View Javadoc

1   /*
2    * Licensed to the University Corporation for Advanced Internet Development, 
3    * Inc. (UCAID) under one or more contributor license agreements.  See the 
4    * NOTICE file distributed with this work for additional information regarding
5    * copyright ownership. The UCAID licenses this file to You under the Apache 
6    * License, Version 2.0 (the "License"); you may not use this file except in 
7    * compliance with the License.  You may obtain a copy of the License at
8    *
9    *    http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  
18  package edu.internet2.middleware.shibboleth.common.config.security;
19  
20  import java.security.KeyException;
21  import java.security.PublicKey;
22  import java.util.List;
23  import java.util.Map;
24  
25  import javax.crypto.SecretKey;
26  import javax.xml.namespace.QName;
27  
28  import org.opensaml.xml.security.SecurityHelper;
29  import org.opensaml.xml.util.DatatypeHelper;
30  import org.opensaml.xml.util.XMLHelper;
31  import org.slf4j.Logger;
32  import org.slf4j.LoggerFactory;
33  import org.springframework.beans.FatalBeanException;
34  import org.springframework.beans.factory.support.AbstractBeanDefinition;
35  import org.springframework.beans.factory.support.BeanDefinitionBuilder;
36  import org.springframework.beans.factory.xml.ParserContext;
37  import org.w3c.dom.Element;
38  
39  /**
40   * Base class for X509 credential beans.
41   */
42  public abstract class AbstractBasicCredentialBeanDefinitionParser extends AbstractCredentialBeanDefinitionParser {
43  
44      /** Class logger. */
45      private final Logger log = LoggerFactory.getLogger(AbstractBasicCredentialBeanDefinitionParser.class);
46  
47      /** {@inheritDoc} */
48      protected Class getBeanClass(Element element) {
49          return BasicCredentialFactoryBean.class;
50      }
51  
52      /** {@inheritDoc} */
53      protected String resolveId(Element element, AbstractBeanDefinition definition, ParserContext parserContext) {
54          return element.getAttributeNS(null, "id");
55      }
56  
57      /** {@inheritDoc} */
58      protected void doParse(Element element, BeanDefinitionBuilder builder) {
59          log.info("Parsing configuration for {} credential with id: {}", XMLHelper.getXSIType(element).getLocalPart(),
60                  element.getAttributeNS(null, "id"));
61  
62          parseAttributes(element, builder);
63  
64          Map<QName, List<Element>> configChildren = XMLHelper.getChildElements(element);
65  
66          parseCommon(configChildren, builder);
67  
68          parseSecretKey(configChildren, builder);
69          parsePrivateKey(configChildren, builder);
70          parsePublicKey(configChildren, builder);
71      }
72  
73      /**
74       * Parses the secret key from the credential configuration.
75       * 
76       * @param configChildren children of the credential element
77       * @param builder credential build
78       */
79      protected void parseSecretKey(Map<QName, List<Element>> configChildren, BeanDefinitionBuilder builder) {
80          List<Element> keyElems = configChildren.get(new QName(SecurityNamespaceHandler.NAMESPACE, "SecretKey"));
81          if (keyElems == null || keyElems.isEmpty()) {
82              return;
83          }
84  
85          log.debug("Parsing credential secret key");
86          Element secretKeyElem = keyElems.get(0);
87          byte[] encodedKey = getEncodedSecretKey(DatatypeHelper.safeTrimOrNullString(secretKeyElem.getTextContent()));
88          String keyPassword = DatatypeHelper.safeTrimOrNullString(secretKeyElem.getAttributeNS(null, "password"));
89          try {
90              SecretKey key = SecurityHelper.decodeSecretKey(encodedKey, keyPassword.toCharArray());
91              builder.addPropertyValue("secretKey", key);
92          } catch (KeyException e) {
93              throw new FatalBeanException("Unable to create credential, unable to parse secret key", e);
94          }
95      }
96  
97      /**
98       * Extracts the secret key bytes from the content of the SecretKey configuration element.
99       * 
100      * @param keyConfigContent content of the SecretKey configuration element
101      * 
102      * @return secret key bytes
103      */
104     protected abstract byte[] getEncodedSecretKey(String keyConfigContent);
105 
106     /**
107      * Parses the public key from the credential configuration.
108      * 
109      * @param configChildren children of the credential element
110      * @param builder credential build
111      */
112     protected void parsePublicKey(Map<QName, List<Element>> configChildren, BeanDefinitionBuilder builder) {
113         List<Element> keyElems = configChildren.get(new QName(SecurityNamespaceHandler.NAMESPACE, "PublicKey"));
114         if (keyElems == null || keyElems.isEmpty()) {
115             return;
116         }
117 
118         log.debug("Parsing credential public key");
119         Element pubKeyElem = keyElems.get(0);
120         byte[] encodedKey = getEncodedPublicKey(DatatypeHelper.safeTrimOrNullString(pubKeyElem.getTextContent()));
121         String keyPassword = DatatypeHelper.safeTrimOrNullString(pubKeyElem.getAttributeNS(null, "password"));
122         char[] keyPasswordCharArray = null;
123         if (keyPassword != null) {
124             keyPasswordCharArray = keyPassword.toCharArray();
125         }
126         try {
127             PublicKey pubKey = SecurityHelper.decodePublicKey(encodedKey, keyPasswordCharArray);
128             builder.addPropertyValue("publicKey", pubKey);
129         } catch (KeyException e) {
130             throw new FatalBeanException("Unable to create credential, unable to parse public key", e);
131         }
132     }
133 
134     /**
135      * Extracts the public key bytes from the content of the PublicKey configuration element.
136      * 
137      * @param keyConfigContent content of the PublicKey configuration element
138      * 
139      * @return private key bytes
140      */
141     protected abstract byte[] getEncodedPublicKey(String keyConfigContent);
142 
143 }