org.opensaml.xml.security.keyinfo
Class CollectionKeyInfoCredentialResolver

java.lang.Object
  org.opensaml.xml.security.credential.AbstractCredentialResolver
      org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver
          org.opensaml.xml.security.credential.CollectionCredentialResolver
              org.opensaml.xml.security.keyinfo.CollectionKeyInfoCredentialResolver

All Implemented Interfaces:

CredentialResolver, KeyInfoCredentialResolver, Resolver<Credential,CriteriaSet>

public class CollectionKeyInfoCredentialResolver
extends CollectionCredentialResolver
implements KeyInfoCredentialResolver

An implementation of KeyInfoCredentialResolver which uses a Collection as the underlying credential source.

Like the CollectionCredentialResolver, credentials returned are filtered based on any EvaluableCredentialCriteria which may have been present in the specified criteria set, or which are resolved by lookup in the EvaluableCredentialCriteriaRegistry.

This implementation may be used to address use cases where use of a KeyInfoCredentialResolver is required, but a KeyInfo element containing keys or other keying material is not necessarily supplied or expected in an instance document and keys/credentials are known in advance (e.g. validation keys belonging to a peer, decryption keys belonging to the caller). In this use case, credentials are expected to be resolved from other contextual information, including information possibly supplied as criteria to the resolver. Such credentials would be stored in and returned from the Collection managed by this resolver.

Note that a KeyInfo element passed in a KeyInfoCriteria in the criteria set is NOT directly processed by this implementation in any way as a source for extracting keys or other key-related material. However, if the evaluable credential criteria registry described above were for example to contain a mapping from KeyInfoCriteria to some type of EvaluableCredentialCriteria, where the latter used KeyInfo-derived information as its basis for evaluation of a credential (e.g. based on contents of a KeyName or X509SubjectName), then such KeyInfo-derived evaluable criteria would be used to filter or select the specific credentials that would be returned from the underlying credential collection of this resolver. Such KeyInfo-derived evaluable criteria may also be specified directly in the criteria set, per the above.

This implementation might also be used at the end of a chain of KeyInfoCredentialResolvers in order to supply a default, fallback set of credentials, if none could otherwise be resolved.

Constructor Summary

CollectionKeyInfoCredentialResolver()
Constructor.

CollectionKeyInfoCredentialResolver(Collection<Credential> credentials)
Constructor.

Method Summary

Methods inherited from class org.opensaml.xml.security.credential.CollectionCredentialResolver

getCollection, resolveFromSource

Methods inherited from class org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver

isMeetAllCriteria, isUnevaluableSatisfies, resolve, setMeetAllCriteria, setUnevaluableSatisfies

Methods inherited from class org.opensaml.xml.security.credential.AbstractCredentialResolver

resolveSingle

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.opensaml.xml.security.Resolver

resolve, resolveSingle

Constructor Detail

CollectionKeyInfoCredentialResolver

public CollectionKeyInfoCredentialResolver()

Constructor. An ArrayList is used as the underlying collection implementation.

CollectionKeyInfoCredentialResolver

public CollectionKeyInfoCredentialResolver(Collection<Credential> credentials)

Constructor.

Parameters:

credentials - the credential collection which is the backing store for the resolver