View Javadoc

1   /*
2    * Licensed to the University Corporation for Advanced Internet Development, 
3    * Inc. (UCAID) under one or more contributor license agreements.  See the 
4    * NOTICE file distributed with this work for additional information regarding
5    * copyright ownership. The UCAID licenses this file to You under the Apache 
6    * License, Version 2.0 (the "License"); you may not use this file except in 
7    * compliance with the License.  You may obtain a copy of the License at
8    *
9    *    http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  
18  package edu.internet2.middleware.shibboleth.common.config.security;
19  
20  import java.security.PrivateKey;
21  import java.security.PublicKey;
22  
23  import javax.crypto.SecretKey;
24  
25  import org.opensaml.xml.security.SecurityException;
26  import org.opensaml.xml.security.SecurityHelper;
27  import org.opensaml.xml.security.credential.BasicCredential;
28  import org.slf4j.Logger;
29  import org.slf4j.LoggerFactory;
30  
31  /**
32   * Factory bean for building {@link java.security.cert.X509Certificate}s.
33   */
34  public class BasicCredentialFactoryBean extends AbstractCredentialFactoryBean {
35      
36      /** Class logger. */
37      private final Logger log = LoggerFactory.getLogger(BasicCredentialFactoryBean.class);
38  
39      /** Secret key respresented by this credential. */
40      private SecretKey secretKey;
41  
42      /** Private key respresented by this credential. */
43      private PrivateKey privateKey;
44  
45      /** Public key respresented by this credential. */
46      private PublicKey publicKey;
47  
48      /** {@inheritDoc} */
49      protected Object createInstance() throws Exception {
50          BasicCredential credential = new BasicCredential();
51          
52          credential.setUsageType(getUsageType());
53          
54          credential.setEntityId(getEntityID());
55          
56          if(getKeyNames() != null){
57              credential.getKeyNames().addAll(getKeyNames());
58          }
59  
60          credential.setSecretKey(secretKey);
61          credential.setPrivateKey(privateKey);
62          if (publicKey != null) {
63              credential.setPublicKey(publicKey);
64          } else if (privateKey != null) {
65              credential.setPublicKey(SecurityHelper.derivePublicKey(privateKey));
66          }
67          
68          // Sanity check that public and private key match
69          if (credential.getPublicKey() != null && credential.getPrivateKey() != null) {
70              boolean matched = false;
71              try {
72                  matched = SecurityHelper.matchKeyPair(credential.getPublicKey(), credential.getPrivateKey());
73              } catch (SecurityException e) {
74                  log.warn("Could not perform sanity check against credential public and private key: {}",
75                          e.getMessage());
76              }
77              if (!matched) {
78                  log.error("Mismatch detected between credential's public and private key");
79                  throw new SecurityException("Mismatch between credential public and private key");
80              }
81          }
82          
83          return credential;
84      }
85      
86      /** {@inheritDoc} */
87      public Class getObjectType() {
88          return BasicCredential.class;
89      }
90      
91      /**
92       * Gets the private key respresented by this credential.
93       * 
94       * @return private key respresented by this credential
95       */
96      public PrivateKey getPrivateKey() {
97          return privateKey;
98      }
99  
100     /**
101      * Gets the public key respresented by this credential.
102      * 
103      * @return public key respresented by this credential
104      */
105     public PublicKey getPublicKey() {
106         return publicKey;
107     }
108 
109     /**
110      * Gets the secret key respresented by this credential.
111      * 
112      * @return secret key respresented by this credential
113      */
114     public SecretKey getSecretKey() {
115         return secretKey;
116     }
117     
118     /**
119      * Sets the private key respresented by this credential.
120      * 
121      * @param key private key respresented by this credential
122      */
123     public void setPrivateKey(PrivateKey key) {
124         privateKey = key;
125     }
126 
127     /**
128      * Sets the public key respresented by this credential.
129      * 
130      * @param key public key respresented by this credential
131      */
132     public void setPublicKey(PublicKey key) {
133         publicKey = key;
134     }
135 
136     /**
137      * Sets the secret key respresented by this credential.
138      * 
139      * @param key secret key respresented by this credential
140      */
141     public void setSecretKey(SecretKey key) {
142         secretKey = key;
143     }
144  
145 }