/** {@inheritDoc} */ @Override protected ChainingSignatureTrustEngine doCreateInstance() throws Exception { final List<SignatureTrustEngine> list = new ArrayList<>(engines.size()); for (final Object engine : engines) { if (engine instanceof SignatureTrustEngine) { list.add((SignatureTrustEngine) engine); } } return new ChainingSignatureTrustEngine(list); }
/** * Build signature trust engine. * * @param wsFederationConfiguration the ws federation configuration * @return the signature trust engine */ private SignatureTrustEngine buildSignatureTrustEngine(final WsFederationConfiguration wsFederationConfiguration) { try { final CredentialResolver resolver = new StaticCredentialResolver(wsFederationConfiguration.getSigningCertificates()); final KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver(wsFederationConfiguration.getSigningCertificates()); return new ExplicitKeySignatureTrustEngine(resolver, keyResolver); } catch (final Exception e) { throw new RuntimeException(e); } }
/** * Build signature trust engine. * * @param wsFederationConfiguration the ws federation configuration * @return the signature trust engine */ @SneakyThrows private static SignatureTrustEngine buildSignatureTrustEngine(final WsFederationConfiguration wsFederationConfiguration) { val signingWallet = wsFederationConfiguration.getSigningWallet(); LOGGER.debug("Building signature trust engine based on the following signing certificates:"); signingWallet.forEach(c -> LOGGER.debug("Credential entity id [{}] with public key [{}]", c.getEntityId(), c.getPublicKey())); val resolver = new StaticCredentialResolver(signingWallet); val keyResolver = new StaticKeyInfoCredentialResolver(signingWallet); return new ExplicitKeySignatureTrustEngine(resolver, keyResolver); }
@Override public SignatureTrustEngine build() { final MetadataCredentialResolver metadataCredentialResolver = new MetadataCredentialResolver(); final PredicateRoleDescriptorResolver roleResolver = new PredicateRoleDescriptorResolver(metadataResolver); final KeyInfoCredentialResolver keyResolver = DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver(); metadataCredentialResolver.setKeyInfoCredentialResolver(keyResolver); metadataCredentialResolver.setRoleDescriptorResolver(roleResolver); try { metadataCredentialResolver.initialize(); roleResolver.initialize(); } catch (final ComponentInitializationException e) { throw new SAMLException(e); } return new ExplicitKeySignatureTrustEngine(metadataCredentialResolver, keyResolver); } }
val trustEngine = new ExplicitKeySignatureTrustEngine(resolver, keyResolver); validationParams.setSignatureTrustEngine(trustEngine); secCtx.setSignatureValidationParameters(validationParams);