org.opensaml.security.credential.CredentialResolver Java Examples
The following examples show how to use
org.opensaml.security.credential.CredentialResolver.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SamlAuthProviderFactory.java From centraldogma with Apache License 2.0 | 6 votes |
|
private static CredentialResolver credentialResolver(KeyStore keyStore)
throws IOException, GeneralSecurityException {
final KeyStoreCredentialResolverBuilder builder;
final String path = keyStore.path();
final File file = new File(path);
if (file.isFile()) {
builder = new KeyStoreCredentialResolverBuilder(file);
} else {
builder = new KeyStoreCredentialResolverBuilder(
SamlAuthProviderFactory.class.getClassLoader(), path);
}
builder.type(keyStore.type())
.password(keyStore.password())
.addKeyPasswords(keyStore.keyPasswords());
return builder.build();
}
Example #2
| Source File: MockSamlIdpServer.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
private SignatureTrustEngine buildSignatureTrustEngine(X509Certificate certificate) {
CredentialResolver credentialResolver = new StaticCredentialResolver(new BasicX509Credential(certificate));
KeyInfoCredentialResolver keyInfoCredentialResolver = new StaticKeyInfoCredentialResolver(
new BasicX509Credential(certificate));
return new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoCredentialResolver);
}
Example #3
| Source File: Main.java From armeria with Apache License 2.0 | 5 votes |
|
/**
* Configures an identity provider with <a href="https://idp.ssocircle.com/meta-idp.xml">
* the metadata of the SSOCircle</a>. You must <a href="https://idp.ssocircle.com/sso/hos/SPMetaInter.jsp">
* register</a> this service provider, which we are configuring here, to the SSOCircle.
* You can get the metadata of this service provider from {@code https://localhost:8443/saml/metadata}
* after starting this server.
*
* <p>The {@code signing} and {@code encryption} key pair in the keystore {@code sample.jks} can be
* generated with the following commands:
* <pre>{@code
* $ keytool -genkeypair -keystore sample.jks -storepass 'N5^X[hvG' -keyalg rsa -sigalg sha1withrsa \
* -dname 'CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown' -alias signing
*
* $ keytool -genkeypair -keystore sample.jks -storepass 'N5^X[hvG' -keyalg rsa -sigalg sha1withrsa \
* -dname 'CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown' -alias encryption
* }</pre>
*
* <p>The certificate of the SSOCircle can be imported into the keystore with the following command.
* You can specify its alias as same as its entity ID so that you do not need to specify the alias
* when building a {@link SamlServiceProvider}. You can make {@code ssocircle.crt} file with
* the certificate from <a href="https://www.ssocircle.com/en/idp-tips-tricks/public-idp-configuration/">
* Public IDP Configuration</a> of SSOCircle.
* <pre>{@code
* $ keytool -importcert -keystore sample.jks -storepass 'N5^X[hvG' -file ssocircle.crt \
* -alias 'https://idp.ssocircle.com'
* }</pre>
*/
private static SamlServiceProvider samlServiceProvider() throws IOException, GeneralSecurityException {
final MyAuthHandler authHandler = new MyAuthHandler();
// Specify information about your keystore.
// The keystore contains two key pairs, which are identified as 'signing' and 'encryption'.
final CredentialResolver credentialResolver =
new KeyStoreCredentialResolverBuilder(Main.class.getClassLoader(), "sample.jks")
.type("PKCS12")
.password("N5^X[hvG")
// You need to specify your key pair and its password here.
.addKeyPassword("signing", "N5^X[hvG")
.addKeyPassword("encryption", "N5^X[hvG")
.build();
return SamlServiceProvider.builder()
.credentialResolver(credentialResolver)
// Specify the entity ID of this service provider.
// You can specify what you want.
.entityId("armeria-sp")
.hostname("localhost")
// Specify an authorizer in order to authenticate a request.
.authorizer(authHandler)
// Speicify an SAML single sign-on handler
// which sends a response to an end user
// after he or she is authenticated or not.
.ssoHandler(authHandler)
// Specify the signature algorithm of your key.
.signatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA)
// The following information is from
// https://idp.ssocircle.com/meta-idp.xml.
.idp()
// Specify the entity ID of the identity provider.
// It can be found from the metadata of the identity provider.
.entityId("https://idp.ssocircle.com")
// Specify the endpoint that is supposed to send an authentication request.
.ssoEndpoint(ofHttpPost("https://idp.ssocircle.com:443/sso/SSOPOST/metaAlias/publicidp"))
.and()
.build();
}
Example #4
| Source File: KeyStoreCredentialResolverBuilder.java From armeria with Apache License 2.0 | 5 votes |
|
/**
* Creates a new {@link KeyStoreCredentialResolver}.
*/
public CredentialResolver build() throws IOException, GeneralSecurityException {
final KeyStore ks = KeyStore.getInstance(type);
try (InputStream is = open()) {
ks.load(is, password != null ? password.toCharArray() : null);
}
return new KeyStoreCredentialResolver(ks, keyPasswords);
}
Example #5
| Source File: SamlServiceProviderBuilder.java From armeria with Apache License 2.0 | 4 votes |
|
CredentialResolverAdapter(CredentialResolver resolver) {
this.resolver = requireNonNull(resolver, "resolver");
}
