Examples with CriteriaSet net.shibboleth.utilities.java.support.resolver.CriteriaSet used on opensource projects

Example 36 with CriteriaSet

use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project verify-hub by alphagov.

the class CountrySingleSignOnServiceHelperTest method getSingleSignOn.

@Test
public void getSingleSignOn() throws Exception {
    // Given
    SingleSignOnServiceBuilder singleSignOnServiceBuilder = new SingleSignOnServiceBuilder();
    SingleSignOnService singleSignOnService = singleSignOnServiceBuilder.buildObject();
    singleSignOnService.setLocation("http://the-sso-location");
    IDPSSODescriptorBuilder idpssoDescriptorBuilder = new IDPSSODescriptorBuilder();
    IDPSSODescriptor idpssoDescriptor = idpssoDescriptorBuilder.buildObject();
    idpssoDescriptor.getSingleSignOnServices().add(singleSignOnService);
    idpssoDescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
    EntityDescriptorBuilder entityDescriptorBuilder = new EntityDescriptorBuilder();
    EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject();
    entityDescriptor.setEntityID("the-entity-id");
    entityDescriptor.getRoleDescriptors().add(idpssoDescriptor);
    when(metadataResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(entityDescriptor.getEntityID())))).thenReturn(entityDescriptor);
    // When
    URI singleSignOnUri = service.getSingleSignOn(entityDescriptor.getEntityID());
    // Then
    assertThat(singleSignOnUri.toString(), equalTo(singleSignOnService.getLocation()));
    verify(metadataResolver).resolveSingle(any(CriteriaSet.class));
}

Example 37 with CriteriaSet

use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project pac4j by pac4j.

the class SAML2LogoutResponseValidator method validateSignature.

/**
 * Validate the given digital signature by checking its profile and value.
 *
 * @param signature the signature
 * @param idpEntityId the idp entity id
 * @param trustEngine the trust engine
 */
protected final void validateSignature(final Signature signature, final String idpEntityId, final SignatureTrustEngine trustEngine) {
    final SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator();
    try {
        validator.validate(signature);
    } catch (final SignatureException e) {
        throw new SAMLSignatureValidationException("SAMLSignatureProfileValidator failed to validate signature", e);
    }
    final CriteriaSet criteriaSet = new CriteriaSet();
    criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
    criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
    criteriaSet.add(new ProtocolCriterion(SAMLConstants.SAML20P_NS));
    criteriaSet.add(new EntityIdCriterion(idpEntityId));
    final boolean valid;
    try {
        valid = trustEngine.validate(signature, criteriaSet);
    } catch (final SecurityException e) {
        throw new SAMLSignatureValidationException("An error occurred during signature validation", e);
    }
    if (!valid) {
        throw new SAMLSignatureValidationException("Signature is not trusted");
    }
}

Example 38 with CriteriaSet

use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project pac4j by pac4j.

the class SAML2IdentityProviderMetadataResolverTest method resolveMetadataEntityId.

@Test
public void resolveMetadataEntityId() throws Exception {
    MetadataResolver resolver = metadataResolver.resolve();
    CriteriaSet criteria = new CriteriaSet(new EntityIdCriterion("mmoayyed.example.net"));
    final EntityDescriptor entity = resolver.resolveSingle(criteria);
    assertEquals(entity.getEntityID(), "mmoayyed.example.net");
}

Example 39 with CriteriaSet

use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project pac4j by pac4j.

the class DefaultSignatureSigningParametersProvider method build.

@Override
public SignatureSigningParameters build(final SSODescriptor descriptor) {
    try {
        final CriteriaSet criteria = new CriteriaSet();
        criteria.add(new SignatureSigningConfigurationCriterion(getSignatureSigningConfiguration()));
        criteria.add(new RoleDescriptorCriterion(descriptor));
        final SAMLMetadataSignatureSigningParametersResolver resolver = new SAMLMetadataSignatureSigningParametersResolver();
        final SignatureSigningParameters params = resolver.resolveSingle(criteria);
        augmentSignatureSigningParameters(params);
        if (params == null) {
            throw new SAMLException("Could not determine the signature parameters");
        }
        logger.info("Created signature signing parameters." + "\nSignature algorithm: {}" + "\nSignature canonicalization algorithm: {}" + "\nSignature reference digest methods: {}", params.getSignatureAlgorithm(), params.getSignatureCanonicalizationAlgorithm(), params.getSignatureReferenceDigestMethod());
        return params;
    } catch (final Exception e) {
        throw new SAMLException(e);
    }
}

Example 40 with CriteriaSet

use of net.shibboleth.utilities.java.support.resolver.CriteriaSet in project cas by apereo.

the class SamlIdPObjectEncrypter method resolveDecryptionParameters.

/**
 * Resolve decryption parameters decryption parameters.
 *
 * @param service                 the service
 * @param decryptionConfiguration the decryption configuration
 * @return the decryption parameters
 * @throws ResolverException the resolver exception
 */
protected DecryptionParameters resolveDecryptionParameters(final SamlRegisteredService service, final BasicDecryptionConfiguration decryptionConfiguration) throws ResolverException {
    val criteria = new CriteriaSet();
    criteria.add(new DecryptionConfigurationCriterion(decryptionConfiguration));
    return new BasicDecryptionParametersResolver().resolveSingle(criteria);
}