Package org.opensaml.xml.security

Examples of org.opensaml.xml.security.CriteriaSet


     * @param encryptedData the encrypted data to decrypt
     * @return the decrypted document fragment, or null if decryption key could not be resolved or decryption failed
     */
    private DocumentFragment decryptUsingResolvedKey(EncryptedData encryptedData) {
        if (resolver != null) {
            CriteriaSet criteriaSet = buildCredentialCriteria(encryptedData, resolverCriteria);
            try {
                for (Credential cred : resolver.resolve(criteriaSet)) {
                    try {
                        return decryptDataToDOM(encryptedData, SecurityHelper.extractDecryptionKey(cred));
                    } catch (DecryptionException e) {
View Full Code Here


     * @param staticCriteria static set of credential criteria to add to the new criteria set
     * @return the new credential criteria set
     */
    private CriteriaSet buildCredentialCriteria(EncryptedType encryptedType, CriteriaSet staticCriteria) {

        CriteriaSet newCriteriaSet = new CriteriaSet();

        // This is the main criteria based on the encrypted type's KeyInfo
        newCriteriaSet.add(new KeyInfoCriteria(encryptedType.getKeyInfo()));

        // Also attemtpt to dynamically construct key criteria based on information
        // in the encrypted object
        Set<Criteria> keyCriteria = buildKeyCriteria(encryptedType);
        if (keyCriteria != null && !keyCriteria.isEmpty()) {
            newCriteriaSet.addAll(keyCriteria);
        }

        // Add any static criteria which may have been supplied to the decrypter
        if (staticCriteria != null && !staticCriteria.isEmpty()) {
            newCriteriaSet.addAll(staticCriteria);
        }

        // If don't have a usage criteria yet from static criteria, add encryption usage
        if (!newCriteriaSet.contains(UsageCriteria.class)) {
            newCriteriaSet.add(new UsageCriteria(UsageType.ENCRYPTION));
        }

        return newCriteriaSet;
    }
View Full Code Here

     *          local credential resolver
     */
    protected Collection<? extends Credential> resolveByKeyName(String keyName) throws SecurityException {
        ArrayList<Credential> localCreds = new ArrayList<Credential>();
       
        CriteriaSet criteriaSet = new CriteriaSet( new KeyNameCriteria(keyName) );
        for (Credential cred : getLocalCredentialResolver().resolve(criteriaSet)) {
            if (isLocalCredential(cred)) {
                localCreds.add(cred);
            }
        }
View Full Code Here

     *          local credential resolver
     */
    protected Collection<? extends Credential> resolveByPublicKey(PublicKey publicKey) throws SecurityException {
        ArrayList<Credential> localCreds = new ArrayList<Credential>();
       
        CriteriaSet criteriaSet = new CriteriaSet( new PublicKeyCriteria(publicKey) );
        for (Credential cred : getLocalCredentialResolver().resolve(criteriaSet)) {
            if (isLocalCredential(cred)) {
                localCreds.add(cred);
            }
        }
View Full Code Here

            throw new SecurityPolicyException("Supplied message context was not an instance of SAMLMessageContext");
        }
       
        SAMLMessageContext samlContext = (SAMLMessageContext) messageContext;
       
        CriteriaSet criteriaSet = new CriteriaSet();
        if (! DatatypeHelper.isEmpty(entityID)) {
            criteriaSet.add(new EntityIDCriteria(entityID) );
        }
       
        MetadataCriteria mdCriteria =
            new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext.getInboundSAMLProtocol());
        criteriaSet.add(mdCriteria);
       
        criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
       
        return criteriaSet;
    }
View Full Code Here

            throw new SecurityPolicyException("Supplied message context was not an instance of SAMLMessageContext");
        }
       
        SAMLMessageContext samlContext = (SAMLMessageContext) messageContext;

        CriteriaSet criteriaSet = super.buildCriteriaSet(entityID, messageContext);
        MetadataCriteria mdCriteria =
            new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext.getInboundSAMLProtocol());
        criteriaSet.add(mdCriteria);

        return criteriaSet;
    }
View Full Code Here

        String contextIssuer = samlMsgCtx.getInboundMessageIssuer();

        if (contextIssuer != null) {
            log.debug("Attempting to validate SAML protocol message simple signature using context issuer: {}",
                    contextIssuer);
            CriteriaSet criteriaSet = buildCriteriaSet(contextIssuer, samlMsgCtx);
            if (validateSignature(signature, signedContent, algorithmURI, criteriaSet, candidateCredentials)) {
                log.info("Validation of request simple signature succeeded");
                if (!samlMsgCtx.isInboundSAMLMessageAuthenticated()) {
                    log.info("Authentication via request simple signature succeeded for context issuer entity ID {}",
                            contextIssuer);
                    samlMsgCtx.setInboundSAMLMessageAuthenticated(true);
                }
                return;
            } else {
                log.warn("Validation of request simple signature failed for context issuer: {}", contextIssuer);
                throw new SecurityPolicyException("Validation of request simple signature failed for context issuer");
            }
        }
           
        String derivedIssuer = deriveSignerEntityID(samlMsgCtx);
        if (derivedIssuer != null) {
            log.debug("Attempting to validate SAML protocol message simple signature using derived issuer: {}",
                    derivedIssuer);
            CriteriaSet criteriaSet = buildCriteriaSet(derivedIssuer, samlMsgCtx);
            if (validateSignature(signature, signedContent, algorithmURI, criteriaSet, candidateCredentials)) {
                log.info("Validation of request simple signature succeeded");
                if (!samlMsgCtx.isInboundSAMLMessageAuthenticated()) {
                    log.info("Authentication via request simple signature succeeded for derived issuer {}",
                            derivedIssuer);
View Full Code Here

     * @throws SecurityPolicyException thrown if criteria set can not be constructed
     */
    protected CriteriaSet buildCriteriaSet(String entityID, SAMLMessageContext samlContext)
            throws SecurityPolicyException {

        CriteriaSet criteriaSet = new CriteriaSet();
        if (!DatatypeHelper.isEmpty(entityID)) {
            criteriaSet.add(new EntityIDCriteria(entityID));
        }

        MetadataCriteria mdCriteria = new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext
                .getInboundSAMLProtocol());
        criteriaSet.add(mdCriteria);

        criteriaSet.add(new UsageCriteria(UsageType.SIGNING));

        return criteriaSet;
    }
View Full Code Here

        if (DatatypeHelper.isEmpty(algorithm)) {
            log.error("Algorithm of encrypted key not supplied, key decryption cannot proceed.");
            throw new DecryptionException("Algorithm of encrypted key not supplied, key decryption cannot proceed.");
        }

        CriteriaSet criteriaSet = buildCredentialCriteria(encryptedKey, kekResolverCriteria);
        try {
            for (Credential cred : kekResolver.resolve(criteriaSet)) {
                try {
                    return decryptKey(encryptedKey, algorithm, SecurityHelper.extractDecryptionKey(cred));
                } catch (DecryptionException e) {
View Full Code Here

     * @param encryptedData the encrypted data to decrypt
     * @return the decrypted document fragment, or null if decryption key could not be resolved or decryption failed
     */
    private DocumentFragment decryptUsingResolvedKey(EncryptedData encryptedData) {
        if (resolver != null) {
            CriteriaSet criteriaSet = buildCredentialCriteria(encryptedData, resolverCriteria);
            try {
                for (Credential cred : resolver.resolve(criteriaSet)) {
                    try {
                        return decryptDataToDOM(encryptedData, SecurityHelper.extractDecryptionKey(cred));
                    } catch (DecryptionException e) {
View Full Code Here

TOP

Related Classes of org.opensaml.xml.security.CriteriaSet

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.