All Downloads are FREE. Search and download functionalities are using the official Maven repository.

uk.gov.ida.saml.security.MetadataBackedEncryptionCredentialResolver Maven / Gradle / Ivy

There is a newer version: 3.4.6-277
Show newest version
package uk.gov.ida.saml.security;

import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.saml.criterion.EntityRoleCriterion;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialResolver;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.criteria.UsageCriterion;

import javax.xml.namespace.QName;
import java.text.MessageFormat;
import java.util.Optional;

public class MetadataBackedEncryptionCredentialResolver implements EncryptionCredentialResolver {

    private CredentialResolver credentialResolver;
    private QName role;

    public MetadataBackedEncryptionCredentialResolver(CredentialResolver credentialResolver, QName role) {
        this.credentialResolver = credentialResolver;
        this.role = role;
    }

    @Override
    public Credential getEncryptingCredential(String receiverId) {
        CriteriaSet criteria = new CriteriaSet();
        criteria.add(new EntityIdCriterion(receiverId));
        criteria.add(new EntityRoleCriterion(role));
        criteria.add(new UsageCriterion(UsageType.ENCRYPTION));
        try {
            return Optional.ofNullable(credentialResolver.resolveSingle(criteria))
                    .orElseThrow(() -> new CredentialMissingInMetadataException(receiverId));
        } catch (ResolverException e) {
            throw new RuntimeException(e);
        }
    }

    public static class CredentialMissingInMetadataException extends RuntimeException {

        public static final String PATTERN = "No public key for entity-id: \"{0}\" could be found in the metadata. Metadata could be expired, invalid, or missing entities";

        public CredentialMissingInMetadataException(String receivedId) {
           super(MessageFormat.format(PATTERN, receivedId));
        };

    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy