Package org.opensaml.security.credential

Interfaces and classes related to credentials and ways to represent them. Developers will generally create and populate CredentialResolvers during application initialization time. CredentialCriteria can then be constructed to model the information the application has about a particular credential and then provided to the CredentialResolver in order to retrieve the previously loaded credential information. Here are a couple of use cases where this approach might be used:
  • An application wishes to decrypt a message from one of many peers. The encrypted message contains a KeyInfo which itself contains the public key used to encrypt the data. The application can then use the public key to lookup its appropriate private key and decrypt the message.
  • An application uses client-cert authentication via TLS when communicating with a peer. Upon receipt of the peers certificate the application uses the provide entity certificate to lookup additional information associated with this credential, including CRLs, to determine if the credential should be trusted. It then looks up it's credential for the given peer and uses it to authenticate. Once completed the application stores the TLS session key in a CredentialResolver so that it may be used during encryption processes.