1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package edu.internet2.middleware.shibboleth.common.config.security;
18
19 import java.security.KeyException;
20 import java.security.PublicKey;
21 import java.util.List;
22 import java.util.Map;
23
24 import javax.crypto.SecretKey;
25 import javax.xml.namespace.QName;
26
27 import org.opensaml.xml.security.SecurityHelper;
28 import org.opensaml.xml.util.DatatypeHelper;
29 import org.opensaml.xml.util.XMLHelper;
30 import org.slf4j.Logger;
31 import org.slf4j.LoggerFactory;
32 import org.springframework.beans.FatalBeanException;
33 import org.springframework.beans.factory.support.AbstractBeanDefinition;
34 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
35 import org.springframework.beans.factory.xml.ParserContext;
36 import org.w3c.dom.Element;
37
38
39
40
41 public abstract class AbstractBasicCredentialBeanDefinitionParser extends AbstractCredentialBeanDefinitionParser {
42
43
44 private final Logger log = LoggerFactory.getLogger(AbstractBasicCredentialBeanDefinitionParser.class);
45
46
47 protected Class getBeanClass(Element element) {
48 return BasicCredentialFactoryBean.class;
49 }
50
51
52 protected String resolveId(Element element, AbstractBeanDefinition definition, ParserContext parserContext) {
53 return element.getAttributeNS(null, "id");
54 }
55
56
57 protected void doParse(Element element, BeanDefinitionBuilder builder) {
58 log.info("Parsing configuration for {} credential with id: {}", XMLHelper.getXSIType(element).getLocalPart(),
59 element.getAttributeNS(null, "id"));
60
61 parseAttributes(element, builder);
62
63 Map<QName, List<Element>> configChildren = XMLHelper.getChildElements(element);
64
65 parseCommon(configChildren, builder);
66
67 parseSecretKey(configChildren, builder);
68 parsePrivateKey(configChildren, builder);
69 parsePublicKey(configChildren, builder);
70 }
71
72
73
74
75
76
77
78 protected void parseSecretKey(Map<QName, List<Element>> configChildren, BeanDefinitionBuilder builder) {
79 List<Element> keyElems = configChildren.get(new QName(SecurityNamespaceHandler.NAMESPACE, "SecretKey"));
80 if (keyElems == null || keyElems.isEmpty()) {
81 return;
82 }
83
84 log.debug("Parsing credential secret key");
85 Element secretKeyElem = keyElems.get(0);
86 byte[] encodedKey = getEncodedSecretKey(DatatypeHelper.safeTrimOrNullString(secretKeyElem.getTextContent()));
87 String keyPassword = DatatypeHelper.safeTrimOrNullString(secretKeyElem.getAttributeNS(null, "password"));
88 try {
89 SecretKey key = SecurityHelper.decodeSecretKey(encodedKey, keyPassword.toCharArray());
90 builder.addPropertyValue("secretKey", key);
91 } catch (KeyException e) {
92 throw new FatalBeanException("Unable to create credential, unable to parse secret key", e);
93 }
94 }
95
96
97
98
99
100
101
102
103 protected abstract byte[] getEncodedSecretKey(String keyConfigContent);
104
105
106
107
108
109
110
111 protected void parsePublicKey(Map<QName, List<Element>> configChildren, BeanDefinitionBuilder builder) {
112 List<Element> keyElems = configChildren.get(new QName(SecurityNamespaceHandler.NAMESPACE, "PublicKey"));
113 if (keyElems == null || keyElems.isEmpty()) {
114 return;
115 }
116
117 log.debug("Parsing credential public key");
118 Element pubKeyElem = keyElems.get(0);
119 byte[] encodedKey = getEncodedPublicKey(DatatypeHelper.safeTrimOrNullString(pubKeyElem.getTextContent()));
120 String keyPassword = DatatypeHelper.safeTrimOrNullString(pubKeyElem.getAttributeNS(null, "password"));
121 char[] keyPasswordCharArray = null;
122 if (keyPassword != null) {
123 keyPasswordCharArray = keyPassword.toCharArray();
124 }
125 try {
126 PublicKey pubKey = SecurityHelper.decodePublicKey(encodedKey, keyPasswordCharArray);
127 builder.addPropertyValue("publicKey", pubKey);
128 } catch (KeyException e) {
129 throw new FatalBeanException("Unable to create credential, unable to parse public key", e);
130 }
131 }
132
133
134
135
136
137
138
139
140 protected abstract byte[] getEncodedPublicKey(String keyConfigContent);
141
142 }