Package org.opensaml.xmlsec.encryption.support

Class SimpleKeyInfoReferenceEncryptedKeyResolver

java.lang.Object
org.opensaml.xmlsec.encryption.support.AbstractEncryptedKeyResolver
org.opensaml.xmlsec.encryption.support.SimpleKeyInfoReferenceEncryptedKeyResolver
All Implemented Interfaces:
EncryptedKeyResolver
public class SimpleKeyInfoReferenceEncryptedKeyResolver extends AbstractEncryptedKeyResolver
Implementation of EncryptedKeyResolver which finds EncryptedKey elements by dereferencing KeyInfoReference children of the KeyInfo of the EncryptedData context. The URI attribute value must be a same-document fragment identifier (via ID attribute). Processing of external resources is not supported. Furthermore, the target of the reference must itself contain either an EncryptedKey or a subsequent KeyInfoReference, up to a depth limit. Other forms of resolution cannot be mixed together with this one.

  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.

    • depthLimit

      private int depthLimit
      Number of times to follow a reference before failing.

  • Constructor Details

    • SimpleKeyInfoReferenceEncryptedKeyResolver

      public SimpleKeyInfoReferenceEncryptedKeyResolver()
      Constructor.

    • SimpleKeyInfoReferenceEncryptedKeyResolver

      @Deprecated public SimpleKeyInfoReferenceEncryptedKeyResolver(@Nullable Set<String> recipients)
      Deprecated.
      Constructor.
      Parameters:
      recipients - the set of recipients

    • SimpleKeyInfoReferenceEncryptedKeyResolver

      @Deprecated public SimpleKeyInfoReferenceEncryptedKeyResolver(@Nullable String recipient)
      Deprecated.
      Constructor.
      Parameters:
      recipient - the recipient

  • Method Details

    • getDepthLimit

      public int getDepthLimit()
      Gets the reference depth limit.
      Returns:
      the depth limit

    • setDepthLimit

      public void setDepthLimit(int limit)
      Sets the reference depth limit, to a minimum of 1.
      Parameters:
      limit - limit to set

    • resolve

      @Nonnull public Iterable<EncryptedKey> resolve(@Nonnull EncryptedData encryptedData, @Nullable Set<String> recipients)
      Resolve the EncryptedKey elements containing the data encryption key used to encrypt the specified EncryptedData element.
      Parameters:
      encryptedData - the EncryptedData element context in which to resolve
      recipients - the recipients to use during resolution
      Returns:
      an iterable of EncryptedKey elements

    • resolveKeyInfo

      @Nonnull protected Iterable<EncryptedKey> resolveKeyInfo(@Nullable KeyInfo keyInfo, int limit, @Nonnull @NonnullElements @Unmodifiable @NotLive Set<String> validRecipients)
      Turn a KeyInfo into an EncryptedKey collection.
      Parameters:
      keyInfo - KeyInfo to process
      limit - depth of references to follow
      validRecipients - recipients to consider valid for matching purposes.
      Returns:
      encrypted keys

    • dereferenceURI

      @Nullable protected KeyInfo dereferenceURI(@Nonnull KeyInfoReference ref)
      Dereference the URI attribute of the specified retrieval method into a KeyInfo.
      Parameters:
      ref - the KeyInfoReference to process
      Returns:
      the dereferenced KeyInfo