returnUrlBuilder.getQueryParams().add(new Pair<String, String>(entry.getKey(), entry.getValue()));
returnUrlBuilder.getQueryParams().add(new Pair<String, String>(entry.getKey(), entry.getValue()));
/** {@inheritDoc} */ @SuppressWarnings("unchecked") public boolean equals(Object o) { if(o == this){ return true; } if (o instanceof Pair) { Pair<T1, T2> otherPair = (Pair<T1, T2>) o; return DatatypeHelper.safeEquals(getFirst(), otherPair.getFirst()) && DatatypeHelper.safeEquals(getSecond(), otherPair.getSecond()); } return false; }
return new Pair<PublicKey, X509Certificate>(presenterKey, presenterCert);
/** {@inheritDoc} */ @SuppressWarnings("unchecked") public boolean equals(Object o) { if(o == this){ return true; } if (o instanceof Pair) { Pair<T1, T2> otherPair = (Pair<T1, T2>) o; return DatatypeHelper.safeEquals(getFirst(), otherPair.getFirst()) && DatatypeHelper.safeEquals(getSecond(), otherPair.getSecond()); } return false; }
/** * Creates a URL to be used for returning of the selected IDP and sends a redirect. * * @param request request object * @param response response object * @param responseURL base for the return URL * @param returnParam parameter name to send the IDP entityId in * @param entityID entity ID to send or null for fail state * @throws IOException in case redirect sending fails * @throws ServletException in case redirect sending fails */ protected void sendPassiveResponse(HttpServletRequest request, HttpServletResponse response, String responseURL, String returnParam, String entityID) throws IOException, ServletException { String finalResponseURL = responseURL; if (entityID != null) { URLBuilder urlBuilder = new URLBuilder(responseURL); List<Pair<String, String>> queryParams = urlBuilder.getQueryParams(); queryParams.add(new Pair<String, String>(returnParam, entityID)); finalResponseURL = urlBuilder.buildURL(); } log.debug("Responding to a passive IDP Discovery request with URL {}", finalResponseURL); response.sendRedirect(finalResponseURL); }
/** {@inheritDoc} */ protected boolean evaluateTrust(Credential untrustedCredential, Pair<Set<String>, Iterable<PKIXValidationInformation>> validationPair) throws SecurityException { if (!(untrustedCredential instanceof X509Credential)) { log.debug("Can not evaluate trust of non-X509Credential"); return false; } X509Credential untrustedX509Credential = (X509Credential) untrustedCredential; Set<String> trustedNames = validationPair.getFirst(); Iterable<PKIXValidationInformation> validationInfoSet = validationPair.getSecond(); if (!checkNames(trustedNames, untrustedX509Credential)) { log.debug("Evaluation of credential against trusted names failed. Aborting PKIX validation"); return false; } for (PKIXValidationInformation validationInfo : validationInfoSet) { try { if (pkixTrustEvaluator.validate(validationInfo, untrustedX509Credential)) { log.debug("Signature trust established via PKIX validation of signing credential"); return true; } } catch (SecurityException e) { // log the operational error, but allow other validation info sets to be tried log.debug("Error performing PKIX validation on untrusted credential", e); } } log.debug("Signature trust could not be established via PKIX validation of signing credential"); return false; }
/** * Resolve and return a set of trusted validation information. * * @param trustBasisCriteria criteria used to describe and/or resolve the information which serves as the basis for * trust evaluation * @return a pair consisting of an optional set of trusted names, and an iterable of trusted * PKIXValidationInformation * @throws SecurityException thrown if there is an error resolving the information from the trusted resolver */ protected Pair<Set<String>, Iterable<PKIXValidationInformation>> resolveValidationInfo( CriteriaSet trustBasisCriteria) throws SecurityException { Set<String> trustedNames = null; if (pkixResolver.supportsTrustedNameResolution()) { trustedNames = pkixResolver.resolveTrustedNames(trustBasisCriteria); } else { log.debug("PKIX resolver does not support resolution of trusted names, skipping name checking"); } Iterable<PKIXValidationInformation> validationInfoSet = pkixResolver.resolve(trustBasisCriteria); Pair<Set<String>, Iterable<PKIXValidationInformation>> validationPair = new Pair<Set<String>, Iterable<PKIXValidationInformation>>(trustedNames, validationInfoSet); return validationPair; }
/** {@inheritDoc} */ protected boolean evaluateTrust(Credential untrustedCredential, Pair<Set<String>, Iterable<PKIXValidationInformation>> validationPair) throws SecurityException { if (!(untrustedCredential instanceof X509Credential)) { log.debug("Can not evaluate trust of non-X509Credential"); return false; } X509Credential untrustedX509Credential = (X509Credential) untrustedCredential; Set<String> trustedNames = validationPair.getFirst(); Iterable<PKIXValidationInformation> validationInfoSet = validationPair.getSecond(); if (!checkNames(trustedNames, untrustedX509Credential)) { log.debug("Evaluation of credential against trusted names failed. Aborting PKIX validation"); return false; } for (PKIXValidationInformation validationInfo : validationInfoSet) { try { if (pkixTrustEvaluator.validate(validationInfo, untrustedX509Credential)) { log.debug("Signature trust established via PKIX validation of signing credential"); return true; } } catch (SecurityException e) { // log the operational error, but allow other validation info sets to be tried log.debug("Error performing PKIX validation on untrusted credential", e); } } log.debug("Signature trust could not be established via PKIX validation of signing credential"); return false; }
/** * Resolve and return a set of trusted validation information. * * @param trustBasisCriteria criteria used to describe and/or resolve the information which serves as the basis for * trust evaluation * @return a pair consisting of an optional set of trusted names, and an iterable of trusted * PKIXValidationInformation * @throws SecurityException thrown if there is an error resolving the information from the trusted resolver */ protected Pair<Set<String>, Iterable<PKIXValidationInformation>> resolveValidationInfo( CriteriaSet trustBasisCriteria) throws SecurityException { Set<String> trustedNames = null; if (pkixResolver.supportsTrustedNameResolution()) { trustedNames = pkixResolver.resolveTrustedNames(trustBasisCriteria); } else { log.debug("PKIX resolver does not support resolution of trusted names, skipping name checking"); } Iterable<PKIXValidationInformation> validationInfoSet = pkixResolver.resolve(trustBasisCriteria); Pair<Set<String>, Iterable<PKIXValidationInformation>> validationPair = new Pair<Set<String>, Iterable<PKIXValidationInformation>>(trustedNames, validationInfoSet); return validationPair; }
queryParams.add(new Pair<String, String>("SAMLRequest", message)); } else if (messagesContext.getOutboundSAMLMessage() instanceof StatusResponseType) { queryParams.add(new Pair<String, String>("SAMLResponse", message)); } else { throw new MessageEncodingException( queryParams.add(new Pair<String, String>("RelayState", relayState)); Pair<String, String> sigAlg = new Pair<String, String>("SigAlg", sigAlgURI); queryParams.add(sigAlg); String sigMaterial = urlBuilder.buildQueryString(); queryParams.add(new Pair<String, String>("Signature", generateSignature(signingCredential, sigAlgURI, sigMaterial)));
if (keyCertPair.getFirst() == null && keyCertPair.getSecond() == null) { context.setValidationFailureMessage("Neither the presenter's certificate nor its public key were provided"); return ValidationResult.INDETERMINATE; if (matchesKeyValue(keyCertPair.getFirst(), keyInfo)) { context.getDynamicParameters().put(CONFIRMED_KEY_INFO_PARAM, keyInfo); return ValidationResult.VALID; } else if (matchesX509Certificate(keyCertPair.getSecond(), keyInfo)) { context.getDynamicParameters().put(CONFIRMED_KEY_INFO_PARAM, keyInfo); return ValidationResult.VALID;
Pair<String, String> pair = new Pair<String, String>(attributeName, attributeNameFormat); if (encounteredNames.contains(pair)) { throw new ValidationException(
/** * Performs HTTP GET based encoding. * * @param artifactContext current request context * @param outTransport outbound HTTP transport * * @throws MessageEncodingException thrown if there is a problem GET encoding the artifact */ protected void getEncode(SAMLMessageContext artifactContext, HTTPOutTransport outTransport) throws MessageEncodingException { log.debug("Performing HTTP GET SAML 2 artifact encoding"); URLBuilder urlBuilder = getEndpointURL(artifactContext); List<Pair<String, String>> params = urlBuilder.getQueryParams(); AbstractSAMLArtifact artifact = buildArtifact(artifactContext); if(artifact == null){ log.error("Unable to build artifact for message to relying party"); throw new MessageEncodingException("Unable to builder artifact for message to relying party"); } params.add(new Pair<String, String>("SAMLart", artifact.base64Encode())); if (checkRelayState(artifactContext.getRelayState())) { params.add(new Pair<String, String>("RelayState", artifactContext.getRelayState())); } outTransport.sendRedirect(urlBuilder.buildURL()); }
if (!queryComp.contains("=")) { paramName = HTTPTransportUtils.urlDecode(queryComp); queryParams.add(new Pair<String, String>(paramName, null)); } else { paramComps = queryComp.split("="); paramName = HTTPTransportUtils.urlDecode(paramComps[0]); paramValue = HTTPTransportUtils.urlDecode(paramComps[1]); queryParams.add(new Pair<String, String>(paramName, paramValue));