1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.opensaml.xml.security.keyinfo.provider;
18
19 import java.security.KeyException;
20 import java.security.PublicKey;
21 import java.util.Collection;
22
23 import org.opensaml.xml.XMLObject;
24 import org.opensaml.xml.security.CriteriaSet;
25 import org.opensaml.xml.security.SecurityException;
26 import org.opensaml.xml.security.credential.BasicCredential;
27 import org.opensaml.xml.security.credential.Credential;
28 import org.opensaml.xml.security.credential.CredentialContext;
29 import org.opensaml.xml.security.criteria.KeyAlgorithmCriteria;
30 import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
31 import org.opensaml.xml.security.keyinfo.KeyInfoHelper;
32 import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
33 import org.opensaml.xml.security.keyinfo.KeyInfoResolutionContext;
34 import org.opensaml.xml.signature.KeyValue;
35 import org.opensaml.xml.signature.RSAKeyValue;
36 import org.opensaml.xml.util.LazySet;
37 import org.slf4j.Logger;
38 import org.slf4j.LoggerFactory;
39
40
41
42
43 public class RSAKeyValueProvider extends AbstractKeyInfoProvider {
44
45
46 private final Logger log = LoggerFactory.getLogger(RSAKeyValueProvider.class);
47
48
49 public boolean handles(XMLObject keyInfoChild) {
50 return getRSAKeyValue(keyInfoChild) != null;
51 }
52
53
54 public Collection<Credential> process(KeyInfoCredentialResolver resolver, XMLObject keyInfoChild,
55 CriteriaSet criteriaSet, KeyInfoResolutionContext kiContext) throws SecurityException {
56
57 RSAKeyValue keyValue = getRSAKeyValue(keyInfoChild);
58 if (keyValue == null) {
59 return null;
60 }
61
62 KeyAlgorithmCriteria algorithmCriteria = criteriaSet.get(KeyAlgorithmCriteria.class);
63 if (algorithmCriteria != null && algorithmCriteria.getKeyAlgorithm() != null
64 && !algorithmCriteria.getKeyAlgorithm().equals("RSA")) {
65 log.debug("Criteria specified non-RSA key algorithm, skipping");
66 return null;
67 }
68
69 log.debug("Attempting to extract credential from an RSAKeyValue");
70
71 PublicKey pubKey = null;
72 try {
73 pubKey = KeyInfoHelper.getRSAKey(keyValue);
74 } catch (KeyException e) {
75 log.error("Error extracting RSA key value", e);
76 throw new SecurityException("Error extracting RSA key value", e);
77 }
78 BasicCredential cred = new BasicCredential();
79 cred.setPublicKey(pubKey);
80 if (kiContext != null) {
81 cred.getKeyNames().addAll(kiContext.getKeyNames());
82 }
83
84 CredentialContext credContext = buildCredentialContext(kiContext);
85 if (credContext != null) {
86 cred.getCredentalContextSet().add(credContext);
87 }
88
89 log.debug("Credential successfully extracted from RSAKeyValue");
90 LazySet<Credential> credentialSet = new LazySet<Credential>();
91 credentialSet.add(cred);
92 return credentialSet;
93 }
94
95
96
97
98
99
100
101 protected RSAKeyValue getRSAKeyValue(XMLObject xmlObject) {
102 if (xmlObject == null) {
103 return null;
104 }
105
106 if (xmlObject instanceof RSAKeyValue) {
107 return (RSAKeyValue) xmlObject;
108 }
109
110 if (xmlObject instanceof KeyValue) {
111 return ((KeyValue) xmlObject).getRSAKeyValue();
112 }
113 return null;
114 }
115 }