/** {@inheritDoc} */ protected Object createInstance() throws Exception { StaticCredentialResolver credResolver = new StaticCredentialResolver(getCredentials()); List<KeyInfoProvider> keyInfoProviders = new ArrayList<KeyInfoProvider>(); keyInfoProviders.add(new DSAKeyValueProvider()); keyInfoProviders.add(new RSAKeyValueProvider()); keyInfoProviders.add(new InlineX509DataProvider()); KeyInfoCredentialResolver keyInfoCredResolver = new BasicProviderKeyInfoCredentialResolver(keyInfoProviders); return new ExplicitKeySignatureTrustEngine(credResolver, keyInfoCredResolver); } }
/** {@inheritDoc} */ protected Object createInstance() throws Exception { MetadataCredentialResolverFactory mcrFactory = MetadataCredentialResolverFactory.getFactory(); MetadataCredentialResolver credResolver = mcrFactory.getInstance(getMetadataProvider()); List<KeyInfoProvider> keyInfoProviders = new ArrayList<KeyInfoProvider>(); keyInfoProviders.add(new DSAKeyValueProvider()); keyInfoProviders.add(new RSAKeyValueProvider()); keyInfoProviders.add(new InlineX509DataProvider()); KeyInfoCredentialResolver keyInfoCredResolver = new BasicProviderKeyInfoCredentialResolver(keyInfoProviders); return new ExplicitKeySignatureTrustEngine(credResolver, keyInfoCredResolver); } }
CollectionCredentialResolver credResolver = new CollectionCredentialResolver(credentials); KeyInfoCredentialResolver kiResolver = SecurityHelper.buildBasicInlineKeyInfoResolver(); SignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver); try { return engine.validate(sigBytes, signedContent, sigAlg, criteriaSet, null);
CollectionCredentialResolver credResolver = new CollectionCredentialResolver(credentials); KeyInfoCredentialResolver kiResolver = SecurityHelper.buildBasicInlineKeyInfoResolver(); SignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver); return engine.validate(signature, signedContent, algorithmUri, criteriaSet, null);
new ExplicitKeySignatureTrustEngine( _chainingCredentialResolver, _keyInfoCredResolver);
/** * Based on the settings in the extended metadata either creates a PKIX trust engine with trusted keys specified * in the extended metadata as anchors or (by default) an explicit trust engine using data from the metadata or * from the values overridden in the ExtendedMetadata. * * @param samlContext context to populate */ protected void populateTrustEngine(SAMLMessageContext samlContext) { SignatureTrustEngine engine; if ("pkix".equalsIgnoreCase(samlContext.getLocalExtendedMetadata().getSecurityProfile())) { engine = new PKIXSignatureTrustEngine(pkixResolver, Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver(), pkixTrustEvaluator, new BasicX509CredentialNameEvaluator()); } else { engine = new ExplicitKeySignatureTrustEngine(metadataResolver, Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver()); } samlContext.setLocalTrustEngine(engine); }
CollectionCredentialResolver credResolver = new CollectionCredentialResolver(credentials); KeyInfoCredentialResolver kiResolver = SecurityHelper.buildBasicInlineKeyInfoResolver(); SignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(credResolver, kiResolver); return engine.validate(signature, signedContent, algorithmUri, criteriaSet, null);