Package | Description |
---|---|
org.opensaml.common.binding.security |
Classes responsible for performing transport-related and basic message
validation of decoded SAML messages.
|
org.opensaml.saml2.metadata.provider |
Class for retrieving, filtering, and querying metadata.
|
org.opensaml.security |
Classes related to verifying various credentials within a SAML system.
|
org.opensaml.ws.security.provider |
Basic implementations of some security policies.
|
org.opensaml.xml.encryption |
XMLObject interfaces and helper classes for representing encrypted content and encrypting/decrypting content.
|
org.opensaml.xml.security.credential |
Interfaces and classes related to credentials and ways to represent
them.
|
org.opensaml.xml.security.keyinfo |
Interfaces and classes for working with XML KeyInfo elements.
|
org.opensaml.xml.security.keyinfo.provider |
Specific implementations of
KeyInfoProvider . |
org.opensaml.xml.security.trust |
Interfaces and classes used to evaluate the trustworthiness
and validity of
Credential s |
org.opensaml.xml.security.x509 |
X509 based credential and trust class.
|
org.opensaml.xml.signature |
XMLObject interfaces and helper classes for representing digitally signed content and signing/validating content.
|
org.opensaml.xml.signature.impl |
Implementations of the interfaces for XMLObjects that represent XML signature types.
|
Modifier and Type | Method and Description |
---|---|
protected CriteriaSet |
SAMLMDClientCertAuthRule.buildCriteriaSet(String entityID,
MessageContext messageContext)
Subclasses are required to implement this method to build a criteria set for the trust engine
according to trust engine and application-specific needs.
|
protected CriteriaSet |
BaseSAMLXMLSignatureSecurityPolicyRule.buildCriteriaSet(String entityID,
MessageContext messageContext)
Subclasses are required to implement this method to build a criteria set for the trust engine
according to trust engine and application-specific needs.
|
protected CriteriaSet |
BaseSAMLSimpleSignatureSecurityPolicyRule.buildCriteriaSet(String entityID,
SAMLMessageContext samlContext)
Build a criteria set suitable for input to the trust engine.
|
Modifier and Type | Method and Description |
---|---|
protected boolean |
BaseSAMLSimpleSignatureSecurityPolicyRule.validateSignature(byte[] signature,
byte[] signedContent,
String algorithmURI,
CriteriaSet criteriaSet,
List<Credential> candidateCredentials)
Validate the simple signature.
|
Modifier and Type | Method and Description |
---|---|
protected CriteriaSet |
SignatureValidationFilter.buildCriteriaSet(SignableXMLObject signedMetadata,
String metadataEntryName,
boolean isEntityGroup)
Build the criteria set which will be used as input to the configured trust engine.
|
CriteriaSet |
SignatureValidationFilter.getDefaultCriteria()
Get the set of default criteria used as input to the trust engine.
|
Modifier and Type | Method and Description |
---|---|
void |
SignatureValidationFilter.setDefaultCriteria(CriteriaSet newCriteria)
Set the set of default criteria used as input to the trust engine.
|
Modifier and Type | Method and Description |
---|---|
protected void |
MetadataCredentialResolver.checkCriteriaRequirements(CriteriaSet criteriaSet)
Check that all necessary credential criteria are available.
|
protected Iterable<Credential> |
MetadataCredentialResolver.resolveFromSource(CriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the
implementation-specific type of underlying credential source.
|
Modifier and Type | Method and Description |
---|---|
protected CriteriaSet |
ClientCertAuthRule.buildCriteriaSet(String entityID,
MessageContext messageContext)
Subclasses are required to implement this method to build a criteria set for the trust engine
according to trust engine and application-specific needs.
|
protected abstract CriteriaSet |
BaseTrustEngineRule.buildCriteriaSet(String entityID,
MessageContext messageContext)
Subclasses are required to implement this method to build a criteria set for the trust engine
according to trust engine and application-specific needs.
|
Modifier and Type | Method and Description |
---|---|
protected boolean |
BaseTrustEngineRule.evaluate(TokenType token,
CriteriaSet criteriaSet)
Evaluate the token against the specified criteria using the configured trust engine.
|
Modifier and Type | Method and Description |
---|---|
CriteriaSet |
Decrypter.getKEKResolverCriteria()
Get the optional static set of criteria used when resolving credentials based on the KeyInfo of an EncryptedKey
element.
|
CriteriaSet |
Decrypter.setKeyResolverCriteria()
Get the optional static set of criteria used when resolving credentials based on the KeyInfo of an EncryptedData
element.
|
Modifier and Type | Method and Description |
---|---|
void |
Decrypter.setKEKResolverCriteria(CriteriaSet newCriteria)
Set the optional static set of criteria used when resolving credentials based on the KeyInfo of an EncryptedKey
element.
|
void |
Decrypter.setKeyResolverCriteria(CriteriaSet newCriteria)
Set the optional static set of criteria used when resolving credentials based on the KeyInfo of an EncryptedData
element.
|
Modifier and Type | Method and Description |
---|---|
protected void |
KeyStoreCredentialResolver.checkCriteriaRequirements(CriteriaSet criteriaSet)
Check that required credential criteria are available.
|
Iterable<Credential> |
StaticCredentialResolver.resolve(CriteriaSet criteria)
Process the specified criteria and return the resulting instances the the product type
which satisfy the criteria.
|
Iterable<Credential> |
ChainingCredentialResolver.resolve(CriteriaSet criteriaSet)
Process the specified criteria and return the resulting instances the the product type
which satisfy the criteria.
|
Iterable<Credential> |
AbstractCriteriaFilteringCredentialResolver.resolve(CriteriaSet criteriaSet)
Process the specified criteria and return the resulting instances the the product type
which satisfy the criteria.
|
abstract Iterable<Credential> |
AbstractCredentialResolver.resolve(CriteriaSet criteriaSet)
Process the specified criteria and return the resulting instances the the product type
which satisfy the criteria.
|
protected Iterable<Credential> |
KeyStoreCredentialResolver.resolveFromSource(CriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the
implementation-specific type of underlying credential source.
|
protected Iterable<Credential> |
FilesystemCredentialResolver.resolveFromSource(CriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the
implementation-specific type of underlying credential source.
|
protected Iterable<Credential> |
CollectionCredentialResolver.resolveFromSource(CriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the
implementation-specific type of underlying credential source.
|
protected abstract Iterable<Credential> |
AbstractCriteriaFilteringCredentialResolver.resolveFromSource(CriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the
implementation-specific type of underlying credential source.
|
Credential |
AbstractCredentialResolver.resolveSingle(CriteriaSet criteriaSet)
Process the specified criteria and return a single instance of the product type
which satisfies the criteria.
|
Constructor and Description |
---|
ChainingCredentialResolver.CredentialIterable(ChainingCredentialResolver resolver,
CriteriaSet criteriaSet)
Constructor.
|
ChainingCredentialResolver.CredentialIterator(ChainingCredentialResolver resolver,
CriteriaSet criteriaSet)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected void |
BasicProviderKeyInfoCredentialResolver.initResolutionContext(KeyInfoResolutionContext kiContext,
KeyInfo keyInfo,
CriteriaSet criteriaSet)
Initialize the resolution context that will be used by the providers.
|
protected void |
LocalKeyInfoCredentialResolver.postProcess(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
List<Credential> credentials)
Hook for subclasses to do post-processing of the credential set after all KeyInfo children have been processed.
|
protected void |
BasicProviderKeyInfoCredentialResolver.postProcess(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
List<Credential> credentials)
Hook for subclasses to do post-processing of the credential set after all KeyInfo children have been processed.
|
protected void |
BasicProviderKeyInfoCredentialResolver.postProcessEmptyCredentials(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
List<Credential> credentials)
Hook for processing the case where no credentials were returned by any resolution method by any provider, nor by
the processing of the
BasicProviderKeyInfoCredentialResolver.postProcess(KeyInfoResolutionContext, CriteriaSet, List) hook. |
Collection<Credential> |
KeyInfoProvider.process(KeyInfoCredentialResolver resolver,
XMLObject keyInfoChild,
CriteriaSet criteriaSet,
KeyInfoResolutionContext kiContext)
Process a specified KeyInfo child (XMLobject) and attempt to resolve a credential from it.
|
protected Collection<Credential> |
BasicProviderKeyInfoCredentialResolver.processKeyInfoChild(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
XMLObject keyInfoChild)
Process the given KeyInfo child with the registered providers.
|
protected void |
BasicProviderKeyInfoCredentialResolver.processKeyInfoChildren(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
List<Credential> credentials)
Use registered providers to process the non-KeyValue children of KeyInfo.
|
protected Iterable<Credential> |
BasicProviderKeyInfoCredentialResolver.resolveFromSource(CriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the
implementation-specific type of underlying credential source.
|
protected void |
BasicProviderKeyInfoCredentialResolver.resolveKeyValue(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
List<KeyValue> keyValues)
Resolve the key from any KeyValue element that may be present, and store the resulting key in the resolution
context.
|
Modifier and Type | Method and Description |
---|---|
Collection<Credential> |
RSAKeyValueProvider.process(KeyInfoCredentialResolver resolver,
XMLObject keyInfoChild,
CriteriaSet criteriaSet,
KeyInfoResolutionContext kiContext)
Process a specified KeyInfo child (XMLobject) and attempt to resolve a credential from it.
|
Collection<Credential> |
InlineX509DataProvider.process(KeyInfoCredentialResolver resolver,
XMLObject keyInfoChild,
CriteriaSet criteriaSet,
KeyInfoResolutionContext kiContext)
Process a specified KeyInfo child (XMLobject) and attempt to resolve a credential from it.
|
Collection<Credential> |
DSAKeyValueProvider.process(KeyInfoCredentialResolver resolver,
XMLObject keyInfoChild,
CriteriaSet criteriaSet,
KeyInfoResolutionContext kiContext)
Process a specified KeyInfo child (XMLobject) and attempt to resolve a credential from it.
|
Modifier and Type | Method and Description |
---|---|
protected void |
ExplicitKeyTrustEngine.checkParams(Credential untrustedCredential,
CriteriaSet trustBasisCriteria)
Check the parameters for required values.
|
protected void |
ExplicitX509CertificateTrustEngine.checkParams(X509Credential untrustedCredential,
CriteriaSet trustBasisCriteria)
Check the parameters for required values.
|
boolean |
ExplicitKeyTrustEngine.validate(Credential untrustedCredential,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an
implementation-specific manner.
|
boolean |
TrustEngine.validate(TokenType token,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an
implementation-specific manner.
|
boolean |
ChainingTrustEngine.validate(TokenType token,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an
implementation-specific manner.
|
boolean |
ExplicitX509CertificateTrustEngine.validate(X509Credential untrustedCredential,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an
implementation-specific manner.
|
Modifier and Type | Method and Description |
---|---|
Iterable<PKIXValidationInformation> |
StaticPKIXValidationInformationResolver.resolve(CriteriaSet criteria)
Process the specified criteria and return the resulting instances the the product type
which satisfy the criteria.
|
PKIXValidationInformation |
StaticPKIXValidationInformationResolver.resolveSingle(CriteriaSet criteria)
Process the specified criteria and return a single instance of the product type
which satisfies the criteria.
|
Set<String> |
StaticPKIXValidationInformationResolver.resolveTrustedNames(CriteriaSet criteriaSet)
Resolve a set of trusted names associated with the entity indicated by the criteria.
|
Set<String> |
PKIXValidationInformationResolver.resolveTrustedNames(CriteriaSet criteriaSet)
Resolve a set of trusted names associated with the entity indicated by the criteria.
|
boolean |
PKIXX509CredentialTrustEngine.validate(X509Credential untrustedCredential,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an
implementation-specific manner.
|
Modifier and Type | Method and Description |
---|---|
boolean |
SignatureTrustEngine.validate(byte[] signature,
byte[] content,
String algorithmURI,
CriteriaSet trustBasisCriteria,
Credential candidateCredential)
Determines whether a raw signature over specified content is valid and signed by a trusted credential.
|
Modifier and Type | Method and Description |
---|---|
protected void |
BaseSignatureTrustEngine.checkParams(Signature signature,
CriteriaSet trustBasisCriteria)
Check the signature and credential criteria for required values.
|
protected void |
BaseSignatureTrustEngine.checkParamsRaw(byte[] signature,
byte[] content,
String algorithmURI,
CriteriaSet trustBasisCriteria)
Check the signature and credential criteria for required values.
|
protected Pair<Set<String>,Iterable<PKIXValidationInformation>> |
PKIXSignatureTrustEngine.resolveValidationInfo(CriteriaSet trustBasisCriteria)
Resolve and return a set of trusted validation information.
|
boolean |
PKIXSignatureTrustEngine.validate(byte[] signature,
byte[] content,
String algorithmURI,
CriteriaSet trustBasisCriteria,
Credential candidateCredential)
Determines whether a raw signature over specified content is valid and signed by a trusted credential.
|
boolean |
ExplicitKeySignatureTrustEngine.validate(byte[] signature,
byte[] content,
String algorithmURI,
CriteriaSet trustBasisCriteria,
Credential candidateCredential)
Determines whether a raw signature over specified content is valid and signed by a trusted credential.
|
boolean |
ChainingSignatureTrustEngine.validate(byte[] signature,
byte[] content,
String algorithmURI,
CriteriaSet trustBasisCriteria,
Credential candidateCredential)
Determines whether a raw signature over specified content is valid and signed by a trusted credential.
|
boolean |
PKIXSignatureTrustEngine.validate(Signature signature,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an
implementation-specific manner.
|
boolean |
ExplicitKeySignatureTrustEngine.validate(Signature signature,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an
implementation-specific manner.
|
boolean |
ChainingSignatureTrustEngine.validate(Signature token,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an
implementation-specific manner.
|
Copyright © 2018 JBoss by Red Hat. All rights reserved.