Search in sources :

Example 6 with StaticKeyInfoCredentialResolver

use of org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver in project cas by apereo.

the class SamlObjectSignatureValidator method validateSignatureOnAuthenticationRequest.

private void validateSignatureOnAuthenticationRequest(final RequestAbstractType profileRequest, final HttpServletRequest request, final MessageContext context, final RoleDescriptorResolver roleDescriptorResolver) throws Exception {
    final SAML2HTTPRedirectDeflateSignatureSecurityHandler handler = new SAML2HTTPRedirectDeflateSignatureSecurityHandler();
    final SAMLPeerEntityContext peer = context.getSubcontext(SAMLPeerEntityContext.class, true);
    peer.setEntityId(SamlIdPUtils.getIssuerFromSamlRequest(profileRequest));
    LOGGER.debug("Validating request signature for [{}] via [{}]...", peer.getEntityId(), handler.getClass().getSimpleName());
    LOGGER.debug("Resolving role descriptor for [{}]", peer.getEntityId());
    final RoleDescriptor roleDescriptor = roleDescriptorResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(peer.getEntityId()), new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME)));
    peer.setRole(roleDescriptor.getElementQName());
    final SAMLProtocolContext protocol = context.getSubcontext(SAMLProtocolContext.class, true);
    protocol.setProtocol(SAMLConstants.SAML20P_NS);
    LOGGER.debug("Building security parameters context for signature validation of [{}]", peer.getEntityId());
    final SecurityParametersContext secCtx = context.getSubcontext(SecurityParametersContext.class, true);
    final SignatureValidationParameters validationParams = new SignatureValidationParameters();
    if (overrideBlackListedSignatureAlgorithms != null && !overrideBlackListedSignatureAlgorithms.isEmpty()) {
        validationParams.setBlacklistedAlgorithms(this.overrideBlackListedSignatureAlgorithms);
        LOGGER.debug("Validation override blacklisted algorithms are [{}]", this.overrideWhiteListedAlgorithms);
    }
    if (overrideWhiteListedAlgorithms != null && !overrideWhiteListedAlgorithms.isEmpty()) {
        validationParams.setWhitelistedAlgorithms(this.overrideWhiteListedAlgorithms);
        LOGGER.debug("Validation override whitelisted algorithms are [{}]", this.overrideWhiteListedAlgorithms);
    }
    LOGGER.debug("Resolving signing credentials for [{}]", peer.getEntityId());
    final Set<Credential> credentials = getSigningCredential(roleDescriptorResolver, profileRequest);
    if (credentials == null || credentials.isEmpty()) {
        throw new SamlException("Signing credentials for validation could not be resolved");
    }
    boolean foundValidCredential = false;
    final Iterator<Credential> it = credentials.iterator();
    while (!foundValidCredential && it.hasNext()) {
        try {
            final Credential c = it.next();
            final CredentialResolver resolver = new StaticCredentialResolver(c);
            final KeyInfoCredentialResolver keyResolver = new StaticKeyInfoCredentialResolver(c);
            final SignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(resolver, keyResolver);
            validationParams.setSignatureTrustEngine(trustEngine);
            secCtx.setSignatureValidationParameters(validationParams);
            handler.setHttpServletRequest(request);
            LOGGER.debug("Initializing [{}] to execute signature validation for [{}]", handler.getClass().getSimpleName(), peer.getEntityId());
            handler.initialize();
            LOGGER.debug("Invoking [{}] to handle signature validation for [{}]", handler.getClass().getSimpleName(), peer.getEntityId());
            handler.invoke(context);
            LOGGER.debug("Successfully validated request signature for [{}].", profileRequest.getIssuer());
            foundValidCredential = true;
        } catch (final Exception e) {
            LOGGER.debug(e.getMessage(), e);
        } finally {
            handler.destroy();
        }
    }
    if (!foundValidCredential) {
        LOGGER.error("No valid credentials could be found to verify the signature for [{}]", profileRequest.getIssuer());
        throw new SamlException("No valid signing credentials for validation could not be resolved");
    }
}
Also used : Credential(org.opensaml.security.credential.Credential) ExplicitKeySignatureTrustEngine(org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine) SignatureTrustEngine(org.opensaml.xmlsec.signature.support.SignatureTrustEngine) SAMLPeerEntityContext(org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) SAML2HTTPRedirectDeflateSignatureSecurityHandler(org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler) SamlException(org.apereo.cas.support.saml.SamlException) SamlException(org.apereo.cas.support.saml.SamlException) SignatureValidationParameters(org.opensaml.xmlsec.SignatureValidationParameters) StaticKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver) SAMLProtocolContext(org.opensaml.saml.common.messaging.context.SAMLProtocolContext) StaticCredentialResolver(org.opensaml.security.credential.impl.StaticCredentialResolver) ExplicitKeySignatureTrustEngine(org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine) RoleDescriptor(org.opensaml.saml.saml2.metadata.RoleDescriptor) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) SecurityParametersContext(org.opensaml.xmlsec.context.SecurityParametersContext) StaticKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver) KeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver) MetadataCredentialResolver(org.opensaml.saml.security.impl.MetadataCredentialResolver) StaticCredentialResolver(org.opensaml.security.credential.impl.StaticCredentialResolver) StaticKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver) CredentialResolver(org.opensaml.security.credential.CredentialResolver) KeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver)

Example 7 with StaticKeyInfoCredentialResolver

use of org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver in project security by opensearch-project.

the class MockSamlIdpServer method buildSignatureTrustEngine.

private SignatureTrustEngine buildSignatureTrustEngine(X509Certificate certificate) {
    CredentialResolver credentialResolver = new StaticCredentialResolver(new BasicX509Credential(certificate));
    KeyInfoCredentialResolver keyInfoCredentialResolver = new StaticKeyInfoCredentialResolver(new BasicX509Credential(certificate));
    return new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoCredentialResolver);
}
Also used : StaticKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) StaticCredentialResolver(org.opensaml.security.credential.impl.StaticCredentialResolver) ExplicitKeySignatureTrustEngine(org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine) StaticKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver) KeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver) StaticCredentialResolver(org.opensaml.security.credential.impl.StaticCredentialResolver) CredentialResolver(org.opensaml.security.credential.CredentialResolver) StaticKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver) KeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver)

Example 8 with StaticKeyInfoCredentialResolver

use of org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver in project OpenUnison by TremoloSecurity.

the class SAML2Auth method doPost.

@Override
public void doPost(HttpServletRequest req, HttpServletResponse resp, AuthStep as) throws ServletException, IOException {
    MyVDConnection myvd = cfgMgr.getMyVD();
    // HttpSession session = (HttpSession)
    // req.getAttribute(ConfigFilter.AUTOIDM_SESSION);//((HttpServletRequest)
    // req).getSession();
    // //SharedSession.getSharedSession().getSession(req.getSession().getId());
    // SharedSession.getSharedSession().getSession(req.getSession().getId());
    HttpSession session = ((HttpServletRequest) req).getSession();
    UrlHolder holder = (UrlHolder) req.getAttribute(ProxyConstants.AUTOIDM_CFG);
    String urlChain = holder.getUrl().getAuthChain();
    AuthChainType act = holder.getConfig().getAuthChains().get(urlChain);
    AuthInfo userData = ((AuthController) req.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
    if (userData.isAuthComplete() && userData.getAuthLevel() > 0) {
        // Session is already set, just redirect to relay state
        String relayState = this.getFinalURL(req, resp);
        if (relayState == null) {
            throw new ServletException("No RelayState or default RelayState");
        }
        resp.sendRedirect(relayState);
        return;
    }
    if (as == null) {
        // this is a special case - idp initiated means there's no context
        ArrayList<AuthStep> auths = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthSteps();
        int id = 0;
        for (AuthMechType amt : act.getAuthMech()) {
            AuthStep asx = new AuthStep();
            asx.setId(id);
            asx.setExecuted(false);
            asx.setRequired(amt.getRequired().equals("required"));
            asx.setSuccess(false);
            auths.add(asx);
            id++;
        }
        as = auths.get(0);
    }
    HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
    String defaultOC = authParams.get("defaultOC").getValues().get(0);
    String spEncKey = null;
    if (authParams.get("spEncKey") != null) {
        spEncKey = authParams.get("spEncKey").getValues().get(0);
    }
    RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
    AuthMechType amt = act.getAuthMech().get(as.getId());
    List<String> sigCertNames = authParams.get("idpSigKeyName").getValues();
    List<X509Certificate> sigCerts = new ArrayList<X509Certificate>();
    boolean isMultiIdp = authParams.get("isMultiIdP") != null && authParams.get("isMultiIdP").getValues().get(0).equalsIgnoreCase("true");
    String ldapAttrib = authParams.get("ldapAttribute").getValues().get(0);
    String dnLabel = authParams.get("dnOU").getValues().get(0);
    String samlResp = req.getParameter("SAMLResponse");
    String xml = null;
    xml = new String(Base64.decodeBase64(samlResp), "UTF-8");
    boolean assertionSigned = true;
    if (authParams.get("assertionsSigned") != null) {
        assertionSigned = Boolean.parseBoolean(authParams.get("assertionsSigned").getValues().get(0));
    }
    boolean responseSigned = false;
    if (authParams.get("responsesSigned") != null) {
        responseSigned = Boolean.parseBoolean(authParams.get("responsesSigned").getValues().get(0));
    }
    boolean assertionEncrypted = false;
    if (authParams.get("assertionEncrypted") != null) {
        assertionEncrypted = Boolean.parseBoolean(authParams.get("assertionEncrypted").getValues().get(0));
    }
    if (logger.isDebugEnabled()) {
        logger.debug("=========saml2resp============");
        logger.debug(xml);
        logger.debug("=========saml2resp============");
    }
    xml = xml.replaceAll("<!--.*-->", "");
    DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
    factory.setNamespaceAware(true);
    try {
        DocumentBuilder builder = factory.newDocumentBuilder();
        Element root = builder.parse(new InputSource(new StringReader(xml))).getDocumentElement();
        Response samlResponse = (Response) XMLObjectSupport.getUnmarshaller(root).unmarshall(root);
        if (isMultiIdp) {
            try {
                String dn = authParams.get("idpDir").getValues().get(0);
                LDAPSearchResults res = cfgMgr.getMyVD().search(dn, 2, equal("issuer", samlResponse.getIssuer().getValue()).toString(), new ArrayList<String>());
                if (!res.hasMore()) {
                    throw new ServletException("No IdP found");
                }
                LDAPEntry entry = res.next();
                java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
                sigCerts.add((java.security.cert.X509Certificate) cf.generateCertificate(new ByteArrayInputStream(Base64.decodeBase64(entry.getAttribute("idpSig").getStringValue()))));
            } catch (LDAPException e) {
                throw new ServletException("Could not load IdP data", e);
            } catch (CertificateException e) {
                throw new ServletException("Could not load IdP data", e);
            }
        } else {
            for (String sigCertName : sigCertNames) {
                sigCerts.add(cfgMgr.getCertificate(sigCertName));
            }
        }
        if (responseSigned) {
            if (samlResponse.getSignature() != null) {
                boolean foundSigned = false;
                for (X509Certificate sigCert : sigCerts) {
                    if (sigCert != null) {
                        BasicCredential sigCred = new BasicCredential(sigCert.getPublicKey());
                        sigCred.setUsageType(UsageType.SIGNING);
                        try {
                            SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
                            profileValidator.validate(samlResponse.getSignature());
                            SignatureValidator.validate(samlResponse.getSignature(), sigCred);
                            foundSigned = true;
                        } catch (org.opensaml.xmlsec.signature.support.SignatureException se) {
                        }
                    }
                }
                if (!foundSigned) {
                    throw new ServletException("could not validate response");
                }
            } else {
                throw new Exception("Response not signed");
            }
        }
        Assertion assertion = null;
        if (samlResponse.getEncryptedAssertions().size() > 0) {
            try {
                EncryptedAssertion encAssertion = samlResponse.getEncryptedAssertions().get(0);
                PrivateKey privKey = this.cfgMgr.getPrivateKey(spEncKey);
                PublicKey pubKey = this.cfgMgr.getCertificate(spEncKey).getPublicKey();
                Credential credential = new BasicCredential(pubKey, privKey);
                StaticKeyInfoCredentialResolver resolver = new StaticKeyInfoCredentialResolver(credential);
                Decrypter decrypter = new Decrypter(null, resolver, new InlineEncryptedKeyResolver());
                decrypter.setRootInNewDocument(true);
                assertion = decrypter.decrypt(encAssertion);
            } catch (Exception e) {
                throw new ServletException("Error decrypting assertion", e);
            }
        } else {
            if (assertionEncrypted) {
                throw new Exception("Assertion not encrypted");
            }
            if (samlResponse.getAssertions().size() == 0) {
                throw new Exception("No assertions found");
            }
            assertion = (Assertion) samlResponse.getAssertions().get(0);
        }
        if (assertionSigned) {
            if (assertion.getSignature() != null) {
                boolean foundSigned = false;
                for (X509Certificate sigCert : sigCerts) {
                    if (sigCert != null) {
                        BasicCredential sigCred = new BasicCredential(sigCert.getPublicKey());
                        sigCred.setUsageType(UsageType.SIGNING);
                        try {
                            SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
                            profileValidator.validate(assertion.getSignature());
                            SignatureValidator.validate(assertion.getSignature(), sigCred);
                            foundSigned = true;
                        } catch (org.opensaml.xmlsec.signature.support.SignatureException se) {
                        }
                    }
                }
                if (!foundSigned) {
                    throw new ServletException("Assertion can not be validated with a trusted certificate");
                }
            } else {
                throw new Exception("No assertion signature");
            }
        }
        // If it made it here, the assertion is valid, lets check the authncontextclassref
        Attribute authnContextClassRef = authParams.get("authCtxRef");
        if (authnContextClassRef != null && authnContextClassRef.getValues().size() > 0 && !authnContextClassRef.getValues().get(0).isEmpty() && !authnContextClassRef.getValues().get(0).equalsIgnoreCase("none") && (assertion.getAuthnStatements() == null || assertion.getAuthnStatements().size() == 0 || assertion.getAuthnStatements().get(0).getAuthnContext() == null || assertion.getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef() == null || assertion.getAuthnStatements().get(0).getAuthnContext() == null || assertion.getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef() == null || assertion.getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef().getURI() == null || !assertion.getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef().getURI().equalsIgnoreCase(authnContextClassRef.getValues().get(0)))) {
            logger.warn("Can not validate the authentication context classref");
            as.setSuccess(false);
            holder.getConfig().getAuthManager().nextAuth(req, resp, session, false);
            return;
        }
        try {
            if (authParams.get("dontLinkToLDAP") == null || authParams.get("dontLinkToLDAP").getValues().get(0).equalsIgnoreCase("false")) {
                StringBuffer filter = new StringBuffer();
                filter.append('(').append(ldapAttrib).append('=').append(assertion.getSubject().getNameID().getValue()).append(')');
                LDAPSearchResults res = myvd.search(AuthUtil.getChainRoot(cfgMgr, act), 2, filter.toString(), new ArrayList<String>());
                if (res.hasMore()) {
                    createUserFromDir(session, act, ldapAttrib, assertion, res);
                } else {
                    createUnlinkedUser(session, act, ldapAttrib, dnLabel, defaultOC, assertion);
                }
            } else {
                createUnlinkedUser(session, act, ldapAttrib, dnLabel, defaultOC, assertion);
            }
        } catch (LDAPException e) {
            if (e.getResultCode() == 32) {
                createUnlinkedUser(session, act, ldapAttrib, dnLabel, defaultOC, assertion);
            } else {
                throw e;
            }
        }
        // logout management
        Attribute logoutURLAttr = authParams.get("idpRedirLogoutURL");
        if (logoutURLAttr != null && logoutURLAttr.getValues().size() > 0 && !logoutURLAttr.getValues().get(0).isEmpty() && authParams.get("spSigKey") != null && authParams.get("spSigKey").getValues().size() > 0) {
            String logoutURL = logoutURLAttr.getValues().get(0);
            String sessionIndex = assertion.getAuthnStatements().get(0).getSessionIndex();
            String nameID = assertion.getSubject().getNameID().getValue();
            String nameIDFormat = assertion.getSubject().getNameID().getFormat();
            Saml2SingleLogout handler = new Saml2SingleLogout(logoutURL, sessionIndex, nameID, nameIDFormat, samlResponse.getDestination(), authParams.get("spSigKey").getValues().get(0), authParams.get("sigAlg").getValues().get(0), authParams.get("entityID").getValues().get(0));
            LogoutUtil.addLogoutHandler(req, handler);
        }
        as.setSuccess(true);
    } catch (Exception e) {
        logger.error("Error Parsing Assertion", e);
        throw new ServletException("error parsing assertion", e);
    }
    holder.getConfig().getAuthManager().nextAuth(req, resp, session, false);
}
Also used : InputSource(org.xml.sax.InputSource) DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory) PrivateKey(java.security.PrivateKey) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) CertificateException(java.security.cert.CertificateException) XSString(org.opensaml.core.xml.schema.XSString) AuthStep(com.tremolosecurity.proxy.auth.util.AuthStep) HttpServletRequest(javax.servlet.http.HttpServletRequest) UrlHolder(com.tremolosecurity.config.util.UrlHolder) ServletException(javax.servlet.ServletException) LDAPEntry(com.novell.ldap.LDAPEntry) SAMLSignatureProfileValidator(org.opensaml.saml.security.impl.SAMLSignatureProfileValidator) PublicKey(java.security.PublicKey) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion) Assertion(org.opensaml.saml.saml2.core.Assertion) AuthMechType(com.tremolosecurity.config.xml.AuthMechType) Decrypter(org.opensaml.saml.saml2.encryption.Decrypter) X509Certificate(java.security.cert.X509Certificate) LDAPException(com.novell.ldap.LDAPException) ByteArrayInputStream(java.io.ByteArrayInputStream) InlineEncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver) Attribute(com.tremolosecurity.saml.Attribute) LDAPAttribute(com.novell.ldap.LDAPAttribute) Element(org.w3c.dom.Element) StaticKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver) StringReader(java.io.StringReader) AuthChainType(com.tremolosecurity.config.xml.AuthChainType) MyVDConnection(com.tremolosecurity.proxy.myvd.MyVDConnection) BasicCredential(org.opensaml.security.credential.BasicCredential) BasicCredential(org.opensaml.security.credential.BasicCredential) Credential(org.opensaml.security.credential.Credential) TremoloHttpSession(com.tremolosecurity.proxy.TremoloHttpSession) HttpSession(javax.servlet.http.HttpSession) Saml2SingleLogout(com.tremolosecurity.proxy.auth.saml2.Saml2SingleLogout) UnmarshallingException(org.opensaml.core.xml.io.UnmarshallingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) CertificateEncodingException(java.security.cert.CertificateEncodingException) LDAPException(com.novell.ldap.LDAPException) MarshallingException(org.opensaml.core.xml.io.MarshallingException) IOException(java.io.IOException) Base64DecodingException(org.apache.xml.security.exceptions.Base64DecodingException) ServletException(javax.servlet.ServletException) SignatureException(java.security.SignatureException) SAXException(org.xml.sax.SAXException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) InitializationException(org.opensaml.core.config.InitializationException) MalformedURLException(java.net.MalformedURLException) CertificateException(java.security.cert.CertificateException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) Response(org.opensaml.saml.saml2.core.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) DocumentBuilder(javax.xml.parsers.DocumentBuilder) EncryptedAssertion(org.opensaml.saml.saml2.core.EncryptedAssertion)

Aggregations

StaticKeyInfoCredentialResolver (org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver)8 lombok.val (lombok.val)4 StaticCredentialResolver (org.opensaml.security.credential.impl.StaticCredentialResolver)4 ExplicitKeySignatureTrustEngine (org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine)4 ArrayList (java.util.ArrayList)3 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)3 EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)3 EntityRoleCriterion (org.opensaml.saml.criterion.EntityRoleCriterion)3 KeyInfoCredentialResolver (org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver)3 SamlException (org.apereo.cas.support.saml.SamlException)2 SAML2HTTPRedirectDeflateSignatureSecurityHandler (org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler)2 Decrypter (org.opensaml.saml.saml2.encryption.Decrypter)2 EncryptedElementTypeEncryptedKeyResolver (org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver)2 Credential (org.opensaml.security.credential.Credential)2 CredentialResolver (org.opensaml.security.credential.CredentialResolver)2 SignatureValidationParameters (org.opensaml.xmlsec.SignatureValidationParameters)2 ChainingEncryptedKeyResolver (org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver)2 InlineEncryptedKeyResolver (org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver)2 SimpleRetrievalMethodEncryptedKeyResolver (org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver)2 LDAPAttribute (com.novell.ldap.LDAPAttribute)1