org.opensaml.saml2.metadata.KeyDescriptor Java Examples
The following examples show how to use
org.opensaml.saml2.metadata.KeyDescriptor.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: KeyDescriptorMarshaller.java From lams with GNU General Public License v2.0 | 6 votes |
/** {@inheritDoc} */ protected void marshallAttributes(XMLObject xmlObject, Element domElement) throws MarshallingException { KeyDescriptor keyDescriptor = (KeyDescriptor) xmlObject; if (keyDescriptor.getUse() != null) { UsageType use = keyDescriptor.getUse(); // UsageType enum contains more values than are allowed by SAML 2 schema if (use.equals(UsageType.SIGNING) || use.equals(UsageType.ENCRYPTION)) { domElement.setAttribute(KeyDescriptor.USE_ATTRIB_NAME, use.toString().toLowerCase()); } else if (use.equals(UsageType.UNSPECIFIED)) { // emit nothing for unspecified - this is semantically equivalent to non-existent attribute } else { // Just in case values are unknowingly added to UsageType in the future... throw new MarshallingException("KeyDescriptor had illegal value for use attribute: " + use.toString()); } } }
Example #2
Source File: KeyDescriptorUnmarshaller.java From lams with GNU General Public License v2.0 | 6 votes |
/** {@inheritDoc} */ protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException { KeyDescriptor keyDescriptor = (KeyDescriptor) samlObject; if (attribute.getName().equals(KeyDescriptor.USE_ATTRIB_NAME)) { try { UsageType usageType = UsageType.valueOf(UsageType.class, attribute.getValue().toUpperCase()); // Only allow the enum values specified in the schema. if (usageType != UsageType.SIGNING && usageType != UsageType.ENCRYPTION) { throw new UnmarshallingException("Invalid key usage type: " + attribute.getValue()); } keyDescriptor.setUse(usageType); } catch (IllegalArgumentException e) { throw new UnmarshallingException("Invalid key usage type: " + attribute.getValue()); } } super.processAttribute(samlObject, attribute); }
Example #3
Source File: AffiliationDescriptorUnmarshaller.java From lams with GNU General Public License v2.0 | 6 votes |
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject) throws UnmarshallingException { AffiliationDescriptor descriptor = (AffiliationDescriptor) parentSAMLObject; if (childSAMLObject instanceof Extensions) { descriptor.setExtensions((Extensions) childSAMLObject); } else if (childSAMLObject instanceof Signature) { descriptor.setSignature((Signature) childSAMLObject); } else if (childSAMLObject instanceof AffiliateMember) { descriptor.getMembers().add((AffiliateMember) childSAMLObject); } else if (childSAMLObject instanceof KeyDescriptor) { descriptor.getKeyDescriptors().add((KeyDescriptor) childSAMLObject); } else { super.processChildElement(parentSAMLObject, childSAMLObject); } }
Example #4
Source File: RoleDescriptorUnmarshaller.java From lams with GNU General Public License v2.0 | 6 votes |
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject) throws UnmarshallingException { RoleDescriptor roleDescriptor = (RoleDescriptor) parentSAMLObject; if (childSAMLObject instanceof Extensions) { roleDescriptor.setExtensions((Extensions) childSAMLObject); } else if (childSAMLObject instanceof Signature) { roleDescriptor.setSignature((Signature) childSAMLObject); } else if (childSAMLObject instanceof KeyDescriptor) { roleDescriptor.getKeyDescriptors().add((KeyDescriptor) childSAMLObject); } else if (childSAMLObject instanceof Organization) { roleDescriptor.setOrganization((Organization) childSAMLObject); } else if (childSAMLObject instanceof ContactPerson) { roleDescriptor.getContactPersons().add((ContactPerson) childSAMLObject); } else { super.processChildElement(parentSAMLObject, childSAMLObject); } }
Example #5
Source File: MetadataGenerator.java From MaxKey with Apache License 2.0 | 5 votes |
public KeyDescriptor generateEncryptionKeyDescriptor(Credential signingCredential){ KeyDescriptor encryptionKeyDescriptor = new KeyDescriptorBuilder().buildObject(); encryptionKeyDescriptor.setUse(UsageType.ENCRYPTION); // Generating key info. The element will contain the public key. The key is used to by the IDP to encrypt data try { encryptionKeyDescriptor.setKeyInfo(getKeyInfoGenerator().generate(signingCredential)); } catch (SecurityException e) { logger.error(e.getMessage(), e); } return encryptionKeyDescriptor; }
Example #6
Source File: SAMLMDCredentialContext.java From lams with GNU General Public License v2.0 | 5 votes |
/** * Constructor. * * @param descriptor the KeyDescriptor context from which a credential was resolved */ public SAMLMDCredentialContext(KeyDescriptor descriptor) { keyDescriptor = descriptor; if (descriptor != null) { // KeyDescriptor / EncryptionMethod encMethods = descriptor.getEncryptionMethods(); // KeyDescriptor -> RoleDescriptor role = (RoleDescriptor) descriptor.getParent(); } }
Example #7
Source File: MetadataGenerator.java From MaxKey with Apache License 2.0 | 5 votes |
public KeyDescriptor generateSignKeyDescriptor(Credential signingCredential){ KeyDescriptor signKeyDescriptor = new KeyDescriptorBuilder().buildObject(); signKeyDescriptor.setUse(UsageType.SIGNING); //Set usage // Generating key info. The element will contain the public key. The key is used to by the IDP to verify signatures try { signKeyDescriptor.setKeyInfo(getKeyInfoGenerator().generate(signingCredential)); } catch (SecurityException e) { logger.error(e.getMessage(), e); } return signKeyDescriptor; }
Example #8
Source File: KeyDescriptorUnmarshaller.java From lams with GNU General Public License v2.0 | 5 votes |
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject) throws UnmarshallingException { KeyDescriptor keyDescriptor = (KeyDescriptor) parentSAMLObject; if (childSAMLObject instanceof KeyInfo) { keyDescriptor.setKeyInfo((KeyInfo) childSAMLObject); } else if (childSAMLObject instanceof EncryptionMethod) { keyDescriptor.getEncryptionMethods().add((EncryptionMethod) childSAMLObject); } else { super.processChildElement(parentSAMLObject, childSAMLObject); } }
Example #9
Source File: RoleDescriptorImpl.java From lams with GNU General Public License v2.0 | 5 votes |
/** * Constructor. * * @param namespaceURI the namespace the element is in * @param elementLocalName the local name of the XML element this Object represents * @param namespacePrefix the prefix for the given namespace */ protected RoleDescriptorImpl(String namespaceURI, String elementLocalName, String namespacePrefix) { super(namespaceURI, elementLocalName, namespacePrefix); unknownAttributes = new AttributeMap(this); supportedProtocols = new LazyList<String>(); contactPersons = new XMLObjectChildrenList<ContactPerson>(this); keyDescriptors = new XMLObjectChildrenList<KeyDescriptor>(this); }
Example #10
Source File: KeyDescriptorSchemaValidator.java From lams with GNU General Public License v2.0 | 5 votes |
/** * Checks that use attribute has only one of allowed values. * * @param keyDescriptor the key descriptor to validate * @throws ValidationException throw in use attribute does not have a legal value */ protected void validateUse(KeyDescriptor keyDescriptor) throws ValidationException { UsageType use = keyDescriptor.getUse(); if (use == null) { return; } if ( ! use.equals(UsageType.SIGNING) && ! use.equals(UsageType.ENCRYPTION) && ! use.equals(UsageType.UNSPECIFIED) ) { throw new ValidationException("Invalid value for use attribute: " + use.toString()); } }
Example #11
Source File: RoleDescriptorImpl.java From lams with GNU General Public License v2.0 | 4 votes |
/** {@inheritDoc} */ public List<KeyDescriptor> getKeyDescriptors() { return keyDescriptors; }
Example #12
Source File: AffiliationDescriptorImpl.java From lams with GNU General Public License v2.0 | 4 votes |
/** {@inheritDoc} */ public List<KeyDescriptor> getKeyDescriptors() { return keyDescriptors; }
Example #13
Source File: KeyDescriptorBuilder.java From lams with GNU General Public License v2.0 | 4 votes |
/** {@inheritDoc} */ public KeyDescriptor buildObject() { return buildObject(SAMLConstants.SAML20MD_NS, KeyDescriptor.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20MD_PREFIX); }
Example #14
Source File: KeyDescriptorBuilder.java From lams with GNU General Public License v2.0 | 4 votes |
/** {@inheritDoc} */ public KeyDescriptor buildObject(String namespaceURI, String localName, String namespacePrefix) { return new KeyDescriptorImpl(namespaceURI, localName, namespacePrefix); }
Example #15
Source File: KeyDescriptorSchemaValidator.java From lams with GNU General Public License v2.0 | 4 votes |
/** {@inheritDoc} */ public void validate(KeyDescriptor keyDescriptor) throws ValidationException { validateKeyInfo(keyDescriptor); validateUse(keyDescriptor); }
Example #16
Source File: MetadataCredentialResolver.java From lams with GNU General Public License v2.0 | 4 votes |
/** * Retrieves credentials from the provided metadata. * * @param entityID entityID of the credential owner * @param role role in which the entity is operating * @param protocol protocol over which the entity is operating (may be null) * @param usage intended usage of resolved credentials * * @return the resolved credentials or null * * @throws SecurityException thrown if the key, certificate, or CRL information is represented in an unsupported * format */ protected Collection<Credential> retrieveFromMetadata(String entityID, QName role, String protocol, UsageType usage) throws SecurityException { log.debug("Attempting to retrieve credentials from metadata for entity: {}", entityID); Collection<Credential> credentials = new HashSet<Credential>(3); List<RoleDescriptor> roleDescriptors = getRoleDescriptors(entityID, role, protocol); if(roleDescriptors == null || roleDescriptors.isEmpty()){ return credentials; } for (RoleDescriptor roleDescriptor : roleDescriptors) { List<KeyDescriptor> keyDescriptors = roleDescriptor.getKeyDescriptors(); if(keyDescriptors == null || keyDescriptors.isEmpty()){ return credentials; } for (KeyDescriptor keyDescriptor : keyDescriptors) { UsageType mdUsage = keyDescriptor.getUse(); if (mdUsage == null) { mdUsage = UsageType.UNSPECIFIED; } if (matchUsage(mdUsage, usage)) { if (keyDescriptor.getKeyInfo() != null) { CriteriaSet critSet = new CriteriaSet(); critSet.add(new KeyInfoCriteria(keyDescriptor.getKeyInfo())); Iterable<Credential> creds = getKeyInfoCredentialResolver().resolve(critSet); if(credentials == null){ continue; } for (Credential cred : creds) { if (cred instanceof BasicCredential) { BasicCredential basicCred = (BasicCredential) cred; basicCred.setEntityId(entityID); basicCred.setUsageType(mdUsage); basicCred.getCredentalContextSet().add(new SAMLMDCredentialContext(keyDescriptor)); } credentials.add(cred); } } } } } return credentials; }
Example #17
Source File: AffiliationDescriptorImpl.java From lams with GNU General Public License v2.0 | 3 votes |
/** * Constructor * * @param namespaceURI * @param elementLocalName * @param namespacePrefix */ protected AffiliationDescriptorImpl(String namespaceURI, String elementLocalName, String namespacePrefix) { super(namespaceURI, elementLocalName, namespacePrefix); unknownAttributes = new AttributeMap(this); members = new XMLObjectChildrenList<AffiliateMember>(this); keyDescriptors = new XMLObjectChildrenList<KeyDescriptor>(this); }
Example #18
Source File: KeyDescriptorSchemaValidator.java From lams with GNU General Public License v2.0 | 2 votes |
/** * Checks that KeyInfo is present. * * @param keyDescriptor the key descriptor to validate * @throws ValidationException thrown if KeyInfo is not present */ protected void validateKeyInfo(KeyDescriptor keyDescriptor) throws ValidationException { if (keyDescriptor.getKeyInfo()==null) { throw new ValidationException("KeyInfo required"); } }
Example #19
Source File: SAMLMDCredentialContext.java From lams with GNU General Public License v2.0 | 2 votes |
/** * Get the key descriptor context. * * @return key descriptor */ public KeyDescriptor getKeyDescriptor() { return keyDescriptor; }