully verified signature using resolved trusted credential"); return true; } } log.debug("Failed to verify signature using either KeyInfo-derived or directly trusted credentials"); return false; }