org.opensaml.xml.security.keyinfo
Class KeyInfoCredentialResolver

java.lang.Object
  extended by org.opensaml.xml.security.credential.AbstractCredentialResolver
      extended by org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver
          extended by org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver
All Implemented Interfaces:
CredentialResolver, Resolver<Credential,CredentialCriteriaSet>

public class KeyInfoCredentialResolver
extends AbstractCriteriaFilteringCredentialResolver

Specialized credential resolver interface which resolves credentials based on a KeyInfo element. TODO document processing model and hooks in detail, suggested usage, etc


Nested Class Summary
 class KeyInfoCredentialResolver.KeyInfoResolutionContext
          Resolution context class that can be used to supply information to the providers within a given invocation of the resolver.
 
Constructor Summary
KeyInfoCredentialResolver()
          Constructor.
 
Method Summary
 KeyInfoCredentialContext buildCredentialContext(KeyInfoCredentialResolver.KeyInfoResolutionContext kiContext)
          Build a credential context based on the current KeyInfo context, for return in a resolved credential.
protected  Credential buildKeyNameOnlyCredential(KeyInfoCredentialResolver.KeyInfoResolutionContext kiContext)
          Build a BasicCredential consisting only of the values from KeyName.
protected  java.security.Key extractKeyValue(Credential cred)
          Utility method to extract any key that might be present in the specified Credential.
protected  void postProcess(KeyInfoCredentialResolver.KeyInfoResolutionContext kiContext, CredentialCriteriaSet criteriaSet, java.util.List<Credential> credentials)
          Hook for subclasses to do post-processing of the credential set after all KeyInfo children have been processed.
protected  void postProcessEmptyCredentials(KeyInfoCredentialResolver.KeyInfoResolutionContext kiContext, CredentialCriteriaSet criteriaSet, java.util.List<Credential> credentials)
          Hook for processing the case where no credentials were returned by any resolution method by any provider, nor by the processing of the postProcess() hook.
protected  java.lang.Iterable<Credential> resolveFromSource(CredentialCriteriaSet criteriaSet)
          Subclasses are required to implement this method to resolve credentials from the implementation-specific type of underlying credential source.
protected  void resolveKeyValue(KeyInfoCredentialResolver.KeyInfoResolutionContext kiContext, CredentialCriteriaSet criteriaSet, java.util.List<KeyValue> keyValues)
          Resolve the key from any KeyValue element that may be present, and store the resulting credential in the resolution context.
 
Methods inherited from class org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver
isMeetAllCriteria, isUnevaluableSatisfies, resolve, setMeetAllCriteria, setUnevaluableSatisfies
 
Methods inherited from class org.opensaml.xml.security.credential.AbstractCredentialResolver
resolveSingle
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

KeyInfoCredentialResolver

public KeyInfoCredentialResolver()
Constructor.

Method Detail

resolveFromSource

protected java.lang.Iterable<Credential> resolveFromSource(CredentialCriteriaSet criteriaSet)
                                                    throws SecurityException
Subclasses are required to implement this method to resolve credentials from the implementation-specific type of underlying credential source.

Specified by:
resolveFromSource in class AbstractCriteriaFilteringCredentialResolver
Parameters:
criteriaSet - the set of credential criteria used to resolve credentials from the credential source
Returns:
an Iterable for the resolved set of credentials
Throws:
SecurityException - thrown if there is an error resolving credentials from the credential source

postProcess

protected void postProcess(KeyInfoCredentialResolver.KeyInfoResolutionContext kiContext,
                           CredentialCriteriaSet criteriaSet,
                           java.util.List<Credential> credentials)
                    throws SecurityException
Hook for subclasses to do post-processing of the credential set after all KeyInfo children have been processed. For example, the previously resolved credentials might be used to index into a store of local credentials, where the index is a key name or the public half of a key pair extracted from the KeyInfo.

Parameters:
kiContext - KeyInfo resolution context containing
criteriaSet - the credential criteria used to resolve credentials
credentials - the list which will store the resolved credentials
Throws:
SecurityException - thrown if there is an error during processing

postProcessEmptyCredentials

protected void postProcessEmptyCredentials(KeyInfoCredentialResolver.KeyInfoResolutionContext kiContext,
                                           CredentialCriteriaSet criteriaSet,
                                           java.util.List<Credential> credentials)
                                    throws SecurityException
Hook for processing the case where no credentials were returned by any resolution method by any provider, nor by the processing of the postProcess() hook.

Parameters:
kiContext - KeyInfo resolution context containing
criteriaSet - the credential criteria used to resolve credentials
credentials - the list which will store the resolved credentials
Throws:
SecurityException - thrown if there is an error during processing

resolveKeyValue

protected void resolveKeyValue(KeyInfoCredentialResolver.KeyInfoResolutionContext kiContext,
                               CredentialCriteriaSet criteriaSet,
                               java.util.List<KeyValue> keyValues)
                        throws SecurityException
Resolve the key from any KeyValue element that may be present, and store the resulting credential in the resolution context. Note: this assumes that KeyInfo/KeyValue will not be abused via-a-vis the Signature specificiation, and that therefore all KeyValue elements (if there is even more than one) will all resolve to the same key value. Therefore, only the first credential derived from a KeyValue will be be utilized.

Parameters:
kiContext - KeyInfo resolution context
criteriaSet - the credential criteria used to resolve credentials
keyValues - the KeyValue children to evaluate
Throws:
SecurityException - thrown if there is an error resolving the key from the KeyValue

buildCredentialContext

public KeyInfoCredentialContext buildCredentialContext(KeyInfoCredentialResolver.KeyInfoResolutionContext kiContext)
Build a credential context based on the current KeyInfo context, for return in a resolved credential.

Parameters:
kiContext - the current KeyInfo resolution context
Returns:
a new KeyInfo credential context

buildKeyNameOnlyCredential

protected Credential buildKeyNameOnlyCredential(KeyInfoCredentialResolver.KeyInfoResolutionContext kiContext)
                                         throws SecurityException
Build a BasicCredential consisting only of the values from KeyName.

Parameters:
kiContext - the current KeyInfo resolution context
Returns:
a key name-only basic credential
Throws:
SecurityException - thrown if there is an error building the credential

extractKeyValue

protected java.security.Key extractKeyValue(Credential cred)
Utility method to extract any key that might be present in the specified Credential.

Parameters:
cred - the Credential to evaluate
Returns:
the Key contained in the credential, or null if it does not contain a key.