Package org.opensaml.xmlsec.algorithm

Class AlgorithmSupport

  • public final class AlgorithmSupport
extends Object
    Helper methods for working with XML security algorithm URI's.

    • Field Detail

      • LOG

        private static final org.slf4j.Logger LOG
        Logger.

    • Constructor Detail

      • AlgorithmSupport

        private AlgorithmSupport()
        Constructor.

    • Method Detail

      • getGlobalAlgorithmRegistry

        @Nullable
public static AlgorithmRegistry getGlobalAlgorithmRegistry()
        Get the global AlgorithmRegistry instance.
        Returns:
        the global algorithm registry, or null if nothing registered

      • isKeyEncryptionAlgorithm

        public static boolean isKeyEncryptionAlgorithm​(@Nullable
                                               AlgorithmDescriptor algorithm)
        Check whether the supplied descriptor represents an algorithm that my be used for key encryption, i.e. a key transport or symmetric key wrap algorithm.
        Parameters:
        algorithm - the algorithm descriptor to evaluate
        Returns:
        true if the algorithm may be used for key encryption, false otherwise

      • isDataEncryptionAlgorithm

        public static boolean isDataEncryptionAlgorithm​(@Nullable
                                                AlgorithmDescriptor algorithm)
        Check whether the supplied descriptor represents an algorithm that my be used for data encryption, i.e. a block encryption algorithm.
        Parameters:
        algorithm - the algorithm descriptor to evaluate
        Returns:
        true if the algorithm may be used for key encryption, false otherwise

      • credentialSupportsAlgorithmForSigning

        public static boolean credentialSupportsAlgorithmForSigning​(@Nullable
                                                            org.opensaml.security.credential.Credential credential,
                                                            @Nullable
                                                            AlgorithmDescriptor algorithm)
        Check whether the supplied credential may be used with the supplied algorithm for the purpose of signing.

        This checks the consistency of the type of credential signing key and the algorithm type, as well as the key algorithm and length where applicable.

        Parameters:
        credential - the candidate signing credential to evaluate
        algorithm - the candidate signing algorithm to evaluate
        Returns:
        true if the credential may be used with the algorithm for signing, false otherwise

      • credentialSupportsAlgorithmForEncryption

        public static boolean credentialSupportsAlgorithmForEncryption​(@Nullable
                                                               org.opensaml.security.credential.Credential credential,
                                                               @Nullable
                                                               AlgorithmDescriptor algorithm)
        Check whether the supplied credential may be used with the supplied algorithm for the purpose of encryption.

        This checks the consistency of the extracted credential encryption key and the algorithm type, as well as the key algorithm and length where applicable.

        Parameters:
        credential - the candidate encryption credential to evaluate
        algorithm - the candidate encryption algorithm to evaluate
        Returns:
        true if the credential may be used with the algorithm for encryption, false otherwise

      • checkKeyAlgorithmAndLength

        public static boolean checkKeyAlgorithmAndLength​(@Nonnull
                                                 Key key,
                                                 @Nonnull
                                                 AlgorithmDescriptor algorithm)
        Check that the supplied key is consistent with the supplied algorithm's specified key algorithm and key length, where applicable.
        Parameters:
        key - the key to evaluate
        algorithm - the algorithm to evaluate
        Returns:
        true if the key is consistent with key algorithm and length specified by the algorithm (if any) false otherwise

      • getAlgorithmID

        @Nullable
public static String getAlgorithmID​(@Nonnull
                                    String algorithmURI)
        Get the Java security JCA/JCE algorithm identifier associated with an algorithm URI.
        Parameters:
        algorithmURI - the algorithm URI to evaluate
        Returns:
        the Java algorithm identifier, or null if the mapping is unavailable or indeterminable from the URI

      • isRSAOAEP

        public static boolean isRSAOAEP​(@Nonnull
                                String keyTransportAlgorithm)
        Check whether the key transport encryption algorithm URI indicates RSA-OAEP.
        Parameters:
        keyTransportAlgorithm - the key transport encryption algorithm URI
        Returns:
        true if URI indicates RSA-OAEP, false otherwise

      • isHMAC

        public static boolean isHMAC​(@Nonnull
                             String signatureAlgorithm)
        Check whether the signature method algorithm URI indicates HMAC.
        Parameters:
        signatureAlgorithm - the signature method algorithm URI
        Returns:
        true if URI indicates HMAC, false otherwise

      • getKeyAlgorithm

        @Nullable
public static String getKeyAlgorithm​(@Nonnull
                                     String algorithmURI)
        Get the Java security JCA/JCE key algorithm specifier associated with an algorithm URI.
        Parameters:
        algorithmURI - the algorithm URI to evaluate
        Returns:
        the Java key algorithm specifier, or null if the mapping is unavailable or indeterminable from the URI

      • getKeyLength

        @Nullable
public static Integer getKeyLength​(@Nonnull
                                   String algorithmURI)
        Get the length of the key indicated by the algorithm URI, if applicable and available.
        Parameters:
        algorithmURI - the algorithm URI to evaluate
        Returns:
        the length of the key indicated by the algorithm URI, or null if the length is either unavailable or indeterminable from the URI

      • generateSymmetricKey

        @Nonnull
public static SecretKey generateSymmetricKey​(@Nonnull
                                             String algoURI)
                                      throws NoSuchAlgorithmException,
                                             KeyException
        Generates a random Java JCE symmetric Key object from the specified XML Encryption algorithm URI.
        Parameters:
        algoURI - The XML Encryption algorithm URI
        Returns:
        a randomly-generated symmetric Key
        Throws:
        NoSuchAlgorithmException - thrown if the specified algorithm is invalid
        KeyException - thrown if the length of the key to generate could not be determined

      • generateSymmetricKeyAndCredential

        @Nonnull
public static org.opensaml.security.credential.Credential generateSymmetricKeyAndCredential​(@Nonnull
                                                                                            String algorithmURI)
                                                                                     throws NoSuchAlgorithmException,
                                                                                            KeyException
        Generate a random symmetric key and return in a BasicCredential.
        Parameters:
        algorithmURI - The XML Encryption algorithm URI
        Returns:
        a basic credential containing a randomly generated symmetric key
        Throws:
        KeyException - thrown if the length of key to generate could not be determined
        NoSuchAlgorithmException - algorithm not found

      • generateKeyPairAndCredential

        @Nonnull
public static org.opensaml.security.credential.Credential generateKeyPairAndCredential​(@Nonnull
                                                                                       String algorithmURI,
                                                                                       int keyLength,
                                                                                       boolean includePrivate)
                                                                                throws NoSuchAlgorithmException,
                                                                                       NoSuchProviderException
        Generate a random asymmetric key pair and return in a BasicCredential.
        Parameters:
        algorithmURI - The XML Encryption algorithm URI
        keyLength - key length
        includePrivate - if true, the private key will be included as well
        Returns:
        a basic credential containing a randomly generated asymmetric key pair
        Throws:
        NoSuchAlgorithmException - algorithm not found
        NoSuchProviderException - provider not found

      • validateAlgorithmURI

        public static boolean validateAlgorithmURI​(@Nonnull
                                           String algorithmURI,
                                           @Nullable
                                           Collection<String> whitelistedAlgorithmURIs,
                                           @Nullable
                                           Collection<String> blacklistedAlgorithmURIs)
        Validate the supplied algorithm URI against the specified whitelist and blacklist.
        Parameters:
        algorithmURI - the algorithm URI to evaluate
        whitelistedAlgorithmURIs - the algorithm whitelist
        blacklistedAlgorithmURIs - the algorithm blacklist
        Returns:
        true if algorithm URI satisfies the specified whitelist and blacklist, otherwise false

      • getLogger

        @Nonnull
private static org.slf4j.Logger getLogger()
        Get an SLF4J Logger.
        Returns:
        a Logger instance