1 /* 2 * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.] 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package org.opensaml.xml.security.keyinfo; 18 19 import java.util.ArrayList; 20 import java.util.Collection; 21 22 import org.opensaml.xml.security.credential.CollectionCredentialResolver; 23 import org.opensaml.xml.security.credential.Credential; 24 import org.opensaml.xml.security.credential.criteria.EvaluableCredentialCriteria; 25 import org.opensaml.xml.security.credential.criteria.EvaluableCredentialCriteriaRegistry; 26 import org.opensaml.xml.signature.KeyName; 27 import org.opensaml.xml.signature.X509SubjectName; 28 29 /** 30 * An implementation of {@link KeyInfoCredentialResolver} which uses a {@link Collection} as the 31 * underlying credential source. 32 * 33 * <p> 34 * Like the 35 * {@link CollectionCredentialResolver}, credentials returned are filtered based on any 36 * {@link EvaluableCredentialCriteria} which may have been present in the specified criteria set, or 37 * which are resolved by lookup in the {@link EvaluableCredentialCriteriaRegistry}. 38 * </p> 39 * 40 * <p> 41 * This implementation may be used to address use cases where use of a 42 * KeyInfoCredentialResolver is required, but a KeyInfo element containing keys or other keying 43 * material is not necessarily supplied or expected in an instance document and keys/credentials 44 * are known in advance (e.g. validation keys belonging to a peer, decryption keys belonging to the caller). 45 * In this use case, credentials are expected to be resolved from other contextual information, 46 * including information possibly supplied as criteria to the resolver. Such credentials would be stored 47 * in and returned from the {@link Collection} managed by this resolver. 48 * </p> 49 * 50 * <p> 51 * Note that a KeyInfo element 52 * passed in a {@link KeyInfoCriteria} in the criteria set is <code>NOT</code> directly processed by this 53 * implementation in any way as a source for extracting keys or other key-related material. 54 * However, if the evaluable credential criteria registry described above were 55 * for example to contain a mapping from KeyInfoCriteria to some type of EvaluableCredentialCriteria, 56 * where the latter used KeyInfo-derived information as its basis for evaluation of a credential (e.g. 57 * based on contents of a {@link KeyName} or {@link X509SubjectName}), then such KeyInfo-derived 58 * evaluable criteria would be used to filter or select the specific credentials that would be returned 59 * from the underlying credential collection of this resolver. Such KeyInfo-derived evaluable criteria 60 * may also be specified directly in the criteria set, per the above. 61 * </p> 62 * 63 * <p> 64 * This implementation might also be used at the end of a chain of KeyInfoCredentialResolvers in 65 * order to supply a default, fallback set of credentials, if none could otherwise be resolved. 66 * </p> 67 * 68 */ 69 public class CollectionKeyInfoCredentialResolver extends CollectionCredentialResolver implements 70 KeyInfoCredentialResolver { 71 72 /** 73 * Constructor. 74 * 75 * An {@link ArrayList} is used as the underlying collection implementation. 76 * 77 */ 78 public CollectionKeyInfoCredentialResolver() { 79 this(new ArrayList<Credential>()); 80 } 81 82 /** 83 * Constructor. 84 * 85 * @param credentials the credential collection which is the backing store for the resolver 86 */ 87 public CollectionKeyInfoCredentialResolver(Collection<Credential> credentials) { 88 super(credentials); 89 } 90 91 }