InlineX509DataProvider (XMLTooling-J 1.4.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.opensaml.xml.security.keyinfo.provider
Class InlineX509DataProvider

java.lang.Object
  org.opensaml.xml.security.keyinfo.provider.AbstractKeyInfoProvider
      org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider

All Implemented Interfaces:: KeyInfoProvider

public class InlineX509DataProvider
extends AbstractKeyInfoProvider
extends AbstractKeyInfoProvider

Implementation of KeyInfoProvider which provides basic support for extracting a X509Credential from an X509Data child of KeyInfo. This provider supports only inline X509Certificate's and X509CRL's. If only one certificate is present, it is assumed to be the end-entity certificate containing the public key represented by this KeyInfo. If multiple certificates are present, and any instances of X509SubjectName, X509IssuerSerial, or X509SKI are also present, they will be used to identify the end-entity certificate, in accordance with the XML Signature specification. If a public key from a previously resolved KeyValue is available in the resolution context, it will also be used to identify the end-entity certificate. If the end-entity certificate can not otherwise be identified, the cert contained in the first X509Certificate element will be treated as the end-entity certificate.

Field Summary
`private Logger`	`log` Class logger.
`private X500DNHandler`	`x500DNHandler` Responsible for parsing and serializing X.500 names to/from `X500Principal` instances.

Constructor Summary
`InlineX509DataProvider()` Constructor.

Method Summary
`private List<X509Certificate>`	`extractCertificates(X509Data x509Data)` Extract certificates from the X509Data.
`private List<X509CRL>`	`extractCRLs(X509Data x509Data)` Extract CRL's from the X509Data.
`protected X509Certificate`	`findCertFromDigest(List<X509Certificate> certs, List<XMLObject> digests)` Find the certificate from the chain that matches one of the specified digests.
`protected X509Certificate`	`findCertFromIssuerSerials(List<X509Certificate> certs, List<X509IssuerSerial> serials)` Find the certificate from the chain identified by one of the specified issuer serials.
`protected X509Certificate`	`findCertFromKey(List<X509Certificate> certs, PublicKey key)` Find the certificate from the chain that contains the specified key.
`protected X509Certificate`	`findCertFromSubjectKeyIdentifier(List<X509Certificate> certs, List<X509SKI> skis)` Find the certificate from the chain that contains one of the specified subject key identifiers.
`protected X509Certificate`	`findCertFromSubjectNames(List<X509Certificate> certs, List<X509SubjectName> names)` Find the certificate from the chain that contains one of the specified subject names.
`protected X509Certificate`	`findEntityCert(List<X509Certificate> certs, X509Data x509Data, PublicKey resolvedKey)` Find the end-entity cert in the list of certs contained in the X509Data.
`X500DNHandler`	`getX500DNHandler()` Get the handler which process X.500 distinguished names.
`boolean`	`handles(XMLObject keyInfoChild)` Evaluate whether the given provider should attempt to handle resolving a credential from the specified KeyInfo child.
`Collection<Credential>`	`process(KeyInfoCredentialResolver resolver, XMLObject keyInfoChild, CriteriaSet criteriaSet, KeyInfoResolutionContext kiContext)` Process a specified KeyInfo child (XMLobject) and attempt to resolve a credential from it.
`void`	`setX500DNHandler(X500DNHandler handler)` Set the handler which process X.500 distinguished names.

Methods inherited from class org.opensaml.xml.security.keyinfo.provider.AbstractKeyInfoProvider
`buildCredentialContext, extractKeyValue`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

log

private final Logger log

Class logger.

x500DNHandler

private X500DNHandler x500DNHandler

Responsible for parsing and serializing X.500 names to/from X500Principal instances.

Constructor Detail

InlineX509DataProvider

public InlineX509DataProvider()

Constructor.

Method Detail

getX500DNHandler

public X500DNHandler getX500DNHandler()

Get the handler which process X.500 distinguished names.

Returns:: returns the X500DNHandler instance

setX500DNHandler

public void setX500DNHandler(X500DNHandler handler)

Set the handler which process X.500 distinguished names.

Parameters:: handler - the new X500DNHandler instance

handles

public boolean handles(XMLObject keyInfoChild)

Evaluate whether the given provider should attempt to handle resolving a credential from the specified KeyInfo child. An evaluation of true does not guarantee that a credential can or will be extracted form the particular KeyInfo child, only that processing should be attempted.

Parameters:: keyInfoChild - the KeyInfo child object to consider
Returns:: true if the provider should attempt to resolve credentials, false otherwise

process

public Collection<Credential> process(KeyInfoCredentialResolver resolver,
                                      XMLObject keyInfoChild,
                                      CriteriaSet criteriaSet,
                                      KeyInfoResolutionContext kiContext)
                               throws SecurityException

Process a specified KeyInfo child (XMLobject) and attempt to resolve a credential from it.

Parameters:: resolver - reference to a resolver which is calling the provider; keyInfoChild - the KeyInfo child being processed; criteriaSet - the credential criteria the credential must satisfy; kiContext - the resolution context, used for sharing state amongst resolvers and providers
Returns:: a resolved Credential collection, or null
Throws:: SecurityException - if there is an error during credential resolution. Note: failure to resolve a credential is not an error.

extractCRLs

private List<X509CRL> extractCRLs(X509Data x509Data)
                           throws SecurityException

Extract CRL's from the X509Data.

Parameters:: x509Data - the X509Data element
Returns:: a list of X509CRLs
Throws:: SecurityException - thrown if there is an error extracting CRL's

extractCertificates

private List<X509Certificate> extractCertificates(X509Data x509Data)
                                           throws SecurityException

Extract certificates from the X509Data.

Parameters:: x509Data - the X509Data element
Returns:: a list of X509Certificates
Throws:: SecurityException - thrown if there is an error extracting certificates

findEntityCert

protected X509Certificate findEntityCert(List<X509Certificate> certs,
                                         X509Data x509Data,
                                         PublicKey resolvedKey)

Find the end-entity cert in the list of certs contained in the X509Data.

Parameters:: certs - list of X509Certificate; x509Data - X509Data element which might contain other info helping to finding the end-entity cert; resolvedKey - a key which might have previously been resolved from a KeyValue
Returns:: the end-entity certificate, if found

findCertFromKey

protected X509Certificate findCertFromKey(List<X509Certificate> certs,
                                          PublicKey key)

Find the certificate from the chain that contains the specified key.

Parameters:: certs - list of certificates to evaluate; key - key to use as search criteria
Returns:: the matching certificate, or null

findCertFromSubjectNames

protected X509Certificate findCertFromSubjectNames(List<X509Certificate> certs,
                                                   List<X509SubjectName> names)

Find the certificate from the chain that contains one of the specified subject names.

Parameters:: certs - list of certificates to evaluate; names - X509 subject names to use as search criteria
Returns:: the matching certificate, or null

findCertFromIssuerSerials

protected X509Certificate findCertFromIssuerSerials(List<X509Certificate> certs,
                                                    List<X509IssuerSerial> serials)

Find the certificate from the chain identified by one of the specified issuer serials.

Parameters:: certs - list of certificates to evaluate; serials - X509 issuer serials to use as search criteria
Returns:: the matching certificate, or null

findCertFromSubjectKeyIdentifier

protected X509Certificate findCertFromSubjectKeyIdentifier(List<X509Certificate> certs,
                                                           List<X509SKI> skis)

Find the certificate from the chain that contains one of the specified subject key identifiers.

Parameters:: certs - list of certificates to evaluate; skis - X509 subject key identifiers to use as search criteria
Returns:: the matching certificate, or null

findCertFromDigest

protected X509Certificate findCertFromDigest(List<X509Certificate> certs,
                                             List<XMLObject> digests)

Find the certificate from the chain that matches one of the specified digests.

Parameters:: certs - list of certificates to evaluate; digests - X509 digests to use as search criteria
Returns:: the matching certificate, or null