1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.opensaml.xml.security.keyinfo.provider;
18
19 import java.security.KeyException;
20 import java.security.PublicKey;
21 import java.util.Collection;
22
23 import org.opensaml.xml.XMLObject;
24 import org.opensaml.xml.security.CriteriaSet;
25 import org.opensaml.xml.security.SecurityException;
26 import org.opensaml.xml.security.credential.BasicCredential;
27 import org.opensaml.xml.security.credential.Credential;
28 import org.opensaml.xml.security.credential.CredentialContext;
29 import org.opensaml.xml.security.criteria.KeyAlgorithmCriteria;
30 import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
31 import org.opensaml.xml.security.keyinfo.KeyInfoHelper;
32 import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
33 import org.opensaml.xml.security.keyinfo.KeyInfoResolutionContext;
34 import org.opensaml.xml.signature.DSAKeyValue;
35 import org.opensaml.xml.signature.KeyValue;
36 import org.opensaml.xml.util.LazySet;
37 import org.slf4j.Logger;
38 import org.slf4j.LoggerFactory;
39
40
41
42
43 public class DSAKeyValueProvider extends AbstractKeyInfoProvider {
44
45
46 private final Logger log = LoggerFactory.getLogger(DSAKeyValueProvider.class);
47
48
49 public boolean handles(XMLObject keyInfoChild) {
50 return getDSAKeyValue(keyInfoChild) != null;
51 }
52
53
54 public Collection<Credential> process(KeyInfoCredentialResolver resolver, XMLObject keyInfoChild,
55 CriteriaSet criteriaSet, KeyInfoResolutionContext kiContext) throws SecurityException {
56
57 DSAKeyValue keyValue = getDSAKeyValue(keyInfoChild);
58 if (keyValue == null) {
59 return null;
60 }
61
62 KeyAlgorithmCriteria algorithmCriteria = criteriaSet.get(KeyAlgorithmCriteria.class);
63 if (algorithmCriteria != null
64 && algorithmCriteria.getKeyAlgorithm() != null
65 && ! algorithmCriteria.getKeyAlgorithm().equals("DSA")) {
66 log.debug("Criteria specified non-DSA key algorithm, skipping");
67 return null;
68 }
69
70 log.debug("Attempting to extract credential from a DSAKeyValue");
71
72 PublicKey pubKey = null;
73 try {
74
75 pubKey = KeyInfoHelper.getDSAKey(keyValue);
76 } catch (KeyException e) {
77 log.error("Error extracting DSA key value", e);
78 throw new SecurityException("Error extracting DSA key value", e);
79 }
80 BasicCredential cred = new BasicCredential();
81 cred.setPublicKey(pubKey);
82 if (kiContext != null) {
83 cred.getKeyNames().addAll(kiContext.getKeyNames());
84 }
85
86 CredentialContext credContext = buildCredentialContext(kiContext);
87 if (credContext != null) {
88 cred.getCredentalContextSet().add(credContext);
89 }
90
91 log.debug("Credential successfully extracted from DSAKeyValue");
92 LazySet<Credential> credentialSet = new LazySet<Credential>();
93 credentialSet.add(cred);
94 return credentialSet;
95 }
96
97
98
99
100
101
102
103 protected DSAKeyValue getDSAKeyValue(XMLObject xmlObject) {
104 if (xmlObject == null) {return null; }
105
106 if (xmlObject instanceof DSAKeyValue) {
107 return (DSAKeyValue) xmlObject;
108 }
109
110 if (xmlObject instanceof KeyValue) {
111 return ((KeyValue) xmlObject).getDSAKeyValue();
112 }
113 return null;
114 }
115 }