/** * Constructor. * * @param criteria the criteria which is the basis for evaluation */ public EvaluableKeyAlgorithmCredentialCriteria(KeyAlgorithmCriteria criteria) { if (criteria == null) { throw new NullPointerException("Criteria instance may not be null"); } keyAlgorithm = criteria.getKeyAlgorithm(); }
/** * Constructor. * * @param algorithm key algorithm */ public KeyAlgorithmCriteria(String algorithm) { setKeyAlgorithm(algorithm); }
/** * Dynamically construct key algorithm credential criteria based on the specified algorithm URI. * * @param encAlgorithmURI the algorithm URI * @return a new key algorithm credential criteria instance, or null if criteria could not be determined */ private KeyAlgorithmCriteria buildKeyAlgorithmCriteria(String encAlgorithmURI) { if (DatatypeHelper.isEmpty(encAlgorithmURI)) { return null; } String jcaKeyAlgorithm = SecurityHelper.getKeyAlgorithmFromURI(encAlgorithmURI); if (!DatatypeHelper.isEmpty(jcaKeyAlgorithm)) { return new KeyAlgorithmCriteria(jcaKeyAlgorithm); } return null; }
/** * Dynamically construct key algorithm credential criteria based on the specified algorithm URI. * * @param encAlgorithmURI the algorithm URI * @return a new key algorithm credential criteria instance, or null if criteria could not be determined */ private KeyAlgorithmCriteria buildKeyAlgorithmCriteria(String encAlgorithmURI) { if (DatatypeHelper.isEmpty(encAlgorithmURI)) { return null; } String jcaKeyAlgorithm = SecurityHelper.getKeyAlgorithmFromURI(encAlgorithmURI); if (!DatatypeHelper.isEmpty(jcaKeyAlgorithm)) { return new KeyAlgorithmCriteria(jcaKeyAlgorithm); } return null; }
/** * Constructor. * * @param criteria the criteria which is the basis for evaluation */ public EvaluableKeyAlgorithmCredentialCriteria(KeyAlgorithmCriteria criteria) { if (criteria == null) { throw new NullPointerException("Criteria instance may not be null"); } keyAlgorithm = criteria.getKeyAlgorithm(); }
criteriaSet.add(new KeyAlgorithmCriteria(jcaAlgorithm), true);
/** * Constructor. * * @param algorithm key algorithm */ public KeyAlgorithmCriteria(String algorithm) { setKeyAlgorithm(algorithm); }
if (algorithmCriteria != null && algorithmCriteria.getKeyAlgorithm() != null && !algorithmCriteria.getKeyAlgorithm().equals(pubKey.getAlgorithm())) { log.debug("Criteria specified key algorithm {}, actually {}, skipping", algorithmCriteria.getKeyAlgorithm(), pubKey.getAlgorithm()); return null;
criteriaSet.add(new KeyAlgorithmCriteria(jcaAlgorithm), true);
if (algorithmCriteria != null && algorithmCriteria.getKeyAlgorithm() != null && !algorithmCriteria.getKeyAlgorithm().equals(pubKey.getAlgorithm())) { log.debug("Criteria specified key algorithm {}, actually {}, skipping", algorithmCriteria.getKeyAlgorithm(), pubKey.getAlgorithm()); return null;
/** {@inheritDoc} */ public boolean validate(Signature signature, CriteriaSet trustBasisCriteria) throws SecurityException { checkParams(signature, trustBasisCriteria); CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.addAll(trustBasisCriteria); if (!criteriaSet.contains(UsageCriteria.class)) { criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); } String jcaAlgorithm = SecurityHelper.getKeyAlgorithmFromURI(signature.getSignatureAlgorithm()); if (!DatatypeHelper.isEmpty(jcaAlgorithm)) { criteriaSet.add(new KeyAlgorithmCriteria(jcaAlgorithm), true); } Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(criteriaSet); if (validate(signature, trustedCredentials)) { return true; } // If the credentials extracted from Signature's KeyInfo (if any) did not verify the // signature and/or establish trust, as a fall back attempt to verify the signature with // the trusted credentials directly. log.debug("Attempting to verify signature using trusted credentials"); for (Credential trustedCredential : trustedCredentials) { if (verifySignature(signature, trustedCredential)) { log.debug("Successfully verified signature using resolved trusted credential"); return true; } } log.debug("Failed to verify signature using either KeyInfo-derived or directly trusted credentials"); return false; }
if (algoCrit != null) { critSet.add(algoCrit); log.debug("Added decryption key algorithm criteria: {}", algoCrit.getKeyAlgorithm());
/** {@inheritDoc} */ public boolean validate(Signature signature, CriteriaSet trustBasisCriteria) throws SecurityException { checkParams(signature, trustBasisCriteria); CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.addAll(trustBasisCriteria); if (!criteriaSet.contains(UsageCriteria.class)) { criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); } String jcaAlgorithm = SecurityHelper.getKeyAlgorithmFromURI(signature.getSignatureAlgorithm()); if (!DatatypeHelper.isEmpty(jcaAlgorithm)) { criteriaSet.add(new KeyAlgorithmCriteria(jcaAlgorithm), true); } Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(criteriaSet); if (validate(signature, trustedCredentials)) { return true; } // If the credentials extracted from Signature's KeyInfo (if any) did not verify the // signature and/or establish trust, as a fall back attempt to verify the signature with // the trusted credentials directly. log.debug("Attempting to verify signature using trusted credentials"); for (Credential trustedCredential : trustedCredentials) { if (verifySignature(signature, trustedCredential)) { log.debug("Successfully verified signature using resolved trusted credential"); return true; } } log.debug("Failed to verify signature using either KeyInfo-derived or directly trusted credentials"); return false; }
&& algorithmCriteria.getKeyAlgorithm() != null && ! algorithmCriteria.getKeyAlgorithm().equals("DSA")) { log.debug("Criteria specified non-DSA key algorithm, skipping"); return null;
if (algorithmCriteria != null && algorithmCriteria.getKeyAlgorithm() != null && !algorithmCriteria.getKeyAlgorithm().equals("RSA")) { log.debug("Criteria specified non-RSA key algorithm, skipping"); return null;
if (algorithmCriteria != null && algorithmCriteria.getKeyAlgorithm() != null && !algorithmCriteria.getKeyAlgorithm().equals("RSA")) { log.debug("Criteria specified non-RSA key algorithm, skipping"); return null;
if (algoCrit != null) { critSet.add(algoCrit); log.debug("Added decryption key algorithm criteria: {}", algoCrit.getKeyAlgorithm());
&& algorithmCriteria.getKeyAlgorithm() != null && ! algorithmCriteria.getKeyAlgorithm().equals("DSA")) { log.debug("Criteria specified non-DSA key algorithm, skipping"); return null;