Examples of CriteriaSet

• org.opensaml.xml.security.CriteriaSet
  This class holds instances of {@link Criteria} which are used in resolution or evaluation operations.

Examples of org.opensaml.xml.security.CriteriaSet

     * @param staticCriteria static set of credential criteria to add to the new criteria set
     * @return the new credential criteria set
     */
    private CriteriaSet buildCredentialCriteria(EncryptedType encryptedType, CriteriaSet staticCriteria) {

        CriteriaSet newCriteriaSet = new CriteriaSet();

        // This is the main criteria based on the encrypted type's KeyInfo
        newCriteriaSet.add(new KeyInfoCriteria(encryptedType.getKeyInfo()));

        // Also attemtpt to dynamically construct key criteria based on information
        // in the encrypted object
        Set<Criteria> keyCriteria = buildKeyCriteria(encryptedType);
        if (keyCriteria != null && !keyCriteria.isEmpty()) {
            newCriteriaSet.addAll(keyCriteria);
        }

        // Add any static criteria which may have been supplied to the decrypter
        if (staticCriteria != null && !staticCriteria.isEmpty()) {
            newCriteriaSet.addAll(staticCriteria);
        }

        // If don't have a usage criteria yet from static criteria, add encryption usage
        if (!newCriteriaSet.contains(UsageCriteria.class)) {
            newCriteriaSet.add(new UsageCriteria(UsageType.ENCRYPTION));
        }

        return newCriteriaSet;
    }

Examples of org.opensaml.xml.security.CriteriaSet

     * @throws SecurityPolicyException thrown if there is a fatal error during trust engine evaluation
     */
    protected boolean evaluate(TokenType token, String entityID, MessageContext messageContext)
        throws SecurityPolicyException {

        CriteriaSet criteriaSet = buildCriteriaSet(entityID, messageContext);
        if (criteriaSet == null) {
            log.error("Returned criteria set was null, can not perform trust engine evaluation of token");
            throw new SecurityPolicyException("Returned criteria set was null");
        }

Examples of org.opensaml.xml.security.CriteriaSet

        log.debug("Attempting to verify signature and establish trust using KeyInfo-derived credentials");

        if (signature.getKeyInfo() != null) {

            KeyInfoCriteria keyInfoCriteria = new KeyInfoCriteria(signature.getKeyInfo());
            CriteriaSet keyInfoCriteriaSet = new CriteriaSet(keyInfoCriteria);

            for (Credential kiCred : getKeyInfoResolver().resolve(keyInfoCriteriaSet)) {
                if (verifySignature(signature, kiCred)) {
                    log.debug("Successfully verified signature using KeyInfo-derived credential");
                    log.debug("Attempting to establish trust of KeyInfo-derived credential");

Examples of org.opensaml.xml.security.CriteriaSet

            return;
        }

        performPreValidation(signature, metadataEntryName);

        CriteriaSet criteriaSet = buildCriteriaSet(signedMetadata, metadataEntryName, isEntityGroup);

        try {
            if ( getSignatureTrustEngine().validate(signature, criteriaSet) ) {
                log.trace("Signature trust establishment succeeded for metadata entry {}", metadataEntryName);
                return;

Examples of org.opensaml.xml.security.CriteriaSet

     * @return the newly constructed criteria set
     */
    protected CriteriaSet buildCriteriaSet(SignableXMLObject signedMetadata,
            String metadataEntryName, boolean isEntityGroup) {

        CriteriaSet newCriteriaSet = new CriteriaSet();

        if (getDefaultCriteria() != null) {
            newCriteriaSet.addAll( getDefaultCriteria() );
        }

        if (!newCriteriaSet.contains(UsageCriteria.class)) {
            newCriteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
        }

        // TODO how to handle adding dynamic entity ID and/or other criteria for trust engine consumption?
        //
        // Have 4 signed metadata types:

Examples of org.opensaml.xml.security.CriteriaSet

            log.warn("Could not successfully extract KeyInfo object from the form control data");
            return null;
        }

        List<Credential> credentials = new ArrayList<Credential>();
        CriteriaSet criteriaSet = new CriteriaSet(new KeyInfoCriteria(keyInfo));
        try {
            for (Credential cred : keyInfoResolver.resolve(criteriaSet)) {
                credentials.add(cred);
            }
        } catch (SecurityException e) {

Examples of org.opensaml.xml.security.CriteriaSet

    /** {@inheritDoc} */
    public boolean validate(Signature signature, CriteriaSet trustBasisCriteria) throws SecurityException {

        checkParams(signature, trustBasisCriteria);

        CriteriaSet criteriaSet = new CriteriaSet();
        criteriaSet.addAll(trustBasisCriteria);
        if (!criteriaSet.contains(UsageCriteria.class)) {
            criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
        }
        String jcaAlgorithm = SecurityHelper.getKeyAlgorithmFromURI(signature.getSignatureAlgorithm());
        if (!DatatypeHelper.isEmpty(jcaAlgorithm)) {
            criteriaSet.add(new KeyAlgorithmCriteria(jcaAlgorithm), true);
        }

        Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(criteriaSet);

        if (validate(signature, trustedCredentials)) {

Examples of org.opensaml.xml.security.CriteriaSet

    public boolean validate(byte[] signature, byte[] content, String algorithmURI, CriteriaSet trustBasisCriteria,
            Credential candidateCredential) throws SecurityException {

        checkParamsRaw(signature, content, algorithmURI, trustBasisCriteria);

        CriteriaSet criteriaSet = new CriteriaSet();
        criteriaSet.addAll(trustBasisCriteria);
        if (!criteriaSet.contains(UsageCriteria.class)) {
            criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
        }
        String jcaAlgorithm = SecurityHelper.getKeyAlgorithmFromURI(algorithmURI);
        if (!DatatypeHelper.isEmpty(jcaAlgorithm)) {
            criteriaSet.add(new KeyAlgorithmCriteria(jcaAlgorithm), true);
        }

        Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(criteriaSet);

        // First try the optional supplied candidate credential

Examples of org.opensaml.xml.security.CriteriaSet

            validator.validate(signature);
        } catch (ValidationException e) {
            throw new SamlException("SAMLSignatureProfileValidator failed to validate signature", e);
        }

        CriteriaSet criteriaSet = new CriteriaSet();
        criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
        criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));
        criteriaSet.add(new EntityIDCriteria(idpEntityId));

        boolean valid = false;
        try {
            valid = trustEngine.validate(signature, criteriaSet);
        } catch (SecurityException e) {

Examples of org.opensaml.xml.security.CriteriaSet

        this.credentialResolver = new KeyStoreCredentialResolver(keyStore, passwords);
    }

    public Credential getCredential() {
        try {
            CriteriaSet cs = new CriteriaSet();
            EntityIDCriteria criteria = new EntityIDCriteria(this.privateKey);
            cs.add(criteria);
            return this.credentialResolver.resolveSingle(cs);
        } catch (org.opensaml.xml.security.SecurityException e) {
            throw new SamlException("Can't obtain SP private key", e);
        }
    }