1 /*
2 * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 package org.opensaml.xml.encryption;
18
19 import java.util.ArrayList;
20 import java.util.List;
21
22 import org.opensaml.xml.security.keyinfo.KeyInfoHelper;
23 import org.opensaml.xml.util.DatatypeHelper;
24
25 /**
26 * Abstract class implementation for {@link EncryptedKeyResolver}.
27 */
28 public abstract class AbstractEncryptedKeyResolver implements EncryptedKeyResolver {
29
30 /** Recipient attribute criteria against which to match.*/
31 private final List<String> recipients;
32
33 /** Constructor. */
34 public AbstractEncryptedKeyResolver() {
35 recipients = new ArrayList<String>();
36 }
37
38 /** {@inheritDoc} */
39 public List<String> getRecipients() {
40 return recipients;
41 }
42
43 /**
44 * Evaluate whether the specified recipient attribute value matches this resolver's
45 * recipient criteria.
46 *
47 * @param recipient the recipient value to evaluate
48 * @return true if the recipient value matches the resolver's criteria, false otherwise
49 */
50 protected boolean matchRecipient(String recipient) {
51 String trimmedRecipient = DatatypeHelper.safeTrimOrNullString(recipient);
52 if (trimmedRecipient == null || recipients.isEmpty()) {
53 return true;
54 }
55
56 return recipients.contains(trimmedRecipient);
57 }
58
59 /**
60 * Evaluate whether an EncryptedKey's CarriedKeyName matches one of the KeyName values
61 * from the EncryptedData context.
62 *
63 * @param encryptedData the EncryptedData context
64 * @param encryptedKey the candidate Encryptedkey to evaluate
65 * @return true if the encrypted key's carried key name matches that of the encrytped data,
66 * false otherwise
67 */
68 protected boolean matchCarriedKeyName(EncryptedData encryptedData, EncryptedKey encryptedKey) {
69 if (encryptedKey.getCarriedKeyName() == null
70 || DatatypeHelper.isEmpty(encryptedKey.getCarriedKeyName().getValue()) ) {
71 return true;
72 }
73
74 if (encryptedData.getKeyInfo() == null
75 || encryptedData.getKeyInfo().getKeyNames().isEmpty() ) {
76 return false;
77 }
78
79 String keyCarriedKeyName = encryptedKey.getCarriedKeyName().getValue();
80 List<String> dataKeyNames = KeyInfoHelper.getKeyNames(encryptedData.getKeyInfo());
81
82 return dataKeyNames.contains(keyCarriedKeyName);
83 }
84
85 /**
86 * Evaluate whether any of the EncryptedKey's DataReferences refer to the EncryptedData
87 * context.
88 *
89 * @param encryptedData the EncryptedData context
90 * @param encryptedKey the candidate Encryptedkey to evaluate
91 * @return true if any of the encrypted key's data references refer to the encrypted data context,
92 * false otherwise
93 */
94 protected boolean matchDataReference(EncryptedData encryptedData, EncryptedKey encryptedKey) {
95 if (encryptedKey.getReferenceList() == null
96 || encryptedKey.getReferenceList().getDataReferences().isEmpty() ) {
97 return true;
98 }
99
100 if (DatatypeHelper.isEmpty(encryptedData.getID())) {
101 return false;
102 }
103
104 List<DataReference> drlist = encryptedKey.getReferenceList().getDataReferences();
105 for (DataReference dr : drlist) {
106 if (DatatypeHelper.isEmpty(dr.getURI()) || ! dr.getURI().startsWith("#") ) {
107 continue;
108 }
109 if (dr.resolveIDFromRoot(dr.getURI().substring(1)) == encryptedData) {
110 return true;
111 }
112 }
113 return false;
114 }
115 }