View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.xml.security.credential.criteria;
18  
19  import java.security.Key;
20  
21  import org.opensaml.xml.security.credential.Credential;
22  import org.opensaml.xml.security.criteria.KeyAlgorithmCriteria;
23  import org.opensaml.xml.util.DatatypeHelper;
24  import org.slf4j.Logger;
25  import org.slf4j.LoggerFactory;
26  
27  /**
28   * Instance of evaluable credential criteria for evaluating the credential key algorithm.
29   */
30  public class EvaluableKeyAlgorithmCredentialCriteria implements EvaluableCredentialCriteria {
31  
32      /** Logger. */
33      private final Logger log = LoggerFactory.getLogger(EvaluableKeyAlgorithmCredentialCriteria.class);
34  
35      /** Base criteria. */
36      private String keyAlgorithm;
37  
38      /**
39       * Constructor.
40       * 
41       * @param criteria the criteria which is the basis for evaluation
42       */
43      public EvaluableKeyAlgorithmCredentialCriteria(KeyAlgorithmCriteria criteria) {
44          if (criteria == null) {
45              throw new NullPointerException("Criteria instance may not be null");
46          }
47          keyAlgorithm = criteria.getKeyAlgorithm();
48      }
49  
50      /**
51       * Constructor.
52       * 
53       * @param newKeyAlgorithm the criteria value which is the basis for evaluation
54       */
55      public EvaluableKeyAlgorithmCredentialCriteria(String newKeyAlgorithm) {
56          if (DatatypeHelper.isEmpty(newKeyAlgorithm)) {
57              throw new IllegalArgumentException("Key algorithm may not be null");
58          }
59          keyAlgorithm = newKeyAlgorithm;
60      }
61  
62      /** {@inheritDoc} */
63      public Boolean evaluate(Credential target) {
64          if (target == null) {
65              log.error("Credential target was null");
66              return null;
67          }
68          Key key = getKey(target);
69          if (key == null) {
70              log.info("Could not evaluate criteria, credential contained no key");
71              return null;
72          }
73          String algorithm = DatatypeHelper.safeTrimOrNullString(key.getAlgorithm());
74          if (algorithm == null) {
75              log.info("Could not evaluate criteria, key does not specify an algorithm via getAlgorithm()");
76              return null;
77          }
78  
79          Boolean result = keyAlgorithm.equals(algorithm);
80          return result;
81      }
82  
83      /**
84       * Get the key contained within the credential.
85       * 
86       * @param credential the credential containing a key
87       * @return the key from the credential
88       */
89      private Key getKey(Credential credential) {
90          if (credential.getPublicKey() != null) {
91              return credential.getPublicKey();
92          } else if (credential.getSecretKey() != null) {
93              return credential.getSecretKey();
94          } else if (credential.getPrivateKey() != null) {
95              // There should have been a corresponding public key, but just in case...
96              return credential.getPrivateKey();
97          } else {
98              return null;
99          }
100 
101     }
102 
103 }