|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.opensaml.xml.security.keyinfo.provider.AbstractKeyInfoProvider org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider
public class InlineX509DataProvider
Implementation of KeyInfoProvider
which provides basic support for extracting a X509Credential
from an X509Data
child of KeyInfo.
This provider supports only inline X509Certificate
's and X509CRL
's.
If only one certificate is present, it is assumed to be the end-entity certificate containing
the public key represented by this KeyInfo. If multiple certificates are present, and any instances
of X509SubjectName
, X509IssuerSerial
, or X509SKI
are also present, they
will be used to identify the end-entity certificate, in accordance with the XML Signature specification.
If a public key from a previously resolved KeyValue
is available in the resolution context,
it will also be used to identify the end-entity certificate. If the end-entity certificate can not
otherwise be identified, the cert contained in the first X509Certificate element will be treated as
the end-entity certificate.
Field Summary | |
---|---|
private Logger |
log
Class logger. |
private X500DNHandler |
x500DNHandler
Responsible for parsing and serializing X.500 names to/from X500Principal instances. |
Constructor Summary | |
---|---|
InlineX509DataProvider()
Constructor. |
Method Summary | |
---|---|
private List<X509Certificate> |
extractCertificates(X509Data x509Data)
Extract certificates from the X509Data. |
private List<X509CRL> |
extractCRLs(X509Data x509Data)
Extract CRL's from the X509Data. |
protected X509Certificate |
findCertFromDigest(List<X509Certificate> certs,
List<XMLObject> digests)
Find the certificate from the chain that matches one of the specified digests. |
protected X509Certificate |
findCertFromIssuerSerials(List<X509Certificate> certs,
List<X509IssuerSerial> serials)
Find the certificate from the chain identified by one of the specified issuer serials. |
protected X509Certificate |
findCertFromKey(List<X509Certificate> certs,
PublicKey key)
Find the certificate from the chain that contains the specified key. |
protected X509Certificate |
findCertFromSubjectKeyIdentifier(List<X509Certificate> certs,
List<X509SKI> skis)
Find the certificate from the chain that contains one of the specified subject key identifiers. |
protected X509Certificate |
findCertFromSubjectNames(List<X509Certificate> certs,
List<X509SubjectName> names)
Find the certificate from the chain that contains one of the specified subject names. |
protected X509Certificate |
findEntityCert(List<X509Certificate> certs,
X509Data x509Data,
PublicKey resolvedKey)
Find the end-entity cert in the list of certs contained in the X509Data. |
X500DNHandler |
getX500DNHandler()
Get the handler which process X.500 distinguished names. |
boolean |
handles(XMLObject keyInfoChild)
Evaluate whether the given provider should attempt to handle resolving a credential from the specified KeyInfo child. |
Collection<Credential> |
process(KeyInfoCredentialResolver resolver,
XMLObject keyInfoChild,
CriteriaSet criteriaSet,
KeyInfoResolutionContext kiContext)
Process a specified KeyInfo child (XMLobject) and attempt to resolve a credential from it. |
void |
setX500DNHandler(X500DNHandler handler)
Set the handler which process X.500 distinguished names. |
Methods inherited from class org.opensaml.xml.security.keyinfo.provider.AbstractKeyInfoProvider |
---|
buildCredentialContext, extractKeyValue |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
private final Logger log
private X500DNHandler x500DNHandler
X500Principal
instances.
Constructor Detail |
---|
public InlineX509DataProvider()
Method Detail |
---|
public X500DNHandler getX500DNHandler()
public void setX500DNHandler(X500DNHandler handler)
handler
- the new X500DNHandler instancepublic boolean handles(XMLObject keyInfoChild)
true
does not guarantee that a credential can or will be
extracted form the particular KeyInfo child, only that processing should be attempted.
keyInfoChild
- the KeyInfo child object to consider
public Collection<Credential> process(KeyInfoCredentialResolver resolver, XMLObject keyInfoChild, CriteriaSet criteriaSet, KeyInfoResolutionContext kiContext) throws SecurityException
resolver
- reference to a resolver which is calling the providerkeyInfoChild
- the KeyInfo child being processedcriteriaSet
- the credential criteria the credential must satisfykiContext
- the resolution context, used for sharing state amongst resolvers and providers
SecurityException
- if there is an error during credential resolution.
Note: failure to resolve a credential is not an error.private List<X509CRL> extractCRLs(X509Data x509Data) throws SecurityException
x509Data
- the X509Data element
SecurityException
- thrown if there is an error extracting CRL'sprivate List<X509Certificate> extractCertificates(X509Data x509Data) throws SecurityException
x509Data
- the X509Data element
SecurityException
- thrown if there is an error extracting certificatesprotected X509Certificate findEntityCert(List<X509Certificate> certs, X509Data x509Data, PublicKey resolvedKey)
certs
- list of X509Certificate
x509Data
- X509Data element which might contain other info helping to finding the end-entity certresolvedKey
- a key which might have previously been resolved from a KeyValue
protected X509Certificate findCertFromKey(List<X509Certificate> certs, PublicKey key)
certs
- list of certificates to evaluatekey
- key to use as search criteria
protected X509Certificate findCertFromSubjectNames(List<X509Certificate> certs, List<X509SubjectName> names)
certs
- list of certificates to evaluatenames
- X509 subject names to use as search criteria
protected X509Certificate findCertFromIssuerSerials(List<X509Certificate> certs, List<X509IssuerSerial> serials)
certs
- list of certificates to evaluateserials
- X509 issuer serials to use as search criteria
protected X509Certificate findCertFromSubjectKeyIdentifier(List<X509Certificate> certs, List<X509SKI> skis)
certs
- list of certificates to evaluateskis
- X509 subject key identifiers to use as search criteria
protected X509Certificate findCertFromDigest(List<X509Certificate> certs, List<XMLObject> digests)
certs
- list of certificates to evaluatedigests
- X509 digests to use as search criteria
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |