1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.opensaml.xml.security.keyinfo.provider;
18
19 import java.security.KeyException;
20 import java.security.PublicKey;
21 import java.util.Collection;
22
23 import org.opensaml.xml.XMLObject;
24 import org.opensaml.xml.security.CriteriaSet;
25 import org.opensaml.xml.security.SecurityException;
26 import org.opensaml.xml.security.credential.BasicCredential;
27 import org.opensaml.xml.security.credential.Credential;
28 import org.opensaml.xml.security.credential.CredentialContext;
29 import org.opensaml.xml.security.criteria.KeyAlgorithmCriteria;
30 import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
31 import org.opensaml.xml.security.keyinfo.KeyInfoHelper;
32 import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
33 import org.opensaml.xml.security.keyinfo.KeyInfoResolutionContext;
34 import org.opensaml.xml.signature.DSAKeyValue;
35 import org.opensaml.xml.signature.KeyValue;
36 import org.slf4j.Logger;
37 import org.slf4j.LoggerFactory;
38
39
40
41
42 public class DSAKeyValueProvider extends AbstractKeyInfoProvider {
43
44
45 private final Logger log = LoggerFactory.getLogger(DSAKeyValueProvider.class);
46
47
48 public boolean handles(XMLObject keyInfoChild) {
49 return getDSAKeyValue(keyInfoChild) != null;
50 }
51
52
53 public Collection<Credential> process(KeyInfoCredentialResolver resolver, XMLObject keyInfoChild,
54 CriteriaSet criteriaSet, KeyInfoResolutionContext kiContext) throws SecurityException {
55
56 DSAKeyValue keyValue = getDSAKeyValue(keyInfoChild);
57 if (keyValue == null) {
58 return null;
59 }
60
61 KeyAlgorithmCriteria algorithmCriteria = criteriaSet.get(KeyAlgorithmCriteria.class);
62 if (algorithmCriteria != null
63 && algorithmCriteria.getKeyAlgorithm() != null
64 && ! algorithmCriteria.getKeyAlgorithm().equals("DSA")) {
65 log.debug("Criteria specified non-DSA key algorithm, skipping");
66 return null;
67 }
68
69 log.debug("Attempting to extract credential from a DSAKeyValue");
70
71 PublicKey pubKey = null;
72 try {
73
74 pubKey = KeyInfoHelper.getDSAKey(keyValue);
75 } catch (KeyException e) {
76 log.error("Error extracting DSA key value", e);
77 throw new SecurityException("Error extracting DSA key value", e);
78 }
79 BasicCredential cred = new BasicCredential();
80 cred.setPublicKey(pubKey);
81 if (kiContext != null) {
82 cred.getKeyNames().addAll(kiContext.getKeyNames());
83 }
84
85 CredentialContext credContext = buildCredentialContext(kiContext);
86 if (credContext != null) {
87 cred.getCredentalContextSet().add(credContext);
88 }
89
90 log.debug("Credential successfully extracted from DSAKeyValue");
91 return singletonSet(cred);
92 }
93
94
95
96
97
98
99
100 protected DSAKeyValue getDSAKeyValue(XMLObject xmlObject) {
101 if (xmlObject == null) {return null; }
102
103 if (xmlObject instanceof DSAKeyValue) {
104 return (DSAKeyValue) xmlObject;
105 }
106
107 if (xmlObject instanceof KeyValue) {
108 return ((KeyValue) xmlObject).getDSAKeyValue();
109 }
110 return null;
111 }
112 }