1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package edu.internet2.middleware.shibboleth.common.config.security;
19
20 import java.security.KeyException;
21 import java.security.PublicKey;
22 import java.util.List;
23 import java.util.Map;
24
25 import javax.crypto.SecretKey;
26 import javax.xml.namespace.QName;
27
28 import org.opensaml.xml.security.SecurityHelper;
29 import org.opensaml.xml.util.DatatypeHelper;
30 import org.opensaml.xml.util.XMLHelper;
31 import org.slf4j.Logger;
32 import org.slf4j.LoggerFactory;
33 import org.springframework.beans.FatalBeanException;
34 import org.springframework.beans.factory.support.AbstractBeanDefinition;
35 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
36 import org.springframework.beans.factory.xml.ParserContext;
37 import org.w3c.dom.Element;
38
39
40
41
42 public abstract class AbstractBasicCredentialBeanDefinitionParser extends AbstractCredentialBeanDefinitionParser {
43
44
45 private final Logger log = LoggerFactory.getLogger(AbstractBasicCredentialBeanDefinitionParser.class);
46
47
48 protected Class getBeanClass(Element element) {
49 return BasicCredentialFactoryBean.class;
50 }
51
52
53 protected String resolveId(Element element, AbstractBeanDefinition definition, ParserContext parserContext) {
54 return element.getAttributeNS(null, "id");
55 }
56
57
58 protected void doParse(Element element, BeanDefinitionBuilder builder) {
59 log.info("Parsing configuration for {} credential with id: {}", XMLHelper.getXSIType(element).getLocalPart(),
60 element.getAttributeNS(null, "id"));
61
62 parseAttributes(element, builder);
63
64 Map<QName, List<Element>> configChildren = XMLHelper.getChildElements(element);
65
66 parseCommon(configChildren, builder);
67
68 parseSecretKey(configChildren, builder);
69 parsePrivateKey(configChildren, builder);
70 parsePublicKey(configChildren, builder);
71 }
72
73
74
75
76
77
78
79 protected void parseSecretKey(Map<QName, List<Element>> configChildren, BeanDefinitionBuilder builder) {
80 List<Element> keyElems = configChildren.get(new QName(SecurityNamespaceHandler.NAMESPACE, "SecretKey"));
81 if (keyElems == null || keyElems.isEmpty()) {
82 return;
83 }
84
85 log.debug("Parsing credential secret key");
86 Element secretKeyElem = keyElems.get(0);
87 byte[] encodedKey = getEncodedSecretKey(DatatypeHelper.safeTrimOrNullString(secretKeyElem.getTextContent()));
88 String keyPassword = DatatypeHelper.safeTrimOrNullString(secretKeyElem.getAttributeNS(null, "password"));
89 try {
90 SecretKey key = SecurityHelper.decodeSecretKey(encodedKey, keyPassword.toCharArray());
91 builder.addPropertyValue("secretKey", key);
92 } catch (KeyException e) {
93 throw new FatalBeanException("Unable to create credential, unable to parse secret key", e);
94 }
95 }
96
97
98
99
100
101
102
103
104 protected abstract byte[] getEncodedSecretKey(String keyConfigContent);
105
106
107
108
109
110
111
112 protected void parsePublicKey(Map<QName, List<Element>> configChildren, BeanDefinitionBuilder builder) {
113 List<Element> keyElems = configChildren.get(new QName(SecurityNamespaceHandler.NAMESPACE, "PublicKey"));
114 if (keyElems == null || keyElems.isEmpty()) {
115 return;
116 }
117
118 log.debug("Parsing credential public key");
119 Element pubKeyElem = keyElems.get(0);
120 byte[] encodedKey = getEncodedPublicKey(DatatypeHelper.safeTrimOrNullString(pubKeyElem.getTextContent()));
121 String keyPassword = DatatypeHelper.safeTrimOrNullString(pubKeyElem.getAttributeNS(null, "password"));
122 char[] keyPasswordCharArray = null;
123 if (keyPassword != null) {
124 keyPasswordCharArray = keyPassword.toCharArray();
125 }
126 try {
127 PublicKey pubKey = SecurityHelper.decodePublicKey(encodedKey, keyPasswordCharArray);
128 builder.addPropertyValue("publicKey", pubKey);
129 } catch (KeyException e) {
130 throw new FatalBeanException("Unable to create credential, unable to parse public key", e);
131 }
132 }
133
134
135
136
137
138
139
140
141 protected abstract byte[] getEncodedPublicKey(String keyConfigContent);
142
143 }