View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.xml.security.keyinfo.provider;
18  
19  import java.security.KeyException;
20  import java.security.PublicKey;
21  import java.util.Collection;
22  
23  import org.opensaml.xml.XMLObject;
24  import org.opensaml.xml.security.CriteriaSet;
25  import org.opensaml.xml.security.SecurityException;
26  import org.opensaml.xml.security.credential.BasicCredential;
27  import org.opensaml.xml.security.credential.Credential;
28  import org.opensaml.xml.security.credential.CredentialContext;
29  import org.opensaml.xml.security.criteria.KeyAlgorithmCriteria;
30  import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
31  import org.opensaml.xml.security.keyinfo.KeyInfoHelper;
32  import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
33  import org.opensaml.xml.security.keyinfo.KeyInfoResolutionContext;
34  import org.opensaml.xml.signature.KeyValue;
35  import org.opensaml.xml.signature.RSAKeyValue;
36  import org.opensaml.xml.util.LazySet;
37  import org.slf4j.Logger;
38  import org.slf4j.LoggerFactory;
39  
40  /**
41   * Implementation of {@link KeyInfoProvider} which supports {@link RSAKeyValue}.
42   */
43  public class RSAKeyValueProvider extends AbstractKeyInfoProvider {
44  
45      /** Class logger. */
46      private final Logger log = LoggerFactory.getLogger(RSAKeyValueProvider.class);
47  
48      /** {@inheritDoc} */
49      public boolean handles(XMLObject keyInfoChild) {
50          return getRSAKeyValue(keyInfoChild) != null;
51      }
52  
53      /** {@inheritDoc} */
54      public Collection<Credential> process(KeyInfoCredentialResolver resolver, XMLObject keyInfoChild,
55              CriteriaSet criteriaSet, KeyInfoResolutionContext kiContext) throws SecurityException {
56  
57          RSAKeyValue keyValue = getRSAKeyValue(keyInfoChild);
58          if (keyValue == null) {
59              return null;
60          }
61  
62          KeyAlgorithmCriteria algorithmCriteria = criteriaSet.get(KeyAlgorithmCriteria.class);
63          if (algorithmCriteria != null && algorithmCriteria.getKeyAlgorithm() != null
64                  && !algorithmCriteria.getKeyAlgorithm().equals("RSA")) {
65              log.debug("Criteria specified non-RSA key algorithm, skipping");
66              return null;
67          }
68  
69          log.debug("Attempting to extract credential from an RSAKeyValue");
70  
71          PublicKey pubKey = null;
72          try {
73              pubKey = KeyInfoHelper.getRSAKey(keyValue);
74          } catch (KeyException e) {
75              log.error("Error extracting RSA key value", e);
76              throw new SecurityException("Error extracting RSA key value", e);
77          }
78          BasicCredential cred = new BasicCredential();
79          cred.setPublicKey(pubKey);
80          if (kiContext != null) {
81              cred.getKeyNames().addAll(kiContext.getKeyNames());
82          }
83  
84          CredentialContext credContext = buildCredentialContext(kiContext);
85          if (credContext != null) {
86              cred.getCredentalContextSet().add(credContext);
87          }
88  
89          log.debug("Credential successfully extracted from RSAKeyValue");
90          LazySet<Credential> credentialSet = new LazySet<Credential>();
91          credentialSet.add(cred);
92          return credentialSet;
93      }
94  
95      /**
96       * Get the RSAKeyValue from the passed XML object.
97       * 
98       * @param xmlObject an XML object, presumably either a {@link KeyValue} or an {@link RSAKeyValue}
99       * @return the RSAKeyValue which was found, or null if none
100      */
101     protected RSAKeyValue getRSAKeyValue(XMLObject xmlObject) {
102         if (xmlObject == null) {
103             return null;
104         }
105 
106         if (xmlObject instanceof RSAKeyValue) {
107             return (RSAKeyValue) xmlObject;
108         }
109 
110         if (xmlObject instanceof KeyValue) {
111             return ((KeyValue) xmlObject).getRSAKeyValue();
112         }
113         return null;
114     }
115 }