• Home
• org.opensaml
• xmltooling
• 1.3.2-1
• source code
• LocalKeyInfoCredentialResolver.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.opensaml.xml.security.keyinfo.LocalKeyInfoCredentialResolver Maven / Gradle / Ivy

/*
 * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.opensaml.xml.security.keyinfo;

import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;

import org.opensaml.xml.encryption.Decrypter;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.CredentialResolver;
import org.opensaml.xml.security.criteria.KeyNameCriteria;
import org.opensaml.xml.security.criteria.PublicKeyCriteria;
import org.opensaml.xml.signature.KeyInfo;

/**
 * A simple specialization of {@link BasicProviderKeyInfoCredentialResolver}
 * which is capable of using information from a {@link KeyInfo} to resolve
 * local credentials from a supplied {@link CredentialResolver} which manages local credentials.
 * 
 * 

 * The local credential resolver supplied should manage and return credentials
 * which contain either a secret (symmetric) key or the private key half of a
 * key pair.
 * 
 * 
 * 

 * A typical use case for this class would be as a resolver of decryption keys,
 * such as is needed by {@link Decrypter}.
 * 
 * 
 * 

 * Resolution proceeds as follows:
 * 

 *   
Any credential resolved via the standard {@link BasicProviderKeyInfoCredentialResolver}
 *       resolution process which is not a local credential will be removed
 *       from the effective set of credentials to be returned.  Note that a configured
 *       {@link KeyInfoProvider} may have itself already resolved local credentials using a
 *       different mechanism.  These will not be removed.
 *   
If a credential so removed contained a public key, that key will be used as a
 *       resolution criteria input to the local credential resolver.  Any local credentials
 *       so resolved will be added to the set to be returned.
 *   
Similarly, any key names from {@link KeyInfoResolutionContext#getKeyNames()} will also
 *       be used as resolution criteria for local credentials and the resultant credentials
 *       added to the set to be returned.
 * 
 * 

 */
public class LocalKeyInfoCredentialResolver extends BasicProviderKeyInfoCredentialResolver {
    
    /** The resovler which is used to resolve local credentials. */
    private CredentialResolver localCredResolver;

    /**
     * Constructor.
     *
     * @param keyInfoProviders the list of KeyInfoProvider's to use in this resolver
     * @param localCredentialResolver resolver of local credentials
     */
    public LocalKeyInfoCredentialResolver(List keyInfoProviders,
            CredentialResolver localCredentialResolver) {
        super(keyInfoProviders);
        
        if (localCredentialResolver == null) {
            throw new IllegalArgumentException("Local credential resolver must be supplied");
        }
        
        localCredResolver = localCredentialResolver;
    }
    
    /**
     * Get the resolver for local credentials.
     * 
     * The credentials managed and returned by this resolver should all contain
     * either a secret (symmetric) or private key.
     *
     * @return resolver of local credentials
     */
    public CredentialResolver getLocalCredentialResolver() {
        return localCredResolver;
    }

    /** {@inheritDoc} */
    protected void postProcess(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet,
            List credentials) throws SecurityException {
        
        ArrayList localCreds = new ArrayList();
        
        for (Credential cred : credentials) {
            if (isLocalCredential(cred)) {
                localCreds.add(cred);
            } else if (cred.getPublicKey() != null) {
               localCreds.addAll(resolveByPublicKey(cred.getPublicKey()));
            }
        }
        
        // Also resolve local creds based on any key names that are known
        for (String keyName : kiContext.getKeyNames()) {
            localCreds.addAll(resolveByKeyName(keyName));
        }
        
        credentials.clear();
        credentials.addAll(localCreds);
    }
    
    /**
     * Determine whether the credential is a local credential.
     * 
     * A local credential will have either a private key or a secret (symmetric) key.
     * 
     * @param credential the credential to evaluate
     * @return true if the credential has either a private or secret key, false otherwise
     */
    protected boolean isLocalCredential(Credential credential) {
        return credential.getPrivateKey() != null || credential.getSecretKey() != null;
    }

    /**
     * Resolve credentials from local resolver using key name criteria.
     * 
     * @param keyName the key name criteria
     * @return collection of local credentials identified by the specified key name
     * @throws SecurityException  thrown if there is a problem resolving credentials from the 
     *          local credential resolver
     */
    protected Collection resolveByKeyName(String keyName) throws SecurityException {
        ArrayList localCreds = new ArrayList();
        
        CriteriaSet criteriaSet = new CriteriaSet( new KeyNameCriteria(keyName) );
        for (Credential cred : getLocalCredentialResolver().resolve(criteriaSet)) {
            if (isLocalCredential(cred)) {
                localCreds.add(cred);
            }
        }
        
        return localCreds;
    }

    /**
     * Resolve credentials from local resolver using public key criteria.
     * 
     * @param publicKey the public key criteria
     * @return collection of local credentials which contain the private key
     *          corresponding to the specified public key
     * @throws SecurityException  thrown if there is a problem resolving credentials from the 
     *          local credential resolver
     */
    protected Collection resolveByPublicKey(PublicKey publicKey) throws SecurityException {
        ArrayList localCreds = new ArrayList();
        
        CriteriaSet criteriaSet = new CriteriaSet( new PublicKeyCriteria(publicKey) );
        for (Credential cred : getLocalCredentialResolver().resolve(criteriaSet)) {
            if (isLocalCredential(cred)) {
                localCreds.add(cred);
            }
        }
        
        return localCreds;
    }

}