org.opensaml.security.credential.impl

Class KeyStoreCredentialResolver

java.lang.Object

org.opensaml.security.credential.impl.AbstractCredentialResolver

org.opensaml.security.credential.impl.AbstractCriteriaFilteringCredentialResolver

org.opensaml.security.credential.impl.KeyStoreCredentialResolver

All Implemented Interfaces:

net.shibboleth.utilities.java.support.resolver.Resolver<Credential,net.shibboleth.utilities.java.support.resolver.CriteriaSet>, CredentialResolver

public class KeyStoreCredentialResolver
extends AbstractCriteriaFilteringCredentialResolver

A CredentialResolver that extracts Credential's from a key store.

If no key usage type is presented at construction time this resolver will return the key, if available, regardless of the usage type provided to its resolve method.

Resolution will fail if an EntityIdCriterion is not part of the input criteria set.

Field Summary

Fields

Modifier and Type	Field and Description
private java.util.Map<java.lang.String,java.lang.String>	keyPasswords Passwords for keys.
private java.security.KeyStore	keyStore Key store credentials are retrieved from.
private UsageType	keystoreUsage Usage type of all keys in the store.
private org.slf4j.Logger	log Class logger.

Constructor Summary

Constructors

Constructor and Description
KeyStoreCredentialResolver(java.security.KeyStore store, java.util.Map<java.lang.String,java.lang.String> passwords) Constructor.
KeyStoreCredentialResolver(java.security.KeyStore store, java.util.Map<java.lang.String,java.lang.String> passwords, UsageType usage) Constructor.

Method Summary

Modifier and Type	Method and Description
protected Credential	buildCredential(java.security.KeyStore.Entry keyStoreEntry, java.lang.String entityID, UsageType usage) Build a credential instance from the key store entry.
protected void	checkCriteriaRequirements(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteriaSet) Check that required credential criteria are available.
protected boolean	matchUsage(UsageType keyStoreUsage, UsageType criteriaUsage) Match usage enum type values from keystore configured usage and from credential criteria.
protected X509Credential	processPrivateKeyEntry(java.security.KeyStore.PrivateKeyEntry privateKeyEntry, java.lang.String entityID, UsageType usage) Build an X509Credential from a keystore private key entry.
protected Credential	processSecretKeyEntry(java.security.KeyStore.SecretKeyEntry secretKeyEntry, java.lang.String entityID, UsageType usage) Build a Credential from a keystore secret key entry.
protected X509Credential	processTrustedCertificateEntry(java.security.KeyStore.TrustedCertificateEntry trustedCertEntry, java.lang.String entityID, UsageType usage) Build an X509Credential from a keystore trusted certificate entry.
protected java.lang.Iterable<Credential>	resolveFromSource(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteriaSet) Subclasses are required to implement this method to resolve credentials from the implementation-specific type of underlying credential source.

Methods inherited from class org.opensaml.security.credential.impl.AbstractCriteriaFilteringCredentialResolver

isSatisfyAllPredicates, resolve, setSatisfyAllPredicates

Methods inherited from class org.opensaml.security.credential.impl.AbstractCredentialResolver

resolveSingle

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

private final org.slf4j.Logger log

Class logger.

keyStore

private final java.security.KeyStore keyStore

Key store credentials are retrieved from.

keyPasswords

private final java.util.Map<java.lang.String,java.lang.String> keyPasswords

Passwords for keys. The key must be the entityID, the value the password.

keystoreUsage

private final UsageType keystoreUsage

Usage type of all keys in the store.

Constructor Detail

KeyStoreCredentialResolver

public KeyStoreCredentialResolver(@Nonnull
                                  java.security.KeyStore store,
                                  @Nonnull
                                  java.util.Map<java.lang.String,java.lang.String> passwords)

Constructor.

Parameters:

store - key store credentials are retrieved from

passwords - for key entries, map key is the entity id, map value is the password

KeyStoreCredentialResolver

public KeyStoreCredentialResolver(@Nonnull
                                  java.security.KeyStore store,
                                  @Nonnull
                                  java.util.Map<java.lang.String,java.lang.String> passwords,
                                  @Nullable
                                  UsageType usage)

Constructor.

Parameters:

store - key store credentials are retrieved from

passwords - for key entries, map key is the entity id, map value is the password

usage - usage type of all keys in the store

Method Detail

resolveFromSource

@Nonnull
protected java.lang.Iterable<Credential> resolveFromSource(@Nullable
                                                                    net.shibboleth.utilities.java.support.resolver.CriteriaSet criteriaSet)
                                                             throws net.shibboleth.utilities.java.support.resolver.ResolverException

Subclasses are required to implement this method to resolve credentials from the implementation-specific type of underlying credential source.

Specified by:

resolveFromSource in class AbstractCriteriaFilteringCredentialResolver

Parameters:

criteriaSet - the set of criteria used to resolve credentials from the credential source

Returns:

an Iterable for the resolved set of credentials

Throws:

net.shibboleth.utilities.java.support.resolver.ResolverException - thrown if there is an error resolving credentials from the credential source

checkCriteriaRequirements

protected void checkCriteriaRequirements(@Nullable
                                         net.shibboleth.utilities.java.support.resolver.CriteriaSet criteriaSet)

Check that required credential criteria are available.

Parameters:

criteriaSet - the credential criteria set to evaluate

matchUsage

protected boolean matchUsage(@Nonnull
                             UsageType keyStoreUsage,
                             @Nonnull
                             UsageType criteriaUsage)

Match usage enum type values from keystore configured usage and from credential criteria.

Parameters:

keyStoreUsage - the usage type configured for the keystore

criteriaUsage - the value from credential criteria

Returns:

true if the two usage specifiers match for purposes of resolving credentials, false otherwise

buildCredential

@Nonnull
protected Credential buildCredential(@Nonnull
                                              java.security.KeyStore.Entry keyStoreEntry,
                                              @Nonnull
                                              java.lang.String entityID,
                                              @Nonnull
                                              UsageType usage)
                                       throws net.shibboleth.utilities.java.support.resolver.ResolverException

Build a credential instance from the key store entry.

Parameters:

keyStoreEntry - the key store entry to process

entityID - the entityID to include in the credential

usage - the usage type to include in the credential

Returns:

the new credential instance, appropriate to the type of key store entry being processed

Throws:

net.shibboleth.utilities.java.support.resolver.ResolverException - throw if there is a problem building a credential from the key store entry

processTrustedCertificateEntry

protected X509Credential processTrustedCertificateEntry(@Nonnull
                                                        java.security.KeyStore.TrustedCertificateEntry trustedCertEntry,
                                                        @Nonnull
                                                        java.lang.String entityID,
                                                        @Nonnull
                                                        UsageType usage)

Build an X509Credential from a keystore trusted certificate entry.

Parameters:

trustedCertEntry - the entry being processed

entityID - the entityID to set

usage - the usage type to set

Returns:

new X509Credential instance

processPrivateKeyEntry

protected X509Credential processPrivateKeyEntry(@Nonnull
                                                java.security.KeyStore.PrivateKeyEntry privateKeyEntry,
                                                @Nonnull
                                                java.lang.String entityID,
                                                @Nonnull
                                                UsageType usage)

Build an X509Credential from a keystore private key entry.

Parameters:

privateKeyEntry - the entry being processed

entityID - the entityID to set

usage - the usage type to set

Returns:

new X509Credential instance

processSecretKeyEntry

protected Credential processSecretKeyEntry(@Nonnull
                                           java.security.KeyStore.SecretKeyEntry secretKeyEntry,
                                           @Nonnull
                                           java.lang.String entityID,
                                           @Nonnull
                                           UsageType usage)

Build a Credential from a keystore secret key entry.

Parameters:

secretKeyEntry - the entry being processed

entityID - the entityID to set

usage - the usage type to set

Returns:

new Credential instance