View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.opensaml.xml.security.keyinfo.provider;
18  
19  import java.security.KeyException;
20  import java.security.PublicKey;
21  import java.util.Collection;
22  
23  import org.opensaml.xml.XMLObject;
24  import org.opensaml.xml.security.CriteriaSet;
25  import org.opensaml.xml.security.SecurityException;
26  import org.opensaml.xml.security.credential.BasicCredential;
27  import org.opensaml.xml.security.credential.Credential;
28  import org.opensaml.xml.security.credential.CredentialContext;
29  import org.opensaml.xml.security.criteria.KeyAlgorithmCriteria;
30  import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
31  import org.opensaml.xml.security.keyinfo.KeyInfoHelper;
32  import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
33  import org.opensaml.xml.security.keyinfo.KeyInfoResolutionContext;
34  import org.opensaml.xml.signature.KeyValue;
35  import org.opensaml.xml.signature.RSAKeyValue;
36  import org.slf4j.Logger;
37  import org.slf4j.LoggerFactory;
38  
39  /**
40   * Implementation of {@link KeyInfoProvider} which supports {@link RSAKeyValue}.
41   */
42  public class RSAKeyValueProvider extends AbstractKeyInfoProvider {
43  
44      /** Class logger. */
45      private final Logger log = LoggerFactory.getLogger(RSAKeyValueProvider.class);
46  
47      /** {@inheritDoc} */
48      public boolean handles(XMLObject keyInfoChild) {
49          return getRSAKeyValue(keyInfoChild) != null;
50      }
51  
52      /** {@inheritDoc} */
53      public Collection<Credential> process(KeyInfoCredentialResolver resolver, XMLObject keyInfoChild,
54              CriteriaSet criteriaSet, KeyInfoResolutionContext kiContext) throws SecurityException {
55  
56          RSAKeyValue keyValue = getRSAKeyValue(keyInfoChild);
57          if (keyValue == null) {
58              return null;
59          }
60  
61          KeyAlgorithmCriteria algorithmCriteria = criteriaSet.get(KeyAlgorithmCriteria.class);
62          if (algorithmCriteria != null && algorithmCriteria.getKeyAlgorithm() != null
63                  && !algorithmCriteria.getKeyAlgorithm().equals("RSA")) {
64              log.debug("Criteria specified non-RSA key algorithm, skipping");
65              return null;
66          }
67  
68          log.debug("Attempting to extract credential from an RSAKeyValue");
69  
70          PublicKey pubKey = null;
71          try {
72              pubKey = KeyInfoHelper.getRSAKey(keyValue);
73          } catch (KeyException e) {
74              log.error("Error extracting RSA key value", e);
75              throw new SecurityException("Error extracting RSA key value", e);
76          }
77          BasicCredential cred = new BasicCredential();
78          cred.setPublicKey(pubKey);
79          if (kiContext != null) {
80              cred.getKeyNames().addAll(kiContext.getKeyNames());
81          }
82  
83          CredentialContext credContext = buildCredentialContext(kiContext);
84          if (credContext != null) {
85              cred.getCredentalContextSet().add(credContext);
86          }
87  
88          log.debug("Credential successfully extracted from RSAKeyValue");
89          return singletonSet(cred);
90      }
91  
92      /**
93       * Get the RSAKeyValue from the passed XML object.
94       * 
95       * @param xmlObject an XML object, presumably either a {@link KeyValue} or an {@link RSAKeyValue}
96       * @return the RSAKeyValue which was found, or null if none
97       */
98      protected RSAKeyValue getRSAKeyValue(XMLObject xmlObject) {
99          if (xmlObject == null) {
100             return null;
101         }
102 
103         if (xmlObject instanceof RSAKeyValue) {
104             return (RSAKeyValue) xmlObject;
105         }
106 
107         if (xmlObject instanceof KeyValue) {
108             return ((KeyValue) xmlObject).getRSAKeyValue();
109         }
110         return null;
111     }
112 }