Package org.opensaml.xmlsec.keyinfo.impl

Class CollectionKeyInfoCredentialResolver

  • All Implemented Interfaces:
    Resolver<Credential,​CriteriaSet>, CredentialResolver, KeyInfoCredentialResolver
    public class CollectionKeyInfoCredentialResolver
extends CollectionCredentialResolver
implements KeyInfoCredentialResolver
    An implementation of KeyInfoCredentialResolver which uses a Collection as the underlying credential source.

    Like the CollectionCredentialResolver, credentials returned are filtered based on any EvaluableCredentialCriterion which may have been present in the specified criteria set, or which are resolved by lookup in the EvaluableCredentialCriteriaRegistry.

    This implementation may be used to address use cases where use of a KeyInfoCredentialResolver is required, but a KeyInfo element containing keys or other keying material is not necessarily supplied or expected in an instance document and keys/credentials are known in advance (e.g. validation keys belonging to a peer, decryption keys belonging to the caller). In this use case, credentials are expected to be resolved from other contextual information, including information possibly supplied as criteria to the resolver. Such credentials would be stored in and returned from the Collection managed by this resolver.

    Note that a KeyInfo element passed in a KeyInfoCriterion in the criteria set is NOT directly processed by this implementation in any way as a source for extracting keys or other key-related material. However, if the evaluable credential criteria registry described above were for example to contain a mapping from KeyInfoCriterion to some type of EvaluableCredentialCriterion, where the latter used KeyInfo-derived information as its basis for evaluation of a credential (e.g. based on contents of a KeyName or X509SubjectName), then such KeyInfo-derived evaluable criteria would be used to filter or select the specific credentials that would be returned from the underlying credential collection of this resolver. Such KeyInfo-derived evaluable criteria may also be specified directly in the criteria set, per the above.

    This implementation might also be used at the end of a chain of KeyInfoCredentialResolvers in order to supply a default, fallback set of credentials, if none could otherwise be resolved.

    • Constructor Detail

      • CollectionKeyInfoCredentialResolver

        public CollectionKeyInfoCredentialResolver()
        Constructor. An ArrayList is used as the underlying collection implementation.

      • CollectionKeyInfoCredentialResolver

        public CollectionKeyInfoCredentialResolver​(@Nonnull @ParameterName(name="credentials")
                                           Collection<Credential> credentials)
        Constructor.
        Parameters:
        credentials - the credential collection which is the backing store for the resolver