org.opensaml.xmlsec.keyinfo

Class KeyInfoSupport

java.lang.Object

org.opensaml.xmlsec.keyinfo.KeyInfoSupport

public class KeyInfoSupport
extends java.lang.Object

Utility class for working with data inside a KeyInfo object. Methods are provided for converting the representation stored in the XMLTooling KeyInfo to Java java.security native types, and for storing these Java native types inside a KeyInfo.

Field Summary

Fields

Modifier and Type	Field and Description
private static java.security.cert.CertificateFactory	x509CertFactory Factory for X509Certificate and X509CRL creation.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	KeyInfoSupport() Constructor.

Method Summary

Modifier and Type	Method and Description
static void	addCertificate(KeyInfo keyInfo, java.security.cert.X509Certificate cert) Converts a native Java X509Certificate into the corresponding XMLObject and stores it in a KeyInfo in the first X509Data element.
static void	addCRL(KeyInfo keyInfo, java.security.cert.X509CRL crl) Converts a native Java X509CRL into the corresponding XMLObject and stores it in a KeyInfo in the first X509Data element.
static void	addDEREncodedPublicKey(KeyInfo keyInfo, java.security.PublicKey pk) Converts a Java public key into the corresponding XMLObject and stores it in a KeyInfo in a new DEREncodedKeyValue element.
static void	addKeyName(KeyInfo keyInfo, java.lang.String keyNameValue) Add a new KeyName value to a KeyInfo.
static void	addPublicKey(KeyInfo keyInfo, java.security.PublicKey pk) Converts a Java DSA or RSA public key into the corresponding XMLObject and stores it in a KeyInfo in a new KeyValue element.
static DSAKeyValue	buildDSAKeyValue(java.security.interfaces.DSAPublicKey dsaPubKey) Builds a DSAKeyValue XMLObject from the Java security DSA public key type.
protected static java.security.PublicKey	buildKey(java.security.spec.KeySpec keySpec, java.lang.String keyAlgorithm) Generates a public key from the given key spec.
static RSAKeyValue	buildRSAKeyValue(java.security.interfaces.RSAPublicKey rsaPubKey) Builds an RSAKeyValue XMLObject from the Java security RSA public key type.
static X509Certificate	buildX509Certificate(java.security.cert.X509Certificate cert) Builds an X509Certificate XMLObject from a native Java X509Certificate.
static X509CRL	buildX509CRL(java.security.cert.X509CRL crl) Builds an X509CRL XMLObject from a native Java X509CRL.
static X509Digest	buildX509Digest(java.security.cert.X509Certificate javaCert, java.lang.String algorithmURI) Build an X509Digest containing the digest of the specified certificate.
static X509IssuerSerial	buildX509IssuerSerial(java.lang.String issuerName, java.math.BigInteger serialNumber) Build an X509IssuerSerial containing a given issuer name and serial number.
static X509SKI	buildX509SKI(java.security.cert.X509Certificate javaCert) Build an X509SKI containing the subject key identifier extension value contained within a certificate.
static X509SubjectName	buildX509SubjectName(java.lang.String subjectName) Build an X509SubjectName containing a given subject name.
static java.math.BigInteger	decodeBigIntegerFromCryptoBinary(java.lang.String base64Value) Decode a base64-encoded ds:CryptoBinary value to a native Java BigInteger type.
static java.lang.String	encodeCryptoBinaryFromBigInteger(java.math.BigInteger bigInt) Encode a native Java BigInteger type to a base64-encoded ds:CryptoBinary value.
static java.security.cert.X509Certificate	getCertificate(X509Certificate xmlCert) Convert an X509Certificate into a native Java representation.
static java.util.List<java.security.cert.X509Certificate>	getCertificates(KeyInfo keyInfo) Get a list of the Java X509Certificate within the given KeyInfo.
static java.util.List<java.security.cert.X509Certificate>	getCertificates(X509Data x509Data) Get a list of the Java X509Certificate within the given X509Data.
static java.security.cert.X509CRL	getCRL(X509CRL xmlCRL) Convert an X509CRL into a native Java representation.
static java.util.List<java.security.cert.X509CRL>	getCRLs(KeyInfo keyInfo) Get a list of the Java X509CRLs within the given KeyInfo.
static java.util.List<java.security.cert.X509CRL>	getCRLs(X509Data x509Data) Get a list of the Java X509CRLs within the given X509Data.
static java.security.PublicKey	getDSAKey(DSAKeyValue keyDescriptor) Builds an DSA key from a DSAKeyValue element.
static java.security.PublicKey	getDSAKey(DSAKeyValue keyDescriptor, java.security.interfaces.DSAParams dsaParams) Builds a DSA key from an DSAKeyValue element and the supplied Java DSAParams, which supplies key material from a shared key family.
static java.security.PublicKey	getKey(DEREncodedKeyValue keyValue) Extracts the public key within the DEREncodedKeyValue.
static java.security.PublicKey	getKey(KeyValue keyValue) Extracts the DSA or RSA public key within the KeyValue.
static KeyInfoGenerator	getKeyInfoGenerator(Credential credential, NamedKeyInfoGeneratorManager manager, java.lang.String keyInfoProfileName) Obtains a KeyInfoGenerator for the specified Credential.
static java.util.List<java.lang.String>	getKeyNames(KeyInfo keyInfo) Get the set of key names inside the specified KeyInfo as a list of strings.
private static org.slf4j.Logger	getLogger() Get an SLF4J Logger.
static java.util.List<java.security.PublicKey>	getPublicKeys(KeyInfo keyInfo) Extracts all the public keys within the given KeyInfo's KeyValues and DEREncodedKeyValues.
static java.security.PublicKey	getRSAKey(RSAKeyValue keyDescriptor) Builds an RSA key from an RSAKeyValue element.
protected static java.security.cert.CertificateFactory	getX509CertFactory() Get the Java certificate factory singleton.
static boolean	hasCompleteDSAParams(DSAKeyValue keyDescriptor) Check whether the specified DSAKeyValue element has the all optional DSA values which can be shared amongst many keys in a DSA "key family", and are presumed to be known from context.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

x509CertFactory

private static java.security.cert.CertificateFactory x509CertFactory

Factory for X509Certificate and X509CRL creation.

Constructor Detail

KeyInfoSupport

protected KeyInfoSupport()

Constructor.

Method Detail

getKeyNames

@Nonnull
public static java.util.List<java.lang.String> getKeyNames(@Nullable
                                                                    KeyInfo keyInfo)

Get the set of key names inside the specified KeyInfo as a list of strings.

Parameters:

keyInfo - KeyInfo to retrieve key names from

Returns:

a list of key name strings

addKeyName

public static void addKeyName(@Nonnull
                              KeyInfo keyInfo,
                              @Nullable
                              java.lang.String keyNameValue)

Add a new KeyName value to a KeyInfo.

Parameters:

keyInfo - the KeyInfo to which to add the new value

keyNameValue - the new key name value to add

getCertificates

@Nonnull
public static java.util.List<java.security.cert.X509Certificate> getCertificates(@Nullable
                                                                                          KeyInfo keyInfo)
                                                                                   throws java.security.cert.CertificateException

Get a list of the Java X509Certificate within the given KeyInfo.

Parameters:

keyInfo - key info to extract the certificates from

Returns:

a list of Java X509Certificates

Throws:

java.security.cert.CertificateException - thrown if there is a problem converting the X509 data into X509Certificates.

getCertificates

@Nonnull
public static java.util.List<java.security.cert.X509Certificate> getCertificates(@Nullable
                                                                                          X509Data x509Data)
                                                                                   throws java.security.cert.CertificateException

Get a list of the Java X509Certificate within the given X509Data.

Parameters:

x509Data - X509Data from which to extract the certificate

Returns:

a list of Java X509Certificates

Throws:

java.security.cert.CertificateException - thrown if there is a problem converting the X509 data into X509Certificates.

getCertificate

@Nullable
public static java.security.cert.X509Certificate getCertificate(@Nullable
                                                                          X509Certificate xmlCert)
                                                                   throws java.security.cert.CertificateException

Convert an X509Certificate into a native Java representation.

Parameters:

xmlCert - an X509Certificate

Returns:

a X509Certificate

Throws:

java.security.cert.CertificateException - thrown if there is a problem converting the X509 data into X509Certificates.

getCRLs

@Nonnull
public static java.util.List<java.security.cert.X509CRL> getCRLs(@Nullable
                                                                          KeyInfo keyInfo)
                                                                   throws java.security.cert.CRLException

Get a list of the Java X509CRLs within the given KeyInfo.

Parameters:

keyInfo - the KeyInfo to extract the CRLs from

Returns:

a list of Java X509CRLs

Throws:

java.security.cert.CRLException - thrown if there is a problem converting the CRL data into X509CRL s

getCRLs

@Nonnull
public static java.util.List<java.security.cert.X509CRL> getCRLs(@Nullable
                                                                          X509Data x509Data)
                                                                   throws java.security.cert.CRLException

Get a list of the Java X509CRLs within the given X509Data.

Parameters:

x509Data - X509Data to extract the CRLs from

Returns:

a list of Java X509CRLs

Throws:

java.security.cert.CRLException - thrown if there is a problem converting the CRL data into X509CRL s

getCRL

@Nullable
public static java.security.cert.X509CRL getCRL(@Nullable
                                                          X509CRL xmlCRL)
                                                   throws java.security.cert.CRLException

Convert an X509CRL into a native Java representation.

Parameters:

xmlCRL - object to extract the CRL from

Returns:

a native Java X509CRL object

Throws:

java.security.cert.CRLException - thrown if there is a problem converting the CRL data into X509CRL

addCertificate

public static void addCertificate(@Nonnull
                                  KeyInfo keyInfo,
                                  @Nonnull
                                  java.security.cert.X509Certificate cert)
                           throws java.security.cert.CertificateEncodingException

Converts a native Java X509Certificate into the corresponding XMLObject and stores it in a KeyInfo in the first X509Data element. The X509Data element will be created if necessary.

Parameters:

keyInfo - the KeyInfo object into which to add the certificate

cert - the Java X509Certificate to add

Throws:

java.security.cert.CertificateEncodingException - thrown when there is an error converting the Java certificate representation to the XMLObject representation

addCRL

public static void addCRL(@Nonnull
                          KeyInfo keyInfo,
                          @Nonnull
                          java.security.cert.X509CRL crl)
                   throws java.security.cert.CRLException

Converts a native Java X509CRL into the corresponding XMLObject and stores it in a KeyInfo in the first X509Data element. The X509Data element will be created if necessary.

Parameters:

keyInfo - the KeyInfo object into which to add the CRL

crl - the Java X509CRL to add

Throws:

java.security.cert.CRLException - thrown when there is an error converting the Java CRL representation to the XMLObject representation

buildX509Certificate

@Nonnull
public static X509Certificate buildX509Certificate(java.security.cert.X509Certificate cert)
                                                     throws java.security.cert.CertificateEncodingException

Builds an X509Certificate XMLObject from a native Java X509Certificate.

Parameters:

cert - the Java X509Certificate to convert

Returns:

a X509Certificate XMLObject

Throws:

java.security.cert.CertificateEncodingException - thrown when there is an error converting the Java certificate representation to the XMLObject representation

buildX509CRL

@Nonnull
public static X509CRL buildX509CRL(java.security.cert.X509CRL crl)
                                     throws java.security.cert.CRLException

Builds an X509CRL XMLObject from a native Java X509CRL.

Parameters:

crl - the Java X509CRL to convert

Returns:

a X509CRL XMLObject

Throws:

java.security.cert.CRLException - thrown when there is an error converting the Java CRL representation to the XMLObject representation

buildX509SubjectName

@Nonnull
public static X509SubjectName buildX509SubjectName(@Nullable
                                                            java.lang.String subjectName)

Build an X509SubjectName containing a given subject name.

Parameters:

subjectName - the name content

Returns:

the new X509SubjectName

buildX509IssuerSerial

@Nonnull
public static X509IssuerSerial buildX509IssuerSerial(@Nullable
                                                              java.lang.String issuerName,
                                                              @Nullable
                                                              java.math.BigInteger serialNumber)

Build an X509IssuerSerial containing a given issuer name and serial number.

Parameters:

issuerName - the name content

serialNumber - the serial number content

Returns:

the new X509IssuerSerial

buildX509SKI

@Nullable
public static X509SKI buildX509SKI(@Nonnull
                                             java.security.cert.X509Certificate javaCert)

Build an X509SKI containing the subject key identifier extension value contained within a certificate.

Parameters:

javaCert - the Java X509Certificate from which to extract the subject key identifier value.

Returns:

a new X509SKI object, or null if the certificate did not contain the subject key identifier extension

buildX509Digest

@Nonnull
public static X509Digest buildX509Digest(@Nonnull
                                                  java.security.cert.X509Certificate javaCert,
                                                  @Nonnull
                                                  java.lang.String algorithmURI)
                                           throws java.security.NoSuchAlgorithmException,
                                                  java.security.cert.CertificateEncodingException

Build an X509Digest containing the digest of the specified certificate.

Parameters:

javaCert - the Java X509Certificate to digest

algorithmURI - digest algorithm URI

Returns:

a new X509Digest object

Throws:

java.security.NoSuchAlgorithmException - if the algorithm specified cannot be used

java.security.cert.CertificateEncodingException - if the certificate cannot be encoded

addPublicKey

public static void addPublicKey(@Nonnull
                                KeyInfo keyInfo,
                                @Nullable
                                java.security.PublicKey pk)

Converts a Java DSA or RSA public key into the corresponding XMLObject and stores it in a KeyInfo in a new KeyValue element. As input, only supports PublicKeys which are instances of either DSAPublicKey or RSAPublicKey

Parameters:

keyInfo - the KeyInfo element to which to add the key

pk - the native Java PublicKey to add

buildRSAKeyValue

@Nonnull
public static RSAKeyValue buildRSAKeyValue(@Nonnull
                                                    java.security.interfaces.RSAPublicKey rsaPubKey)

Builds an RSAKeyValue XMLObject from the Java security RSA public key type.

Parameters:

rsaPubKey - a native Java RSAPublicKey

Returns:

an RSAKeyValue XMLObject

buildDSAKeyValue

@Nonnull
public static DSAKeyValue buildDSAKeyValue(@Nonnull
                                                    java.security.interfaces.DSAPublicKey dsaPubKey)

Builds a DSAKeyValue XMLObject from the Java security DSA public key type.

Parameters:

dsaPubKey - a native Java DSAPublicKey

Returns:

an DSAKeyValue XMLObject

addDEREncodedPublicKey

public static void addDEREncodedPublicKey(@Nonnull
                                          KeyInfo keyInfo,
                                          @Nonnull
                                          java.security.PublicKey pk)
                                   throws java.security.NoSuchAlgorithmException,
                                          java.security.spec.InvalidKeySpecException

Converts a Java public key into the corresponding XMLObject and stores it in a KeyInfo in a new DEREncodedKeyValue element.

Parameters:

keyInfo - the KeyInfo element to which to add the key

pk - the native Java PublicKey to convert

Throws:

java.security.NoSuchAlgorithmException - if the key type is unsupported

java.security.spec.InvalidKeySpecException - if the key type does not support X.509 SPKI encoding

getPublicKeys

@Nonnull
public static java.util.List<java.security.PublicKey> getPublicKeys(@Nullable
                                                                             KeyInfo keyInfo)
                                                                      throws java.security.KeyException

Extracts all the public keys within the given KeyInfo's KeyValues and DEREncodedKeyValues.

Parameters:

keyInfo - KeyInfo to extract the keys out of

Returns:

a list of native Java PublicKey objects

Throws:

java.security.KeyException - thrown if the given key data can not be converted into PublicKey

getKey

@Nullable
public static java.security.PublicKey getKey(@Nonnull
                                                       KeyValue keyValue)
                                                throws java.security.KeyException

Extracts the DSA or RSA public key within the KeyValue.

Parameters:

keyValue - the KeyValue to extract the key from

Returns:

a native Java security Key object

Throws:

java.security.KeyException - thrown if the given key data can not be converted into PublicKey

getDSAKey

@Nonnull
public static java.security.PublicKey getDSAKey(@Nonnull
                                                         DSAKeyValue keyDescriptor)
                                                  throws java.security.KeyException

Builds an DSA key from a DSAKeyValue element. The element must contain values for all required DSA public key parameters, including values for shared key family values P, Q and G.

Parameters:

keyDescriptor - the DSAKeyValue key descriptor

Returns:

a new DSAPublicKey instance of PublicKey

Throws:

java.security.KeyException - thrown if the key algorithm is not supported by the JCE or the key spec does not contain valid information

getDSAKey

@Nonnull
public static java.security.PublicKey getDSAKey(@Nonnull
                                                         DSAKeyValue keyDescriptor,
                                                         @Nonnull
                                                         java.security.interfaces.DSAParams dsaParams)
                                                  throws java.security.KeyException

Builds a DSA key from an DSAKeyValue element and the supplied Java DSAParams, which supplies key material from a shared key family.

Parameters:

keyDescriptor - the DSAKeyValue key descriptor

dsaParams - the DSAParams DSA key family parameters

Returns:

a new DSAPublicKey instance of PublicKey

Throws:

java.security.KeyException - thrown if the key algorithm is not supported by the JCE or the key spec does not contain valid information

hasCompleteDSAParams

public static boolean hasCompleteDSAParams(@Nullable
                                           DSAKeyValue keyDescriptor)

Check whether the specified DSAKeyValue element has the all optional DSA values which can be shared amongst many keys in a DSA "key family", and are presumed to be known from context.

Parameters:

keyDescriptor - the DSAKeyValue element to check

Returns:

true if all parameters are present and non-empty, false otherwise

getRSAKey

@Nonnull
public static java.security.PublicKey getRSAKey(@Nonnull
                                                         RSAKeyValue keyDescriptor)
                                                  throws java.security.KeyException

Builds an RSA key from an RSAKeyValue element.

Parameters:

keyDescriptor - the RSAKeyValue key descriptor

Returns:

a new RSAPublicKey instance of PublicKey

Throws:

java.security.KeyException - thrown if the key algorithm is not supported by the JCE or the key spec does not contain valid information

decodeBigIntegerFromCryptoBinary

@Nonnull
public static final java.math.BigInteger decodeBigIntegerFromCryptoBinary(@Nonnull
                                                                                   java.lang.String base64Value)

Decode a base64-encoded ds:CryptoBinary value to a native Java BigInteger type.

Parameters:

base64Value - base64-encoded CryptoBinary value

Returns:

the decoded BigInteger

encodeCryptoBinaryFromBigInteger

@Nonnull
public static final java.lang.String encodeCryptoBinaryFromBigInteger(@Nonnull
                                                                               java.math.BigInteger bigInt)

Encode a native Java BigInteger type to a base64-encoded ds:CryptoBinary value.

Parameters:

bigInt - the BigInteger value

Returns:

the encoded CryptoBinary value

buildKey

@Nonnull
protected static java.security.PublicKey buildKey(@Nonnull
                                                           java.security.spec.KeySpec keySpec,
                                                           @Nonnull
                                                           java.lang.String keyAlgorithm)
                                                    throws java.security.KeyException

Generates a public key from the given key spec.

Parameters:

keySpec - KeySpec specification for the key

keyAlgorithm - key generation algorithm, only DSA and RSA supported

Returns:

the generated PublicKey

Throws:

java.security.KeyException - thrown if the key algorithm is not supported by the JCE or the key spec does not contain valid information

getKey

@Nonnull
public static java.security.PublicKey getKey(@Nonnull
                                                      DEREncodedKeyValue keyValue)
                                               throws java.security.KeyException

Extracts the public key within the DEREncodedKeyValue.

Parameters:

keyValue - the DEREncodedKeyValue to extract the key from

Returns:

a native Java security Key object

Throws:

java.security.KeyException - thrown if the given key data can not be converted into PublicKey

getX509CertFactory

@Nonnull
protected static java.security.cert.CertificateFactory getX509CertFactory()
                                                                            throws java.security.cert.CertificateException

Get the Java certificate factory singleton.

Returns:

CertificateFactory the factory used to create X509 certificate objects

Throws:

java.security.cert.CertificateException - thrown if the factory can not be created

getKeyInfoGenerator

@Nullable
public static KeyInfoGenerator getKeyInfoGenerator(@Nonnull
                                                             Credential credential,
                                                             @Nonnull
                                                             NamedKeyInfoGeneratorManager manager,
                                                             @Nullable
                                                             java.lang.String keyInfoProfileName)

Obtains a KeyInfoGenerator for the specified Credential.

The KeyInfoGenerator returned is resolved via the supplied NamedKeyInfoGeneratorManager and is determined by the type of the signing credential and an optional KeyInfo generator profile configuration name. If the latter is ommited, the default manager (NamedKeyInfoGeneratorManager.getDefaultManager()) of the security configuration's named generator manager will be used.

Parameters:

credential - the credential for which a generator is desired

manager - the NamedKeyInfoGeneratorManager instance to use

keyInfoProfileName - the named KeyInfoGeneratorManager configuration to use (may be null)

Returns:

a KeyInfoGenerator appropriate for the specified credential

getLogger

@Nonnull
private static org.slf4j.Logger getLogger()

Get an SLF4J Logger.

Returns:

a Logger instance