View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.xml.security.x509;
18  
19  import java.security.PublicKey;
20  import java.security.cert.X509CRL;
21  import java.security.cert.X509Certificate;
22  import java.util.ArrayList;
23  import java.util.Collection;
24  import java.util.HashSet;
25  
26  import javax.crypto.SecretKey;
27  
28  import org.opensaml.xml.security.credential.BasicCredential;
29  import org.opensaml.xml.security.credential.Credential;
30  
31  /**
32   * A basic implementation of {@link X509Credential}.
33   */
34  public class BasicX509Credential extends BasicCredential implements X509Credential {
35  
36      /** Entity certificate. */
37      private X509Certificate entityCert;
38  
39      /** Entity certificate chain, must include entity certificate. */
40      private Collection<X509Certificate> entityCertChain;
41  
42      /** CRLs for this credential. */
43      private Collection<X509CRL> crls;
44  
45      /** {@inheritDoc} */
46      public Class<? extends Credential> getCredentialType() {
47          return X509Credential.class;
48      }
49  
50      /** {@inheritDoc} */
51      public Collection<X509CRL> getCRLs() {
52          return crls;
53      }
54  
55      /**
56       * Sets the CRLs for this credential.
57       * 
58       * @param newCRLs CRLs for this credential
59       */
60      public void setCRLs(Collection<X509CRL> newCRLs) {
61          crls = newCRLs;
62      }
63  
64      /** {@inheritDoc} */
65      public X509Certificate getEntityCertificate() {
66          return entityCert;
67      }
68  
69      /**
70       * Sets the entity certificate for this credential.
71       * 
72       * @param cert entity certificate for this credential
73       */
74      public void setEntityCertificate(X509Certificate cert) {
75          entityCert = cert;
76          if (cert != null) {
77              setPublicKey(cert.getPublicKey());
78          } else {
79              setPublicKey(null);
80          }
81      }
82  
83      /** {@inheritDoc} */
84      public Collection<X509Certificate> getEntityCertificateChain() {
85          if (entityCertChain == null && entityCert != null) {
86              HashSet<X509Certificate> constructedChain = new HashSet<X509Certificate>(5);
87              constructedChain.add(entityCert);
88              return constructedChain;
89          }
90  
91          return entityCertChain;
92      }
93  
94      /**
95       * Sets the entity certificate chain for this credential. This <strong>MUST</strong> include the entity
96       * certificate.
97       * 
98       * @param certs ntity certificate chain for this credential
99       */
100     public void setEntityCertificateChain(Collection<X509Certificate> certs) {
101         entityCertChain = new ArrayList<X509Certificate>(certs);
102     }
103 
104     /** {@inheritDoc} */
105     public void setPublicKey(PublicKey key) {
106         if (entityCert != null) {
107             if (! entityCert.getPublicKey().equals(key)) {
108                 throw new IllegalArgumentException("X509Credential already contains a certificate " 
109                         + "with a different public key");
110             }
111         }
112         super.setPublicKey(key);
113     }
114 
115     /** {@inheritDoc} */
116     public void setSecretKey(SecretKey key) {
117         if (key != null) {
118             throw new UnsupportedOperationException("Secret (symmetric) key may not be set " 
119                     + "on an X509Credential instance");
120         }
121     }
122 
123     /** {@inheritDoc} */
124     public SecretKey getSecretKey() {
125         return null;
126     }
127     
128 }