Package org.opensaml.security.credential.impl

Class KeyStoreCredentialResolver

java.lang.Object
org.opensaml.security.credential.impl.AbstractCredentialResolver
org.opensaml.security.credential.impl.AbstractCriteriaFilteringCredentialResolver
org.opensaml.security.credential.impl.KeyStoreCredentialResolver
All Implemented Interfaces:
Resolver<Credential,CriteriaSet>, CredentialResolver
public class KeyStoreCredentialResolver extends AbstractCriteriaFilteringCredentialResolver
A CredentialResolver that extracts Credential's from a key store.

If no key usage type is presented at construction time this resolver will return the key, if available, regardless of the usage type provided to its resolve method.

Resolution will fail if an EntityIdCriterion is not part of the input criteria set.

  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.

    • keyStore

      @Nonnull private final KeyStore keyStore
      Key store credentials are retrieved from.

    • keyPasswords

      @Nonnull private final Map<String,String> keyPasswords
      Passwords for keys. The key must be the entityID, the value the password.

    • keystoreUsage

      @Nonnull private final UsageType keystoreUsage
      Usage type of all keys in the store.

  • Constructor Details

    • KeyStoreCredentialResolver

      public KeyStoreCredentialResolver(@Nonnull KeyStore store, @Nonnull Map<String,String> passwords)
      Constructor.
      Parameters:
      store - key store credentials are retrieved from
      passwords - for key entries, map key is the entity id, map value is the password

    • KeyStoreCredentialResolver

      public KeyStoreCredentialResolver(@Nonnull KeyStore store, @Nonnull Map<String,String> passwords, @Nullable UsageType usage)
      Constructor.
      Parameters:
      store - key store credentials are retrieved from
      passwords - for key entries, map key is the entity id, map value is the password
      usage - usage type of all keys in the store

  • Method Details

    • resolveFromSource

      @Nonnull protected Iterable<Credential> resolveFromSource(@Nullable CriteriaSet criteriaSet) throws ResolverException
      Subclasses are required to implement this method to resolve credentials from the implementation-specific type of underlying credential source.
      Specified by:
      resolveFromSource in class AbstractCriteriaFilteringCredentialResolver
      Parameters:
      criteriaSet - the set of criteria used to resolve credentials from the credential source
      Returns:
      an Iterable for the resolved set of credentials
      Throws:
      ResolverException - thrown if there is an error resolving credentials from the credential source

    • checkCriteriaRequirements

      @Nonnull protected EntityIdCriterion checkCriteriaRequirements(@Nullable CriteriaSet criteriaSet)
      Check that required credential criteria are available.
      Parameters:
      criteriaSet - the credential criteria set to evaluate
      Returns:
      the required EntityIdCriterion.

    • matchUsage

      protected boolean matchUsage(@Nonnull UsageType keyStoreUsage, @Nonnull UsageType criteriaUsage)
      Match usage enum type values from keystore configured usage and from credential criteria.
      Parameters:
      keyStoreUsage - the usage type configured for the keystore
      criteriaUsage - the value from credential criteria
      Returns:
      true if the two usage specifiers match for purposes of resolving credentials, false otherwise

    • buildCredential

      @Nonnull protected Credential buildCredential(@Nonnull KeyStore.Entry keyStoreEntry, @Nonnull String entityID, @Nonnull UsageType usage) throws ResolverException
      Build a credential instance from the key store entry.
      Parameters:
      keyStoreEntry - the key store entry to process
      entityID - the entityID to include in the credential
      usage - the usage type to include in the credential
      Returns:
      the new credential instance, appropriate to the type of key store entry being processed
      Throws:
      ResolverException - throw if there is a problem building a credential from the key store entry

    • processTrustedCertificateEntry

      @Nonnull protected X509Credential processTrustedCertificateEntry(@Nonnull KeyStore.TrustedCertificateEntry trustedCertEntry, @Nonnull String entityID, @Nonnull UsageType usage)
      Build an X509Credential from a keystore trusted certificate entry.
      Parameters:
      trustedCertEntry - the entry being processed
      entityID - the entityID to set
      usage - the usage type to set
      Returns:
      new X509Credential instance

    • processPrivateKeyEntry

      @Nonnull protected X509Credential processPrivateKeyEntry(@Nonnull KeyStore.PrivateKeyEntry privateKeyEntry, @Nonnull String entityID, @Nonnull UsageType usage)
      Build an X509Credential from a keystore private key entry.
      Parameters:
      privateKeyEntry - the entry being processed
      entityID - the entityID to set
      usage - the usage type to set
      Returns:
      new X509Credential instance

    • processSecretKeyEntry

      @Nonnull protected Credential processSecretKeyEntry(@Nonnull KeyStore.SecretKeyEntry secretKeyEntry, @Nonnull String entityID, @Nonnull UsageType usage)
      Build a Credential from a keystore secret key entry.
      Parameters:
      secretKeyEntry - the entry being processed
      entityID - the entityID to set
      usage - the usage type to set
      Returns:
      new Credential instance