View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.xml.security.keyinfo;
18  
19  import java.util.ArrayList;
20  import java.util.Collection;
21  
22  import org.opensaml.xml.security.credential.CollectionCredentialResolver;
23  import org.opensaml.xml.security.credential.Credential;
24  import org.opensaml.xml.security.credential.criteria.EvaluableCredentialCriteria;
25  import org.opensaml.xml.security.credential.criteria.EvaluableCredentialCriteriaRegistry;
26  import org.opensaml.xml.signature.KeyName;
27  import org.opensaml.xml.signature.X509SubjectName;
28  
29  /**
30   * An implementation of {@link KeyInfoCredentialResolver} which uses a {@link Collection} as the
31   * underlying credential source.
32   * 
33   * <p>
34   * Like the
35   * {@link CollectionCredentialResolver}, credentials returned are filtered based on any
36   * {@link EvaluableCredentialCriteria} which may have been present in the specified criteria set, or
37   * which are resolved by lookup in the {@link EvaluableCredentialCriteriaRegistry}.
38   * </p>
39   * 
40   * <p>
41   * This implementation may be used to address use cases where use of a
42   * KeyInfoCredentialResolver is required, but a KeyInfo element containing keys or other keying 
43   * material is not necessarily supplied or expected in an instance document and keys/credentials
44   * are known in advance (e.g. validation keys belonging to a peer, decryption keys belonging to the caller).
45   * In this use case, credentials are expected to be resolved from other contextual information,
46   * including information possibly supplied as criteria to the resolver.  Such credentials would be stored
47   * in and returned from the {@link Collection} managed by this resolver.
48   * </p>
49   * 
50   * <p>
51   * Note that a KeyInfo element
52   * passed in a {@link KeyInfoCriteria} in the criteria set is <code>NOT</code> directly processed by this
53   * implementation in any way as a source for extracting keys or other key-related material.
54   * However, if the evaluable credential criteria registry described above were
55   * for example to contain a mapping from KeyInfoCriteria to some type of EvaluableCredentialCriteria,
56   * where the latter used KeyInfo-derived information as its basis for evaluation of a credential (e.g.
57   * based on contents of a {@link KeyName} or {@link X509SubjectName}), then such KeyInfo-derived 
58   * evaluable criteria would be used to filter or select the specific credentials that would be returned
59   * from the underlying credential collection of this resolver.  Such KeyInfo-derived evaluable criteria
60   * may also be specified directly in the criteria set, per the above.
61   * </p>
62   * 
63   * <p>
64   * This implementation might also be used at the end of a chain of KeyInfoCredentialResolvers in
65   * order to supply a default, fallback set of credentials, if none could otherwise be resolved.
66   * </p>
67   * 
68   */
69  public class CollectionKeyInfoCredentialResolver extends CollectionCredentialResolver implements
70          KeyInfoCredentialResolver {
71      
72      /**
73       * Constructor.
74       * 
75       * An {@link ArrayList} is used as the underlying collection implementation.
76       *
77       */
78      public CollectionKeyInfoCredentialResolver() {
79          this(new ArrayList<Credential>());
80      }
81      
82      /**
83       * Constructor.
84       *
85       * @param credentials the credential collection which is the backing store for the resolver
86       */
87      public CollectionKeyInfoCredentialResolver(Collection<Credential> credentials) {
88          super(credentials);
89      }
90  
91  }