Package org.opensaml.xml.signature

Examples of org.opensaml.xml.signature.SignatureTrustEngine

180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
     *
     */
    protected boolean validateSignature(byte[] signature, byte[] signedContent, String algorithmURI,
            CriteriaSet criteriaSet, List<Credential> candidateCredentials) throws SecurityPolicyException {

        SignatureTrustEngine engine = getTrustEngine();

        // Some bindings allow candidate signing credentials to be supplied (e.g. via ds:KeyInfo), some do not.
        // So have 2 slightly different cases.
        try {
            if (candidateCredentials == null || candidateCredentials.isEmpty()) {
                if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, null)) {
                    log.debug("Simple signature validation (with no request-derived credentials) was successful");
                    return true;
                } else {
                    log.warn("Simple signature validation (with no request-derived credentials) failed");
                    return false;
                }
            } else {
                for (Credential cred : candidateCredentials) {
                    if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, cred)) {
                        log.debug("Simple signature validation succeeded with a request-derived credential");
                        return true;
                    }
                }
                log.warn("Signature validation using request-derived credentials failed");
View Full Code Here
315
316
317
318
319
320
321
322
323
324
325
        ExtendedSAMLMessageContext context = this.contextProvider.buildSpContext(wc);
        // assertion consumer url is pac4j callback url
        context.setAssertionConsumerUrl(getCallbackUrl());

        SignatureTrustEngine trustEngine = this.signatureTrustEngineProvider.build();

        this.handler.receiveMessage(context, trustEngine);

        this.responseValidator.validateSamlResponse(context, trustEngine, decrypter);
View Full Code Here
77
78
79
80
81
82
83
84
85
86
    }

    @Override
    public void getSecurityPolicy(List<SecurityPolicyRule> securityPolicy, SAMLMessageContext samlContext) {

        SignatureTrustEngine engine = samlContext.getLocalTrustEngine();
        securityPolicy.add(new SAML2HTTPRedirectDeflateSignatureRule(engine));
        securityPolicy.add(new SAMLProtocolMessageXMLSignatureSecurityPolicyRule(engine));

    }
View Full Code Here
86
87
88
89
90
91
92
93
94
95
    }

    @Override
    public void getSecurityPolicy(List<SecurityPolicyRule> securityPolicy, SAMLMessageContext samlContext) {

        SignatureTrustEngine engine = samlContext.getLocalTrustEngine();
        securityPolicy.add(new SAML2HTTPPostSimpleSignRule(engine, parserPool, engine.getKeyInfoResolver()));
        securityPolicy.add(new SAMLProtocolMessageXMLSignatureSecurityPolicyRule(engine));

    }
View Full Code Here
79
80
81
82
83
84
85
86
87
    }

    @Override
    public void getSecurityPolicy(List<SecurityPolicyRule> securityPolicy, SAMLMessageContext samlContext) {

        SignatureTrustEngine engine = samlContext.getLocalTrustEngine();
        securityPolicy.add(new SAMLProtocolMessageXMLSignatureSecurityPolicyRule(engine));

    }
View Full Code Here
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
     *
     */
    protected boolean validateSignature(byte[] signature, byte[] signedContent, String algorithmURI,
            CriteriaSet criteriaSet, List<Credential> candidateCredentials) throws SecurityPolicyException {

        SignatureTrustEngine engine = getTrustEngine();

        // Some bindings allow candidate signing credentials to be supplied (e.g. via ds:KeyInfo), some do not.
        // So have 2 slightly different cases.
        try {
            if (candidateCredentials == null || candidateCredentials.isEmpty()) {
                if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, null)) {
                    log.debug("Simple signature validation (with no request-derived credentials) was successful");
                    return true;
                } else {
                    log.error("Simple signature validation (with no request-derived credentials) failed");
                    return false;
                }
            } else {
                for (Credential cred : candidateCredentials) {
                    if (engine.validate(signature, signedContent, algorithmURI, criteriaSet, cred)) {
                        log.debug("Simple signature validation succeeded with a request-derived credential");
                        return true;
                    }
                }
                log.error("Signature validation using request-derived credentials failed");
View Full Code Here
418
419
420
421
422
423
424
425
426
427
428
     * from the values overridden in the ExtendedMetadata.
     *
     * @param samlContext context to populate
     */
    protected void populateTrustEngine(SAMLMessageContext samlContext) {
        SignatureTrustEngine engine;
        if ("pkix".equalsIgnoreCase(samlContext.getLocalExtendedMetadata().getSecurityProfile())) {
            engine = new PKIXSignatureTrustEngine(pkixResolver, Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver(), pkixTrustEvaluator, new BasicX509CredentialNameEvaluator());
        } else {
            engine = new ExplicitKeySignatureTrustEngine(metadataResolver, Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver());
        }
View Full Code Here
77
78
79
80
81
82
83
84
85
    }

    @Override
    public void getSecurityPolicy(List<SecurityPolicyRule> securityPolicy, SAMLMessageContext samlContext) {

        SignatureTrustEngine engine = samlContext.getLocalTrustEngine();
        securityPolicy.add(new SAMLProtocolMessageXMLSignatureSecurityPolicyRule(engine));

    }
View Full Code Here
504
505
506
507
508
509
510
511
512
513
514
            log.debug("Metadata provider was already initialized, signature filter initialization will be skipped");

        } else {

            boolean requireSignature = provider.isMetadataRequireSignature();
            SignatureTrustEngine trustEngine = getTrustEngine(provider);
            SignatureValidationFilter filter = new SignatureValidationFilter(trustEngine);
            filter.setRequireSignature(requireSignature);

            log.debug("Created new trust manager for metadata provider {}", provider);
View Full Code Here
TOP

Related Classes of org.opensaml.xml.signature.SignatureTrustEngine

  • org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule
  • org.pac4j.saml.client.Saml2Client
  • org.springframework.security.saml.context.SAMLContextProviderImpl
  • org.springframework.security.saml.metadata.MetadataManager
  • org.springframework.security.saml.processor.HTTPArtifactBinding
  • org.springframework.security.saml.processor.HTTPPostBinding
  • org.springframework.security.saml.processor.HTTPRedirectDeflateBinding
  • org.springframework.security.saml.processor.HTTPSOAP11Binding
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.