Search in sources :

Example 6 with UsageCriterion

use of org.opensaml.security.criteria.UsageCriterion in project cas by apereo.

the class SamlIdPObjectEncrypter method configureKeyEncryptionCredential.

/**
 * Gets key encryption credential.
 *
 * @param peerEntityId            the peer entity id
 * @param adaptor                 the adaptor
 * @param service                 the service
 * @param encryptionConfiguration the encryption configuration
 * @return the key encryption credential
 * @throws Exception the exception
 */
protected Credential configureKeyEncryptionCredential(final String peerEntityId, final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final SamlRegisteredService service, final BasicEncryptionConfiguration encryptionConfiguration) throws Exception {
    val mdCredentialResolver = new SamlIdPMetadataCredentialResolver();
    val providers = new ArrayList<KeyInfoProvider>(5);
    providers.add(new RSAKeyValueProvider());
    providers.add(new DSAKeyValueProvider());
    providers.add(new InlineX509DataProvider());
    providers.add(new DEREncodedKeyValueProvider());
    providers.add(new KeyInfoReferenceProvider());
    val keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(providers);
    mdCredentialResolver.setKeyInfoCredentialResolver(keyInfoResolver);
    val roleDescriptorResolver = SamlIdPUtils.getRoleDescriptorResolver(adaptor, samlIdPProperties.getMetadata().getCore().isRequireValidMetadata());
    mdCredentialResolver.setRoleDescriptorResolver(roleDescriptorResolver);
    mdCredentialResolver.initialize();
    val criteriaSet = new CriteriaSet();
    criteriaSet.add(new EncryptionConfigurationCriterion(encryptionConfiguration));
    criteriaSet.add(new EntityIdCriterion(peerEntityId));
    criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
    criteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION));
    criteriaSet.add(new SamlIdPSamlRegisteredServiceCriterion(service));
    LOGGER.debug("Attempting to resolve the encryption key for entity id [{}]", peerEntityId);
    val credential = mdCredentialResolver.resolveSingle(criteriaSet);
    if (credential == null || credential.getPublicKey() == null) {
        if (service.isEncryptionOptional()) {
            LOGGER.warn("Unable to resolve the encryption [public] key for entity id [{}]", peerEntityId);
            return null;
        }
        throw new SamlException("Unable to resolve the encryption [public] key for entity id " + peerEntityId);
    }
    val encodedKey = EncodingUtils.encodeBase64(credential.getPublicKey().getEncoded());
    LOGGER.debug("Found encryption public key: [{}]", encodedKey);
    encryptionConfiguration.setKeyTransportEncryptionCredentials(CollectionUtils.wrapList(credential));
    return credential;
}
Also used : lombok.val(lombok.val) UsageCriterion(org.opensaml.security.criteria.UsageCriterion) RSAKeyValueProvider(org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider) SamlIdPSamlRegisteredServiceCriterion(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion) EncryptionConfigurationCriterion(org.opensaml.xmlsec.criterion.EncryptionConfigurationCriterion) ArrayList(java.util.ArrayList) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) SamlException(org.apereo.cas.support.saml.SamlException) InlineX509DataProvider(org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider) KeyInfoReferenceProvider(org.opensaml.xmlsec.keyinfo.impl.provider.KeyInfoReferenceProvider) SamlIdPMetadataCredentialResolver(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataCredentialResolver) BasicProviderKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) DSAKeyValueProvider(org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider) DEREncodedKeyValueProvider(org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider)

Example 7 with UsageCriterion

use of org.opensaml.security.criteria.UsageCriterion in project cas by apereo.

the class DefaultSamlIdPObjectSigner method getSignatureSigningConfiguration.

/**
 * Gets signature signing configuration.
 * The resolved used is {@link SamlIdPMetadataCredentialResolver} that
 * allows the entire criteria set to be passed to the role descriptor resolver.
 * This behavior allows the passing of {@link SamlIdPSamlRegisteredServiceCriterion}
 * so signing configuration, etc can be fetched for a specific service as an override,
 * if on is in fact defined for the service.
 *
 * @param service the service
 * @return the signature signing configuration
 * @throws Exception the exception
 */
protected SignatureSigningConfiguration getSignatureSigningConfiguration(final SamlRegisteredService service) throws Exception {
    val config = configureSignatureSigningSecurityConfiguration(service);
    val samlIdp = casProperties.getAuthn().getSamlIdp();
    val privateKey = getSigningPrivateKey(service);
    val mdCredentialResolver = new SamlIdPMetadataCredentialResolver();
    val roleDescriptorResolver = SamlIdPUtils.getRoleDescriptorResolver(samlIdPMetadataResolver, samlIdp.getMetadata().getCore().isRequireValidMetadata());
    mdCredentialResolver.setRoleDescriptorResolver(roleDescriptorResolver);
    mdCredentialResolver.setKeyInfoCredentialResolver(DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver());
    mdCredentialResolver.initialize();
    val criteriaSet = new CriteriaSet();
    criteriaSet.add(new SignatureSigningConfigurationCriterion(config));
    criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
    val entityIdCriteriaSet = new CriteriaSet(new EvaluableEntityRoleEntityDescriptorCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME), new SamlIdPSamlRegisteredServiceCriterion(service));
    LOGGER.trace("Resolving entity id from SAML2 IdP metadata for signature signing configuration is [{}]", service.getName());
    val entityId = Objects.requireNonNull(samlIdPMetadataResolver.resolveSingle(entityIdCriteriaSet)).getEntityID();
    LOGGER.trace("Resolved entity id from SAML2 IdP metadata is [{}]", entityId);
    criteriaSet.add(new EntityIdCriterion(entityId));
    criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
    criteriaSet.add(new SamlIdPSamlRegisteredServiceCriterion(service));
    LOGGER.trace("Resolved signing credentials based on criteria [{}]", criteriaSet);
    val credentials = Sets.newLinkedHashSet(mdCredentialResolver.resolve(criteriaSet));
    LOGGER.trace("Resolved [{}] signing credentials", credentials.size());
    val finalCredentials = new ArrayList<Credential>();
    credentials.stream().map(c -> getResolvedSigningCredential(c, privateKey, service)).filter(Objects::nonNull).filter(c -> doesCredentialFingerprintMatch(c, service)).forEach(finalCredentials::add);
    if (finalCredentials.isEmpty()) {
        LOGGER.error("Unable to locate any signing credentials for service [{}]", service.getName());
        throw new IllegalArgumentException("Unable to locate signing credentials");
    }
    config.setSigningCredentials(finalCredentials);
    LOGGER.trace("Signature signing credentials configured with [{}] credentials", finalCredentials.size());
    return config;
}
Also used : lombok.val(lombok.val) CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) MessageContext(org.opensaml.messaging.context.MessageContext) SneakyThrows(lombok.SneakyThrows) RequiredArgsConstructor(lombok.RequiredArgsConstructor) SignatureSigningConfiguration(org.opensaml.xmlsec.SignatureSigningConfiguration) StringUtils(org.apache.commons.lang3.StringUtils) PrivateKeyFactoryBean(org.apereo.cas.util.crypto.PrivateKeyFactoryBean) SamlUtils(org.apereo.cas.support.saml.SamlUtils) SignatureSigningParameters(org.opensaml.xmlsec.SignatureSigningParameters) LoggingUtils(org.apereo.cas.util.LoggingUtils) Pair(org.apache.commons.lang3.tuple.Pair) SamlException(org.apereo.cas.support.saml.SamlException) BasicCredential(org.opensaml.security.credential.BasicCredential) SAMLMetadataSignatureSigningParametersResolver(org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver) UsageType(org.opensaml.security.credential.UsageType) SAMLOutboundDestinationHandler(org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler) MetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver) RequestAbstractType(org.opensaml.saml.saml2.core.RequestAbstractType) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) SamlIdPUtils(org.apereo.cas.support.saml.SamlIdPUtils) Sets(com.google.common.collect.Sets) AbstractCredential(org.opensaml.security.credential.AbstractCredential) Objects(java.util.Objects) Slf4j(lombok.extern.slf4j.Slf4j) SAMLObject(org.opensaml.saml.common.SAMLObject) PrivateKey(java.security.PrivateKey) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) SignatureSigningConfigurationCriterion(org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion) EndpointURLSchemeSecurityHandler(org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler) SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) Optional(java.util.Optional) Pattern(java.util.regex.Pattern) MutableCredential(org.opensaml.security.credential.MutableCredential) SAMLOutboundProtocolMessageSigningHandler(org.opensaml.saml.common.binding.security.impl.SAMLOutboundProtocolMessageSigningHandler) UsageCriterion(org.opensaml.security.criteria.UsageCriterion) Getter(lombok.Getter) DigestUtils(org.apereo.cas.util.DigestUtils) SamlIdPMetadataCredentialResolver(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataCredentialResolver) ArrayList(java.util.ArrayList) HttpServletRequest(javax.servlet.http.HttpServletRequest) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) SecurityParametersContext(org.opensaml.xmlsec.context.SecurityParametersContext) SamlIdPSamlRegisteredServiceCriterion(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion) SamlIdPResponseProperties(org.apereo.cas.configuration.model.support.saml.idp.SamlIdPResponseProperties) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) BasicAlgorithmPolicyConfiguration(org.opensaml.xmlsec.impl.BasicAlgorithmPolicyConfiguration) RoleDescriptorCriterion(org.opensaml.saml.criterion.RoleDescriptorCriterion) DefaultSecurityConfigurationBootstrap(org.opensaml.xmlsec.config.impl.DefaultSecurityConfigurationBootstrap) Credential(org.opensaml.security.credential.Credential) lombok.val(lombok.val) HttpServletResponse(javax.servlet.http.HttpServletResponse) RoleDescriptor(org.opensaml.saml.saml2.metadata.RoleDescriptor) RegexUtils(org.apereo.cas.util.RegexUtils) CertUtils(org.apereo.cas.util.crypto.CertUtils) SamlIdPMetadataLocator(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataLocator) EvaluableEntityRoleEntityDescriptorCriterion(org.opensaml.saml.metadata.criteria.entity.impl.EvaluableEntityRoleEntityDescriptorCriterion) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) BasicSignatureSigningConfiguration(org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration) UsageCriterion(org.opensaml.security.criteria.UsageCriterion) EvaluableEntityRoleEntityDescriptorCriterion(org.opensaml.saml.metadata.criteria.entity.impl.EvaluableEntityRoleEntityDescriptorCriterion) SamlIdPSamlRegisteredServiceCriterion(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) ArrayList(java.util.ArrayList) SamlIdPMetadataCredentialResolver(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataCredentialResolver) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) Objects(java.util.Objects) SignatureSigningConfigurationCriterion(org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion)

Example 8 with UsageCriterion

use of org.opensaml.security.criteria.UsageCriterion in project cas by apereo.

the class SamlIdPObjectSigner method getSignatureSigningConfiguration.

/**
 * Gets signature signing configuration.
 *
 * @param roleDescriptor the role descriptor
 * @param service        the service
 * @return the signature signing configuration
 * @throws Exception the exception
 */
protected SignatureSigningConfiguration getSignatureSigningConfiguration(final RoleDescriptor roleDescriptor, final SamlRegisteredService service) throws Exception {
    final BasicSignatureSigningConfiguration config = DefaultSecurityConfigurationBootstrap.buildDefaultSignatureSigningConfiguration();
    final SamlIdPProperties samlIdp = casProperties.getAuthn().getSamlIdp();
    if (this.overrideBlackListedSignatureAlgorithms != null && !samlIdp.getAlgs().getOverrideBlackListedSignatureSigningAlgorithms().isEmpty()) {
        config.setBlacklistedAlgorithms(this.overrideBlackListedSignatureAlgorithms);
    }
    if (this.overrideSignatureAlgorithms != null && !this.overrideSignatureAlgorithms.isEmpty()) {
        config.setSignatureAlgorithms(this.overrideSignatureAlgorithms);
    }
    if (this.overrideSignatureReferenceDigestMethods != null && !this.overrideSignatureReferenceDigestMethods.isEmpty()) {
        config.setSignatureReferenceDigestMethods(this.overrideSignatureReferenceDigestMethods);
    }
    if (this.overrideWhiteListedAlgorithms != null && !this.overrideWhiteListedAlgorithms.isEmpty()) {
        config.setWhitelistedAlgorithms(this.overrideWhiteListedAlgorithms);
    }
    if (StringUtils.isNotBlank(samlIdp.getAlgs().getOverrideSignatureCanonicalizationAlgorithm())) {
        config.setSignatureCanonicalizationAlgorithm(samlIdp.getAlgs().getOverrideSignatureCanonicalizationAlgorithm());
    }
    LOGGER.debug("Signature signing blacklisted algorithms: [{}]", config.getBlacklistedAlgorithms());
    LOGGER.debug("Signature signing signature algorithms: [{}]", config.getSignatureAlgorithms());
    LOGGER.debug("Signature signing signature canonicalization algorithm: [{}]", config.getSignatureCanonicalizationAlgorithm());
    LOGGER.debug("Signature signing whitelisted algorithms: [{}]", config.getWhitelistedAlgorithms());
    LOGGER.debug("Signature signing reference digest methods: [{}]", config.getSignatureReferenceDigestMethods());
    final PrivateKey privateKey = getSigningPrivateKey();
    final SamlIdPProperties idp = casProperties.getAuthn().getSamlIdp();
    final MetadataCredentialResolver kekCredentialResolver = new MetadataCredentialResolver();
    kekCredentialResolver.setRoleDescriptorResolver(SamlIdPUtils.getRoleDescriptorResolver(casSamlIdPMetadataResolver, idp.getMetadata().isRequireValidMetadata()));
    kekCredentialResolver.setKeyInfoCredentialResolver(DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver());
    kekCredentialResolver.initialize();
    final CriteriaSet criteriaSet = new CriteriaSet();
    criteriaSet.add(new SignatureSigningConfigurationCriterion(config));
    criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
    criteriaSet.add(new EntityIdCriterion(casProperties.getAuthn().getSamlIdp().getEntityId()));
    criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
    final Set<Credential> credentials = Sets.newLinkedHashSet(kekCredentialResolver.resolve(criteriaSet));
    final List<Credential> creds = new ArrayList<>();
    credentials.forEach(c -> {
        final AbstractCredential cred = getResolvedSigningCredential(c, privateKey, service);
        if (cred != null) {
            creds.add(cred);
        }
    });
    config.setSigningCredentials(creds);
    LOGGER.debug("Signature signing credentials configured with [{}] credentials", creds.size());
    return config;
}
Also used : UsageCriterion(org.opensaml.security.criteria.UsageCriterion) BasicCredential(org.opensaml.security.credential.BasicCredential) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) AbstractCredential(org.opensaml.security.credential.AbstractCredential) Credential(org.opensaml.security.credential.Credential) PrivateKey(java.security.PrivateKey) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) ArrayList(java.util.ArrayList) MetadataCredentialResolver(org.opensaml.saml.security.impl.MetadataCredentialResolver) AbstractCredential(org.opensaml.security.credential.AbstractCredential) SamlIdPProperties(org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) SignatureSigningConfigurationCriterion(org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion) BasicSignatureSigningConfiguration(org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration)

Example 9 with UsageCriterion

use of org.opensaml.security.criteria.UsageCriterion in project pac4j by pac4j.

the class SAML2LogoutResponseValidator method validateSignature.

/**
 * Validate the given digital signature by checking its profile and value.
 *
 * @param signature the signature
 * @param idpEntityId the idp entity id
 * @param trustEngine the trust engine
 */
protected final void validateSignature(final Signature signature, final String idpEntityId, final SignatureTrustEngine trustEngine) {
    final SAMLSignatureProfileValidator validator = new SAMLSignatureProfileValidator();
    try {
        validator.validate(signature);
    } catch (final SignatureException e) {
        throw new SAMLSignatureValidationException("SAMLSignatureProfileValidator failed to validate signature", e);
    }
    final CriteriaSet criteriaSet = new CriteriaSet();
    criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
    criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
    criteriaSet.add(new ProtocolCriterion(SAMLConstants.SAML20P_NS));
    criteriaSet.add(new EntityIdCriterion(idpEntityId));
    final boolean valid;
    try {
        valid = trustEngine.validate(signature, criteriaSet);
    } catch (final SecurityException e) {
        throw new SAMLSignatureValidationException("An error occurred during signature validation", e);
    }
    if (!valid) {
        throw new SAMLSignatureValidationException("Signature is not trusted");
    }
}
Also used : UsageCriterion(org.opensaml.security.criteria.UsageCriterion) ProtocolCriterion(org.opensaml.saml.criterion.ProtocolCriterion) SAMLSignatureValidationException(org.pac4j.saml.exceptions.SAMLSignatureValidationException) SAMLSignatureProfileValidator(org.opensaml.saml.security.impl.SAMLSignatureProfileValidator) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) SecurityException(org.opensaml.security.SecurityException) SignatureException(org.opensaml.xmlsec.signature.support.SignatureException)

Example 10 with UsageCriterion

use of org.opensaml.security.criteria.UsageCriterion in project cas by apereo.

the class SamlObjectSignatureValidator method getSigningCredential.

@SneakyThrows
private Set<Credential> getSigningCredential(final RoleDescriptorResolver resolver, final RequestAbstractType profileRequest) {
    val kekCredentialResolver = new MetadataCredentialResolver();
    val config = getSignatureValidationConfiguration();
    kekCredentialResolver.setRoleDescriptorResolver(resolver);
    kekCredentialResolver.setKeyInfoCredentialResolver(DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver());
    kekCredentialResolver.initialize();
    val criteriaSet = new CriteriaSet();
    criteriaSet.add(new SignatureValidationConfigurationCriterion(config));
    criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
    buildEntityCriteriaForSigningCredential(profileRequest, criteriaSet);
    return Sets.newLinkedHashSet(kekCredentialResolver.resolve(criteriaSet));
}
Also used : lombok.val(lombok.val) UsageCriterion(org.opensaml.security.criteria.UsageCriterion) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) MetadataCredentialResolver(org.opensaml.saml.security.impl.MetadataCredentialResolver) SignatureValidationConfigurationCriterion(org.opensaml.xmlsec.criterion.SignatureValidationConfigurationCriterion) SneakyThrows(lombok.SneakyThrows)

Aggregations

CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)11 UsageCriterion (org.opensaml.security.criteria.UsageCriterion)11 EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)9 EntityRoleCriterion (org.opensaml.saml.criterion.EntityRoleCriterion)9 ArrayList (java.util.ArrayList)5 lombok.val (lombok.val)5 ProtocolCriterion (org.opensaml.saml.criterion.ProtocolCriterion)4 MetadataCredentialResolver (org.opensaml.saml.security.impl.MetadataCredentialResolver)4 SAMLSignatureProfileValidator (org.opensaml.saml.security.impl.SAMLSignatureProfileValidator)4 SneakyThrows (lombok.SneakyThrows)3 SamlIdPMetadataCredentialResolver (org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPMetadataCredentialResolver)3 SamlIdPSamlRegisteredServiceCriterion (org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion)3 SecurityException (org.opensaml.security.SecurityException)3 BasicCredential (org.opensaml.security.credential.BasicCredential)3 BasicProviderKeyInfoCredentialResolver (org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver)3 DEREncodedKeyValueProvider (org.opensaml.xmlsec.keyinfo.impl.provider.DEREncodedKeyValueProvider)3 DSAKeyValueProvider (org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider)3 InlineX509DataProvider (org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider)3 KeyInfoReferenceProvider (org.opensaml.xmlsec.keyinfo.impl.provider.KeyInfoReferenceProvider)3 RSAKeyValueProvider (org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider)3