Package org.opensaml.xmlsec.keyinfo.impl

Class LocalKeyInfoCredentialResolver

  • All Implemented Interfaces:
    Resolver<Credential,​CriteriaSet>, CredentialResolver, KeyInfoCredentialResolver
    public class LocalKeyInfoCredentialResolver
extends BasicProviderKeyInfoCredentialResolver
    A simple specialization of BasicProviderKeyInfoCredentialResolver which is capable of using information from a KeyInfo to resolve local credentials from a supplied CredentialResolver which manages local credentials.

    The local credential resolver supplied should manage and return credentials which contain either a secret (symmetric) key or the private key half of a key pair.

    A typical use case for this class would be as a resolver of decryption keys, such as is needed by Decrypter.

    Resolution proceeds as follows:

    1. Any credential resolved via the standard BasicProviderKeyInfoCredentialResolver resolution process which is not a local credential will be removed from the effective set of credentials to be returned. Note that a configured KeyInfoProvider may have itself already resolved local credentials using a different mechanism. These will not be removed.
    2. If a credential so removed contained a public key, that key will be used as a resolution criteria input to the local credential resolver. Any local credentials so resolved will be added to the set to be returned.
    3. Similarly, any key names from KeyInfoResolutionContext.getKeyNames() will also be used as resolution criteria for local credentials and the resultant credentials added to the set to be returned.

    • Field Detail

      • log

        private final org.slf4j.Logger log
        Logger.

      • localCredResolver

        private final CredentialResolver localCredResolver
        The resolver which is used to resolve local credentials.

    • Method Detail

      • getLocalCredentialResolver

        @Nonnull
public CredentialResolver getLocalCredentialResolver()
        Get the resolver for local credentials. The credentials managed and returned by this resolver should all contain either a secret (symmetric) or private key.
        Returns:
        resolver of local credentials

      • postProcess

        protected void postProcess​(@Nonnull
                           KeyInfoResolutionContext kiContext,
                           @Nullable
                           CriteriaSet criteriaSet,
                           @Nonnull
                           List<Credential> credentials)
                    throws ResolverException
        Hook for subclasses to do post-processing of the credential set after all KeyInfo children have been processed. For example, the previously resolved credentials might be used to index into a store of local credentials, where the index is a key name or the public half of a key pair extracted from the KeyInfo.
        Overrides:
        postProcess in class BasicProviderKeyInfoCredentialResolver
        Parameters:
        kiContext - KeyInfo resolution context
        criteriaSet - the credential criteria used to resolve credentials
        credentials - the list which will store the resolved credentials
        Throws:
        ResolverException - thrown if there is an error during processing

      • isLocalCredential

        protected boolean isLocalCredential​(@Nonnull
                                    Credential credential)
        Determine whether the credential is a local credential. A local credential will have either a private key or a secret (symmetric) key.
        Parameters:
        credential - the credential to evaluate
        Returns:
        true if the credential has either a private or secret key, false otherwise

      • resolveByKeyName

        @Nonnull
protected Collection<? extends Credential> resolveByKeyName​(@Nonnull
                                                            String keyName)
                                                     throws ResolverException
        Resolve credentials from local resolver using key name criteria.
        Parameters:
        keyName - the key name criteria
        Returns:
        collection of local credentials identified by the specified key name
        Throws:
        ResolverException - thrown if there is a problem resolving credentials from the local credential resolver

      • resolveByPublicKey

        @Nonnull
protected Collection<? extends Credential> resolveByPublicKey​(@Nonnull
                                                              PublicKey publicKey)
                                                       throws ResolverException
        Resolve credentials from local resolver using public key criteria.
        Parameters:
        publicKey - the public key criteria
        Returns:
        collection of local credentials which contain the private key corresponding to the specified public key
        Throws:
        ResolverException - thrown if there is a problem resolving credentials from the local credential resolver