View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.xml.encryption;
18  
19  import java.util.ArrayList;
20  import java.util.List;
21  
22  import org.opensaml.xml.security.keyinfo.KeyInfoHelper;
23  import org.opensaml.xml.util.DatatypeHelper;
24  
25  /**
26   * Abstract class implementation for {@link EncryptedKeyResolver}.
27   */
28  public abstract class AbstractEncryptedKeyResolver implements EncryptedKeyResolver {
29      
30      /** Recipient attribute criteria against which to match.*/
31      private final List<String> recipients;
32      
33      /** Constructor. */
34      public AbstractEncryptedKeyResolver() {
35          recipients = new ArrayList<String>();
36      }
37  
38      /** {@inheritDoc} */
39      public List<String> getRecipients() {
40          return recipients;
41      }
42      
43      /**
44       * Evaluate whether the specified recipient attribute value matches this resolver's
45       * recipient criteria.
46       * 
47       * @param recipient the recipient value to evaluate
48       * @return true if the recipient value matches the resolver's criteria, false otherwise
49       */
50      protected boolean matchRecipient(String recipient) {
51          String trimmedRecipient = DatatypeHelper.safeTrimOrNullString(recipient);
52          if (trimmedRecipient == null || recipients.isEmpty()) {
53              return true;
54          }
55          
56          return recipients.contains(trimmedRecipient);
57      }
58      
59      /**
60       * Evaluate whether an EncryptedKey's CarriedKeyName matches one of the KeyName values
61       * from the EncryptedData context.
62       * 
63       * @param encryptedData the EncryptedData context
64       * @param encryptedKey the candidate Encryptedkey to evaluate
65       * @return true if the encrypted key's carried key name matches that of the encrytped data, 
66       *          false otherwise
67       */
68      protected boolean matchCarriedKeyName(EncryptedData encryptedData, EncryptedKey encryptedKey) {
69          if (encryptedKey.getCarriedKeyName() == null 
70                  || DatatypeHelper.isEmpty(encryptedKey.getCarriedKeyName().getValue()) ) {
71              return true;
72          }
73          
74          if (encryptedData.getKeyInfo() == null 
75                  || encryptedData.getKeyInfo().getKeyNames().isEmpty() ) {
76              return false;
77          }
78          
79          String keyCarriedKeyName = encryptedKey.getCarriedKeyName().getValue();
80          List<String> dataKeyNames = KeyInfoHelper.getKeyNames(encryptedData.getKeyInfo());
81          
82          return dataKeyNames.contains(keyCarriedKeyName);
83      }
84      
85      /**
86       * Evaluate whether any of the EncryptedKey's DataReferences refer to the EncryptedData
87       * context.
88       * 
89       * @param encryptedData the EncryptedData context
90       * @param encryptedKey the candidate Encryptedkey to evaluate
91       * @return true if any of the encrypted key's data references refer to the encrypted data context,
92       *          false otherwise
93       */
94      protected boolean matchDataReference(EncryptedData encryptedData, EncryptedKey encryptedKey) {
95          if (encryptedKey.getReferenceList() == null 
96                  || encryptedKey.getReferenceList().getDataReferences().isEmpty() ) {
97              return true;
98          }
99          
100         if (DatatypeHelper.isEmpty(encryptedData.getID())) {
101             return false;
102         }
103         
104         List<DataReference> drlist = encryptedKey.getReferenceList().getDataReferences();
105         for (DataReference dr : drlist) {
106             if (DatatypeHelper.isEmpty(dr.getURI()) || ! dr.getURI().startsWith("#") ) {
107                 continue;
108             }
109             if (dr.resolveIDFromRoot(dr.getURI().substring(1)) == encryptedData) {
110                 return true;
111             }
112         }
113         return false;
114     }
115 }