Java Code Examples for org.opensaml.xml.security.CriteriaSet#get()

The following examples show how to use org.opensaml.xml.security.CriteriaSet#get() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: MetadataCredentialResolver.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Check that all necessary credential criteria are available.
 * 
 * @param criteriaSet the credential set to evaluate
 */
protected void checkCriteriaRequirements(CriteriaSet criteriaSet) {
    EntityIDCriteria entityCriteria = criteriaSet.get(EntityIDCriteria.class);
    MetadataCriteria mdCriteria = criteriaSet.get(MetadataCriteria.class);
    if (entityCriteria == null) {
        throw new IllegalArgumentException("Entity criteria must be supplied");
    }
    if (mdCriteria == null) {
        throw new IllegalArgumentException("SAML metadata criteria must be supplied");
    }
    if (DatatypeHelper.isEmpty(entityCriteria.getEntityID())) {
        throw new IllegalArgumentException("Credential owner entity ID criteria value must be supplied");
    }
    if (mdCriteria.getRole() == null) {
        throw new IllegalArgumentException("Credential metadata role criteria value must be supplied");
    }
}
 
Example 2
Source File: CarbonKeyStoreCredentialResolver.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
@Override
public Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet) throws SecurityException {
    try {
        credentialSet = new HashSet<Credential>();
        Enumeration<String> en = keyStore.aliases();
        while (en.hasMoreElements()) {
            String alias = en.nextElement();
            X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
            Credential credential = new X509CredentialImpl(cert);
            if (criteriaSet.get(EntityIDCriteria.class) != null) {
                if (criteriaSet.get(EntityIDCriteria.class).getEntityID().equals(alias)) {
                    credentialSet.add(credential);
                    break;
                }
            } else {
                credentialSet.add(credential);
            }
        }
        return credentialSet;
    } catch (KeyStoreException e) {
        log.error(e);
        throw new SecurityException("Error reading certificates from key store");
    }
}
 
Example 3
Source File: BasicProviderKeyInfoCredentialResolver.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
protected Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet) throws SecurityException {
    KeyInfoCriteria kiCriteria = criteriaSet.get(KeyInfoCriteria.class);
    if (kiCriteria == null) {
        log.error("No KeyInfo criteria supplied, resolver could not process");
        throw new SecurityException("Credential criteria set did not contain an instance of"
                + "KeyInfoCredentialCriteria");
    }
    KeyInfo keyInfo = kiCriteria.getKeyInfo();

    // This will be the list of credentials to return.
    List<Credential> credentials = new ArrayList<Credential>();

    KeyInfoResolutionContext kiContext = new KeyInfoResolutionContext(credentials);

    // Note: we allow KeyInfo to be null to handle case where application context,
    // other accompanying criteria, etc, should be used to resolve credentials via hooks below.
    if (keyInfo != null) {
        processKeyInfo(keyInfo, kiContext, criteriaSet, credentials);
    } else {
        log.info("KeyInfo was null, any credentials will be resolved by post-processing hooks only");
    }

    // Postprocessing hook
    postProcess(kiContext, criteriaSet, credentials);

    // Final empty credential hook
    if (credentials.isEmpty()) {
        log.debug("No credentials were found, calling empty credentials post-processing hook");
        postProcessEmptyCredentials(kiContext, criteriaSet, credentials);
    }

    log.debug("A total of {} credentials were resolved", credentials.size());
    return credentials;
}
 
Example 4
Source File: KeyStoreCredentialResolver.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Check that required credential criteria are available.
 * 
 * @param criteriaSet the credential criteria set to evaluate
 */
protected void checkCriteriaRequirements(CriteriaSet criteriaSet) {
    EntityIDCriteria entityCriteria = criteriaSet.get(EntityIDCriteria.class);
    if (entityCriteria == null) {
        log.error("EntityIDCriteria was not specified in the criteria set, resolution can not be attempted");
        throw new IllegalArgumentException("No EntityIDCriteria was available in criteria set");
    }
}
 
Example 5
Source File: MetadataCredentialResolver.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
protected Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet) throws SecurityException {

    checkCriteriaRequirements(criteriaSet);

    String entityID = criteriaSet.get(EntityIDCriteria.class).getEntityID();
    MetadataCriteria mdCriteria = criteriaSet.get(MetadataCriteria.class);
    QName role = mdCriteria.getRole();
    String protocol = mdCriteria.getProtocol();
    UsageCriteria usageCriteria = criteriaSet.get(UsageCriteria.class);
    UsageType usage = null;
    if (usageCriteria != null) {
        usage = usageCriteria.getUsage();
    } else {
        usage = UsageType.UNSPECIFIED;
    }
    
    // See Jira issue SIDP-229.
    log.debug("Forcing on-demand metadata provider refresh if necessary");
    try {
        metadata.getMetadata();
    } catch (MetadataProviderException e) {
        // don't care about errors at this level
    }

    MetadataCacheKey cacheKey = new MetadataCacheKey(entityID, role, protocol, usage);
    Collection<Credential> credentials = retrieveFromCache(cacheKey);

    if (credentials == null) {
        credentials = retrieveFromMetadata(entityID, role, protocol, usage);
        cacheCredentials(cacheKey, credentials);
    }

    return credentials;
}
 
Example 6
Source File: DSAKeyValueProvider.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public Collection<Credential> process(KeyInfoCredentialResolver resolver, XMLObject keyInfoChild, 
        CriteriaSet criteriaSet, KeyInfoResolutionContext kiContext) throws SecurityException {
    
    DSAKeyValue keyValue = getDSAKeyValue(keyInfoChild);
    if (keyValue == null) {
        return null;
    }
    
    KeyAlgorithmCriteria algorithmCriteria = criteriaSet.get(KeyAlgorithmCriteria.class);
    if (algorithmCriteria != null 
            && algorithmCriteria.getKeyAlgorithm() != null 
            && ! algorithmCriteria.getKeyAlgorithm().equals("DSA")) {
        log.debug("Criteria specified non-DSA key algorithm, skipping");
        return null;
    }
    
    log.debug("Attempting to extract credential from a DSAKeyValue");
    
    PublicKey pubKey = null;
    try {
        //TODO deal with case of incomplete DSAParams, need hook to resolve those
        pubKey = KeyInfoHelper.getDSAKey(keyValue);
    } catch (KeyException e) {
        log.error("Error extracting DSA key value", e);
        throw new SecurityException("Error extracting DSA key value", e);
    }
    BasicCredential cred = new BasicCredential();
    cred.setPublicKey(pubKey);
    if (kiContext != null) {
        cred.getKeyNames().addAll(kiContext.getKeyNames());
    }
    
    CredentialContext credContext = buildCredentialContext(kiContext);
    if (credContext != null) {
        cred.getCredentalContextSet().add(credContext);
    }
    
    log.debug("Credential successfully extracted from DSAKeyValue");
    LazySet<Credential> credentialSet = new LazySet<Credential>();
    credentialSet.add(cred);
    return credentialSet;
}
 
Example 7
Source File: DEREncodedKeyValueProvider.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public Collection<Credential> process(KeyInfoCredentialResolver resolver, XMLObject keyInfoChild,
        CriteriaSet criteriaSet, KeyInfoResolutionContext kiContext) throws SecurityException {

    DEREncodedKeyValue keyValue = getDEREncodedKeyValue(keyInfoChild);
    if (keyValue == null) {
        return null;
    }

    log.debug("Attempting to extract credential from a DEREncodedKeyValue");
    
    PublicKey pubKey = null;
    try {
        pubKey = KeyInfoHelper.getKey(keyValue);
    } catch (KeyException e) {
        log.error("Error extracting DER-encoded key value", e);
        throw new SecurityException("Error extracting DER-encoded key value", e);
    }
    
    KeyAlgorithmCriteria algorithmCriteria = criteriaSet.get(KeyAlgorithmCriteria.class);
    if (algorithmCriteria != null && algorithmCriteria.getKeyAlgorithm() != null
            && !algorithmCriteria.getKeyAlgorithm().equals(pubKey.getAlgorithm())) {
        log.debug("Criteria specified key algorithm {}, actually {}, skipping",
                algorithmCriteria.getKeyAlgorithm(), pubKey.getAlgorithm());
        return null;
    }

    BasicCredential cred = new BasicCredential();
    cred.setPublicKey(pubKey);
    if (kiContext != null) {
        cred.getKeyNames().addAll(kiContext.getKeyNames());
    }
    
    CredentialContext credContext = buildCredentialContext(kiContext);
    if (credContext != null) {
        cred.getCredentalContextSet().add(credContext);
    }

    log.debug("Credential successfully extracted from DEREncodedKeyValue");
    LazySet<Credential> credentialSet = new LazySet<Credential>();
    credentialSet.add(cred);
    return credentialSet;
}
 
Example 8
Source File: RSAKeyValueProvider.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public Collection<Credential> process(KeyInfoCredentialResolver resolver, XMLObject keyInfoChild,
        CriteriaSet criteriaSet, KeyInfoResolutionContext kiContext) throws SecurityException {

    RSAKeyValue keyValue = getRSAKeyValue(keyInfoChild);
    if (keyValue == null) {
        return null;
    }

    KeyAlgorithmCriteria algorithmCriteria = criteriaSet.get(KeyAlgorithmCriteria.class);
    if (algorithmCriteria != null && algorithmCriteria.getKeyAlgorithm() != null
            && !algorithmCriteria.getKeyAlgorithm().equals("RSA")) {
        log.debug("Criteria specified non-RSA key algorithm, skipping");
        return null;
    }

    log.debug("Attempting to extract credential from an RSAKeyValue");

    PublicKey pubKey = null;
    try {
        pubKey = KeyInfoHelper.getRSAKey(keyValue);
    } catch (KeyException e) {
        log.error("Error extracting RSA key value", e);
        throw new SecurityException("Error extracting RSA key value", e);
    }
    BasicCredential cred = new BasicCredential();
    cred.setPublicKey(pubKey);
    if (kiContext != null) {
        cred.getKeyNames().addAll(kiContext.getKeyNames());
    }

    CredentialContext credContext = buildCredentialContext(kiContext);
    if (credContext != null) {
        cred.getCredentalContextSet().add(credContext);
    }

    log.debug("Credential successfully extracted from RSAKeyValue");
    LazySet<Credential> credentialSet = new LazySet<Credential>();
    credentialSet.add(cred);
    return credentialSet;
}