criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); try {
/** * Constructor. * * @param criteria the criteria which is the basis for evaluation */ public EvaluableUsageCredentialCriteria(UsageCriteria criteria) { if (criteria == null) { throw new NullPointerException("Criteria instance may not be null"); } usage = criteria.getUsage(); }
/** * Constructor. * * @param usage the usage for which a credential is intended */ public UsageCriteria(UsageType usage) { setUsage(usage); }
/** {@inheritDoc} */ protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext) throws SecurityPolicyException { CriteriaSet criteriaSet = new CriteriaSet(); if (!DatatypeHelper.isEmpty(entityID)) { criteriaSet.add(new EntityIDCriteria(entityID)); } criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); return criteriaSet; }
/** * Constructor. * * @param criteria the criteria which is the basis for evaluation */ public EvaluableUsageCredentialCriteria(UsageCriteria criteria) { if (criteria == null) { throw new NullPointerException("Criteria instance may not be null"); } usage = criteria.getUsage(); }
/** * Constructor. * * @param usage the usage for which a credential is intended */ public UsageCriteria(UsageType usage) { setUsage(usage); }
private static CriteriaSet buildCriteriaSet(String issuer) { CriteriaSet criteriaSet = new CriteriaSet(); if (!DatatypeHelper.isEmpty(issuer)) { criteriaSet.add(new EntityIDCriteria(issuer)); } criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); return criteriaSet; }
UsageType usage; if (usageCriteria != null) { usage = usageCriteria.getUsage(); } else { usage = UsageType.UNSPECIFIED;
/** * Build a criteria set suitable for input to the trust engine. * * @param issuer * @return * @throws SecurityPolicyException */ private static CriteriaSet buildCriteriaSet(String issuer) { CriteriaSet criteriaSet = new CriteriaSet(); if (!DatatypeHelper.isEmpty(issuer)) { criteriaSet.add(new EntityIDCriteria(issuer)); } criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); return criteriaSet; }
UsageType usage; if (usageCriteria != null) { usage = usageCriteria.getUsage(); } else { usage = UsageType.UNSPECIFIED;
/** * Build a criteria set suitable for input to the trust engine. * * @param issuer * @return * @throws SecurityPolicyException */ private static CriteriaSet buildCriteriaSet(String issuer) { CriteriaSet criteriaSet = new CriteriaSet(); if (!DatatypeHelper.isEmpty(issuer)) { criteriaSet.add(new EntityIDCriteria(issuer)); } criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); return criteriaSet; }
UsageType usage = null; if (usageCriteria != null) { usage = usageCriteria.getUsage(); } else { usage = UsageType.UNSPECIFIED;
protected void verifySignature(Signature signature, String IDPEntityID, SignatureTrustEngine trustEngine) throws org.opensaml.xml.security.SecurityException, ValidationException { if (trustEngine == null) { throw new SecurityException("Trust engine is not set, signature can't be verified"); } SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator(); validator.validate(signature); CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add(new EntityIDCriteria(IDPEntityID)); criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS)); criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); log.debug("Verifying signature", signature); if (!trustEngine.validate(signature, criteriaSet)) { throw new ValidationException("Signature is not trusted or invalid"); } }
/** {@inheritDoc} */ protected Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet) throws SecurityException { checkCriteriaRequirements(criteriaSet); String entityID = criteriaSet.get(EntityIDCriteria.class).getEntityID(); MetadataCriteria mdCriteria = criteriaSet.get(MetadataCriteria.class); QName role = mdCriteria.getRole(); String protocol = mdCriteria.getProtocol(); UsageCriteria usageCriteria = criteriaSet.get(UsageCriteria.class); UsageType usage = null; if (usageCriteria != null) { usage = usageCriteria.getUsage(); } else { usage = UsageType.UNSPECIFIED; } // See Jira issue SIDP-229. log.debug("Forcing on-demand metadata provider refresh if necessary"); try { metadata.getMetadata(); } catch (MetadataProviderException e) { // don't care about errors at this level } MetadataCacheKey cacheKey = new MetadataCacheKey(entityID, role, protocol, usage); Collection<Credential> credentials = retrieveFromCache(cacheKey); if (credentials == null) { credentials = retrieveFromMetadata(entityID, role, protocol, usage); cacheCredentials(cacheKey, credentials); } return credentials; }
protected void verifySignature(Signature signature, String IDPEntityID) throws org.opensaml.xml.security.SecurityException, ValidationException { SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator(); validator.validate(signature); CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add(new EntityIDCriteria(IDPEntityID)); criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS)); criteriaSet.add(new UsageCriteria(UsageType.SIGNING)); System.out.println("Verifying signature"+ signature); trustEngine.validate(signature, criteriaSet); }
protected Iterable<PKIXValidationInformation> resolveFromSource(CriteriaSet criteriaSet) throws SecurityException { checkCriteriaRequirements(criteriaSet); String entityID = criteriaSet.get(EntityIDCriteria.class).getEntityID(); MetadataCriteria mdCriteria = criteriaSet.get(MetadataCriteria.class); QName role = mdCriteria.getRole(); String protocol = mdCriteria.getProtocol(); UsageCriteria usageCriteria = criteriaSet.get(UsageCriteria.class); UsageType usage; if (usageCriteria != null) { usage = usageCriteria.getUsage(); } else { usage = UsageType.UNSPECIFIED; } // See Jira issue SIDP-229. log.debug("Forcing on-demand metadata provider refresh if necessary"); try { metadata.getMetadata(); } catch (MetadataProviderException e) { // don't care about errors at this level } MetadataCacheKey cacheKey = new MetadataCacheKey(entityID, role, protocol, usage); Collection<PKIXValidationInformation> credentials = retrieveFromCache(cacheKey); if (credentials == null) { credentials = populateCredentials(criteriaSet); cacheCredentials(cacheKey, credentials); } return credentials; }
criteriaSet.addAll(trustBasisCriteria); if (!criteriaSet.contains(UsageCriteria.class)) { criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
/** {@inheritDoc} */ public Iterable<PKIXValidationInformation> resolve(CriteriaSet criteriaSet) throws SecurityException { checkCriteriaRequirements(criteriaSet); String entityID = criteriaSet.get(EntityIDCriteria.class).getEntityID(); MetadataCriteria mdCriteria = criteriaSet.get(MetadataCriteria.class); QName role = mdCriteria.getRole(); String protocol = mdCriteria.getProtocol(); UsageCriteria usageCriteria = criteriaSet.get(UsageCriteria.class); UsageType usage = null; if (usageCriteria != null) { usage = usageCriteria.getUsage(); } else { usage = UsageType.UNSPECIFIED; } // See Jira issue SIDP-229. log.debug("Forcing on-demand metadata provider refresh if necessary"); try { metadata.getMetadata(); } catch (MetadataProviderException e) { // don't care about errors at this level } MetadataCacheKey cacheKey = new MetadataCacheKey(entityID, role, protocol, usage); List<PKIXValidationInformation> pkixInfoSet = retrievePKIXInfoFromCache(cacheKey); if (pkixInfoSet == null) { pkixInfoSet = retrievePKIXInfoFromMetadata(entityID, role, protocol, usage); cachePKIXInfo(cacheKey, pkixInfoSet); } return pkixInfoSet; }
criteriaSet.addAll(trustBasisCriteria); if (!criteriaSet.contains(UsageCriteria.class)) { criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
/** {@inheritDoc} */ protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext) throws SecurityPolicyException { if (!(messageContext instanceof SAMLMessageContext)) { log.error("Supplied message context was not an instance of SAMLMessageContext, can not build criteria set from SAML metadata parameters"); throw new SecurityPolicyException("Supplied message context was not an instance of SAMLMessageContext"); } SAMLMessageContext samlContext = (SAMLMessageContext) messageContext; CriteriaSet criteriaSet = new CriteriaSet(); if (! DatatypeHelper.isEmpty(entityID)) { criteriaSet.add(new EntityIDCriteria(entityID) ); } MetadataCriteria mdCriteria = new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext.getInboundSAMLProtocol()); criteriaSet.add(mdCriteria); criteriaSet.add( new UsageCriteria(UsageType.SIGNING) ); return criteriaSet; }