return new PKIXSignatureTrustEngine( getPKIXResolver(provider, trustedKeys, null), Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver(),
/** {@inheritDoc} */ protected Object createInstance() throws Exception { MetadataPKIXValidationInformationResolver pviResolver = new MetadataPKIXValidationInformationResolver( getMetadataProvider()); List<KeyInfoProvider> keyInfoProviders = new ArrayList<KeyInfoProvider>(); keyInfoProviders.add(new DSAKeyValueProvider()); keyInfoProviders.add(new RSAKeyValueProvider()); keyInfoProviders.add(new InlineX509DataProvider()); KeyInfoCredentialResolver keyInfoCredResolver = new BasicProviderKeyInfoCredentialResolver(keyInfoProviders); PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(pviResolver, keyInfoCredResolver); if (getPKIXValidationOptions() != null) { ((CertPathPKIXTrustEvaluator)engine.getPKIXTrustEvaluator()).setPKIXValidationOptions(getPKIXValidationOptions()); } return engine; } }
/** {@inheritDoc} */ protected Object createInstance() throws Exception { Set<String> names = getTrustedNames(); if (names == null) { names = Collections.emptySet(); } StaticPKIXValidationInformationResolver pkixResolver = new StaticPKIXValidationInformationResolver(getPKIXInfo(), names); List<KeyInfoProvider> keyInfoProviders = new ArrayList<KeyInfoProvider>(); keyInfoProviders.add(new DSAKeyValueProvider()); keyInfoProviders.add(new RSAKeyValueProvider()); keyInfoProviders.add(new InlineX509DataProvider()); KeyInfoCredentialResolver keyInfoCredResolver = new BasicProviderKeyInfoCredentialResolver(keyInfoProviders); PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine(pkixResolver, keyInfoCredResolver); if (getPKIXValidationOptions() != null) { ((CertPathPKIXTrustEvaluator)engine.getPKIXTrustEvaluator()).setPKIXValidationOptions(getPKIXValidationOptions()); } return engine; } }
/** * Based on the settings in the extended metadata either creates a PKIX trust engine with trusted keys specified * in the extended metadata as anchors or (by default) an explicit trust engine using data from the metadata or * from the values overridden in the ExtendedMetadata. * * @param samlContext context to populate */ protected void populateTrustEngine(SAMLMessageContext samlContext) { SignatureTrustEngine engine; if ("pkix".equalsIgnoreCase(samlContext.getLocalExtendedMetadata().getSecurityProfile())) { engine = new PKIXSignatureTrustEngine(pkixResolver, Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver(), pkixTrustEvaluator, new BasicX509CredentialNameEvaluator()); } else { engine = new ExplicitKeySignatureTrustEngine(metadataResolver, Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver()); } samlContext.setLocalTrustEngine(engine); }
return new PKIXSignatureTrustEngine( getPKIXResolver(provider, trustedKeys, null), Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver(),