Package net.shibboleth.idp.saml.security

Class KeyAuthoritySupport

java.lang.Object

net.shibboleth.idp.saml.security.KeyAuthoritySupport

public final class KeyAuthoritySupport
extends Object

Utility class for extracting PKIXValidationInformation from a KeyAuthority.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	KeyAuthoritySupport.KeyAuthorityPKIXValidationInformation	Basic implementation of PKIXValidationInformation.

Field Summary

Fields

Modifier and Type	Field	Description
static int	KEY_AUTHORITY_VERIFY_DEPTH_DEFAULT	Default value for Shibboleth KeyAuthority verify depth.

Constructor Summary

Constructors

Modifier	Constructor	Description
private	KeyAuthoritySupport()	Constructor.

Method Summary

Modifier and Type	Method	Description
static PKIXValidationInformation	extractPKIXValidationInfo(KeyAuthority keyAuthority)	Extracts PKIX validation information from the Shibboleth KeyAuthority metadata extension element.
private static Collection<X509Certificate>	getX509Certificates(KeyInfo keyInfo)	Extract certificates from a KeyInfo element.
private static Collection<X509CRL>	getX509CRLs(KeyInfo keyInfo)	Extract CRL's from a KeyInfo element.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

KEY_AUTHORITY_VERIFY_DEPTH_DEFAULT

public static final int KEY_AUTHORITY_VERIFY_DEPTH_DEFAULT

Default value for Shibboleth KeyAuthority verify depth.

See Also:

Constant Field Values

Constructor Details

KeyAuthoritySupport

private KeyAuthoritySupport()

Constructor. Private to prevent instantiation.

Method Details

extractPKIXValidationInfo

@Nullable
public static PKIXValidationInformation extractPKIXValidationInfo(@Nullable
KeyAuthority keyAuthority)
                                                           throws SecurityException

Extracts PKIX validation information from the Shibboleth KeyAuthority metadata extension element.

Parameters:

keyAuthority - the Shibboleth KeyAuthority element from which to extract information

Returns:

an instance of extracted PKIX validation information

Throws:

SecurityException - thrown if the key, certificate, or CRL information is represented in an unsupported format

getX509Certificates

@Nonnull
private static Collection<X509Certificate> getX509Certificates(@Nullable
KeyInfo keyInfo)
                                                        throws SecurityException

Extract certificates from a KeyInfo element.

Parameters:

keyInfo - the KeyInfo instance from which to extract certificates

Returns:

a collection of X509 certificates, possibly empty

Throws:

SecurityException - thrown if the certificate information is represented in an unsupported format

getX509CRLs

@Nonnull
private static Collection<X509CRL> getX509CRLs(@Nullable
KeyInfo keyInfo)
                                        throws SecurityException

Extract CRL's from a KeyInfo element.

Parameters:

keyInfo - the KeyInfo instance from which to extract CRL's

Returns:

a collection of X509 CRL's, possibly empty

Throws:

SecurityException - thrown if the CRL information is represented in an unsupported format