Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.opensaml.xml.security.keyinfo
Class LocalKeyInfoCredentialResolver

java.lang.Object
  extended by org.opensaml.xml.security.credential.AbstractCredentialResolver
      extended by org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver
          extended by org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver
              extended by org.opensaml.xml.security.keyinfo.LocalKeyInfoCredentialResolver
All Implemented Interfaces:
CredentialResolver, KeyInfoCredentialResolver, Resolver<Credential,CriteriaSet>
public class LocalKeyInfoCredentialResolver
extends BasicProviderKeyInfoCredentialResolver

A simple specialization of BasicProviderKeyInfoCredentialResolver which is capable of using information from a KeyInfo to resolve local credentials from a supplied CredentialResolver which manages local credentials.

The local credential resolver supplied should manage and return credentials which contain either a secret (symmetric) key or the private key half of a key pair.

A typical use case for this class would be as a resolver of decryption keys, such as is needed by Decrypter.

Resolution proceeds as follows:

  1. Any credential resolved via the standard BasicProviderKeyInfoCredentialResolver resolution process which is not a local credential will be removed from the effective set of credentials to be returned. Note that a configured KeyInfoProvider may have itself already resolved local credentials using a different mechanism. These will not be removed.
  2. If a credential so removed contained a public key, that key will be used as a resolution criteria input to the local credential resolver. Any local credentials so resolved will be added to the set to be returned.
  3. Similarly, any key names from KeyInfoResolutionContext.getKeyNames() will also be used as resolution criteria for local credentials and the resultant credentials added to the set to be returned.

Constructor Summary
LocalKeyInfoCredentialResolver(List<KeyInfoProvider> keyInfoProviders, CredentialResolver localCredentialResolver)
          Constructor.
 
Method Summary
 CredentialResolver getLocalCredentialResolver()
          Get the resolver for local credentials.
protected  boolean isLocalCredential(Credential credential)
          Determine whether the credential is a local credential.
protected  void postProcess(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet, List<Credential> credentials)
          Hook for subclasses to do post-processing of the credential set after all KeyInfo children have been processed.
protected  Collection<? extends Credential> resolveByKeyName(String keyName)
          Resolve credentials from local resolver using key name criteria.
protected  Collection<? extends Credential> resolveByPublicKey(PublicKey publicKey)
          Resolve credentials from local resolver using public key criteria.
 
Methods inherited from class org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver
buildBasicCredential, extractKeyValue, getProviders, initResolutionContext, postProcessEmptyCredentials, processKeyInfoChild, processKeyInfoChildren, resolveFromSource, resolveKeyValue
 
Methods inherited from class org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver
isMeetAllCriteria, isUnevaluableSatisfies, resolve, setMeetAllCriteria, setUnevaluableSatisfies
 
Methods inherited from class org.opensaml.xml.security.credential.AbstractCredentialResolver
resolveSingle
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.opensaml.xml.security.Resolver
resolve, resolveSingle
 

Constructor Detail

LocalKeyInfoCredentialResolver

public LocalKeyInfoCredentialResolver(List<KeyInfoProvider> keyInfoProviders,
                                      CredentialResolver localCredentialResolver)
Constructor.

Parameters:
keyInfoProviders - the list of KeyInfoProvider's to use in this resolver
localCredentialResolver - resolver of local credentials
Method Detail

getLocalCredentialResolver

public CredentialResolver getLocalCredentialResolver()
Get the resolver for local credentials. The credentials managed and returned by this resolver should all contain either a secret (symmetric) or private key.

Returns:
resolver of local credentials

postProcess

protected void postProcess(KeyInfoResolutionContext kiContext,
                           CriteriaSet criteriaSet,
                           List<Credential> credentials)
                    throws SecurityException
Hook for subclasses to do post-processing of the credential set after all KeyInfo children have been processed. For example, the previously resolved credentials might be used to index into a store of local credentials, where the index is a key name or the public half of a key pair extracted from the KeyInfo.

Overrides:
postProcess in class BasicProviderKeyInfoCredentialResolver
Parameters:
kiContext - KeyInfo resolution context
criteriaSet - the credential criteria used to resolve credentials
credentials - the list which will store the resolved credentials
Throws:
SecurityException - thrown if there is an error during processing

isLocalCredential

protected boolean isLocalCredential(Credential credential)
Determine whether the credential is a local credential. A local credential will have either a private key or a secret (symmetric) key.

Parameters:
credential - the credential to evaluate
Returns:
true if the credential has either a private or secret key, false otherwise

resolveByKeyName

protected Collection<? extends Credential> resolveByKeyName(String keyName)
                                                     throws SecurityException
Resolve credentials from local resolver using key name criteria.

Parameters:
keyName - the key name criteria
Returns:
collection of local credentials identified by the specified key name
Throws:
SecurityException - thrown if there is a problem resolving credentials from the local credential resolver

resolveByPublicKey

protected Collection<? extends Credential> resolveByPublicKey(PublicKey publicKey)
                                                       throws SecurityException
Resolve credentials from local resolver using public key criteria.

Parameters:
publicKey - the public key criteria
Returns:
collection of local credentials which contain the private key corresponding to the specified public key
Throws:
SecurityException - thrown if there is a problem resolving credentials from the local credential resolver
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2006-2011 Internet2. All Rights Reserved.