1 /*
2 * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 package org.opensaml.xml.security.keyinfo;
18
19 import java.util.ArrayList;
20 import java.util.Collection;
21
22 import org.opensaml.xml.security.credential.CollectionCredentialResolver;
23 import org.opensaml.xml.security.credential.Credential;
24 import org.opensaml.xml.security.credential.criteria.EvaluableCredentialCriteria;
25 import org.opensaml.xml.security.credential.criteria.EvaluableCredentialCriteriaRegistry;
26 import org.opensaml.xml.signature.KeyName;
27 import org.opensaml.xml.signature.X509SubjectName;
28
29 /**
30 * An implementation of {@link KeyInfoCredentialResolver} which uses a {@link Collection} as the
31 * underlying credential source.
32 *
33 * <p>
34 * Like the
35 * {@link CollectionCredentialResolver}, credentials returned are filtered based on any
36 * {@link EvaluableCredentialCriteria} which may have been present in the specified criteria set, or
37 * which are resolved by lookup in the {@link EvaluableCredentialCriteriaRegistry}.
38 * </p>
39 *
40 * <p>
41 * This implementation may be used to address use cases where use of a
42 * KeyInfoCredentialResolver is required, but a KeyInfo element containing keys or other keying
43 * material is not necessarily supplied or expected in an instance document and keys/credentials
44 * are known in advance (e.g. validation keys belonging to a peer, decryption keys belonging to the caller).
45 * In this use case, credentials are expected to be resolved from other contextual information,
46 * including information possibly supplied as criteria to the resolver. Such credentials would be stored
47 * in and returned from the {@link Collection} managed by this resolver.
48 * </p>
49 *
50 * <p>
51 * Note that a KeyInfo element
52 * passed in a {@link KeyInfoCriteria} in the criteria set is <code>NOT</code> directly processed by this
53 * implementation in any way as a source for extracting keys or other key-related material.
54 * However, if the evaluable credential criteria registry described above were
55 * for example to contain a mapping from KeyInfoCriteria to some type of EvaluableCredentialCriteria,
56 * where the latter used KeyInfo-derived information as its basis for evaluation of a credential (e.g.
57 * based on contents of a {@link KeyName} or {@link X509SubjectName}), then such KeyInfo-derived
58 * evaluable criteria would be used to filter or select the specific credentials that would be returned
59 * from the underlying credential collection of this resolver. Such KeyInfo-derived evaluable criteria
60 * may also be specified directly in the criteria set, per the above.
61 * </p>
62 *
63 * <p>
64 * This implementation might also be used at the end of a chain of KeyInfoCredentialResolvers in
65 * order to supply a default, fallback set of credentials, if none could otherwise be resolved.
66 * </p>
67 *
68 */
69 public class CollectionKeyInfoCredentialResolver extends CollectionCredentialResolver implements
70 KeyInfoCredentialResolver {
71
72 /**
73 * Constructor.
74 *
75 * An {@link ArrayList} is used as the underlying collection implementation.
76 *
77 */
78 public CollectionKeyInfoCredentialResolver() {
79 this(new ArrayList<Credential>());
80 }
81
82 /**
83 * Constructor.
84 *
85 * @param credentials the credential collection which is the backing store for the resolver
86 */
87 public CollectionKeyInfoCredentialResolver(Collection<Credential> credentials) {
88 super(credentials);
89 }
90
91 }