Package org.opensaml.xmlsec.algorithm

Class AlgorithmSupport

java.lang.Object
org.opensaml.xmlsec.algorithm.AlgorithmSupport
public final class AlgorithmSupport extends Object
Helper methods for working with XML security algorithm URI's.

  • Field Details

    • LOG

      private static final org.slf4j.Logger LOG
      Logger.

  • Constructor Details

    • AlgorithmSupport

      private AlgorithmSupport()
      Constructor.

  • Method Details

    • getGlobalAlgorithmRegistry

      @Nullable public static AlgorithmRegistry getGlobalAlgorithmRegistry()
      Get the global AlgorithmRegistry instance.
      Returns:
      the global algorithm registry, or null if nothing registered

    • isKeyEncryptionAlgorithm

      public static boolean isKeyEncryptionAlgorithm(@Nullable AlgorithmDescriptor algorithm)
      Check whether the supplied descriptor represents an algorithm that my be used for key encryption, i.e. a key transport or symmetric key wrap algorithm.
      Parameters:
      algorithm - the algorithm descriptor to evaluate
      Returns:
      true if the algorithm may be used for key encryption, false otherwise

    • isDataEncryptionAlgorithm

      public static boolean isDataEncryptionAlgorithm(@Nullable AlgorithmDescriptor algorithm)
      Check whether the supplied descriptor represents an algorithm that my be used for data encryption, i.e. a block encryption algorithm.
      Parameters:
      algorithm - the algorithm descriptor to evaluate
      Returns:
      true if the algorithm may be used for key encryption, false otherwise

    • credentialSupportsAlgorithmForSigning

      public static boolean credentialSupportsAlgorithmForSigning(@Nullable Credential credential, @Nullable AlgorithmDescriptor algorithm)
      Check whether the supplied credential may be used with the supplied algorithm for the purpose of signing.

      This checks the consistency of the type of credential signing key and the algorithm type, as well as the key algorithm and length where applicable.

      Parameters:
      credential - the candidate signing credential to evaluate
      algorithm - the candidate signing algorithm to evaluate
      Returns:
      true if the credential may be used with the algorithm for signing, false otherwise

    • credentialSupportsAlgorithmForEncryption

      public static boolean credentialSupportsAlgorithmForEncryption(@Nullable Credential credential, @Nullable AlgorithmDescriptor algorithm)
      Check whether the supplied credential may be used with the supplied algorithm for the purpose of encryption.

      This checks the consistency of the extracted credential encryption key and the algorithm type, as well as the key algorithm and length where applicable.

      Parameters:
      credential - the candidate encryption credential to evaluate
      algorithm - the candidate encryption algorithm to evaluate
      Returns:
      true if the credential may be used with the algorithm for encryption, false otherwise

    • checkKeyAlgorithmAndLength

      public static boolean checkKeyAlgorithmAndLength(@Nonnull Key key, @Nonnull AlgorithmDescriptor algorithm)
      Check that the supplied key is consistent with the supplied algorithm's specified key algorithm and key length, where applicable.
      Parameters:
      key - the key to evaluate
      algorithm - the algorithm to evaluate
      Returns:
      true if the key is consistent with key algorithm and length specified by the algorithm (if any) false otherwise

    • getAlgorithmID

      @Nullable public static String getAlgorithmID(@Nonnull String algorithmURI)
      Get the Java security JCA/JCE algorithm identifier associated with an algorithm URI.
      Parameters:
      algorithmURI - the algorithm URI to evaluate
      Returns:
      the Java algorithm identifier, or null if the mapping is unavailable or indeterminable from the URI

    • isRSAOAEP

      public static boolean isRSAOAEP(@Nonnull String keyTransportAlgorithm)
      Check whether the key transport encryption algorithm URI indicates RSA-OAEP.
      Parameters:
      keyTransportAlgorithm - the key transport encryption algorithm URI
      Returns:
      true if URI indicates RSA-OAEP, false otherwise

    • isBlockEncryption

      public static boolean isBlockEncryption(@Nonnull String algorithm)
      Check whether the algorithm URI indicates block encryption.
      Parameters:
      algorithm - the algorithm URI
      Returns:
      true if URI indicates symmetric key wrap, false otherwise

    • isSymmetricKeyWrap

      public static boolean isSymmetricKeyWrap(@Nonnull String algorithm)
      Check whether the algorithm URI indicates symmetric key wrap.
      Parameters:
      algorithm - the algorithm URI
      Returns:
      true if URI indicates symmetric key wrap, false otherwise

    • isHMAC

      public static boolean isHMAC(@Nonnull String signatureAlgorithm)
      Check whether the signature method algorithm URI indicates HMAC.
      Parameters:
      signatureAlgorithm - the signature method algorithm URI
      Returns:
      true if URI indicates HMAC, false otherwise

    • getKeyAlgorithm

      @Nullable public static String getKeyAlgorithm(@Nonnull String algorithmURI)
      Get the Java security JCA/JCE key algorithm specifier associated with an algorithm URI.
      Parameters:
      algorithmURI - the algorithm URI to evaluate
      Returns:
      the Java key algorithm specifier, or null if the mapping is unavailable or indeterminable from the URI

    • getKeyLength

      @Nullable public static Integer getKeyLength(@Nonnull String algorithmURI)
      Get the length of the key indicated by the algorithm URI, if applicable and available.
      Parameters:
      algorithmURI - the algorithm URI to evaluate
      Returns:
      the length of the key indicated by the algorithm URI, or null if the length is either unavailable or indeterminable from the URI

    • generateSymmetricKey

      @Nonnull public static SecretKey generateSymmetricKey(@Nonnull String algoURI) throws NoSuchAlgorithmException, KeyException
      Generates a random Java JCE symmetric Key object from the specified XML Encryption algorithm URI.
      Parameters:
      algoURI - The XML Encryption algorithm URI
      Returns:
      a randomly-generated symmetric Key
      Throws:
      NoSuchAlgorithmException - thrown if the specified algorithm is invalid
      KeyException - thrown if the length of the key to generate could not be determined

    • generateKeyPair

      @Nonnull public static KeyPair generateKeyPair(@Nonnull String algoURI, int keyLength) throws NoSuchAlgorithmException, NoSuchProviderException
      Randomly generates a Java JCE KeyPair object from the specified XML Encryption algorithm URI.
      Parameters:
      algoURI - The XML Encryption algorithm URI
      keyLength - the length of key to generate
      Returns:
      a randomly-generated KeyPair
      Throws:
      NoSuchProviderException - provider not found
      NoSuchAlgorithmException - algorithm not found

    • generateKeyPair

      @Nonnull public static KeyPair generateKeyPair(@Nonnull String algoURI, @Nonnull AlgorithmParameterSpec paramSpec) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException
      Randomly generates a Java JCE KeyPair object from the specified XML Encryption algorithm URI.
      Parameters:
      algoURI - The XML Encryption algorithm URI
      paramSpec - the algorithm parameter specification
      Returns:
      a randomly-generated KeyPair
      Throws:
      NoSuchProviderException - provider not found
      NoSuchAlgorithmException - algorithm not found
      InvalidAlgorithmParameterException - algorithm parameter spec is unsupported

    • generateSymmetricKeyAndCredential

      @Nonnull public static Credential generateSymmetricKeyAndCredential(@Nonnull String algorithmURI) throws NoSuchAlgorithmException, KeyException
      Generate a random symmetric key and return in a BasicCredential.
      Parameters:
      algorithmURI - The XML Encryption algorithm URI
      Returns:
      a basic credential containing a randomly generated symmetric key
      Throws:
      KeyException - thrown if the length of key to generate could not be determined
      NoSuchAlgorithmException - algorithm not found

    • generateKeyPairAndCredential

      @Nonnull public static Credential generateKeyPairAndCredential(@Nonnull String algorithmURI, int keyLength, boolean includePrivate) throws NoSuchAlgorithmException, NoSuchProviderException
      Generate a random asymmetric key pair and return in a BasicCredential.
      Parameters:
      algorithmURI - The XML Encryption algorithm URI
      keyLength - key length
      includePrivate - if true, the private key will be included as well
      Returns:
      a basic credential containing a randomly generated asymmetric key pair
      Throws:
      NoSuchAlgorithmException - algorithm not found
      NoSuchProviderException - provider not found

    • generateKeyPairAndCredential

      @Nonnull public static Credential generateKeyPairAndCredential(@Nonnull String algorithmURI, @Nonnull AlgorithmParameterSpec paramSpec, boolean includePrivate) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException
      Generate a random asymmetric key pair and return in a BasicCredential.
      Parameters:
      algorithmURI - The XML Encryption algorithm URI
      paramSpec - the algorithm parameter specification
      includePrivate - if true, the private key will be included as well
      Returns:
      a basic credential containing a randomly generated asymmetric key pair
      Throws:
      NoSuchAlgorithmException - algorithm not found
      NoSuchProviderException - provider not found
      InvalidAlgorithmParameterException - algorithm parameter spec is unsupported

    • validateAlgorithmURI

      public static boolean validateAlgorithmURI(@Nonnull String algorithmURI, @Nullable Collection<String> includedAlgorithmURIs, @Nullable Collection<String> excludedAlgorithmURIs)
      Validate the supplied algorithm URI against the specified includes and excludes.
      Parameters:
      algorithmURI - the algorithm URI to evaluate
      includedAlgorithmURIs - the algorithm include list
      excludedAlgorithmURIs - the algorithm exclude list
      Returns:
      true if algorithm URI satisfies the specified includes and excludes, otherwise false