1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.opensaml.xml.security.credential.criteria;
18
19 import java.security.Key;
20
21 import org.opensaml.xml.security.credential.Credential;
22 import org.opensaml.xml.security.criteria.KeyAlgorithmCriteria;
23 import org.opensaml.xml.util.DatatypeHelper;
24 import org.slf4j.Logger;
25 import org.slf4j.LoggerFactory;
26
27
28
29
30 public class EvaluableKeyAlgorithmCredentialCriteria implements EvaluableCredentialCriteria {
31
32
33 private final Logger log = LoggerFactory.getLogger(EvaluableKeyAlgorithmCredentialCriteria.class);
34
35
36 private String keyAlgorithm;
37
38
39
40
41
42
43 public EvaluableKeyAlgorithmCredentialCriteria(KeyAlgorithmCriteria criteria) {
44 if (criteria == null) {
45 throw new NullPointerException("Criteria instance may not be null");
46 }
47 keyAlgorithm = criteria.getKeyAlgorithm();
48 }
49
50
51
52
53
54
55 public EvaluableKeyAlgorithmCredentialCriteria(String newKeyAlgorithm) {
56 if (DatatypeHelper.isEmpty(newKeyAlgorithm)) {
57 throw new IllegalArgumentException("Key algorithm may not be null");
58 }
59 keyAlgorithm = newKeyAlgorithm;
60 }
61
62
63 public Boolean evaluate(Credential target) {
64 if (target == null) {
65 log.error("Credential target was null");
66 return null;
67 }
68 Key key = getKey(target);
69 if (key == null) {
70 log.info("Could not evaluate criteria, credential contained no key");
71 return null;
72 }
73 String algorithm = DatatypeHelper.safeTrimOrNullString(key.getAlgorithm());
74 if (algorithm == null) {
75 log.info("Could not evaluate criteria, key does not specify an algorithm via getAlgorithm()");
76 return null;
77 }
78
79 Boolean result = keyAlgorithm.equals(algorithm);
80 return result;
81 }
82
83
84
85
86
87
88
89 private Key getKey(Credential credential) {
90 if (credential.getPublicKey() != null) {
91 return credential.getPublicKey();
92 } else if (credential.getSecretKey() != null) {
93 return credential.getSecretKey();
94 } else if (credential.getPrivateKey() != null) {
95
96 return credential.getPrivateKey();
97 } else {
98 return null;
99 }
100
101 }
102
103 }