1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.opensaml.xml.security.keyinfo.provider;
18
19 import java.security.KeyException;
20 import java.security.PublicKey;
21 import java.util.Collection;
22
23 import org.opensaml.xml.XMLObject;
24 import org.opensaml.xml.security.CriteriaSet;
25 import org.opensaml.xml.security.SecurityException;
26 import org.opensaml.xml.security.credential.BasicCredential;
27 import org.opensaml.xml.security.credential.Credential;
28 import org.opensaml.xml.security.credential.CredentialContext;
29 import org.opensaml.xml.security.criteria.KeyAlgorithmCriteria;
30 import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
31 import org.opensaml.xml.security.keyinfo.KeyInfoHelper;
32 import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
33 import org.opensaml.xml.security.keyinfo.KeyInfoResolutionContext;
34 import org.opensaml.xml.signature.KeyValue;
35 import org.opensaml.xml.signature.RSAKeyValue;
36 import org.slf4j.Logger;
37 import org.slf4j.LoggerFactory;
38
39
40
41
42 public class RSAKeyValueProvider extends AbstractKeyInfoProvider {
43
44
45 private final Logger log = LoggerFactory.getLogger(RSAKeyValueProvider.class);
46
47
48 public boolean handles(XMLObject keyInfoChild) {
49 return getRSAKeyValue(keyInfoChild) != null;
50 }
51
52
53 public Collection<Credential> process(KeyInfoCredentialResolver resolver, XMLObject keyInfoChild,
54 CriteriaSet criteriaSet, KeyInfoResolutionContext kiContext) throws SecurityException {
55
56 RSAKeyValue keyValue = getRSAKeyValue(keyInfoChild);
57 if (keyValue == null) {
58 return null;
59 }
60
61 KeyAlgorithmCriteria algorithmCriteria = criteriaSet.get(KeyAlgorithmCriteria.class);
62 if (algorithmCriteria != null && algorithmCriteria.getKeyAlgorithm() != null
63 && !algorithmCriteria.getKeyAlgorithm().equals("RSA")) {
64 log.debug("Criteria specified non-RSA key algorithm, skipping");
65 return null;
66 }
67
68 log.debug("Attempting to extract credential from an RSAKeyValue");
69
70 PublicKey pubKey = null;
71 try {
72 pubKey = KeyInfoHelper.getRSAKey(keyValue);
73 } catch (KeyException e) {
74 log.error("Error extracting RSA key value", e);
75 throw new SecurityException("Error extracting RSA key value", e);
76 }
77 BasicCredential cred = new BasicCredential();
78 cred.setPublicKey(pubKey);
79 if (kiContext != null) {
80 cred.getKeyNames().addAll(kiContext.getKeyNames());
81 }
82
83 CredentialContext credContext = buildCredentialContext(kiContext);
84 if (credContext != null) {
85 cred.getCredentalContextSet().add(credContext);
86 }
87
88 log.debug("Credential successfully extracted from RSAKeyValue");
89 return singletonSet(cred);
90 }
91
92
93
94
95
96
97
98 protected RSAKeyValue getRSAKeyValue(XMLObject xmlObject) {
99 if (xmlObject == null) {
100 return null;
101 }
102
103 if (xmlObject instanceof RSAKeyValue) {
104 return (RSAKeyValue) xmlObject;
105 }
106
107 if (xmlObject instanceof KeyValue) {
108 return ((KeyValue) xmlObject).getRSAKeyValue();
109 }
110 return null;
111 }
112 }