Package org.opensaml.security.credential.impl

Class KeyStoreCredentialResolver

  • All Implemented Interfaces:
    net.shibboleth.utilities.java.support.resolver.Resolver<org.opensaml.security.credential.Credential,​net.shibboleth.utilities.java.support.resolver.CriteriaSet>, org.opensaml.security.credential.CredentialResolver
    public class KeyStoreCredentialResolver
extends AbstractCriteriaFilteringCredentialResolver
    A CredentialResolver that extracts Credential's from a key store.

    If no key usage type is presented at construction time this resolver will return the key, if available, regardless of the usage type provided to its resolve method.

    Resolution will fail if an EntityIdCriterion is not part of the input criteria set.

    • Field Detail

      • log

        private final org.slf4j.Logger log
        Class logger.

      • keyStore

        private final KeyStore keyStore
        Key store credentials are retrieved from.

      • keyPasswords

        private final Map<String,​String> keyPasswords
        Passwords for keys. The key must be the entityID, the value the password.

      • keystoreUsage

        private final org.opensaml.security.credential.UsageType keystoreUsage
        Usage type of all keys in the store.

    • Constructor Detail

      • KeyStoreCredentialResolver

        public KeyStoreCredentialResolver​(@Nonnull
                                  KeyStore store,
                                  @Nonnull
                                  Map<String,​String> passwords)
        Constructor.
        Parameters:
        store - key store credentials are retrieved from
        passwords - for key entries, map key is the entity id, map value is the password

      • KeyStoreCredentialResolver

        public KeyStoreCredentialResolver​(@Nonnull
                                  KeyStore store,
                                  @Nonnull
                                  Map<String,​String> passwords,
                                  @Nullable
                                  org.opensaml.security.credential.UsageType usage)
        Constructor.
        Parameters:
        store - key store credentials are retrieved from
        passwords - for key entries, map key is the entity id, map value is the password
        usage - usage type of all keys in the store

    • Method Detail

      • resolveFromSource

        @Nonnull
protected Iterable<org.opensaml.security.credential.Credential> resolveFromSource​(@Nullable
                                                                                  net.shibboleth.utilities.java.support.resolver.CriteriaSet criteriaSet)
                                                                           throws net.shibboleth.utilities.java.support.resolver.ResolverException
        Subclasses are required to implement this method to resolve credentials from the implementation-specific type of underlying credential source.
        Specified by:
        resolveFromSource in class AbstractCriteriaFilteringCredentialResolver
        Parameters:
        criteriaSet - the set of criteria used to resolve credentials from the credential source
        Returns:
        an Iterable for the resolved set of credentials
        Throws:
        net.shibboleth.utilities.java.support.resolver.ResolverException - thrown if there is an error resolving credentials from the credential source

      • checkCriteriaRequirements

        protected void checkCriteriaRequirements​(@Nullable
                                         net.shibboleth.utilities.java.support.resolver.CriteriaSet criteriaSet)
        Check that required credential criteria are available.
        Parameters:
        criteriaSet - the credential criteria set to evaluate

      • matchUsage

        protected boolean matchUsage​(@Nonnull
                             org.opensaml.security.credential.UsageType keyStoreUsage,
                             @Nonnull
                             org.opensaml.security.credential.UsageType criteriaUsage)
        Match usage enum type values from keystore configured usage and from credential criteria.
        Parameters:
        keyStoreUsage - the usage type configured for the keystore
        criteriaUsage - the value from credential criteria
        Returns:
        true if the two usage specifiers match for purposes of resolving credentials, false otherwise

      • buildCredential

        @Nonnull
protected org.opensaml.security.credential.Credential buildCredential​(@Nonnull
                                                                      KeyStore.Entry keyStoreEntry,
                                                                      @Nonnull
                                                                      String entityID,
                                                                      @Nonnull
                                                                      org.opensaml.security.credential.UsageType usage)
                                                               throws net.shibboleth.utilities.java.support.resolver.ResolverException
        Build a credential instance from the key store entry.
        Parameters:
        keyStoreEntry - the key store entry to process
        entityID - the entityID to include in the credential
        usage - the usage type to include in the credential
        Returns:
        the new credential instance, appropriate to the type of key store entry being processed
        Throws:
        net.shibboleth.utilities.java.support.resolver.ResolverException - throw if there is a problem building a credential from the key store entry

      • processTrustedCertificateEntry

        protected org.opensaml.security.x509.X509Credential processTrustedCertificateEntry​(@Nonnull
                                                                                   KeyStore.TrustedCertificateEntry trustedCertEntry,
                                                                                   @Nonnull
                                                                                   String entityID,
                                                                                   @Nonnull
                                                                                   org.opensaml.security.credential.UsageType usage)
        Build an X509Credential from a keystore trusted certificate entry.
        Parameters:
        trustedCertEntry - the entry being processed
        entityID - the entityID to set
        usage - the usage type to set
        Returns:
        new X509Credential instance

      • processPrivateKeyEntry

        protected org.opensaml.security.x509.X509Credential processPrivateKeyEntry​(@Nonnull
                                                                           KeyStore.PrivateKeyEntry privateKeyEntry,
                                                                           @Nonnull
                                                                           String entityID,
                                                                           @Nonnull
                                                                           org.opensaml.security.credential.UsageType usage)
        Build an X509Credential from a keystore private key entry.
        Parameters:
        privateKeyEntry - the entry being processed
        entityID - the entityID to set
        usage - the usage type to set
        Returns:
        new X509Credential instance

      • processSecretKeyEntry

        protected org.opensaml.security.credential.Credential processSecretKeyEntry​(@Nonnull
                                                                            KeyStore.SecretKeyEntry secretKeyEntry,
                                                                            @Nonnull
                                                                            String entityID,
                                                                            @Nonnull
                                                                            org.opensaml.security.credential.UsageType usage)
        Build a Credential from a keystore secret key entry.
        Parameters:
        secretKeyEntry - the entry being processed
        entityID - the entityID to set
        usage - the usage type to set
        Returns:
        new Credential instance