| Package | Description |
|---|---|
| org.apache.ws.security.saml.ext.builder | |
| org.opensaml.common.binding.decoding |
Classes used to decode SAML messages.
|
| org.opensaml.saml1.binding.decoding |
Classes used to decode SAML messages.
|
| org.opensaml.saml2.binding.decoding |
Classes used to decode SAML 2 messages.
|
| org.opensaml.security |
Classes related to verifying various credentials within a SAML system.
|
| org.opensaml.ws.message.decoder |
Messages decoders are responsible for extracting an incomming web serivce message from the inbound transport.
|
| org.opensaml.ws.message.handler | |
| org.opensaml.ws.security |
Provides interfaces that may be used to implement policies that are evaluated against incoming messages.
|
| org.opensaml.ws.security.provider |
Basic implementations of some security policies.
|
| org.opensaml.ws.soap.client | |
| org.opensaml.ws.soap.client.http | |
| org.opensaml.ws.soap.soap11.decoder | |
| org.opensaml.xml.security |
Interfaces and classes used in representing cryptographic credentials, evaluating the trustworthiness of security of tokens, etc.
|
| org.opensaml.xml.security.credential |
Interfaces and classes related to credentials and ways to represent
them.
|
| org.opensaml.xml.security.credential.criteria |
Implementations of
EvaluableCriteria where the
parameterized evaluation target type is Credential. |
| org.opensaml.xml.security.keyinfo |
Interfaces and classes for working with XML KeyInfo elements.
|
| org.opensaml.xml.security.keyinfo.provider |
Specific implementations of
KeyInfoProvider. |
| org.opensaml.xml.security.trust |
Interfaces and classes used to evaluate the trustworthiness
and validity of
Credentials |
| org.opensaml.xml.security.x509 |
X509 based credential and trust class.
|
| org.opensaml.xml.signature |
XMLObject interfaces and helper classes for representing digitally signed content and signing/validating content.
|
| org.opensaml.xml.signature.impl |
Implementations of the interfaces for XMLObjects that represent XML signature types.
|
| Modifier and Type | Method and Description |
|---|---|
static KeyInfo |
SAML1ComponentBuilder.createKeyInfo(KeyInfoBean keyInfo)
Create an Opensaml KeyInfo object from the parameters
|
static Subject |
SAML1ComponentBuilder.createSaml1v1Subject(SubjectBean subjectBean)
Create a SAML Subject from a SubjectBean instance
|
static Subject |
SAML2ComponentBuilder.createSaml2Subject(SubjectBean subjectBean)
Create a Subject.
|
static List<AttributeStatement> |
SAML1ComponentBuilder.createSamlv1AttributeStatement(List<AttributeStatementBean> attributeData)
Create SAML 1.1 attribute statement(s)
|
static List<AuthenticationStatement> |
SAML1ComponentBuilder.createSamlv1AuthenticationStatement(List<AuthenticationStatementBean> authBeans)
Create SAML 1.1 authentication statement(s)
|
static List<AuthorizationDecisionStatement> |
SAML1ComponentBuilder.createSamlv1AuthorizationDecisionStatement(List<AuthDecisionStatementBean> decisionData)
Create SAML 1.1 Authorization Decision Statement(s)
|
static SubjectConfirmationData |
SAML2ComponentBuilder.createSubjectConfirmationData(String inResponseTo,
String recipient,
org.joda.time.DateTime notOnOrAfter,
KeyInfoBean keyInfoBean)
Deprecated.
|
static SubjectConfirmationData |
SAML2ComponentBuilder.createSubjectConfirmationData(SubjectConfirmationDataBean subjectConfirmationDataBean,
KeyInfoBean keyInfoBean)
Create a SubjectConfirmationData object
|
| Modifier and Type | Method and Description |
|---|---|
protected void |
BaseSAMLMessageDecoder.checkEndpointURI(SAMLMessageContext messageContext)
Check the validity of the SAML protocol message receiver endpoint against
requirements indicated in the message.
|
| Modifier and Type | Method and Description |
|---|---|
void |
BaseSAML1MessageDecoder.decode(MessageContext messageContext)
Decodes a message in a binding specific manner.
|
| Modifier and Type | Method and Description |
|---|---|
void |
HandlerChainAwareHTTPSOAP11Decoder.decode(MessageContext messageContext)
Decodes a message in a binding specific manner.
|
void |
BaseSAML2MessageDecoder.decode(MessageContext messageContext)
Decodes a message in a binding specific manner.
|
| Modifier and Type | Method and Description |
|---|---|
protected List<RoleDescriptor> |
MetadataCredentialResolver.getRoleDescriptors(String entityID,
QName role,
String protocol)
Get the list of metadata role descriptors which match the given entityID, role and protocol.
|
protected Iterable<Credential> |
MetadataCredentialResolver.resolveFromSource(CriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the
implementation-specific type of underlying credential source.
|
protected Collection<Credential> |
MetadataCredentialResolver.retrieveFromMetadata(String entityID,
QName role,
String protocol,
UsageType usage)
Retrieves credentials from the provided metadata.
|
| Modifier and Type | Method and Description |
|---|---|
void |
MessageDecoder.decode(MessageContext messageContext)
Decodes a message in a binding specific manner.
|
void |
BaseMessageDecoder.decode(MessageContext messageContext)
Decodes a message in a binding specific manner.
|
protected void |
BaseMessageDecoder.processSecurityPolicy(MessageContext messageContext)
Process any
SecurityPolicys which can be resolved for the message context. |
| Modifier and Type | Method and Description |
|---|---|
void |
BaseHandlerChainAwareMessageDecoder.decode(MessageContext messageContext)
Decodes a message in a binding specific manner.
|
| Modifier and Type | Class and Description |
|---|---|
class |
SecurityPolicyException
Exception indicating a security policy failure.
|
| Modifier and Type | Method and Description |
|---|---|
Iterable<SecurityPolicy> |
StaticSecurityPolicyResolver.resolve(MessageContext criteria)
Process the specified criteria and return the resulting instances the the product type
which satisfy the criteria.
|
SecurityPolicy |
StaticSecurityPolicyResolver.resolveSingle(MessageContext criteria)
Process the specified criteria and return a single instance of the product type
which satisfies the criteria.
|
| Modifier and Type | Method and Description |
|---|---|
void |
SOAPClient.send(String endpoint,
SOAPMessageContext messageContext)
Sends a message and waits for a response.
|
| Modifier and Type | Method and Description |
|---|---|
void |
HttpSOAPClient.send(String endpoint,
SOAPMessageContext messageContext)
Sends a message and waits for a response.
|
| Modifier and Type | Method and Description |
|---|---|
void |
SOAP11Decoder.decode(MessageContext messageContext)
Decodes a message in a binding specific manner.
|
| Modifier and Type | Method and Description |
|---|---|
static KeyEncryptionParameters |
SecurityHelper.buildKeyEncryptionParams(Credential encryptionCredential,
String wrappedKeyAlgorithm,
SecurityConfiguration config,
String keyInfoGenName,
String recipient)
Build an instance of
KeyEncryptionParameters suitable for passing to an
Encrypter. |
static boolean |
SecurityHelper.matchKeyPair(PublicKey pubKey,
PrivateKey privKey)
Compare the supplied public and private keys, and determine if they correspond to the same key pair.
|
static void |
SecurityHelper.prepareSignatureParams(Signature signature,
Credential signingCredential,
SecurityConfiguration config,
String keyInfoGenName)
Prepare a
Signature with necessary additional information prior to signing. |
Iterable<ProductType> |
Resolver.resolve(CriteriaType criteria)
Process the specified criteria and return the resulting instances the the product type
which satisfy the criteria.
|
ProductType |
Resolver.resolveSingle(CriteriaType criteria)
Process the specified criteria and return a single instance of the product type
which satisfies the criteria.
|
static byte[] |
SigningUtil.sign(Credential signingCredential,
String jcaAlgorithmID,
boolean isMAC,
byte[] input)
Compute the signature or MAC value over the supplied input.
|
static byte[] |
SigningUtil.sign(PrivateKey signingKey,
String jcaAlgorithmID,
byte[] input)
Compute the raw signature value over the supplied input.
|
static byte[] |
SigningUtil.signMAC(Key signingKey,
String jcaAlgorithmID,
byte[] input)
Compute the Message Authentication Code (MAC) value over the supplied input.
|
static byte[] |
SigningUtil.signWithURI(Credential signingCredential,
String algorithmURI,
byte[] input)
Compute the signature or MAC value over the supplied input.
|
static boolean |
SigningUtil.verify(Credential verificationCredential,
String jcaAlgorithmID,
boolean isMAC,
byte[] signature,
byte[] input)
Verify the signature value computed over the supplied input against the supplied signature value.
|
static boolean |
SigningUtil.verify(PublicKey verificationKey,
String jcaAlgorithmID,
byte[] signature,
byte[] input)
Verify the signature value computed over the supplied input against the supplied signature value.
|
static boolean |
SigningUtil.verifyMAC(Key verificationKey,
String jcaAlgorithmID,
byte[] signature,
byte[] input)
Verify the Message Authentication Code (MAC) value computed over the supplied input against the supplied MAC
value.
|
static boolean |
SigningUtil.verifyWithURI(Credential verificationCredential,
String algorithmURI,
byte[] signature,
byte[] input)
Verify the signature value computed over the supplied input against the supplied signature value.
|
| Modifier and Type | Method and Description |
|---|---|
protected Credential |
KeyStoreCredentialResolver.buildCredential(KeyStore.Entry keyStoreEntry,
String entityID,
UsageType usage)
Build a credential instance from the key store entry.
|
KeyInfo |
BasicKeyInfoGeneratorFactory.BasicKeyInfoGenerator.generate(Credential credential)
Generate a new KeyInfo object based on keying material and other information within a credential.
|
Iterable<Credential> |
StaticCredentialResolver.resolve(CriteriaSet criteria)
Process the specified criteria and return the resulting instances the the product type
which satisfy the criteria.
|
Iterable<Credential> |
ChainingCredentialResolver.resolve(CriteriaSet criteriaSet)
Process the specified criteria and return the resulting instances the the product type
which satisfy the criteria.
|
Iterable<Credential> |
AbstractCriteriaFilteringCredentialResolver.resolve(CriteriaSet criteriaSet)
Process the specified criteria and return the resulting instances the the product type
which satisfy the criteria.
|
abstract Iterable<Credential> |
AbstractCredentialResolver.resolve(CriteriaSet criteriaSet)
Process the specified criteria and return the resulting instances the the product type
which satisfy the criteria.
|
protected Iterable<Credential> |
KeyStoreCredentialResolver.resolveFromSource(CriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the
implementation-specific type of underlying credential source.
|
protected Iterable<Credential> |
CollectionCredentialResolver.resolveFromSource(CriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the
implementation-specific type of underlying credential source.
|
protected abstract Iterable<Credential> |
AbstractCriteriaFilteringCredentialResolver.resolveFromSource(CriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the
implementation-specific type of underlying credential source.
|
Credential |
AbstractCredentialResolver.resolveSingle(CriteriaSet criteriaSet)
Process the specified criteria and return a single instance of the product type
which satisfies the criteria.
|
| Modifier and Type | Method and Description |
|---|---|
static EvaluableCredentialCriteria |
EvaluableCredentialCriteriaRegistry.getEvaluator(Criteria criteria)
Get an instance of EvaluableCredentialCriteria which can evaluate the supplied criteria's requirements against a
Credential target.
|
| Modifier and Type | Method and Description |
|---|---|
protected Credential |
BasicProviderKeyInfoCredentialResolver.buildBasicCredential(Key key,
Set<String> keyNames)
Construct a basic credential containing the specified key and set of key names.
|
KeyInfo |
StaticKeyInfoGenerator.generate(Credential credential)
Generate a new KeyInfo object based on keying material and other information within a credential.
|
KeyInfo |
KeyInfoGenerator.generate(Credential credential)
Generate a new KeyInfo object based on keying material and other information within a credential.
|
protected void |
BasicProviderKeyInfoCredentialResolver.initResolutionContext(KeyInfoResolutionContext kiContext,
KeyInfo keyInfo,
CriteriaSet criteriaSet)
Initialize the resolution context that will be used by the providers.
|
protected void |
LocalKeyInfoCredentialResolver.postProcess(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
List<Credential> credentials)
Hook for subclasses to do post-processing of the credential set after all KeyInfo children have been processed.
|
protected void |
BasicProviderKeyInfoCredentialResolver.postProcess(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
List<Credential> credentials)
Hook for subclasses to do post-processing of the credential set after all KeyInfo children have been processed.
|
protected void |
BasicProviderKeyInfoCredentialResolver.postProcessEmptyCredentials(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
List<Credential> credentials)
Hook for processing the case where no credentials were returned by any resolution method by any provider, nor by
the processing of the
BasicProviderKeyInfoCredentialResolver.postProcess(KeyInfoResolutionContext, CriteriaSet, List) hook. |
Collection<Credential> |
KeyInfoProvider.process(KeyInfoCredentialResolver resolver,
XMLObject keyInfoChild,
CriteriaSet criteriaSet,
KeyInfoResolutionContext kiContext)
Process a specified KeyInfo child (XMLobject) and attempt to resolve a credential from it.
|
protected Collection<Credential> |
BasicProviderKeyInfoCredentialResolver.processKeyInfoChild(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
XMLObject keyInfoChild)
Process the given KeyInfo child with the registered providers.
|
protected void |
BasicProviderKeyInfoCredentialResolver.processKeyInfoChildren(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
List<Credential> credentials)
Use registered providers to process the non-KeyValue children of KeyInfo.
|
protected Collection<? extends Credential> |
LocalKeyInfoCredentialResolver.resolveByKeyName(String keyName)
Resolve credentials from local resolver using key name criteria.
|
protected Collection<? extends Credential> |
LocalKeyInfoCredentialResolver.resolveByPublicKey(PublicKey publicKey)
Resolve credentials from local resolver using public key criteria.
|
protected Iterable<Credential> |
BasicProviderKeyInfoCredentialResolver.resolveFromSource(CriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the
implementation-specific type of underlying credential source.
|
protected void |
BasicProviderKeyInfoCredentialResolver.resolveKeyValue(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
List<KeyValue> keyValues)
Resolve the key from any KeyValue element that may be present, and store the resulting key in the resolution
context.
|
| Modifier and Type | Method and Description |
|---|---|
Collection<Credential> |
RSAKeyValueProvider.process(KeyInfoCredentialResolver resolver,
XMLObject keyInfoChild,
CriteriaSet criteriaSet,
KeyInfoResolutionContext kiContext)
Process a specified KeyInfo child (XMLobject) and attempt to resolve a credential from it.
|
Collection<Credential> |
InlineX509DataProvider.process(KeyInfoCredentialResolver resolver,
XMLObject keyInfoChild,
CriteriaSet criteriaSet,
KeyInfoResolutionContext kiContext)
Process a specified KeyInfo child (XMLobject) and attempt to resolve a credential from it.
|
Collection<Credential> |
DSAKeyValueProvider.process(KeyInfoCredentialResolver resolver,
XMLObject keyInfoChild,
CriteriaSet criteriaSet,
KeyInfoResolutionContext kiContext)
Process a specified KeyInfo child (XMLobject) and attempt to resolve a credential from it.
|
| Modifier and Type | Method and Description |
|---|---|
protected void |
ExplicitKeyTrustEngine.checkParams(Credential untrustedCredential,
CriteriaSet trustBasisCriteria)
Check the parameters for required values.
|
protected void |
ExplicitX509CertificateTrustEngine.checkParams(X509Credential untrustedCredential,
CriteriaSet trustBasisCriteria)
Check the parameters for required values.
|
boolean |
ExplicitKeyTrustEngine.validate(Credential untrustedCredential,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an
implementation-specific manner.
|
boolean |
TrustEngine.validate(TokenType token,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an
implementation-specific manner.
|
boolean |
ChainingTrustEngine.validate(TokenType token,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an
implementation-specific manner.
|
boolean |
ExplicitX509CertificateTrustEngine.validate(X509Credential untrustedCredential,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an
implementation-specific manner.
|
| Modifier and Type | Method and Description |
|---|---|
protected boolean |
PKIXX509CredentialTrustEngine.checkNames(Set<String> trustedNames,
X509Credential untrustedCredential)
Evaluate the credential against the set of trusted names.
|
static X509Certificate |
X509Util.determineEntityCertificate(Collection<X509Certificate> certs,
PrivateKey privateKey)
Determines the certificate, from the collection, associated with the private key.
|
boolean |
X509CredentialNameEvaluator.evaluate(X509Credential credential,
Set<String> trustedNames)
Evaluate the specified credential against the specified set of trusted names.
|
boolean |
BasicX509CredentialNameEvaluator.evaluate(X509Credential credential,
Set<String> trustedNames)
Evaluate the specified credential against the specified set of trusted names.
|
KeyInfo |
X509KeyInfoGeneratorFactory.X509KeyInfoGenerator.generate(Credential credential)
Generate a new KeyInfo object based on keying material and other information within a credential.
|
protected void |
X509KeyInfoGeneratorFactory.X509KeyInfoGenerator.processCRLs(KeyInfo keyInfo,
X509Data x509Data,
X509Credential credential)
Process the value of
X509Credential.getCRLs(). |
protected void |
X509KeyInfoGeneratorFactory.X509KeyInfoGenerator.processEntityCertificate(KeyInfo keyInfo,
X509Data x509Data,
X509Credential credential)
Process the value of
X509Credential.getEntityCertificate(). |
protected void |
X509KeyInfoGeneratorFactory.X509KeyInfoGenerator.processEntityCertificateChain(KeyInfo keyInfo,
X509Data x509Data,
X509Credential credential)
Process the value of
X509Credential.getEntityCertificateChain(). |
Iterable<PKIXValidationInformation> |
StaticPKIXValidationInformationResolver.resolve(CriteriaSet criteria)
Process the specified criteria and return the resulting instances the the product type
which satisfy the criteria.
|
PKIXValidationInformation |
StaticPKIXValidationInformationResolver.resolveSingle(CriteriaSet criteria)
Process the specified criteria and return a single instance of the product type
which satisfies the criteria.
|
Set<String> |
StaticPKIXValidationInformationResolver.resolveTrustedNames(CriteriaSet criteriaSet)
Resolve a set of trusted names associated with the entity indicated by the criteria.
|
Set<String> |
PKIXValidationInformationResolver.resolveTrustedNames(CriteriaSet criteriaSet)
Resolve a set of trusted names associated with the entity indicated by the criteria.
|
boolean |
PKIXTrustEvaluator.validate(PKIXValidationInformation validationInfo,
X509Credential untrustedCredential)
Validate the specified credential against the specified set of trusted validation information.
|
boolean |
CertPathPKIXTrustEvaluator.validate(PKIXValidationInformation validationInfo,
X509Credential untrustedCredential)
Validate the specified credential against the specified set of trusted validation information.
|
boolean |
PKIXX509CredentialTrustEngine.validate(X509Credential untrustedCredential,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an
implementation-specific manner.
|
protected boolean |
PKIXX509CredentialTrustEngine.validate(X509Credential untrustedX509Credential,
Set<String> trustedNames,
Iterable<PKIXValidationInformation> validationInfoSet)
Perform PKIX validation on the untrusted credential, using PKIX validation information based on the supplied set
of trusted credentials.
|
| Modifier and Type | Method and Description |
|---|---|
boolean |
SignatureTrustEngine.validate(byte[] signature,
byte[] content,
String algorithmURI,
CriteriaSet trustBasisCriteria,
Credential candidateCredential)
Determines whether a raw signature over specified content is valid and signed by a trusted credential.
|
| Modifier and Type | Method and Description |
|---|---|
protected boolean |
PKIXSignatureTrustEngine.checkNames(Set<String> trustedNames,
X509Credential untrustedCredential)
Evaluate the credential against the set of trusted names.
|
protected void |
BaseSignatureTrustEngine.checkParams(Signature signature,
CriteriaSet trustBasisCriteria)
Check the signature and credential criteria for required values.
|
protected void |
BaseSignatureTrustEngine.checkParamsRaw(byte[] signature,
byte[] content,
String algorithmURI,
CriteriaSet trustBasisCriteria)
Check the signature and credential criteria for required values.
|
protected boolean |
ExplicitKeySignatureTrustEngine.evaluateTrust(Credential untrustedCredential,
Iterable<Credential> trustedCredentials)
Evaluate the untrusted KeyInfo-derived credential with respect to the specified trusted information.
|
protected boolean |
PKIXSignatureTrustEngine.evaluateTrust(Credential untrustedCredential,
Pair<Set<String>,Iterable<PKIXValidationInformation>> validationPair)
Evaluate the untrusted KeyInfo-derived credential with respect to the specified trusted information.
|
protected abstract boolean |
BaseSignatureTrustEngine.evaluateTrust(Credential untrustedCredential,
TrustBasisType trustBasis)
Evaluate the untrusted KeyInfo-derived credential with respect to the specified trusted information.
|
protected Pair<Set<String>,Iterable<PKIXValidationInformation>> |
PKIXSignatureTrustEngine.resolveValidationInfo(CriteriaSet trustBasisCriteria)
Resolve and return a set of trusted validation information.
|
boolean |
PKIXSignatureTrustEngine.validate(byte[] signature,
byte[] content,
String algorithmURI,
CriteriaSet trustBasisCriteria,
Credential candidateCredential)
Determines whether a raw signature over specified content is valid and signed by a trusted credential.
|
boolean |
ExplicitKeySignatureTrustEngine.validate(byte[] signature,
byte[] content,
String algorithmURI,
CriteriaSet trustBasisCriteria,
Credential candidateCredential)
Determines whether a raw signature over specified content is valid and signed by a trusted credential.
|
boolean |
ChainingSignatureTrustEngine.validate(byte[] signature,
byte[] content,
String algorithmURI,
CriteriaSet trustBasisCriteria,
Credential candidateCredential)
Determines whether a raw signature over specified content is valid and signed by a trusted credential.
|
boolean |
PKIXSignatureTrustEngine.validate(Signature signature,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an
implementation-specific manner.
|
boolean |
ExplicitKeySignatureTrustEngine.validate(Signature signature,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an
implementation-specific manner.
|
boolean |
ChainingSignatureTrustEngine.validate(Signature token,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an
implementation-specific manner.
|
protected boolean |
BaseSignatureTrustEngine.validate(Signature signature,
TrustBasisType trustBasis)
Attempt to establish trust by resolving signature verification credentials from the Signature's KeyInfo.
|
Copyright © 2018 JBoss by Red Hat. All rights reserved.