org.opensaml.xmlsec.algorithm

Class AlgorithmSupport

java.lang.Object

org.opensaml.xmlsec.algorithm.AlgorithmSupport

public final class AlgorithmSupport
extends java.lang.Object

Helper methods for working with XML security algorithm URI's.

Field Summary

Fields

Modifier and Type	Field and Description
private static org.slf4j.Logger	LOG Logger.

Constructor Summary

Constructors

Modifier	Constructor and Description
private	AlgorithmSupport() Constructor.

Method Summary

Modifier and Type	Method and Description
static boolean	checkKeyAlgorithmAndLength(java.security.Key key, AlgorithmDescriptor algorithm) Check that the supplied key is consistent with the supplied algorithm's specified key algorithm and key length, where applicable.
static boolean	credentialSupportsAlgorithmForEncryption(Credential credential, AlgorithmDescriptor algorithm) Check whether the supplied credential may be used with the supplied algorithm for the purpose of encryption.
static boolean	credentialSupportsAlgorithmForSigning(Credential credential, AlgorithmDescriptor algorithm) Check whether the supplied credential may be used with the supplied algorithm for the purpose of signing.
static java.security.KeyPair	generateKeyPair(java.lang.String algoURI, int keyLength) Randomly generates a Java JCE KeyPair object from the specified XML Encryption algorithm URI.
static Credential	generateKeyPairAndCredential(java.lang.String algorithmURI, int keyLength, boolean includePrivate) Generate a random asymmetric key pair and return in a BasicCredential.
static javax.crypto.SecretKey	generateSymmetricKey(java.lang.String algoURI) Generates a random Java JCE symmetric Key object from the specified XML Encryption algorithm URI.
static Credential	generateSymmetricKeyAndCredential(java.lang.String algorithmURI) Generate a random symmetric key and return in a BasicCredential.
static java.lang.String	getAlgorithmID(java.lang.String algorithmURI) Get the Java security JCA/JCE algorithm identifier associated with an algorithm URI.
static AlgorithmRegistry	getGlobalAlgorithmRegistry() Get the global AlgorithmRegistry instance.
static java.lang.String	getKeyAlgorithm(java.lang.String algorithmURI) Get the Java security JCA/JCE key algorithm specifier associated with an algorithm URI.
static java.lang.Integer	getKeyLength(java.lang.String algorithmURI) Get the length of the key indicated by the algorithm URI, if applicable and available.
private static org.slf4j.Logger	getLogger() Get an SLF4J Logger.
static boolean	isDataEncryptionAlgorithm(AlgorithmDescriptor algorithm) Check whether the supplied descriptor represents an algorithm that my be used for data encryption, i.e.
static boolean	isHMAC(java.lang.String signatureAlgorithm) Check whether the signature method algorithm URI indicates HMAC.
static boolean	isKeyEncryptionAlgorithm(AlgorithmDescriptor algorithm) Check whether the supplied descriptor represents an algorithm that my be used for key encryption, i.e.
static boolean	isRSAOAEP(java.lang.String keyTransportAlgorithm) Check whether the key transport encryption algorithm URI indicates RSA-OAEP.
static boolean	validateAlgorithmURI(java.lang.String algorithmURI, java.util.Collection<java.lang.String> whitelistedAlgorithmURIs, java.util.Collection<java.lang.String> blacklistedAlgorithmURIs) Validate the supplied algorithm URI against the specified whitelist and blacklist.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

private static final org.slf4j.Logger LOG

Logger.

Constructor Detail

AlgorithmSupport

private AlgorithmSupport()

Constructor.

Method Detail

getGlobalAlgorithmRegistry

@Nullable
public static AlgorithmRegistry getGlobalAlgorithmRegistry()

Get the global AlgorithmRegistry instance.

Returns:

the global algorithm registry, or null if nothing registered

isKeyEncryptionAlgorithm

public static boolean isKeyEncryptionAlgorithm(@Nullable
                                               AlgorithmDescriptor algorithm)

Check whether the supplied descriptor represents an algorithm that my be used for key encryption, i.e. a key transport or symmetric key wrap algorithm.

Parameters:

algorithm - the algorithm descriptor to evaluate

Returns:

true if the algorithm may be used for key encryption, false otherwise

isDataEncryptionAlgorithm

public static boolean isDataEncryptionAlgorithm(@Nullable
                                                AlgorithmDescriptor algorithm)

Check whether the supplied descriptor represents an algorithm that my be used for data encryption, i.e. a block encryption algorithm.

Parameters:

algorithm - the algorithm descriptor to evaluate

Returns:

true if the algorithm may be used for key encryption, false otherwise

credentialSupportsAlgorithmForSigning

public static boolean credentialSupportsAlgorithmForSigning(@Nullable
                                                            Credential credential,
                                                            @Nullable
                                                            AlgorithmDescriptor algorithm)

Check whether the supplied credential may be used with the supplied algorithm for the purpose of signing.

This checks the consistency of the type of credential signing key and the algorithm type, as well as the key algorithm and length where applicable.

Parameters:

credential - the candidate signing credential to evaluate

algorithm - the candidate signing algorithm to evaluate

Returns:

true if the credential may be used with the algorithm for signing, false otherwise

credentialSupportsAlgorithmForEncryption

public static boolean credentialSupportsAlgorithmForEncryption(@Nullable
                                                               Credential credential,
                                                               @Nullable
                                                               AlgorithmDescriptor algorithm)

Check whether the supplied credential may be used with the supplied algorithm for the purpose of encryption.

This checks the consistency of the extracted credential encryption key and the algorithm type, as well as the key algorithm and length where applicable.

Parameters:

credential - the candidate encryption credential to evaluate

algorithm - the candidate encryption algorithm to evaluate

Returns:

true if the credential may be used with the algorithm for encryption, false otherwise

checkKeyAlgorithmAndLength

public static boolean checkKeyAlgorithmAndLength(@Nonnull
                                                 java.security.Key key,
                                                 @Nonnull
                                                 AlgorithmDescriptor algorithm)

Check that the supplied key is consistent with the supplied algorithm's specified key algorithm and key length, where applicable.

Parameters:

key - the key to evaluate

algorithm - the algorithm to evaluate

Returns:

true if the key is consistent with key algorithm and length specified by the algorithm (if any) false otherwise

getAlgorithmID

@Nullable
public static java.lang.String getAlgorithmID(@Nonnull
                                                        java.lang.String algorithmURI)

Get the Java security JCA/JCE algorithm identifier associated with an algorithm URI.

Parameters:

algorithmURI - the algorithm URI to evaluate

Returns:

the Java algorithm identifier, or null if the mapping is unavailable or indeterminable from the URI

isRSAOAEP

public static boolean isRSAOAEP(@Nonnull
                                java.lang.String keyTransportAlgorithm)

Check whether the key transport encryption algorithm URI indicates RSA-OAEP.

Parameters:

keyTransportAlgorithm - the key transport encryption algorithm URI

Returns:

true if URI indicates RSA-OAEP, false otherwise

isHMAC

public static boolean isHMAC(@Nonnull
                             java.lang.String signatureAlgorithm)

Check whether the signature method algorithm URI indicates HMAC.

Parameters:

signatureAlgorithm - the signature method algorithm URI

Returns:

true if URI indicates HMAC, false otherwise

getKeyAlgorithm

@Nullable
public static java.lang.String getKeyAlgorithm(@Nonnull
                                                         java.lang.String algorithmURI)

Get the Java security JCA/JCE key algorithm specifier associated with an algorithm URI.

Parameters:

algorithmURI - the algorithm URI to evaluate

Returns:

the Java key algorithm specifier, or null if the mapping is unavailable or indeterminable from the URI

getKeyLength

@Nullable
public static java.lang.Integer getKeyLength(@Nonnull
                                                       java.lang.String algorithmURI)

Get the length of the key indicated by the algorithm URI, if applicable and available.

Parameters:

algorithmURI - the algorithm URI to evaluate

Returns:

the length of the key indicated by the algorithm URI, or null if the length is either unavailable or indeterminable from the URI

generateSymmetricKey

@Nonnull
public static javax.crypto.SecretKey generateSymmetricKey(@Nonnull
                                                                   java.lang.String algoURI)
                                                            throws java.security.NoSuchAlgorithmException,
                                                                   java.security.KeyException

Generates a random Java JCE symmetric Key object from the specified XML Encryption algorithm URI.

Parameters:

algoURI - The XML Encryption algorithm URI

Returns:

a randomly-generated symmetric Key

Throws:

java.security.NoSuchAlgorithmException - thrown if the specified algorithm is invalid

java.security.KeyException - thrown if the length of the key to generate could not be determined

generateKeyPair

@Nonnull
public static java.security.KeyPair generateKeyPair(@Nonnull
                                                             java.lang.String algoURI,
                                                             int keyLength)
                                                      throws java.security.NoSuchAlgorithmException,
                                                             java.security.NoSuchProviderException

Randomly generates a Java JCE KeyPair object from the specified XML Encryption algorithm URI.

Parameters:

algoURI - The XML Encryption algorithm URI

keyLength - the length of key to generate

Returns:

a randomly-generated KeyPair

Throws:

java.security.NoSuchProviderException - provider not found

java.security.NoSuchAlgorithmException - algorithm not found

generateSymmetricKeyAndCredential

@Nonnull
public static Credential generateSymmetricKeyAndCredential(@Nonnull
                                                                    java.lang.String algorithmURI)
                                                             throws java.security.NoSuchAlgorithmException,
                                                                    java.security.KeyException

Generate a random symmetric key and return in a BasicCredential.

Parameters:

algorithmURI - The XML Encryption algorithm URI

Returns:

a basic credential containing a randomly generated symmetric key

Throws:

java.security.KeyException

java.security.NoSuchAlgorithmException - algorithm not found

generateKeyPairAndCredential

@Nonnull
public static Credential generateKeyPairAndCredential(@Nonnull
                                                               java.lang.String algorithmURI,
                                                               int keyLength,
                                                               boolean includePrivate)
                                                        throws java.security.NoSuchAlgorithmException,
                                                               java.security.NoSuchProviderException

Generate a random asymmetric key pair and return in a BasicCredential.

Parameters:

algorithmURI - The XML Encryption algorithm URI

keyLength - key length

includePrivate - if true, the private key will be included as well

Returns:

a basic credential containing a randomly generated asymmetric key pair

Throws:

java.security.NoSuchAlgorithmException - algorithm not found

java.security.NoSuchProviderException - provider not found

validateAlgorithmURI

public static boolean validateAlgorithmURI(@Nonnull
                                           java.lang.String algorithmURI,
                                           @Nullable
                                           java.util.Collection<java.lang.String> whitelistedAlgorithmURIs,
                                           @Nullable
                                           java.util.Collection<java.lang.String> blacklistedAlgorithmURIs)

Validate the supplied algorithm URI against the specified whitelist and blacklist.

Parameters:

algorithmURI - the algorithm URI to evaluate

whitelistedAlgorithmURIs - the algorithm whitelist

blacklistedAlgorithmURIs - the algorithm blacklist

Returns:

true if algorithm URI satisfies the specified whitelist and blacklist, otherwise false

getLogger

@Nonnull
private static org.slf4j.Logger getLogger()

Get an SLF4J Logger.

Returns:

a Logger instance