Package org.opensaml.xmlsec.keyinfo.impl
Class LocalKeyInfoCredentialResolver
- java.lang.Object
-
- org.opensaml.security.credential.impl.AbstractCredentialResolver
-
- org.opensaml.security.credential.impl.AbstractCriteriaFilteringCredentialResolver
-
- org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver
-
- org.opensaml.xmlsec.keyinfo.impl.LocalKeyInfoCredentialResolver
-
- All Implemented Interfaces:
net.shibboleth.utilities.java.support.resolver.Resolver<org.opensaml.security.credential.Credential,net.shibboleth.utilities.java.support.resolver.CriteriaSet>,org.opensaml.security.credential.CredentialResolver,org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver
public class LocalKeyInfoCredentialResolver extends BasicProviderKeyInfoCredentialResolver
A simple specialization ofBasicProviderKeyInfoCredentialResolverwhich is capable of using information from aKeyInfoto resolve local credentials from a suppliedCredentialResolverwhich manages local credentials.The local credential resolver supplied should manage and return credentials which contain either a secret (symmetric) key or the private key half of a key pair.
A typical use case for this class would be as a resolver of decryption keys, such as is needed by
Decrypter.Resolution proceeds as follows:
- Any credential resolved via the standard
BasicProviderKeyInfoCredentialResolverresolution process which is not a local credential will be removed from the effective set of credentials to be returned. Note that a configuredKeyInfoProvidermay have itself already resolved local credentials using a different mechanism. These will not be removed. - If a credential so removed contained a public key, that key will be used as a resolution criteria input to the local credential resolver. Any local credentials so resolved will be added to the set to be returned.
- Similarly, any key names from
KeyInfoResolutionContext.getKeyNames()will also be used as resolution criteria for local credentials and the resultant credentials added to the set to be returned.
-
-
Field Summary
Fields Modifier and Type Field Description private org.opensaml.security.credential.CredentialResolverlocalCredResolverThe resolver which is used to resolve local credentials.
-
Constructor Summary
Constructors Constructor Description LocalKeyInfoCredentialResolver(List<KeyInfoProvider> keyInfoProviders, org.opensaml.security.credential.CredentialResolver localCredentialResolver)Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description org.opensaml.security.credential.CredentialResolvergetLocalCredentialResolver()Get the resolver for local credentials.protected booleanisLocalCredential(org.opensaml.security.credential.Credential credential)Determine whether the credential is a local credential.protected voidpostProcess(KeyInfoResolutionContext kiContext, net.shibboleth.utilities.java.support.resolver.CriteriaSet criteriaSet, List<org.opensaml.security.credential.Credential> credentials)Hook for subclasses to do post-processing of the credential set after all KeyInfo children have been processed.protected Collection<? extends org.opensaml.security.credential.Credential>resolveByKeyName(String keyName)Resolve credentials from local resolver using key name criteria.protected Collection<? extends org.opensaml.security.credential.Credential>resolveByPublicKey(PublicKey publicKey)Resolve credentials from local resolver using public key criteria.-
Methods inherited from class org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver
buildBasicCredential, extractKeyValue, getProviders, initResolutionContext, postProcessEmptyCredentials, processKeyInfoChild, processKeyInfoChildren, resolveFromSource, resolveKeyValue
-
Methods inherited from class org.opensaml.security.credential.impl.AbstractCriteriaFilteringCredentialResolver
isSatisfyAllPredicates, resolve, setSatisfyAllPredicates
-
Methods inherited from class org.opensaml.security.credential.impl.AbstractCredentialResolver
resolveSingle
-
-
-
-
Constructor Detail
-
LocalKeyInfoCredentialResolver
public LocalKeyInfoCredentialResolver(@Nonnull @ParameterName(name="keyInfoProviders") List<KeyInfoProvider> keyInfoProviders, @Nonnull @ParameterName(name="localCredentialResolver") org.opensaml.security.credential.CredentialResolver localCredentialResolver)Constructor.- Parameters:
keyInfoProviders- the list ofKeyInfoProviders to use in this resolverlocalCredentialResolver- resolver of local credentials
-
-
Method Detail
-
getLocalCredentialResolver
@Nonnull public org.opensaml.security.credential.CredentialResolver getLocalCredentialResolver()
Get the resolver for local credentials. The credentials managed and returned by this resolver should all contain either a secret (symmetric) or private key.- Returns:
- resolver of local credentials
-
postProcess
protected void postProcess(@Nonnull KeyInfoResolutionContext kiContext, @Nullable net.shibboleth.utilities.java.support.resolver.CriteriaSet criteriaSet, @Nonnull List<org.opensaml.security.credential.Credential> credentials) throws net.shibboleth.utilities.java.support.resolver.ResolverExceptionHook for subclasses to do post-processing of the credential set after all KeyInfo children have been processed. For example, the previously resolved credentials might be used to index into a store of local credentials, where the index is a key name or the public half of a key pair extracted from the KeyInfo.- Overrides:
postProcessin classBasicProviderKeyInfoCredentialResolver- Parameters:
kiContext- KeyInfo resolution contextcriteriaSet- the credential criteria used to resolve credentialscredentials- the list which will store the resolved credentials- Throws:
net.shibboleth.utilities.java.support.resolver.ResolverException- thrown if there is an error during processing
-
isLocalCredential
protected boolean isLocalCredential(@Nonnull org.opensaml.security.credential.Credential credential)Determine whether the credential is a local credential. A local credential will have either a private key or a secret (symmetric) key.- Parameters:
credential- the credential to evaluate- Returns:
- true if the credential has either a private or secret key, false otherwise
-
resolveByKeyName
@Nonnull protected Collection<? extends org.opensaml.security.credential.Credential> resolveByKeyName(@Nonnull String keyName) throws net.shibboleth.utilities.java.support.resolver.ResolverException
Resolve credentials from local resolver using key name criteria.- Parameters:
keyName- the key name criteria- Returns:
- collection of local credentials identified by the specified key name
- Throws:
net.shibboleth.utilities.java.support.resolver.ResolverException- thrown if there is a problem resolving credentials from the local credential resolver
-
resolveByPublicKey
@Nonnull protected Collection<? extends org.opensaml.security.credential.Credential> resolveByPublicKey(@Nonnull PublicKey publicKey) throws net.shibboleth.utilities.java.support.resolver.ResolverException
Resolve credentials from local resolver using public key criteria.- Parameters:
publicKey- the public key criteria- Returns:
- collection of local credentials which contain the private key corresponding to the specified public key
- Throws:
net.shibboleth.utilities.java.support.resolver.ResolverException- thrown if there is a problem resolving credentials from the local credential resolver
-
-