All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.opensaml.xml.security.keyinfo.LocalKeyInfoCredentialResolver Maven / Gradle / Ivy

Go to download

XMLTooling-J is a low-level library that may be used to construct libraries that allow developers to work with XML in a Java beans manner.

There is a newer version: 1.4.2
Show newest version
/*
 * Licensed to the University Corporation for Advanced Internet Development, 
 * Inc. (UCAID) under one or more contributor license agreements.  See the 
 * NOTICE file distributed with this work for additional information regarding
 * copyright ownership. The UCAID licenses this file to You under the Apache 
 * License, Version 2.0 (the "License"); you may not use this file except in 
 * compliance with the License.  You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.opensaml.xml.security.keyinfo;

import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;

import org.opensaml.xml.encryption.Decrypter;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.CredentialResolver;
import org.opensaml.xml.security.criteria.KeyNameCriteria;
import org.opensaml.xml.security.criteria.PublicKeyCriteria;
import org.opensaml.xml.signature.KeyInfo;

/**
 * A simple specialization of {@link BasicProviderKeyInfoCredentialResolver}
 * which is capable of using information from a {@link KeyInfo} to resolve
 * local credentials from a supplied {@link CredentialResolver} which manages local credentials.
 * 
 * 

* The local credential resolver supplied should manage and return credentials * which contain either a secret (symmetric) key or the private key half of a * key pair. *

* *

* A typical use case for this class would be as a resolver of decryption keys, * such as is needed by {@link Decrypter}. *

* *

* Resolution proceeds as follows: *

    *
  1. Any credential resolved via the standard {@link BasicProviderKeyInfoCredentialResolver} * resolution process which is not a local credential will be removed * from the effective set of credentials to be returned. Note that a configured * {@link KeyInfoProvider} may have itself already resolved local credentials using a * different mechanism. These will not be removed.
  2. *
  3. If a credential so removed contained a public key, that key will be used as a * resolution criteria input to the local credential resolver. Any local credentials * so resolved will be added to the set to be returned.
  4. *
  5. Similarly, any key names from {@link KeyInfoResolutionContext#getKeyNames()} will also * be used as resolution criteria for local credentials and the resultant credentials * added to the set to be returned.
  6. *
*

*/ public class LocalKeyInfoCredentialResolver extends BasicProviderKeyInfoCredentialResolver { /** The resovler which is used to resolve local credentials. */ private CredentialResolver localCredResolver; /** * Constructor. * * @param keyInfoProviders the list of KeyInfoProvider's to use in this resolver * @param localCredentialResolver resolver of local credentials */ public LocalKeyInfoCredentialResolver(List keyInfoProviders, CredentialResolver localCredentialResolver) { super(keyInfoProviders); if (localCredentialResolver == null) { throw new IllegalArgumentException("Local credential resolver must be supplied"); } localCredResolver = localCredentialResolver; } /** * Get the resolver for local credentials. * * The credentials managed and returned by this resolver should all contain * either a secret (symmetric) or private key. * * @return resolver of local credentials */ public CredentialResolver getLocalCredentialResolver() { return localCredResolver; } /** {@inheritDoc} */ protected void postProcess(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet, List credentials) throws SecurityException { ArrayList localCreds = new ArrayList(); for (Credential cred : credentials) { if (isLocalCredential(cred)) { localCreds.add(cred); } else if (cred.getPublicKey() != null) { localCreds.addAll(resolveByPublicKey(cred.getPublicKey())); } } // Also resolve local creds based on any key names that are known for (String keyName : kiContext.getKeyNames()) { localCreds.addAll(resolveByKeyName(keyName)); } credentials.clear(); credentials.addAll(localCreds); } /** * Determine whether the credential is a local credential. * * A local credential will have either a private key or a secret (symmetric) key. * * @param credential the credential to evaluate * @return true if the credential has either a private or secret key, false otherwise */ protected boolean isLocalCredential(Credential credential) { return credential.getPrivateKey() != null || credential.getSecretKey() != null; } /** * Resolve credentials from local resolver using key name criteria. * * @param keyName the key name criteria * @return collection of local credentials identified by the specified key name * @throws SecurityException thrown if there is a problem resolving credentials from the * local credential resolver */ protected Collection resolveByKeyName(String keyName) throws SecurityException { ArrayList localCreds = new ArrayList(); CriteriaSet criteriaSet = new CriteriaSet( new KeyNameCriteria(keyName) ); for (Credential cred : getLocalCredentialResolver().resolve(criteriaSet)) { if (isLocalCredential(cred)) { localCreds.add(cred); } } return localCreds; } /** * Resolve credentials from local resolver using public key criteria. * * @param publicKey the public key criteria * @return collection of local credentials which contain the private key * corresponding to the specified public key * @throws SecurityException thrown if there is a problem resolving credentials from the * local credential resolver */ protected Collection resolveByPublicKey(PublicKey publicKey) throws SecurityException { ArrayList localCreds = new ArrayList(); CriteriaSet criteriaSet = new CriteriaSet( new PublicKeyCriteria(publicKey) ); for (Credential cred : getLocalCredentialResolver().resolve(criteriaSet)) { if (isLocalCredential(cred)) { localCreds.add(cred); } } return localCreds; } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy