View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package edu.internet2.middleware.shibboleth.common.config.security;
18  
19  import java.security.KeyException;
20  import java.security.PrivateKey;
21  import java.util.ArrayList;
22  import java.util.List;
23  import java.util.Map;
24  
25  import javax.xml.namespace.QName;
26  
27  import org.opensaml.xml.security.SecurityHelper;
28  import org.opensaml.xml.security.credential.UsageType;
29  import org.opensaml.xml.util.DatatypeHelper;
30  import org.slf4j.Logger;
31  import org.slf4j.LoggerFactory;
32  import org.springframework.beans.FatalBeanException;
33  import org.springframework.beans.factory.support.AbstractBeanDefinition;
34  import org.springframework.beans.factory.support.BeanDefinitionBuilder;
35  import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
36  import org.springframework.beans.factory.xml.ParserContext;
37  import org.w3c.dom.Element;
38  
39  
40  /**
41   * Base class for credential beans.
42   */
43  public abstract class AbstractCredentialBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
44      
45      /** Class logger. */
46      private final Logger log = LoggerFactory.getLogger(AbstractCredentialBeanDefinitionParser.class);
47  
48      /** {@inheritDoc} */
49      protected String resolveId(Element element, AbstractBeanDefinition definition, ParserContext parserContext) {
50          return element.getAttributeNS(null, "id");
51      }
52      
53      /**
54       * Parse the credential element attributes.
55       * 
56       * @param element credential element
57       * @param builder bean definition builder
58       */
59      protected void parseAttributes(Element element, BeanDefinitionBuilder builder) {
60          String usage = DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, "usage"));
61          if (usage != null) {
62              builder.addPropertyValue("usageType", UsageType.valueOf(usage.toUpperCase()));
63          } else {
64              builder.addPropertyValue("usageType", UsageType.UNSPECIFIED);
65          }
66          
67          String entityID = DatatypeHelper.safeTrimOrNullString(element.getAttributeNS(null, "entityID"));
68          if (entityID != null) {
69              builder.addPropertyValue("entityID", entityID);
70          }
71      }
72      
73      /**
74       * Parses the common elements from the credential configuration.
75       * 
76       * @param configChildren children of the credential element
77       * @param builder credential build
78       */
79      protected void parseCommon(Map<QName, List<Element>> configChildren, BeanDefinitionBuilder builder) {
80          parseKeyNames(configChildren, builder);
81      }
82  
83      /**
84       * Parses the key names from the credential configuration.
85       * 
86       * @param configChildren children of the credential element
87       * @param builder credential build
88       */
89      protected void parseKeyNames(Map<QName, List<Element>> configChildren, BeanDefinitionBuilder builder) {
90          log.debug("Parsing credential key names");
91          List<Element> keyNameElems = configChildren.get(new QName(SecurityNamespaceHandler.NAMESPACE, "KeyName"));
92          if (keyNameElems == null || keyNameElems.isEmpty()) {
93              return;
94          }
95  
96          String keyName;
97          ArrayList<String> keyNames = new ArrayList<String>();
98          for (Element keyNameElem : keyNameElems) {
99              keyName = DatatypeHelper.safeTrimOrNullString(keyNameElem.getTextContent());
100             if (keyName != null) {
101                 keyNames.add(keyName);
102             }
103         }
104 
105         builder.addPropertyValue("keyNames", keyNames);
106     }
107     
108     /**
109      * Parses the private key from the credential configuration.
110      * 
111      * @param configChildren children of the credential element
112      * @param builder credential build
113      */
114     protected void parsePrivateKey(Map<QName, List<Element>> configChildren, BeanDefinitionBuilder builder) {        
115         List<Element> keyElems = configChildren.get(new QName(SecurityNamespaceHandler.NAMESPACE, "PrivateKey"));
116         if (keyElems == null || keyElems.isEmpty()) {
117             return;
118         }
119         
120         log.debug("Parsing credential private key");
121         Element privKeyElem = keyElems.get(0);
122         byte[] encodedKey = getEncodedPrivateKey(DatatypeHelper.safeTrimOrNullString(privKeyElem.getTextContent()));
123         String keyPassword = DatatypeHelper.safeTrimOrNullString(privKeyElem.getAttributeNS(null, "password"));
124         char[] keyPasswordCharArray = null;
125         if (keyPassword != null) {
126             keyPasswordCharArray = keyPassword.toCharArray();
127         }
128         try {
129             PrivateKey privKey = SecurityHelper.decodePrivateKey(encodedKey, keyPasswordCharArray);
130             builder.addPropertyValue("privateKey", privKey);
131         } catch (KeyException e) {
132             throw new FatalBeanException("Unable to create credential, unable to parse private key", e);
133         }
134     }
135 
136     /**
137      * Extracts the private key bytes from the content of the PrivateKey configuration element.
138      * 
139      * @param keyConfigContent content of the Private configuration element
140      * 
141      * @return private key bytes
142      */
143     protected abstract byte[] getEncodedPrivateKey(String keyConfigContent);
144 
145 }