org.opensaml.xml.security
Class SecurityHelper

java.lang.Object
  extended by org.opensaml.xml.security.SecurityHelper

public final class SecurityHelper
extends java.lang.Object

Helper methods for security-related requirements.


Method Summary
static java.security.Key extractDecryptionKey(Credential credential)
          Extract the decryption key from the credential.
static java.security.Key extractEncryptionKey(Credential credential)
          Extract the encryption key from the credential.
static java.security.Key extractSigningKey(Credential credential)
          Extract the signing key from the credential.
static java.security.Key extractVerificationKey(Credential credential)
          Extract the verification key from the credential.
static javax.crypto.SecretKey generateSymmetricKey(java.lang.String algoURI)
          Generates a random Java JCE symmetric Key object from the specified XML Encryption algorithm URI.
static CredentialCriteriaSet getCredentialCriteria(java.util.Set<Criteria> generalCriteria)
          Get the CredentialCriteria from the general more general criteria set and return as a type-specific set.
static java.lang.String getKeyAlgorithmFromURI(java.lang.String algorithmURI)
          Get the Java security JCA/JCE key algorithm specifier associated with an algorithm URI.
static java.lang.Integer getKeyLength(java.security.Key key)
          Get the key length in bits of the specified key.
static java.lang.Integer getKeyLengthFromURI(java.lang.String algorithmURI)
          Get the length of the key indicated by the algorithm URI, if applicable and available.
static PKIXCriteriaSet getPKIXCriteria(java.util.Set<Criteria> generalCriteria)
          Get the PKIXCriteria from the general more general criteria set and return as a type-specific set.
static BasicCredential getSimpleCredential(java.security.PublicKey publicKey, java.security.PrivateKey privateKey)
          Get a simple, minimal credential containing a public key, and optionally a private key.
static BasicCredential getSimpleCredential(javax.crypto.SecretKey secretKey)
          Get a simple, minimal credential containing a secret (symmetric) key.
static boolean isHMAC(java.lang.String signatureAlgorithm)
          Check whether the signature method algorithm URI indicates HMAC.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Method Detail

isHMAC

public static boolean isHMAC(java.lang.String signatureAlgorithm)
Check whether the signature method algorithm URI indicates HMAC.

Parameters:
signatureAlgorithm - the signature method algorithm URI
Returns:
true if URI indicates HMAC, false otherwise

getKeyAlgorithmFromURI

public static java.lang.String getKeyAlgorithmFromURI(java.lang.String algorithmURI)
Get the Java security JCA/JCE key algorithm specifier associated with an algorithm URI.

Parameters:
algorithmURI - the algorithm URI to evaluate
Returns:
the Java key algorithm specifier, or null if the mapping is unavailable or indeterminable from the URI

getKeyLengthFromURI

public static java.lang.Integer getKeyLengthFromURI(java.lang.String algorithmURI)
Get the length of the key indicated by the algorithm URI, if applicable and available.

Parameters:
algorithmURI - the algorithm URI to evaluate
Returns:
the length of the key indicated by the algorithm URI, or null if the length is either unavailable or indeterminable from the URI

generateSymmetricKey

public static javax.crypto.SecretKey generateSymmetricKey(java.lang.String algoURI)
                                                   throws java.security.NoSuchAlgorithmException,
                                                          java.security.KeyException
Generates a random Java JCE symmetric Key object from the specified XML Encryption algorithm URI.

Parameters:
algoURI - The XML Encryption algorithm URI
Returns:
a randomly-generated symmetric Key
Throws:
java.security.NoSuchAlgorithmException - thrown if the specified algorithm is invalid
java.security.KeyException - thrown if the length of the key to generate could not be determined

extractEncryptionKey

public static java.security.Key extractEncryptionKey(Credential credential)
Extract the encryption key from the credential.

Parameters:
credential - the credential containing the encryption key
Returns:
the encryption key (either a public key or a secret (symmetric) key

extractDecryptionKey

public static java.security.Key extractDecryptionKey(Credential credential)
Extract the decryption key from the credential.

Parameters:
credential - the credential containing the decryption key
Returns:
the decryption key (either a private key or a secret (symmetric) key

extractSigningKey

public static java.security.Key extractSigningKey(Credential credential)
Extract the signing key from the credential.

Parameters:
credential - the credential containing the signing key
Returns:
the signing key (either a private key or a secret (symmetric) key

extractVerificationKey

public static java.security.Key extractVerificationKey(Credential credential)
Extract the verification key from the credential.

Parameters:
credential - the credential containing the verification key
Returns:
the verification key (either a public key or a secret (symmetric) key

getKeyLength

public static java.lang.Integer getKeyLength(java.security.Key key)
Get the key length in bits of the specified key.

Parameters:
key - the key to evaluate
Returns:
length of the key in bits, or null if the length can not be determined

getSimpleCredential

public static BasicCredential getSimpleCredential(javax.crypto.SecretKey secretKey)
Get a simple, minimal credential containing a secret (symmetric) key.

Parameters:
secretKey - the symmetric key to wrap
Returns:
a credential containing the secret key specified

getSimpleCredential

public static BasicCredential getSimpleCredential(java.security.PublicKey publicKey,
                                                  java.security.PrivateKey privateKey)
Get a simple, minimal credential containing a public key, and optionally a private key.

Parameters:
publicKey - the public key to wrap
privateKey - the private key to wrap, which may be null
Returns:
a credential containing the key(s) specified

getCredentialCriteria

public static CredentialCriteriaSet getCredentialCriteria(java.util.Set<Criteria> generalCriteria)
Get the CredentialCriteria from the general more general criteria set and return as a type-specific set.

Parameters:
generalCriteria - set of criteria
Returns:
a new set containing only CredentialCriteria

getPKIXCriteria

public static PKIXCriteriaSet getPKIXCriteria(java.util.Set<Criteria> generalCriteria)
Get the PKIXCriteria from the general more general criteria set and return as a type-specific set.

Parameters:
generalCriteria - set of criteria
Returns:
a new set containing only PKIXCriteria