@Nullable @Override public Credential apply(String keyName) { final CriteriaSet cs = new CriteriaSet(); cs.add(new EntityIdCriterion(keyName)); try { return resolver.resolveSingle(cs); } catch (Throwable cause) { return Exceptions.throwUnsafely(cause); } } }
/** * Adapt saml metadata and parse. Acts as a facade. * * @param resolver the resolver * @param registeredService the service * @param entityID the entity id * @return the saml metadata adaptor */ public static Optional<SamlRegisteredServiceServiceProviderMetadataFacade> get(final SamlRegisteredServiceCachingMetadataResolver resolver, final SamlRegisteredService registeredService, final String entityID) { return get(resolver, registeredService, entityID, new CriteriaSet()); }
@Override public CriteriaSet apply(final ProfileRequestContext input) { return new CriteriaSet(new HttpServletRequestCriterion()); } };
@Override public CriteriaSet apply(final ProfileRequestContext input) { return new CriteriaSet(new HttpServletRequestCriterion()); } };
/** * Resolve the list of self-encryption credentials. * * @param profileRequestContext the current profile request context * * @return the resolved credentials */ @Nonnull protected List<Credential> resolveCredentials( @Nonnull final ProfileRequestContext profileRequestContext) { try { ArrayList<Credential> credentials = new ArrayList<>(); Iterables.addAll(credentials, credentialResolver.resolve( new CriteriaSet(new UsageCriterion(UsageType.ENCRYPTION)))); return credentials; } catch (ResolverException e) { log.error("Error resolving IdP encryption credentials", e); return Collections.emptyList(); } }
@Override @SneakyThrows public EntityDescriptor getEntityDescriptorForEntityId(final String entityId) { val criterions = new CriteriaSet(new EntityIdCriterion(entityId)); if (this.metadataResolver != null) { return this.metadataResolver.resolveSingle(criterions); } return null; }
@Nullable @Override public Credential apply(String keyName) { final CriteriaSet cs = new CriteriaSet(); cs.add(new EntityIdCriterion(keyName)); try { return resolver.resolveSingle(cs); } catch (Throwable cause) { return Exceptions.throwUnsafely(cause); } } }
/** * Resolve an entity descriptor based on entityID using the wrapped metadata resolver. * * @param entityID the entityID of the EntityDescriptor to resolve. * @return the resolved EntityDescriptor, or null if not found * @throws ResolverException if there is a problem resolving the EntityDescriptor */ protected EntityDescriptor doGetEntityDescriptor(final String entityID) throws ResolverException { //TODO should perhaps pass through the entire original CriteriaSet return entityDescriptorResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(entityID))); }
/** * Build the dynamic {@link CriteriaSet} instance to be used for TLS trust evaluation. * * @param request the HTTP client request * @param operationContext the current operation context * @return the new criteria set instance */ @Nonnull protected CriteriaSet buildTLSCriteriaSet(@Nonnull final HttpUriRequest request, @Nonnull final InOutOperationContext operationContext) { CriteriaSet criteriaSet = new CriteriaSet(); if (getTLSCriteriaSetStrategy() != null) { CriteriaSet resolved = getTLSCriteriaSetStrategy().apply(operationContext); if (resolved != null) { criteriaSet.addAll(resolved); } } if (!criteriaSet.contains(UsageType.class)) { criteriaSet.add(new UsageCriterion(UsageType.SIGNING)); } return criteriaSet; }
@Override public final Credential getCredential() { try { final CriteriaSet cs = new CriteriaSet(); final EntityIdCriterion criteria = new EntityIdCriterion(this.privateKey); cs.add(criteria); final X509Credential creds = (X509Credential) this.credentialResolver.resolveSingle(cs); return creds; } catch (final ResolverException e) { throw new SAMLException("Can't obtain SP private key", e); } }
@Override public CriteriaSet apply(final ProfileRequestContext input) { if (logoutRequest != null && logoutRequest.getIssuer() != null && logoutRequest.getNameID() != null) { return new CriteriaSet(new SPSessionCriterion(logoutRequest.getIssuer().getValue(), logoutRequest.getNameID().getValue())); } else { return new CriteriaSet(); } } };
@Override public final XMLObject getEntityDescriptorElement() { try { return resolve().resolveSingle(new CriteriaSet(new EntityIdCriterion(this.idpEntityId))); } catch (final ResolverException e) { throw new SAMLException("Error initializing idpMetadataProvider", e); } } }
public Credential getCredential(SimpleKey key, KeyStoreCredentialResolver resolver) { try { CriteriaSet cs = new CriteriaSet(); EntityIdCriterion criteria = new EntityIdCriterion(key.getName()); cs.add(criteria); return resolver.resolveSingle(cs); } catch (ResolverException e) { throw new SamlKeyException("Can't obtain SP private key", e); } }
/** {@inheritDoc} */ @Override public void doInvoke(@Nonnull final MessageContext messageContext) throws MessageHandlerException { try { final CriteriaSet criteria = new CriteriaSet(new EntityIdCriterion(relyingPartyCtx.getRelyingPartyId())); final RelyingPartyConfiguration config = rpConfigResolver.resolveSingle(criteria); if (config == null) { log.debug("{} No relying party configuration applies to this request", getLogPrefix()); throw new MessageHandlerException("No relying party configuration resolved for this request"); } log.debug("{} Found relying party configuration {} for request", getLogPrefix(), config.getId()); relyingPartyCtx.setConfiguration(config); } catch (final ResolverException e) { log.error("{} Error trying to resolve relying party configuration", getLogPrefix(), e); throw new MessageHandlerException("Error trying to resolve relying party configuration"); } } }
@Override public XMLObject getEntityDescriptorElement() { try { return resolve().resolveSingle(new CriteriaSet(new EntityIdCriterion(getEntityId()))); } catch (final ResolverException e) { throw new SAMLException("Error initializing idpMetadataProvider", e); } } }
/** {@inheritDoc} */ @Override @Nonnull protected CriteriaSet buildCriteriaSet(@Nullable final String entityID, @Nonnull final MessageContext messageContext) throws MessageHandlerException { final CriteriaSet criteriaSet = new CriteriaSet(); if (!Strings.isNullOrEmpty(entityID)) { criteriaSet.add(new EntityIdCriterion(entityID) ); } criteriaSet.add(new EntityRoleCriterion(peerContext.getRole())); criteriaSet.add(new ProtocolCriterion(samlProtocolContext.getProtocol())); criteriaSet.add( new UsageCriterion(UsageType.SIGNING) ); final SecurityParametersContext secParamsContext = messageContext.getSubcontext(SecurityParametersContext.class); if (secParamsContext != null && secParamsContext.getSignatureValidationParameters() != null) { criteriaSet.add( new SignatureValidationParametersCriterion(secParamsContext.getSignatureValidationParameters())); } return criteriaSet; }
@SneakyThrows private Set<Credential> getSigningCredential(final RoleDescriptorResolver resolver, final RequestAbstractType profileRequest) { val kekCredentialResolver = new MetadataCredentialResolver(); val config = getSignatureValidationConfiguration(); kekCredentialResolver.setRoleDescriptorResolver(resolver); kekCredentialResolver.setKeyInfoCredentialResolver( DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver()); kekCredentialResolver.initialize(); val criteriaSet = new CriteriaSet(); criteriaSet.add(new SignatureValidationConfigurationCriterion(config)); criteriaSet.add(new UsageCriterion(UsageType.SIGNING)); buildEntityCriteriaForSigningCredential(profileRequest, criteriaSet); return Sets.newLinkedHashSet(kekCredentialResolver.resolve(criteriaSet)); }
/** * Create the set of criteria used to find a unique CAS service given a CAS service URL. * * @param serviceURL CAS service URL. * * @return Metadata resolver criteria set. */ @Nonnull protected CriteriaSet criteria(@Nonnull final String serviceURL) { final AssertionConsumerService loginACS = new AssertionConsumerServiceBuilder().buildObject(); loginACS.setBinding(LOGIN_BINDING); loginACS.setLocation(serviceURL); return new CriteriaSet( new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME), new EndpointCriterion<>(loginACS), new ProtocolCriterion(AbstractProtocolConfiguration.PROTOCOL_URI), new StartsWithLocationCriterion()); }
private static void setCASTLSTrustEngineCriteria( final HttpClientContext context, final URI requestUri, final Service service) { final String entityID; if (service.getEntityDescriptor() != null) { entityID = service.getEntityDescriptor().getEntityID(); } else { entityID = service.getName(); } final CriteriaSet criteria = new CriteriaSet( new EntityIdCriterion(entityID), new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME), new ProtocolCriterion(AbstractProtocolConfiguration.PROTOCOL_URI), new UsageCriterion(UsageType.SIGNING), new TrustedNamesCriterion(Collections.singleton(requestUri.getHost()))); context.setAttribute(CONTEXT_KEY_CRITERIA_SET, criteria); } }
/** * @param artifact * @return */ private RoleDescriptor resolvePeerRoleDescriptor(SAML2Artifact artifact) throws MessageDecodingException { CriteriaSet criteriaSet = new CriteriaSet( new ArtifactCriterion(artifact), new ProtocolCriterion(SAMLConstants.SAML20P_NS), new EntityRoleCriterion(getPeerEntityRole())); try { return roleDescriptorResolver.resolveSingle(criteriaSet); } catch (ResolverException e) { throw new MessageDecodingException("Error resolving peer entity RoleDescriptor", e); } }