org.opensaml.xmlsec.algorithm

Class AlgorithmSupport

java.lang.Object

org.opensaml.xmlsec.algorithm.AlgorithmSupport

public final class AlgorithmSupport
extends Object

Helper methods for working with XML security algorithm URI's.

Field Summary

Fields

Modifier and Type	Field and Description
private static Logger	LOG Logger.

Constructor Summary

Constructors

Modifier	Constructor and Description
private	AlgorithmSupport() Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
static boolean	checkKeyAlgorithmAndLength(Key key, AlgorithmDescriptor algorithm) Check that the supplied key is consistent with the supplied algorithm's specified key algorithm and key length, where applicable.
static boolean	credentialSupportsAlgorithmForEncryption(Credential credential, AlgorithmDescriptor algorithm) Check whether the supplied credential may be used with the supplied algorithm for the purpose of encryption.
static boolean	credentialSupportsAlgorithmForSigning(Credential credential, AlgorithmDescriptor algorithm) Check whether the supplied credential may be used with the supplied algorithm for the purpose of signing.
static KeyPair	generateKeyPair(String algoURI, int keyLength) Randomly generates a Java JCE KeyPair object from the specified XML Encryption algorithm URI.
static Credential	generateKeyPairAndCredential(String algorithmURI, int keyLength, boolean includePrivate) Generate a random asymmetric key pair and return in a BasicCredential.
static SecretKey	generateSymmetricKey(String algoURI) Generates a random Java JCE symmetric Key object from the specified XML Encryption algorithm URI.
static Credential	generateSymmetricKeyAndCredential(String algorithmURI) Generate a random symmetric key and return in a BasicCredential.
static String	getAlgorithmID(String algorithmURI) Get the Java security JCA/JCE algorithm identifier associated with an algorithm URI.
static AlgorithmRegistry	getGlobalAlgorithmRegistry() Get the global AlgorithmRegistry instance.
static String	getKeyAlgorithm(String algorithmURI) Get the Java security JCA/JCE key algorithm specifier associated with an algorithm URI.
static Integer	getKeyLength(String algorithmURI) Get the length of the key indicated by the algorithm URI, if applicable and available.
private static Logger	getLogger() Get an SLF4J Logger.
static boolean	isDataEncryptionAlgorithm(AlgorithmDescriptor algorithm) Check whether the supplied descriptor represents an algorithm that my be used for data encryption, i.e.
static boolean	isHMAC(String signatureAlgorithm) Check whether the signature method algorithm URI indicates HMAC.
static boolean	isKeyEncryptionAlgorithm(AlgorithmDescriptor algorithm) Check whether the supplied descriptor represents an algorithm that my be used for key encryption, i.e.
static boolean	isRSAOAEP(String keyTransportAlgorithm) Check whether the key transport encryption algorithm URI indicates RSA-OAEP.
static boolean	validateAlgorithmURI(String algorithmURI, Collection<String> whitelistedAlgorithmURIs, Collection<String> blacklistedAlgorithmURIs) Validate the supplied algorithm URI against the specified whitelist and blacklist.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOG

private static final Logger LOG

Logger.

Constructor Detail

AlgorithmSupport

private AlgorithmSupport()

Constructor.

Method Detail

getGlobalAlgorithmRegistry

@Nullable
public static AlgorithmRegistry getGlobalAlgorithmRegistry()

Get the global AlgorithmRegistry instance.

Returns:

the global algorithm registry, or null if nothing registered

isKeyEncryptionAlgorithm

public static boolean isKeyEncryptionAlgorithm(@Nullable
                               AlgorithmDescriptor algorithm)

Check whether the supplied descriptor represents an algorithm that my be used for key encryption, i.e. a key transport or symmetric key wrap algorithm.

Parameters:

algorithm - the algorithm descriptor to evaluate

Returns:

true if the algorithm may be used for key encryption, false otherwise

isDataEncryptionAlgorithm

public static boolean isDataEncryptionAlgorithm(@Nullable
                                AlgorithmDescriptor algorithm)

Check whether the supplied descriptor represents an algorithm that my be used for data encryption, i.e. a block encryption algorithm.

Parameters:

algorithm - the algorithm descriptor to evaluate

Returns:

true if the algorithm may be used for key encryption, false otherwise

credentialSupportsAlgorithmForSigning

public static boolean credentialSupportsAlgorithmForSigning(@Nullable
                                            Credential credential,
                                            @Nullable
                                            AlgorithmDescriptor algorithm)

Check whether the supplied credential may be used with the supplied algorithm for the purpose of signing.

This checks the consistency of the type of credential signing key and the algorithm type, as well as the key algorithm and length where applicable.

Parameters:

credential - the candidate signing credential to evaluate

algorithm - the candidate signing algorithm to evaluate

Returns:

true if the credential may be used with the algorithm for signing, false otherwise

credentialSupportsAlgorithmForEncryption

public static boolean credentialSupportsAlgorithmForEncryption(@Nullable
                                               Credential credential,
                                               @Nullable
                                               AlgorithmDescriptor algorithm)

Check whether the supplied credential may be used with the supplied algorithm for the purpose of encryption.

This checks the consistency of the extracted credential encryption key and the algorithm type, as well as the key algorithm and length where applicable.

Parameters:

credential - the candidate encryption credential to evaluate

algorithm - the candidate encryption algorithm to evaluate

Returns:

true if the credential may be used with the algorithm for encryption, false otherwise

checkKeyAlgorithmAndLength

public static boolean checkKeyAlgorithmAndLength(@Nonnull
                                 Key key,
                                 @Nonnull
                                 AlgorithmDescriptor algorithm)

Check that the supplied key is consistent with the supplied algorithm's specified key algorithm and key length, where applicable.

Parameters:

key - the key to evaluate

algorithm - the algorithm to evaluate

Returns:

true if the key is consistent with key algorithm and length specified by the algorithm (if any) false otherwise

getAlgorithmID

@Nullable
public static String getAlgorithmID(@Nonnull
                             String algorithmURI)

Get the Java security JCA/JCE algorithm identifier associated with an algorithm URI.

Parameters:

algorithmURI - the algorithm URI to evaluate

Returns:

the Java algorithm identifier, or null if the mapping is unavailable or indeterminable from the URI

isRSAOAEP

public static boolean isRSAOAEP(@Nonnull
                String keyTransportAlgorithm)

Check whether the key transport encryption algorithm URI indicates RSA-OAEP.

Parameters:

keyTransportAlgorithm - the key transport encryption algorithm URI

Returns:

true if URI indicates RSA-OAEP, false otherwise

isHMAC

public static boolean isHMAC(@Nonnull
             String signatureAlgorithm)

Check whether the signature method algorithm URI indicates HMAC.

Parameters:

signatureAlgorithm - the signature method algorithm URI

Returns:

true if URI indicates HMAC, false otherwise

getKeyAlgorithm

@Nullable
public static String getKeyAlgorithm(@Nonnull
                              String algorithmURI)

Get the Java security JCA/JCE key algorithm specifier associated with an algorithm URI.

Parameters:

algorithmURI - the algorithm URI to evaluate

Returns:

the Java key algorithm specifier, or null if the mapping is unavailable or indeterminable from the URI

getKeyLength

@Nullable
public static Integer getKeyLength(@Nonnull
                            String algorithmURI)

Get the length of the key indicated by the algorithm URI, if applicable and available.

Parameters:

algorithmURI - the algorithm URI to evaluate

Returns:

the length of the key indicated by the algorithm URI, or null if the length is either unavailable or indeterminable from the URI

generateSymmetricKey

@Nonnull
public static SecretKey generateSymmetricKey(@Nonnull
                                     String algoURI)
                                      throws NoSuchAlgorithmException,
                                             KeyException

Generates a random Java JCE symmetric Key object from the specified XML Encryption algorithm URI.

Parameters:

algoURI - The XML Encryption algorithm URI

Returns:

a randomly-generated symmetric Key

Throws:

NoSuchAlgorithmException - thrown if the specified algorithm is invalid

KeyException - thrown if the length of the key to generate could not be determined

generateKeyPair

@Nonnull
public static KeyPair generateKeyPair(@Nonnull
                              String algoURI,
                              int keyLength)
                               throws NoSuchAlgorithmException,
                                      NoSuchProviderException

Randomly generates a Java JCE KeyPair object from the specified XML Encryption algorithm URI.

Parameters:

algoURI - The XML Encryption algorithm URI

keyLength - the length of key to generate

Returns:

a randomly-generated KeyPair

Throws:

NoSuchProviderException - provider not found

NoSuchAlgorithmException - algorithm not found

generateSymmetricKeyAndCredential

@Nonnull
public static Credential generateSymmetricKeyAndCredential(@Nonnull
                                                   String algorithmURI)
                                                    throws NoSuchAlgorithmException,
                                                           KeyException

Generate a random symmetric key and return in a BasicCredential.

Parameters:

algorithmURI - The XML Encryption algorithm URI

Returns:

a basic credential containing a randomly generated symmetric key

Throws:

KeyException

NoSuchAlgorithmException - algorithm not found

generateKeyPairAndCredential

@Nonnull
public static Credential generateKeyPairAndCredential(@Nonnull
                                              String algorithmURI,
                                              int keyLength,
                                              boolean includePrivate)
                                               throws NoSuchAlgorithmException,
                                                      NoSuchProviderException

Generate a random asymmetric key pair and return in a BasicCredential.

Parameters:

algorithmURI - The XML Encryption algorithm URI

keyLength - key length

includePrivate - if true, the private key will be included as well

Returns:

a basic credential containing a randomly generated asymmetric key pair

Throws:

NoSuchAlgorithmException - algorithm not found

NoSuchProviderException - provider not found

validateAlgorithmURI

public static boolean validateAlgorithmURI(@Nonnull
                           String algorithmURI,
                           @Nullable
                           Collection<String> whitelistedAlgorithmURIs,
                           @Nullable
                           Collection<String> blacklistedAlgorithmURIs)

Validate the supplied algorithm URI against the specified whitelist and blacklist.

Parameters:

algorithmURI - the algorithm URI to evaluate

whitelistedAlgorithmURIs - the algorithm whitelist

blacklistedAlgorithmURIs - the algorithm blacklist

Returns:

true if algorithm URI satisfies the specified whitelist and blacklist, otherwise false

getLogger

@Nonnull
private static Logger getLogger()

Get an SLF4J Logger.

Returns:

a Logger instance