Examples of CriteriaSet

org.opensaml.xml.security.CriteriaSet
This class holds instances of {@link Criteria} which are used in resolution or evaluation operations.

Examples of org.opensaml.xml.security.CriteriaSet

    /** {@inheritDoc} */
    public boolean validate(Signature signature, CriteriaSet trustBasisCriteria) throws SecurityException {


        checkParams(signature, trustBasisCriteria);


        CriteriaSet criteriaSet = new CriteriaSet();
        criteriaSet.addAll(trustBasisCriteria);
        if (!criteriaSet.contains(UsageCriteria.class)) {
            criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
        }
        String jcaAlgorithm = SecurityHelper.getKeyAlgorithmFromURI(signature.getSignatureAlgorithm());
        if (!DatatypeHelper.isEmpty(jcaAlgorithm)) {
            criteriaSet.add(new KeyAlgorithmCriteria(jcaAlgorithm), true);
        }


        Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(criteriaSet);


        if (validate(signature, trustedCredentials)) {

View Full Code Here

Examples of org.opensaml.xml.security.CriteriaSet

    public boolean validate(byte[] signature, byte[] content, String algorithmURI, CriteriaSet trustBasisCriteria,
            Credential candidateCredential) throws SecurityException {


        checkParamsRaw(signature, content, algorithmURI, trustBasisCriteria);


        CriteriaSet criteriaSet = new CriteriaSet();
        criteriaSet.addAll(trustBasisCriteria);
        if (!criteriaSet.contains(UsageCriteria.class)) {
            criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
        }
        String jcaAlgorithm = SecurityHelper.getKeyAlgorithmFromURI(algorithmURI);
        if (!DatatypeHelper.isEmpty(jcaAlgorithm)) {
            criteriaSet.add(new KeyAlgorithmCriteria(jcaAlgorithm), true);
        }


        Iterable<Credential> trustedCredentials = getCredentialResolver().resolve(criteriaSet);


        // First try the optional supplied candidate credential

View Full Code Here

Examples of org.opensaml.xml.security.CriteriaSet

      authnRequest.setScoping(scoping);
    } else {
      LOG.warn("For Client {} there is no key CLIENT_SAML_ENTITY_NAME configured to identify the SP entity name. NO SCOPING IS APPLIED", client.getClientId());
    }


    CriteriaSet criteriaSet = new CriteriaSet();
    criteriaSet.add(new EntityIDCriteria(openSAMLContext.entityId()));
    criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
    try {


      Credential signingCredential = openSAMLContext.keyStoreCredentialResolver().resolveSingle(criteriaSet);
      String relayState = authState;
      LOG.debug("Sending authnRequest to {}", target);

View Full Code Here

Examples of org.opensaml.xml.security.CriteriaSet

        if (DatatypeHelper.isEmpty(algorithm)) {
            log.error("Algorithm of encrypted key not supplied, key decryption cannot proceed.");
            throw new DecryptionException("Algorithm of encrypted key not supplied, key decryption cannot proceed.");
        }


        CriteriaSet criteriaSet = buildCredentialCriteria(encryptedKey, kekResolverCriteria);
        try {
            for (Credential cred : kekResolver.resolve(criteriaSet)) {
                try {
                    return decryptKey(encryptedKey, algorithm, SecurityHelper.extractDecryptionKey(cred));
                } catch (DecryptionException e) {

View Full Code Here

Examples of org.opensaml.xml.security.CriteriaSet

     * @param encryptedData the encrypted data to decrypt
     * @return the decrypted document fragment, or null if decryption key could not be resolved or decryption failed
     */
    private DocumentFragment decryptUsingResolvedKey(EncryptedData encryptedData) {
        if (resolver != null) {
            CriteriaSet criteriaSet = buildCredentialCriteria(encryptedData, resolverCriteria);
            try {
                for (Credential cred : resolver.resolve(criteriaSet)) {
                    try {
                        return decryptDataToDOM(encryptedData, SecurityHelper.extractDecryptionKey(cred));
                    } catch (DecryptionException e) {

View Full Code Here

Examples of org.opensaml.xml.security.CriteriaSet

     * @param staticCriteria static set of credential criteria to add to the new criteria set
     * @return the new credential criteria set
     */
    private CriteriaSet buildCredentialCriteria(EncryptedType encryptedType, CriteriaSet staticCriteria) {


        CriteriaSet newCriteriaSet = new CriteriaSet();


        // This is the main criteria based on the encrypted type's KeyInfo
        newCriteriaSet.add(new KeyInfoCriteria(encryptedType.getKeyInfo()));


        // Also attemtpt to dynamically construct key criteria based on information
        // in the encrypted object
        Set<Criteria> keyCriteria = buildKeyCriteria(encryptedType);
        if (keyCriteria != null && !keyCriteria.isEmpty()) {
            newCriteriaSet.addAll(keyCriteria);
        }


        // Add any static criteria which may have been supplied to the decrypter
        if (staticCriteria != null && !staticCriteria.isEmpty()) {
            newCriteriaSet.addAll(staticCriteria);
        }


        // If don't have a usage criteria yet from static criteria, add encryption usage
        if (!newCriteriaSet.contains(UsageCriteria.class)) {
            newCriteriaSet.add(new UsageCriteria(UsageType.ENCRYPTION));
        }


        return newCriteriaSet;
    }

View Full Code Here

Examples of org.opensaml.xml.security.CriteriaSet


    /** {@inheritDoc} */
    protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext)
            throws SecurityPolicyException {


        CriteriaSet criteriaSet = new CriteriaSet();
        if (!DatatypeHelper.isEmpty(entityID)) {
            criteriaSet.add(new EntityIDCriteria(entityID));
        }


        criteriaSet.add(new UsageCriteria(UsageType.SIGNING));


        return criteriaSet;
    }

View Full Code Here

Examples of org.opensaml.xml.security.CriteriaSet

                if (mdUsage == null) {
                    mdUsage = UsageType.UNSPECIFIED;
                }
                if (matchUsage(mdUsage, usage)) {
                    if (keyDescriptor.getKeyInfo() != null) {
                        CriteriaSet critSet = new CriteriaSet();
                        critSet.add(new KeyInfoCriteria(keyDescriptor.getKeyInfo()));


                        Iterable<Credential> creds = getKeyInfoCredentialResolver().resolve(critSet);
                        if(credentials == null){
                            continue;
                        }

View Full Code Here

Examples of org.opensaml.xml.security.CriteriaSet

     * @throws SecurityPolicyException thrown if there is a fatal error during trust engine evaluation
     */
    protected boolean evaluate(TokenType token, String entityID, MessageContext messageContext)
        throws SecurityPolicyException {
        
        CriteriaSet criteriaSet = buildCriteriaSet(entityID, messageContext);
        if (criteriaSet == null) {
            log.error("Returned criteria set was null, can not perform trust engine evaluation of token");
            throw new SecurityPolicyException("Returned criteria set was null");
        }

View Full Code Here

Examples of org.opensaml.xml.security.CriteriaSet


    /** {@inheritDoc} */
    protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext)
            throws SecurityPolicyException {


        CriteriaSet criteriaSet = new CriteriaSet();
        if (!DatatypeHelper.isEmpty(entityID)) {
            criteriaSet.add(new EntityIDCriteria(entityID));
        }


        criteriaSet.add(new UsageCriteria(UsageType.SIGNING));


        return criteriaSet;
    }

View Full Code Here

0 1 2 3 4 5

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.