View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.xml.security.keyinfo.provider;
18  
19  import java.security.KeyException;
20  import java.security.PublicKey;
21  import java.util.Collection;
22  
23  import org.opensaml.xml.XMLObject;
24  import org.opensaml.xml.security.CriteriaSet;
25  import org.opensaml.xml.security.SecurityException;
26  import org.opensaml.xml.security.credential.BasicCredential;
27  import org.opensaml.xml.security.credential.Credential;
28  import org.opensaml.xml.security.credential.CredentialContext;
29  import org.opensaml.xml.security.criteria.KeyAlgorithmCriteria;
30  import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
31  import org.opensaml.xml.security.keyinfo.KeyInfoHelper;
32  import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
33  import org.opensaml.xml.security.keyinfo.KeyInfoResolutionContext;
34  import org.opensaml.xml.signature.DSAKeyValue;
35  import org.opensaml.xml.signature.KeyValue;
36  import org.opensaml.xml.util.LazySet;
37  import org.slf4j.Logger;
38  import org.slf4j.LoggerFactory;
39  
40  /**
41   * Implementation of {@link KeyInfoProvider} which supports {@link DSAKeyValue}.
42   */
43  public class DSAKeyValueProvider extends AbstractKeyInfoProvider {
44      
45      /** Class logger. */
46      private final Logger log = LoggerFactory.getLogger(DSAKeyValueProvider.class);
47  
48      /** {@inheritDoc} */
49      public boolean handles(XMLObject keyInfoChild) {
50          return getDSAKeyValue(keyInfoChild) != null;
51      }
52  
53      /** {@inheritDoc} */
54      public Collection<Credential> process(KeyInfoCredentialResolver resolver, XMLObject keyInfoChild, 
55              CriteriaSet criteriaSet, KeyInfoResolutionContext kiContext) throws SecurityException {
56          
57          DSAKeyValue keyValue = getDSAKeyValue(keyInfoChild);
58          if (keyValue == null) {
59              return null;
60          }
61          
62          KeyAlgorithmCriteria algorithmCriteria = criteriaSet.get(KeyAlgorithmCriteria.class);
63          if (algorithmCriteria != null 
64                  && algorithmCriteria.getKeyAlgorithm() != null 
65                  && ! algorithmCriteria.getKeyAlgorithm().equals("DSA")) {
66              log.debug("Criteria specified non-DSA key algorithm, skipping");
67              return null;
68          }
69          
70          log.debug("Attempting to extract credential from a DSAKeyValue");
71          
72          PublicKey pubKey = null;
73          try {
74              //TODO deal with case of incomplete DSAParams, need hook to resolve those
75              pubKey = KeyInfoHelper.getDSAKey(keyValue);
76          } catch (KeyException e) {
77              log.error("Error extracting DSA key value", e);
78              throw new SecurityException("Error extracting DSA key value", e);
79          }
80          BasicCredential cred = new BasicCredential();
81          cred.setPublicKey(pubKey);
82          if (kiContext != null) {
83              cred.getKeyNames().addAll(kiContext.getKeyNames());
84          }
85          
86          CredentialContext credContext = buildCredentialContext(kiContext);
87          if (credContext != null) {
88              cred.getCredentalContextSet().add(credContext);
89          }
90          
91          log.debug("Credential successfully extracted from DSAKeyValue");
92          LazySet<Credential> credentialSet = new LazySet<Credential>();
93          credentialSet.add(cred);
94          return credentialSet;
95      }
96      
97      /**
98       * Get the DSAKeyValue from the passed XML object.
99       * 
100      * @param xmlObject an XML object, presumably either a {@link KeyValue} or an {@link DSAKeyValue}
101      * @return the DSAKeyValue which was found, or null if none
102      */
103     protected DSAKeyValue getDSAKeyValue(XMLObject xmlObject) {
104         if (xmlObject == null) {return null; }
105         
106         if (xmlObject instanceof DSAKeyValue) {
107             return (DSAKeyValue) xmlObject;
108         }
109         
110         if (xmlObject instanceof KeyValue) {
111             return ((KeyValue) xmlObject).getDSAKeyValue();
112         }
113         return null;
114     }
115 }