| Package | Description |
|---|---|
| org.opensaml.saml.common.binding.security.impl |
Classes responsible for performing transport-related and basic message
validation of decoded SAML messages.
|
| org.opensaml.saml.saml2.binding.encoding.impl |
SAML 1.x message encoders.
|
| org.opensaml.saml.saml2.binding.security.impl |
Security-related message handlers for SAML 2.
|
| org.opensaml.saml.security.impl |
Classes related to verifying various credentials within a SAML system.
|
| org.opensaml.security.credential |
Interfaces and classes related to credentials and ways to represent them.
|
| org.opensaml.security.credential.criteria.impl |
Implementations of
Criterion where the
parameterized evaluation target type is Credential. |
| org.opensaml.security.credential.impl |
CredentialResolver implementation classes. |
| org.opensaml.security.crypto |
General cryptographic functionality.
|
| org.opensaml.security.messaging |
Messaging-related security classes.
|
| org.opensaml.security.trust.impl |
TrustEngine implementation classes. |
| org.opensaml.security.x509 |
X.509-based credential and trust classes.
|
| org.opensaml.security.x509.impl |
TrustEngine implementation classes related to PKIX. |
| org.opensaml.xmlsec |
Configuration and support classes for security.
|
| org.opensaml.xmlsec.algorithm |
Configuration and support classes for security algorithms.
|
| org.opensaml.xmlsec.crypto |
Support classes for XML Security operations.
|
| org.opensaml.xmlsec.encryption.support |
Functional support for XML Encryption.
|
| org.opensaml.xmlsec.impl |
Implementation of configuration and parameter resolver classes.
|
| org.opensaml.xmlsec.keyinfo |
Classes in support of processing XML Signature KeyInfo material.
|
| org.opensaml.xmlsec.keyinfo.impl |
Interfaces and classes for working with XML KeyInfo elements.
|
| org.opensaml.xmlsec.keyinfo.impl.provider |
Specific implementations of
KeyInfoProvider. |
| org.opensaml.xmlsec.signature |
XMLObject interfaces and helper classes for representing digitally signed content and signing/validating content.
|
| org.opensaml.xmlsec.signature.impl |
Implementations of the interfaces for XMLObjects that represent XML signature types.
|
| org.opensaml.xmlsec.signature.support |
Functional support for XML Signature.
|
| org.opensaml.xmlsec.signature.support.impl |
Implementations of signature evaluation functions.
|
| org.opensaml.xmlsec.signature.support.provider |
Provides Santuario-specific implementation of signing and validation.
|
| Modifier and Type | Method and Description |
|---|---|
protected List<Credential> |
BaseSAMLSimpleSignatureSecurityHandler.getRequestCredentials(org.opensaml.messaging.context.MessageContext messageContext)
Extract any candidate validation credentials from the request and/or message context.
|
| Modifier and Type | Method and Description |
|---|---|
protected boolean |
BaseSAMLSimpleSignatureSecurityHandler.validateSignature(byte[] signature,
byte[] signedContent,
String algorithmURI,
CriteriaSet criteriaSet,
List<Credential> candidateCredentials)
Validate the simple signature.
|
| Modifier and Type | Method and Description |
|---|---|
protected String |
HTTPPostSimpleSignEncoder.buildKeyInfo(Credential signingCredential,
KeyInfoGenerator kiGenerator)
Build the
KeyInfo from the signing credential. |
protected String |
HTTPRedirectDeflateEncoder.generateSignature(Credential signingCredential,
String algorithmURI,
String queryString)
Generates the signature over the query string.
|
protected String |
HTTPPostSimpleSignEncoder.generateSignature(Credential signingCredential,
String algorithmURI,
String formData)
Generates the signature over the string of concatenated form control data as indicated by the SimpleSign spec.
|
| Modifier and Type | Method and Description |
|---|---|
protected List<Credential> |
SAML2HTTPPostSimpleSignSecurityHandler.getRequestCredentials(org.opensaml.messaging.context.MessageContext samlContext)
Extract any candidate validation credentials from the request and/or message context.
|
| Modifier and Type | Method and Description |
|---|---|
protected Collection<Credential> |
MetadataCredentialResolver.resolveFromMetadata(CriteriaSet criteriaSet,
String entityID,
QName role,
String protocol,
UsageType usage)
Resolves credentials using this resolver's configured instance of
RoleDescriptorResolver. |
protected Collection<Credential> |
MetadataCredentialResolver.resolveFromRoleDescriptor(CriteriaSet criteriaSet,
RoleDescriptor roleDescriptor,
UsageType usage)
Resolves credentials using a supplied instance of
RoleDescriptor. |
protected Iterable<Credential> |
MetadataCredentialResolver.resolveFromSource(CriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the
implementation-specific type of underlying credential source.
|
| Modifier and Type | Method and Description |
|---|---|
protected boolean |
SAMLMetadataEncryptionParametersResolver.credentialSupportsEncryptionMethod(Credential credential,
EncryptionMethod encryptionMethod)
Evaluate whether the specified credential is supported for use with the specified
EncryptionMethod. |
protected boolean |
SAMLMetadataSignatureSigningParametersResolver.credentialSupportsSigningMethod(Credential credential,
SigningMethod signingMethod)
Evaluate whether the specified credential is supported for use with the specified
SigningMethod. |
protected Pair<String,EncryptionMethod> |
SAMLMetadataEncryptionParametersResolver.resolveKeyTransportAlgorithm(Credential keyTransportCredential,
CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate,
String dataEncryptionAlgorithm,
SAMLMDCredentialContext metadataCredContext)
Determine the key transport algorithm URI to use with the specified credential, also returning the associated
EncryptionMethod from metadata if relevant. |
| Modifier and Type | Method and Description |
|---|---|
protected void |
MetadataCredentialResolver.extractCredentials(HashSet<Credential> accumulator,
KeyDescriptor keyDescriptor,
String entityID,
UsageType mdUsage)
Extract the credentials from the specified KeyDescriptor.
|
protected void |
MetadataCredentialResolver.processRoleDescriptor(HashSet<Credential> accumulator,
RoleDescriptor roleDescriptor,
String entityID,
UsageType usage)
Process a RoleDescriptor by examing each of its KeyDescriptors.
|
| Modifier and Type | Interface and Description |
|---|---|
interface |
MutableCredential
A specialization of
Credential which supports mutation of its properties. |
| Modifier and Type | Class and Description |
|---|---|
class |
AbstractCredential
Base class for
Credential implementations. |
class |
BasicCredential
A basic implementation of
Credential. |
| Modifier and Type | Method and Description |
|---|---|
Class<? extends Credential> |
Credential.getCredentialType()
Get the primary type of the credential instance.
|
Class<? extends Credential> |
BasicCredential.getCredentialType()
Get the primary type of the credential instance.
|
| Modifier and Type | Method and Description |
|---|---|
static Key |
CredentialSupport.extractDecryptionKey(Credential credential)
Extract the decryption key from the credential.
|
static Key |
CredentialSupport.extractEncryptionKey(Credential credential)
Extract the encryption key from the credential.
|
static Key |
CredentialSupport.extractSigningKey(Credential credential)
Extract the signing key from the credential.
|
static Key |
CredentialSupport.extractVerificationKey(Credential credential)
Extract the verification key from the credential.
|
| Modifier and Type | Method and Description |
|---|---|
boolean |
EvaluableX509SubjectNameCredentialCriterion.apply(Credential target) |
boolean |
EvaluableX509SubjectKeyIdentifierCredentialCriterion.apply(Credential target) |
boolean |
EvaluableX509IssuerSerialCredentialCriterion.apply(Credential target) |
boolean |
EvaluableX509DigestCredentialCriterion.apply(Credential target) |
boolean |
EvaluableX509CertSelectorCredentialCriterion.apply(Credential target) |
boolean |
EvaluableUsageCredentialCriterion.apply(Credential target) |
boolean |
EvaluablePublicKeyCredentialCriterion.apply(Credential target) |
boolean |
EvaluableKeyNameCredentialCriterion.apply(Credential target) |
boolean |
EvaluableKeyLengthCredentialCriterion.apply(Credential target) |
boolean |
EvaluableKeyAlgorithmCredentialCriterion.apply(Credential target) |
boolean |
EvaluableEntityIDCredentialCriterion.apply(Credential target) |
| Modifier and Type | Method and Description |
|---|---|
protected Credential |
KeyStoreCredentialResolver.buildCredential(KeyStore.Entry keyStoreEntry,
String entityID,
UsageType usage)
Build a credential instance from the key store entry.
|
Credential |
AbstractChainingCredentialResolver.CredentialIterator.next() |
protected Credential |
KeyStoreCredentialResolver.processSecretKeyEntry(KeyStore.SecretKeyEntry secretKeyEntry,
String entityID,
UsageType usage)
Build a Credential from a keystore secret key entry.
|
Credential |
AbstractCredentialResolver.resolveSingle(CriteriaSet criteriaSet)
Process the specified criteria and return a single instance of the product type
which satisfies the criteria.
|
| Modifier and Type | Method and Description |
|---|---|
Collection<Credential> |
CollectionCredentialResolver.getCollection()
Get the (modifiable) credential collection which is the backing store for the resolver.
|
Iterator<Credential> |
AbstractChainingCredentialResolver.CredentialIterable.iterator() |
Iterable<Credential> |
StaticCredentialResolver.resolve(CriteriaSet criteria)
Process the specified criteria and return the resulting instances of the product type
which satisfy the criteria.
|
Iterable<Credential> |
AbstractCriteriaFilteringCredentialResolver.resolve(CriteriaSet criteriaSet)
Process the specified criteria and return the resulting instances of the product type
which satisfy the criteria.
|
abstract Iterable<Credential> |
AbstractCredentialResolver.resolve(CriteriaSet criteriaSet)
Process the specified criteria and return the resulting instances of the product type
which satisfy the criteria.
|
Iterable<Credential> |
AbstractChainingCredentialResolver.resolve(CriteriaSet criteriaSet)
Process the specified criteria and return the resulting instances of the product type
which satisfy the criteria.
|
protected Iterable<Credential> |
KeyStoreCredentialResolver.resolveFromSource(CriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the
implementation-specific type of underlying credential source.
|
protected Iterable<Credential> |
FilesystemCredentialResolver.resolveFromSource(CriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the
implementation-specific type of underlying credential source.
|
protected Iterable<Credential> |
CollectionCredentialResolver.resolveFromSource(CriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the
implementation-specific type of underlying credential source.
|
protected abstract Iterable<Credential> |
AbstractCriteriaFilteringCredentialResolver.resolveFromSource(CriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the
implementation-specific type of underlying credential source.
|
| Constructor and Description |
|---|
StaticCredentialResolver(Credential credential)
Constructor.
|
| Constructor and Description |
|---|
CollectionCredentialResolver(Collection<Credential> credentials)
Constructor.
|
StaticCredentialResolver(List<Credential> credentials)
Constructor.
|
| Modifier and Type | Method and Description |
|---|---|
static byte[] |
SigningUtil.sign(Credential signingCredential,
String jcaAlgorithmID,
boolean isMAC,
byte[] input)
Compute the signature or MAC value over the supplied input.
|
static boolean |
SigningUtil.verify(Credential verificationCredential,
String jcaAlgorithmID,
boolean isMAC,
byte[] signature,
byte[] input)
Verify the signature value computed over the supplied input against the supplied signature value.
|
| Modifier and Type | Class and Description |
|---|---|
class |
ServletRequestX509CredentialAdapter
An adapter that exposes the X.509 certificates contained in the servlet request attribute.
|
| Modifier and Type | Method and Description |
|---|---|
Class<? extends Credential> |
ServletRequestX509CredentialAdapter.getCredentialType()
Get the primary type of the credential instance.
|
| Modifier and Type | Method and Description |
|---|---|
boolean |
ExplicitKeyTrustEvaluator.validate(Credential untrustedCredential,
Credential trustedCredential)
Evaluate trust.
|
boolean |
ExplicitKeyTrustEngine.validate(Credential untrustedCredential,
CriteriaSet trustBasisCriteria)
Validates the token against trusted information obtained in an
implementation-specific manner.
|
boolean |
ExplicitKeyTrustEvaluator.validate(Credential untrustedCredential,
Iterable<Credential> trustedCredentials)
Evaluate trust.
|
| Modifier and Type | Method and Description |
|---|---|
boolean |
ExplicitKeyTrustEvaluator.validate(Credential untrustedCredential,
Iterable<Credential> trustedCredentials)
Evaluate trust.
|
boolean |
ExplicitX509CertificateTrustEvaluator.validate(X509Credential untrustedCredential,
Iterable<Credential> trustedCredentials)
Evaluate trust.
|
| Modifier and Type | Interface and Description |
|---|---|
interface |
X509Credential
An entity credential based on key material and other information (e.g.
|
| Modifier and Type | Class and Description |
|---|---|
class |
BasicX509Credential
A basic implementation of
X509Credential. |
| Modifier and Type | Method and Description |
|---|---|
Class<? extends Credential> |
BasicX509Credential.getCredentialType()
Get the primary type of the credential instance.
|
| Modifier and Type | Class and Description |
|---|---|
class |
KeyStoreX509CredentialAdapter
A wrapper that changes a
KeyStore in to a X509Credential. |
class |
X509KeyManagerX509CredentialAdapter
A class that wraps a
X509KeyManager and exposes it as an X509Credential. |
| Modifier and Type | Method and Description |
|---|---|
Class<? extends Credential> |
X509KeyManagerX509CredentialAdapter.getCredentialType()
Get the primary type of the credential instance.
|
Class<? extends Credential> |
KeyStoreX509CredentialAdapter.getCredentialType()
Get the primary type of the credential instance.
|
| Modifier and Type | Method and Description |
|---|---|
Credential |
EncryptionParameters.getDataEncryptionCredential()
Get the encryption credential to use when encrypting the EncryptedData.
|
Credential |
KeyTransportAlgorithmPredicate.SelectionInput.getKeyTransportCredential()
Get the candidate key transport credential.
|
Credential |
EncryptionParameters.getKeyTransportEncryptionCredential()
Get the encryption credential to use when encrypting the EncryptedKey.
|
Credential |
SignatureSigningParameters.getSigningCredential()
Get the signing credential to use when signing.
|
| Modifier and Type | Method and Description |
|---|---|
List<Credential> |
EncryptionConfiguration.getDataEncryptionCredentials()
Get the list of data encryption credentials to use, in preference order.
|
List<Credential> |
EncryptionConfiguration.getKeyTransportEncryptionCredentials()
Get the list of key transport encryption credentials to use, in preference order.
|
List<Credential> |
SignatureSigningConfiguration.getSigningCredentials()
Get the list of signing credentials to use when signing, in preference order.
|
| Modifier and Type | Method and Description |
|---|---|
void |
EncryptionParameters.setDataEncryptionCredential(Credential credential)
Set the encryption credential to use when encrypting the EncryptedData.
|
void |
EncryptionParameters.setKeyTransportEncryptionCredential(Credential credential)
Set the encryption credential to use when encrypting the EncryptedKey.
|
void |
SignatureSigningParameters.setSigningCredential(Credential credential)
Set the signing credential to use when signing.
|
| Constructor and Description |
|---|
SelectionInput(String keyTransportAlgorithmCandidate,
String dataEncryptionAlgorithmCandidate,
Credential keyTransportCredentialCandidate)
Constructor.
|
| Modifier and Type | Method and Description |
|---|---|
static Credential |
AlgorithmSupport.generateKeyPairAndCredential(String algorithmURI,
int keyLength,
boolean includePrivate)
Generate a random asymmetric key pair and return in a BasicCredential.
|
static Credential |
AlgorithmSupport.generateSymmetricKeyAndCredential(String algorithmURI)
Generate a random symmetric key and return in a BasicCredential.
|
| Modifier and Type | Method and Description |
|---|---|
static boolean |
AlgorithmSupport.credentialSupportsAlgorithmForEncryption(Credential credential,
AlgorithmDescriptor algorithm)
Check whether the supplied credential may be used with the supplied algorithm for the purpose of
encryption.
|
static boolean |
AlgorithmSupport.credentialSupportsAlgorithmForSigning(Credential credential,
AlgorithmDescriptor algorithm)
Check whether the supplied credential may be used with the supplied algorithm for the purpose of
signing.
|
| Modifier and Type | Method and Description |
|---|---|
static byte[] |
XMLSigningUtil.signWithURI(Credential signingCredential,
String algorithmURI,
byte[] input)
Compute the signature or MAC value over the supplied input.
|
static boolean |
XMLSigningUtil.verifyWithURI(Credential verificationCredential,
String algorithmURI,
byte[] signature,
byte[] input)
Verify the signature value computed over the supplied input against the supplied signature value.
|
| Modifier and Type | Method and Description |
|---|---|
Credential |
DataEncryptionParameters.getEncryptionCredential()
Gets the credential used to encrypt.
|
| Modifier and Type | Method and Description |
|---|---|
void |
DataEncryptionParameters.setEncryptionCredential(Credential newEncryptionCredential)
Sets the credential used to encrypt.
|
| Modifier and Type | Method and Description |
|---|---|
protected Credential |
BasicEncryptionParametersResolver.generateDataEncryptionCredential(String dataEncryptionAlgorithm)
Generate a random data encryption symmetric key credential.
|
| Modifier and Type | Method and Description |
|---|---|
List<Credential> |
BasicEncryptionConfiguration.getDataEncryptionCredentials()
Get the list of data encryption credentials to use, in preference order.
|
protected List<Credential> |
BasicEncryptionParametersResolver.getEffectiveDataEncryptionCredentials(CriteriaSet criteria)
Get the effective list of data encryption credentials to consider.
|
protected List<Credential> |
BasicEncryptionParametersResolver.getEffectiveKeyTransportCredentials(CriteriaSet criteria)
Get the effective list of key transport credentials to consider.
|
protected List<Credential> |
BasicSignatureSigningParametersResolver.getEffectiveSigningCredentials(CriteriaSet criteria)
Get the effective list of signing credentials to consider.
|
List<Credential> |
BasicEncryptionConfiguration.getKeyTransportEncryptionCredentials()
Get the list of key transport encryption credentials to use, in preference order.
|
List<Credential> |
BasicSignatureSigningConfiguration.getSigningCredentials()
Get the list of signing credentials to use when signing, in preference order.
|
| Modifier and Type | Method and Description |
|---|---|
protected boolean |
BasicSignatureSigningParametersResolver.credentialSupportsAlgorithm(Credential credential,
String algorithm)
Evaluate whether the specified credential is supported for use with the specified algorithm URI.
|
protected boolean |
BasicEncryptionParametersResolver.credentialSupportsAlgorithm(Credential credential,
String algorithm)
Evaluate whether the specified credential is supported for use with the specified algorithm URI.
|
protected KeyInfoGenerator |
AbstractSecurityParametersResolver.lookupKeyInfoGenerator(Credential credential,
NamedKeyInfoGeneratorManager manager,
String keyInfoProfileName)
Resolve a
KeyInfoGenerator instance based on a NamedKeyInfoGeneratorManager,
Credential and optional KeyInfo generation profile name. |
protected String |
BasicEncryptionParametersResolver.resolveDataEncryptionAlgorithm(Credential dataEncryptionCredential,
CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
Determine the data encryption algorithm URI to use with the specified data encryption credential.
|
protected String |
BasicEncryptionParametersResolver.resolveDataEncryptionAlgorithm(Credential dataEncryptionCredential,
List<String> dataEncryptionAlgorithms)
Determine the data encryption algorithm URI, considering the optionally specified data encryption credential.
|
protected KeyInfoGenerator |
BasicEncryptionParametersResolver.resolveDataKeyInfoGenerator(CriteriaSet criteria,
Credential dataEncryptionCredential)
Resolve and return the
KeyInfoGenerator instance to use with the specified data encryption credential. |
protected Integer |
BasicSignatureSigningParametersResolver.resolveHMACOutputLength(CriteriaSet criteria,
Credential signingCredential,
String algorithmURI)
Resolve and return the effective HMAC output length to use, if applicable to the specified signing credential
and signature method algorithm URI.
|
protected KeyInfoGenerator |
BasicSignatureSigningParametersResolver.resolveKeyInfoGenerator(CriteriaSet criteria,
Credential signingCredential)
Resolve and return the
KeyInfoGenerator instance to use with the specified credential. |
protected String |
BasicEncryptionParametersResolver.resolveKeyTransportAlgorithm(Credential keyTransportCredential,
CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate,
String dataEncryptionAlgorithm)
Determine the key transport algorithm URI to use with the specified credential.
|
protected String |
BasicEncryptionParametersResolver.resolveKeyTransportAlgorithm(Credential keyTransportCredential,
List<String> keyTransportAlgorithms,
String dataEncryptionAlgorithm,
KeyTransportAlgorithmPredicate keyTransportPredicate)
Determine the key transport encryption algorithm URI to use with the specified key transport credential
and optional data encryption algorithm URI.
|
protected KeyInfoGenerator |
BasicEncryptionParametersResolver.resolveKeyTransportKeyInfoGenerator(CriteriaSet criteria,
Credential keyTransportEncryptionCredential)
Resolve and return the
KeyInfoGenerator instance to use with the specified key transport credential. |
| Modifier and Type | Method and Description |
|---|---|
void |
BasicEncryptionConfiguration.setDataEncryptionCredentials(List<Credential> credentials)
Set the data encryption credentials to use.
|
void |
BasicEncryptionConfiguration.setKeyTransportEncryptionCredentials(List<Credential> credentials)
Set the key transport encryption credentials to use.
|
void |
BasicSignatureSigningConfiguration.setSigningCredentials(List<Credential> credentials)
Set the signing credentials to use when signing.
|
| Modifier and Type | Method and Description |
|---|---|
Class<? extends Credential> |
KeyInfoGeneratorFactory.getCredentialType()
Get the type (interface) of the specific type of credential handled by generators produced by
this factory.
|
| Modifier and Type | Method and Description |
|---|---|
KeyInfo |
KeyInfoGenerator.generate(Credential credential)
Generate a new KeyInfo object based on keying material and other information within a credential.
|
KeyInfoGeneratorFactory |
KeyInfoGeneratorManager.getFactory(Credential credential)
Get the factory which produces KeyInfoGenerators which can handle
the specified credential.
|
KeyInfoGeneratorFactory |
NamedKeyInfoGeneratorManager.getFactory(String name,
Credential credential)
Lookup and return the named generator factory for the type of the credential specified.
|
static KeyInfoGenerator |
KeyInfoSupport.getKeyInfoGenerator(Credential credential,
NamedKeyInfoGeneratorManager manager,
String keyInfoProfileName)
Obtains a
KeyInfoGenerator for the specified Credential. |
boolean |
KeyInfoGeneratorFactory.handles(Credential credential)
Check whether the generators produced by this factory can handle the specified credential.
|
| Modifier and Type | Method and Description |
|---|---|
protected Credential |
BasicProviderKeyInfoCredentialResolver.buildBasicCredential(Key key,
Set<String> keyNames)
Construct a basic credential containing the specified key and set of key names.
|
| Modifier and Type | Method and Description |
|---|---|
Class<? extends Credential> |
X509KeyInfoGeneratorFactory.getCredentialType()
Get the type (interface) of the specific type of credential handled by generators produced by
this factory.
|
Class<? extends Credential> |
BasicKeyInfoGeneratorFactory.getCredentialType()
Get the type (interface) of the specific type of credential handled by generators produced by
this factory.
|
Collection<Credential> |
KeyInfoResolutionContext.getResolvedCredentials()
Get the set of credentials previously resolved.
|
Collection<Credential> |
KeyInfoProvider.process(KeyInfoCredentialResolver resolver,
XMLObject keyInfoChild,
CriteriaSet criteriaSet,
KeyInfoResolutionContext kiContext)
Process a specified KeyInfo child (XMLobject) and attempt to resolve a credential from it.
|
protected Collection<Credential> |
BasicProviderKeyInfoCredentialResolver.processKeyInfoChild(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
XMLObject keyInfoChild)
Process the given KeyInfo child with the registered providers.
|
protected Collection<? extends Credential> |
LocalKeyInfoCredentialResolver.resolveByKeyName(String keyName)
Resolve credentials from local resolver using key name criteria.
|
protected Collection<? extends Credential> |
LocalKeyInfoCredentialResolver.resolveByPublicKey(PublicKey publicKey)
Resolve credentials from local resolver using public key criteria.
|
protected Iterable<Credential> |
BasicProviderKeyInfoCredentialResolver.resolveFromSource(CriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the
implementation-specific type of underlying credential source.
|
| Modifier and Type | Method and Description |
|---|---|
protected Key |
BasicProviderKeyInfoCredentialResolver.extractKeyValue(Credential cred)
Utility method to extract any key that might be present in the specified Credential.
|
KeyInfo |
X509KeyInfoGeneratorFactory.X509KeyInfoGenerator.generate(Credential credential)
Generate a new KeyInfo object based on keying material and other information within a credential.
|
KeyInfo |
StaticKeyInfoGenerator.generate(Credential credential)
Generate a new KeyInfo object based on keying material and other information within a credential.
|
KeyInfo |
BasicKeyInfoGeneratorFactory.BasicKeyInfoGenerator.generate(Credential credential)
Generate a new KeyInfo object based on keying material and other information within a credential.
|
boolean |
X509KeyInfoGeneratorFactory.handles(Credential credential)
Check whether the generators produced by this factory can handle the specified credential.
|
boolean |
BasicKeyInfoGeneratorFactory.handles(Credential credential)
Check whether the generators produced by this factory can handle the specified credential.
|
protected boolean |
LocalKeyInfoCredentialResolver.isLocalCredential(Credential credential)
Determine whether the credential is a local credential.
|
protected void |
BasicKeyInfoGeneratorFactory.BasicKeyInfoGenerator.processEntityID(KeyInfo keyInfo,
Credential credential)
Process the value of
getEntityId(). |
protected void |
BasicKeyInfoGeneratorFactory.BasicKeyInfoGenerator.processKeyNames(KeyInfo keyInfo,
Credential credential)
Process the values of
getKeyNames(). |
protected void |
BasicKeyInfoGeneratorFactory.BasicKeyInfoGenerator.processPublicKey(KeyInfo keyInfo,
Credential credential)
Process the value of
getPublicKey(). |
| Modifier and Type | Method and Description |
|---|---|
protected void |
LocalKeyInfoCredentialResolver.postProcess(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
List<Credential> credentials)
Hook for subclasses to do post-processing of the credential set after all KeyInfo children have been processed.
|
protected void |
BasicProviderKeyInfoCredentialResolver.postProcess(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
List<Credential> credentials)
Hook for subclasses to do post-processing of the credential set after all KeyInfo children have been processed.
|
protected void |
BasicProviderKeyInfoCredentialResolver.postProcessEmptyCredentials(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
List<Credential> credentials)
Hook for processing the case where no credentials were returned by any resolution method by any provider, nor by
the processing of the
BasicProviderKeyInfoCredentialResolver.postProcess(KeyInfoResolutionContext, CriteriaSet, List) hook. |
protected void |
BasicProviderKeyInfoCredentialResolver.processKeyInfoChildren(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
List<Credential> credentials)
Use registered providers to process the non-KeyValue/DEREncodedKeyValue children of KeyInfo.
|
| Constructor and Description |
|---|
StaticKeyInfoCredentialResolver(Credential credential)
Constructor.
|
| Constructor and Description |
|---|
CollectionKeyInfoCredentialResolver(Collection<Credential> credentials)
Constructor.
|
KeyInfoResolutionContext(Collection<Credential> credentials)
Constructor.
|
StaticKeyInfoCredentialResolver(List<Credential> credentials)
Constructor.
|
| Modifier and Type | Method and Description |
|---|---|
Collection<Credential> |
RSAKeyValueProvider.process(KeyInfoCredentialResolver resolver,
XMLObject keyInfoChild,
CriteriaSet criteriaSet,
KeyInfoResolutionContext kiContext)
Process a specified KeyInfo child (XMLobject) and attempt to resolve a credential from it.
|
Collection<Credential> |
KeyInfoReferenceProvider.process(KeyInfoCredentialResolver resolver,
XMLObject keyInfoChild,
CriteriaSet criteriaSet,
KeyInfoResolutionContext kiContext)
Process a specified KeyInfo child (XMLobject) and attempt to resolve a credential from it.
|
Collection<Credential> |
InlineX509DataProvider.process(KeyInfoCredentialResolver resolver,
XMLObject keyInfoChild,
CriteriaSet criteriaSet,
KeyInfoResolutionContext kiContext)
Process a specified KeyInfo child (XMLobject) and attempt to resolve a credential from it.
|
Collection<Credential> |
DSAKeyValueProvider.process(KeyInfoCredentialResolver resolver,
XMLObject keyInfoChild,
CriteriaSet criteriaSet,
KeyInfoResolutionContext kiContext)
Process a specified KeyInfo child (XMLobject) and attempt to resolve a credential from it.
|
Collection<Credential> |
DEREncodedKeyValueProvider.process(KeyInfoCredentialResolver resolver,
XMLObject keyInfoChild,
CriteriaSet criteriaSet,
KeyInfoResolutionContext kiContext)
Process a specified KeyInfo child (XMLobject) and attempt to resolve a credential from it.
|
| Modifier and Type | Method and Description |
|---|---|
protected Key |
AbstractKeyInfoProvider.extractKeyValue(Credential cred)
Utility method to extract any key that might be present in the specified Credential.
|
| Modifier and Type | Method and Description |
|---|---|
Credential |
Signature.getSigningCredential()
Gets the signature signing credential.
|
| Modifier and Type | Method and Description |
|---|---|
void |
Signature.setSigningCredential(Credential newCredential)
Sets the signature signing credential.
|
| Modifier and Type | Method and Description |
|---|---|
Credential |
SignatureImpl.getSigningCredential()
Gets the signature signing credential.
|
| Modifier and Type | Method and Description |
|---|---|
void |
SignatureImpl.setSigningCredential(Credential newCredential)
Sets the signature signing credential.
|
| Modifier and Type | Method and Description |
|---|---|
boolean |
SignatureTrustEngine.validate(byte[] signature,
byte[] content,
String algorithmURI,
CriteriaSet trustBasisCriteria,
Credential candidateCredential)
Determines whether a raw signature over specified content is valid and signed by a trusted credential.
|
static void |
SignatureValidator.validate(Signature signature,
Credential validationCredential)
Validate the given XML Signature using the given candidate validation Credential.
|
void |
SignatureValidationProvider.validate(Signature signature,
Credential validationCredential)
Validate the given XML Signature using the given candidate validation Credential.
|
| Modifier and Type | Method and Description |
|---|---|
protected boolean |
PKIXSignatureTrustEngine.doValidate(byte[] signature,
byte[] content,
String algorithmURI,
CriteriaSet trustBasisCriteria,
Credential candidateCredential)
Determines whether a raw signature over specified content is valid and signed by a trusted credential.
|
protected boolean |
ExplicitKeySignatureTrustEngine.doValidate(byte[] signature,
byte[] content,
String algorithmURI,
CriteriaSet trustBasisCriteria,
Credential candidateCredential)
Determines whether a raw signature over specified content is valid and signed by a trusted credential.
|
protected abstract boolean |
BaseSignatureTrustEngine.doValidate(byte[] signature,
byte[] content,
String algorithmURI,
CriteriaSet trustBasisCriteria,
Credential candidateCredential)
Determines whether a raw signature over specified content is valid and signed by a trusted credential.
|
protected boolean |
ExplicitKeySignatureTrustEngine.evaluateTrust(Credential untrustedCredential,
Iterable<Credential> trustedCredentials)
Evaluate the untrusted KeyInfo-derived credential with respect to the specified trusted information.
|
protected boolean |
PKIXSignatureTrustEngine.evaluateTrust(Credential untrustedCredential,
Pair<Set<String>,Iterable<PKIXValidationInformation>> validationPair)
Evaluate the untrusted KeyInfo-derived credential with respect to the specified trusted information.
|
protected abstract boolean |
BaseSignatureTrustEngine.evaluateTrust(Credential untrustedCredential,
TrustBasisType trustBasis)
Evaluate the untrusted KeyInfo-derived credential with respect to the specified trusted information.
|
boolean |
ChainingSignatureTrustEngine.validate(byte[] signature,
byte[] content,
String algorithmURI,
CriteriaSet trustBasisCriteria,
Credential candidateCredential)
Determines whether a raw signature over specified content is valid and signed by a trusted credential.
|
boolean |
BaseSignatureTrustEngine.validate(byte[] signature,
byte[] content,
String algorithmURI,
CriteriaSet trustBasisCriteria,
Credential candidateCredential)
Determines whether a raw signature over specified content is valid and signed by a trusted credential.
|
protected boolean |
BaseSignatureTrustEngine.verifySignature(Signature signature,
Credential credential)
Attempt to verify a signature using the key from the supplied credential.
|
| Modifier and Type | Method and Description |
|---|---|
protected boolean |
ExplicitKeySignatureTrustEngine.evaluateTrust(Credential untrustedCredential,
Iterable<Credential> trustedCredentials)
Evaluate the untrusted KeyInfo-derived credential with respect to the specified trusted information.
|
| Modifier and Type | Method and Description |
|---|---|
void |
ApacheSantuarioSignatureValidationProviderImpl.validate(Signature signature,
Credential validationCredential)
Validate the given XML Signature using the given candidate validation Credential.
|
Copyright © 2016 JBoss by Red Hat. All rights reserved.