Class KeyAuthoritySupport

java.lang.Object
net.shibboleth.idp.saml.security.KeyAuthoritySupport

public final class KeyAuthoritySupport
extends Object
Utility class for extracting PKIXValidationInformation from a KeyAuthority.
  • Field Details

    • KEY_AUTHORITY_VERIFY_DEPTH_DEFAULT

      public static final int KEY_AUTHORITY_VERIFY_DEPTH_DEFAULT
      Default value for Shibboleth KeyAuthority verify depth.
      See Also:
      Constant Field Values
  • Constructor Details

    • KeyAuthoritySupport

      private KeyAuthoritySupport()
      Constructor. Private to prevent instantiation.
  • Method Details

    • extractPKIXValidationInfo

      @Nullable public static PKIXValidationInformation extractPKIXValidationInfo​(@Nullable KeyAuthority keyAuthority) throws SecurityException
      Extracts PKIX validation information from the Shibboleth KeyAuthority metadata extension element.
      Parameters:
      keyAuthority - the Shibboleth KeyAuthority element from which to extract information
      Returns:
      an instance of extracted PKIX validation information
      Throws:
      SecurityException - thrown if the key, certificate, or CRL information is represented in an unsupported format
    • getX509Certificates

      @Nonnull private static Collection<X509Certificate> getX509Certificates​(@Nullable KeyInfo keyInfo) throws SecurityException
      Extract certificates from a KeyInfo element.
      Parameters:
      keyInfo - the KeyInfo instance from which to extract certificates
      Returns:
      a collection of X509 certificates, possibly empty
      Throws:
      SecurityException - thrown if the certificate information is represented in an unsupported format
    • getX509CRLs

      @Nonnull private static Collection<X509CRL> getX509CRLs​(@Nullable KeyInfo keyInfo) throws SecurityException
      Extract CRL's from a KeyInfo element.
      Parameters:
      keyInfo - the KeyInfo instance from which to extract CRL's
      Returns:
      a collection of X509 CRL's, possibly empty
      Throws:
      SecurityException - thrown if the CRL information is represented in an unsupported format