Examples of org.opensaml.xml.security.x509.BasicX509CredentialNameEvaluator

org.opensaml.xml.security.x509.X509Credential
A basic implementaion of {@link X509CredentialNameEvaluator} which evaluates various identifiers extracted from an {@link X509Credential}'s entity certificate against a set of trusted names.
Supported types of entity certificate-derived names for name checking purposes are:
1. Subject alternative names.
2. The first (i.e. most specific) common name (CN) from the subject distinguished name.
3. The complete subject distinguished name.
Name checking is enabled by default for all of the supported name types. The types of subject alternative names to process are specified by using the appropriate constant values defined in {@link X509Util}. By default the following types of subject alternative names are checked: DNS ( {@link X509Util#DNS_ALT_NAME}) and URI ( {@link X509Util#URI_ALT_NAME}).

The subject distinguished name from the entity certificate is compared to the trusted key names for complete DN matching purposes by parsing each trusted key name into an {@link X500Principal} as returned by the configuredinstance of {@link X500DNHandler}. The resulting distinguished name is then compared with the certificate subject using {@link X500Principal#equals(Object)}. The default X500DNHandler used is {@link InternalX500DNHandler}.

        if (resolver == null) {
            throw new IllegalArgumentException("PKIX trust information resolver may not be null");
        }
        pkixResolver = resolver;


        pkixTrustEvaluator = new CertPathPKIXTrustEvaluator();
        credNameEvaluator = new BasicX509CredentialNameEvaluator();
    }

View Full Code Here

    
    /**
     * Constructor.
     */
    public InlineX509DataProvider() {
        x500DNHandler = new InternalX500DNHandler();
    }

View Full Code Here

    private String x500SubjectDNFormat;


    /** Constructor. */
    public CertificateNameOptions() {
        subjectAltNames = new LinkedHashSet<Integer>();
        x500DNHandler = new InternalX500DNHandler();
        x500SubjectDNFormat = X500DNHandler.FORMAT_RFC2253;
    }

View Full Code Here

    
    /**
     * Constructor.
     */
    public InlineX509DataProvider() {
        x500DNHandler = new InternalX500DNHandler();
    }

View Full Code Here

    
    /**
     * Constructor.
     */
    public InlineX509DataProvider() {
        x500DNHandler = new InternalX500DNHandler();
    }

View Full Code Here

    private String x500SubjectDNFormat;


    /** Constructor. */
    public CertificateNameOptions() {
        subjectAltNames = new LinkedHashSet<Integer>();
        x500DNHandler = new InternalX500DNHandler();
        x500SubjectDNFormat = X500DNHandler.FORMAT_RFC2253;
    }

View Full Code Here

        Collection<X509Certificate> anchors = new ArrayList<X509Certificate>();
        Collection<X509CRL> crls = new ArrayList<X509CRL>();
        populateMetadataAnchors(criteriaSet, anchors, crls);
        populateTrustedKeysAnchors(criteriaSet, anchors, crls);
        populateCRLs(criteriaSet, anchors, crls);
        PKIXValidationInformation info = new BasicPKIXValidationInformation(anchors, crls, getPKIXDepth());
        return new ArrayList<PKIXValidationInformation>(Arrays.asList(info));
    }

View Full Code Here


        if (!(untrustedCredential instanceof X509Credential)) {
            log.debug("Can not evaluate trust of non-X509Credential");
            return false;
        }
        X509Credential untrustedX509Credential = (X509Credential) untrustedCredential;


        Set<String> trustedNames = validationPair.getFirst();
        Iterable<PKIXValidationInformation> validationInfoSet = validationPair.getSecond();
        
        if (!checkNames(trustedNames, untrustedX509Credential)) {

View Full Code Here

  /**
   * Creates the X509Credential from the TrustStore certificate.
   */
  public static X509Credential loadCredentialFromTrustStore(String alias, KeyStore trustStore)
      throws RelyingPartyException {
    X509Credential credential = null;
    java.security.cert.X509Certificate cert = null;


    try {
      if (trustStore.containsAlias(alias)) {
        cert = (java.security.cert.X509Certificate) trustStore.getCertificate(alias);

View Full Code Here

  /**
   * Creates the certificate from the KeyInfo element.
   */
  public static X509Credential loadCredentialFromSignature(Signature signature)
      throws RelyingPartyException {
    X509Credential credential = null;
    KeyInfo kinfo = signature.getKeyInfo();
    List<X509Data> dataList = null;
    List<KeyValue> keyValueList = null;


    if (kinfo == null) {

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.opensaml.xml.security.x509.BasicX509CredentialNameEvaluator

axiom.saml.idp.XmlObjectSigner

demo.sts.provider.token.Saml1TokenProvider

demo.sts.provider.token.Saml2TokenProvider

org.apache.commons.ssl.TrustMaterial

org.apache.cxf.rs.security.saml.sso.SamlPostBindingFilter

org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator

org.apache.cxf.rs.security.saml.sso.SAMLResponseValidatorTest

org.apache.ws.security.saml.ext.AssertionWrapper

org.apache.ws.security.saml.ext.builder.SAML1ComponentBuilder

org.apache.wss4j.common.saml.builder.SAML1ComponentBuilder

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.