Package | Description |
---|---|
org.opensaml.common.binding.security |
Classes responsible for performing transport-related and basic message
validation of decoded SAML messages.
|
org.opensaml.ws.security |
Provides interfaces that may be used to implement policies that are evaluated against incoming messages.
|
org.opensaml.ws.security.provider |
Basic implementations of some security policies.
|
org.opensaml.xml.security.credential |
Interfaces and classes related to credentials and ways to represent
them.
|
org.opensaml.xml.security.trust |
Interfaces and classes used to evaluate the trustworthiness
and validity of
Credential s |
org.opensaml.xml.security.x509 |
X509 based credential and trust class.
|
org.opensaml.xml.signature.impl |
Implementations of the interfaces for XMLObjects that represent XML signature types.
|
Constructor and Description |
---|
SAMLMDClientCertAuthRule(TrustEngine<X509Credential> engine,
CertificateNameOptions nameOptions)
Constructor.
|
Modifier and Type | Class and Description |
---|---|
class |
ServletRequestX509CredentialAdapter
An adapter that exposes the X.509 certificates contained in the servlet request attribute.
|
Modifier and Type | Method and Description |
---|---|
protected void |
ClientCertAuthRule.doEvaluate(X509Credential requestCredential,
MessageContext messageContext)
Evaluate the request credential.
|
protected String |
ClientCertAuthRule.evaluateCertificateNameDerivedIssuers(X509Credential requestCredential,
MessageContext messageContext)
Deprecated.
|
protected String |
ClientCertAuthRule.evaluateCertificateNameDerivedPresenters(X509Credential requestCredential,
MessageContext messageContext)
Evaluate candidate presenter entity ID's which may be derived from the request credential's entity certificate
according to the options supplied via
CertificateNameOptions . |
protected String |
ClientCertAuthRule.evaluateDerivedIssuers(X509Credential requestCredential,
MessageContext messageContext)
Deprecated.
|
protected String |
ClientCertAuthRule.evaluateDerivedPresenters(X509Credential requestCredential,
MessageContext messageContext)
Evaluate any candidate presenter entity ID's which may be derived from the credential or other message context
information.
|
protected String |
ClientCertAuthRule.evaluateSubjectAltNames(X509Credential requestCredential,
MessageContext messageContext)
Evaluate the presenter entity ID as derived from the cert subject alternative names specified by types enumerated
in
CertificateNameOptions.getSubjectAltNames() . |
protected String |
ClientCertAuthRule.evaluateSubjectCommonName(X509Credential requestCredential,
MessageContext messageContext)
Evaluate the presenter entity ID as derived from the cert subject common name (CN).
|
protected String |
ClientCertAuthRule.evaluateSubjectDN(X509Credential requestCredential,
MessageContext messageContext)
Evaluate the presenter entity ID as derived from the cert subject DN.
|
Constructor and Description |
---|
ClientCertAuthRule(TrustEngine<X509Credential> engine,
CertificateNameOptions nameOptions)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected X509Credential |
KeyStoreCredentialResolver.processPrivateKeyEntry(KeyStore.PrivateKeyEntry privateKeyEntry,
String entityID,
UsageType usage)
Build an X509Credential from a keystore private key entry.
|
protected X509Credential |
KeyStoreCredentialResolver.processTrustedCertificateEntry(KeyStore.TrustedCertificateEntry trustedCertEntry,
String entityID,
UsageType usage)
Build an X509Credential from a keystore trusted certificate entry.
|
Modifier and Type | Method and Description |
---|---|
protected void |
ExplicitX509CertificateTrustEngine.checkParams(X509Credential untrustedCredential,
CriteriaSet trustBasisCriteria)
Check the parameters for required values.
|
boolean |
ExplicitX509CertificateTrustEngine.validate(X509Credential untrustedCredential,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an
implementation-specific manner.
|
boolean |
ExplicitX509CertificateTrustEvaluator.validate(X509Credential untrustedCredential,
Iterable<Credential> trustedCredentials)
Evaluate trust.
|
boolean |
ExplicitX509CertificateTrustEvaluator.validate(X509Credential untrustedCredential,
X509Credential trustedCredential)
Evaluate trust.
|
Modifier and Type | Class and Description |
---|---|
class |
BasicX509Credential
A basic implementation of
X509Credential . |
class |
KeyStoreX509CredentialAdapter
A wrapper that changes a
KeyStore in to a X509Credential . |
class |
X509KeyManagerX509CredentialAdapter
A class that wraps a
X509KeyManager and exposes it as an X509Credential . |
Modifier and Type | Method and Description |
---|---|
protected CertStore |
CertPathPKIXTrustEvaluator.buildCertStore(PKIXValidationInformation validationInfo,
X509Credential untrustedCredential)
Creates the certificate store that will be used during validation.
|
protected boolean |
PKIXX509CredentialTrustEngine.checkNames(Set<String> trustedNames,
X509Credential untrustedCredential)
Evaluate the credential against the set of trusted names.
|
boolean |
X509CredentialNameEvaluator.evaluate(X509Credential credential,
Set<String> trustedNames)
Evaluate the specified credential against the specified set of trusted names.
|
boolean |
BasicX509CredentialNameEvaluator.evaluate(X509Credential credential,
Set<String> trustedNames)
Evaluate the specified credential against the specified set of trusted names.
|
static String |
X509Util.getIdentifiersToken(X509Credential credential,
X500DNHandler handler)
Gets a formatted string representing identifier information from the supplied credential.
|
protected PKIXBuilderParameters |
CertPathPKIXTrustEvaluator.getPKIXBuilderParameters(PKIXValidationInformation validationInfo,
X509Credential untrustedCredential)
Creates the set of PKIX builder parameters to use when building the cert path builder.
|
protected void |
X509KeyInfoGeneratorFactory.X509KeyInfoGenerator.processCRLs(KeyInfo keyInfo,
X509Data x509Data,
X509Credential credential)
Process the value of
getCRLs() . |
protected void |
X509KeyInfoGeneratorFactory.X509KeyInfoGenerator.processEntityCertificate(KeyInfo keyInfo,
X509Data x509Data,
X509Credential credential)
Process the value of
getEntityCertificate() . |
protected void |
X509KeyInfoGeneratorFactory.X509KeyInfoGenerator.processEntityCertificateChain(KeyInfo keyInfo,
X509Data x509Data,
X509Credential credential)
Process the value of
getEntityCertificateChain() . |
protected boolean |
BasicX509CredentialNameEvaluator.processNameChecks(X509Credential credential,
Set<String> trustedNames)
Process any name checks that are enabled.
|
boolean |
PKIXTrustEvaluator.validate(PKIXValidationInformation validationInfo,
X509Credential untrustedCredential)
Validate the specified credential against the specified set of trusted validation information.
|
boolean |
CertPathPKIXTrustEvaluator.validate(PKIXValidationInformation validationInfo,
X509Credential untrustedCredential)
Validate the specified credential against the specified set of trusted validation information.
|
boolean |
PKIXX509CredentialTrustEngine.validate(X509Credential untrustedCredential,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an
implementation-specific manner.
|
protected boolean |
PKIXX509CredentialTrustEngine.validate(X509Credential untrustedX509Credential,
Set<String> trustedNames,
Iterable<PKIXValidationInformation> validationInfoSet)
Perform PKIX validation on the untrusted credential, using PKIX validation information based on the supplied set
of trusted credentials.
|
Modifier and Type | Method and Description |
---|---|
protected boolean |
PKIXSignatureTrustEngine.checkNames(Set<String> trustedNames,
X509Credential untrustedCredential)
Evaluate the credential against the set of trusted names.
|
Copyright © 2018 JBoss by Red Hat. All rights reserved.