Package org.opensaml.security.credential.impl

Class KeyStoreCredentialResolver

java.lang.Object

org.opensaml.security.credential.impl.AbstractCredentialResolver

org.opensaml.security.credential.impl.AbstractCriteriaFilteringCredentialResolver

org.opensaml.security.credential.impl.KeyStoreCredentialResolver

All Implemented Interfaces:

Resolver<Credential,CriteriaSet>, CredentialResolver

public class KeyStoreCredentialResolver
extends AbstractCriteriaFilteringCredentialResolver

A CredentialResolver that extracts Credential's from a key store.

If no key usage type is presented at construction time this resolver will return the key, if available, regardless of the usage type provided to its resolve method.

Resolution will fail if an EntityIdCriterion is not part of the input criteria set.

Field Summary

Fields

Modifier and Type	Field	Description
private Map<String,String>	keyPasswords	Passwords for keys.
private KeyStore	keyStore	Key store credentials are retrieved from.
private UsageType	keystoreUsage	Usage type of all keys in the store.
private org.slf4j.Logger	log	Class logger.

Constructor Summary

Constructors

Constructor	Description
KeyStoreCredentialResolver(KeyStore store, Map<String,String> passwords)	Constructor.
KeyStoreCredentialResolver(KeyStore store, Map<String,String> passwords, UsageType usage)	Constructor.

Method Summary

Modifier and Type	Method	Description
protected Credential	buildCredential(KeyStore.Entry keyStoreEntry, String entityID, UsageType usage)	Build a credential instance from the key store entry.
protected void	checkCriteriaRequirements(CriteriaSet criteriaSet)	Check that required credential criteria are available.
protected boolean	matchUsage(UsageType keyStoreUsage, UsageType criteriaUsage)	Match usage enum type values from keystore configured usage and from credential criteria.
protected X509Credential	processPrivateKeyEntry(KeyStore.PrivateKeyEntry privateKeyEntry, String entityID, UsageType usage)	Build an X509Credential from a keystore private key entry.
protected Credential	processSecretKeyEntry(KeyStore.SecretKeyEntry secretKeyEntry, String entityID, UsageType usage)	Build a Credential from a keystore secret key entry.
protected X509Credential	processTrustedCertificateEntry(KeyStore.TrustedCertificateEntry trustedCertEntry, String entityID, UsageType usage)	Build an X509Credential from a keystore trusted certificate entry.
protected Iterable<Credential>	resolveFromSource(CriteriaSet criteriaSet)	Subclasses are required to implement this method to resolve credentials from the implementation-specific type of underlying credential source.

Methods inherited from class org.opensaml.security.credential.impl.AbstractCriteriaFilteringCredentialResolver

isSatisfyAllPredicates, resolve, setSatisfyAllPredicates

Methods inherited from class org.opensaml.security.credential.impl.AbstractCredentialResolver

resolveSingle

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

private final org.slf4j.Logger log

Class logger.

keyStore

private final KeyStore keyStore

Key store credentials are retrieved from.

keyPasswords

private final Map<String,String> keyPasswords

Passwords for keys. The key must be the entityID, the value the password.

keystoreUsage

private final UsageType keystoreUsage

Usage type of all keys in the store.

Constructor Detail

KeyStoreCredentialResolver

public KeyStoreCredentialResolver(@Nonnull
                                  KeyStore store,
                                  @Nonnull
                                  Map<String,String> passwords)

Constructor.

Parameters:

store - key store credentials are retrieved from

passwords - for key entries, map key is the entity id, map value is the password

KeyStoreCredentialResolver

public KeyStoreCredentialResolver(@Nonnull
                                  KeyStore store,
                                  @Nonnull
                                  Map<String,String> passwords,
                                  @Nullable
                                  UsageType usage)

Constructor.

Parameters:

store - key store credentials are retrieved from

passwords - for key entries, map key is the entity id, map value is the password

usage - usage type of all keys in the store

Method Detail

resolveFromSource

@Nonnull
protected Iterable<Credential> resolveFromSource(@Nullable
                                                 CriteriaSet criteriaSet)
                                          throws ResolverException

Subclasses are required to implement this method to resolve credentials from the implementation-specific type of underlying credential source.

Specified by:

resolveFromSource in class AbstractCriteriaFilteringCredentialResolver

Parameters:

criteriaSet - the set of criteria used to resolve credentials from the credential source

Returns:

an Iterable for the resolved set of credentials

Throws:

ResolverException - thrown if there is an error resolving credentials from the credential source

checkCriteriaRequirements

protected void checkCriteriaRequirements(@Nullable
                                         CriteriaSet criteriaSet)

Check that required credential criteria are available.

Parameters:

criteriaSet - the credential criteria set to evaluate

matchUsage

protected boolean matchUsage(@Nonnull
                             UsageType keyStoreUsage,
                             @Nonnull
                             UsageType criteriaUsage)

Match usage enum type values from keystore configured usage and from credential criteria.

Parameters:

keyStoreUsage - the usage type configured for the keystore

criteriaUsage - the value from credential criteria

Returns:

true if the two usage specifiers match for purposes of resolving credentials, false otherwise

buildCredential

@Nonnull
protected Credential buildCredential(@Nonnull
                                     KeyStore.Entry keyStoreEntry,
                                     @Nonnull
                                     String entityID,
                                     @Nonnull
                                     UsageType usage)
                              throws ResolverException

Build a credential instance from the key store entry.

Parameters:

keyStoreEntry - the key store entry to process

entityID - the entityID to include in the credential

usage - the usage type to include in the credential

Returns:

the new credential instance, appropriate to the type of key store entry being processed

Throws:

ResolverException - throw if there is a problem building a credential from the key store entry

processTrustedCertificateEntry

protected X509Credential processTrustedCertificateEntry(@Nonnull
                                                        KeyStore.TrustedCertificateEntry trustedCertEntry,
                                                        @Nonnull
                                                        String entityID,
                                                        @Nonnull
                                                        UsageType usage)

Build an X509Credential from a keystore trusted certificate entry.

Parameters:

trustedCertEntry - the entry being processed

entityID - the entityID to set

usage - the usage type to set

Returns:

new X509Credential instance

processPrivateKeyEntry

protected X509Credential processPrivateKeyEntry(@Nonnull
                                                KeyStore.PrivateKeyEntry privateKeyEntry,
                                                @Nonnull
                                                String entityID,
                                                @Nonnull
                                                UsageType usage)

Build an X509Credential from a keystore private key entry.

Parameters:

privateKeyEntry - the entry being processed

entityID - the entityID to set

usage - the usage type to set

Returns:

new X509Credential instance

processSecretKeyEntry

protected Credential processSecretKeyEntry(@Nonnull
                                           KeyStore.SecretKeyEntry secretKeyEntry,
                                           @Nonnull
                                           String entityID,
                                           @Nonnull
                                           UsageType usage)

Build a Credential from a keystore secret key entry.

Parameters:

secretKeyEntry - the entry being processed

entityID - the entityID to set

usage - the usage type to set

Returns:

new Credential instance