View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.xml.encryption;
18  
19  import java.util.ArrayList;
20  import java.util.List;
21  
22  import org.opensaml.xml.XMLObject;
23  import org.opensaml.xml.signature.RetrievalMethod;
24  import org.opensaml.xml.util.DatatypeHelper;
25  import org.slf4j.Logger;
26  import org.slf4j.LoggerFactory;
27  
28  /**
29   * Implementation of {@link EncryptedKeyResolver} which finds {@link EncryptedKey} elements by dereferencing
30   * {@link RetrievalMethod} children of the {@link org.opensaml.xml.signature.KeyInfo} of the {@link EncryptedData}
31   * context.
32   * 
33   * The RetrievalMethod must have a <code>Type</code> attribute with the value of
34   * {@link EncryptionConstants#TYPE_ENCRYPTED_KEY}. The <code>URI</code> attribute value must be a same-document
35   * fragment identifier (via ID attribute). Processing of transforms children of RetrievalMethod is not supported by this
36   * implementation.
37   */
38  public class SimpleRetrievalMethodEncryptedKeyResolver extends AbstractEncryptedKeyResolver {
39  
40      /** Class logger. */
41      private final Logger log = LoggerFactory.getLogger(SimpleRetrievalMethodEncryptedKeyResolver.class);
42  
43      /** {@inheritDoc} */
44      public Iterable<EncryptedKey> resolve(EncryptedData encryptedData) {
45          List<EncryptedKey> resolvedEncKeys = new ArrayList<EncryptedKey>();
46  
47          if (encryptedData.getKeyInfo() == null) {
48              return resolvedEncKeys;
49          }
50  
51          for (RetrievalMethod rm : encryptedData.getKeyInfo().getRetrievalMethods()) {
52              if (!DatatypeHelper.safeEquals(rm.getType(), EncryptionConstants.TYPE_ENCRYPTED_KEY)) {
53                  continue;
54              }
55              if (rm.getTransforms() != null) {
56                  log.warn("EncryptedKey RetrievalMethod has transforms, can not process");
57                  continue;
58              }
59  
60              EncryptedKey encKey = dereferenceURI(rm);
61              if (encKey == null) {
62                  continue;
63              }
64  
65              if (matchRecipient(encKey.getRecipient())) {
66                  resolvedEncKeys.add(encKey);
67              }
68          }
69  
70          return resolvedEncKeys;
71      }
72  
73      /**
74       * Dereference the URI attribute of the specified retrieval method into an EncryptedKey.
75       * 
76       * @param rm the RetrievalMethod to process
77       * @return the dereferenced EncryptedKey
78       */
79      protected EncryptedKey dereferenceURI(RetrievalMethod rm) {
80          String uri = rm.getURI();
81          if (DatatypeHelper.isEmpty(uri) || !uri.startsWith("#")) {
82              log.warn("EncryptedKey RetrievalMethod did not contain a same-document URI reference, can not process");
83              return null;
84          }
85          XMLObject target = rm.resolveIDFromRoot(uri.substring(1));
86          if (target == null) {
87              log.warn("EncryptedKey RetrievalMethod URI could not be dereferenced");
88              return null;
89          }
90          if (!(target instanceof EncryptedKey)) {
91              log.warn("The product of dereferencing the EncryptedKey RetrievalMethod was not an EncryptedKey");
92              return null;
93          }
94          return (EncryptedKey) target;
95      }
96  
97  }