Package org.opensaml.xmlsec.keyinfo.impl

Class LocalKeyInfoCredentialResolver

java.lang.Object
org.opensaml.security.credential.impl.AbstractCredentialResolver
org.opensaml.security.credential.impl.AbstractCriteriaFilteringCredentialResolver
org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver
org.opensaml.xmlsec.keyinfo.impl.LocalKeyInfoCredentialResolver
All Implemented Interfaces:
Resolver<Credential,CriteriaSet>, CredentialResolver, KeyInfoCredentialResolver
public class LocalKeyInfoCredentialResolver extends BasicProviderKeyInfoCredentialResolver
A simple specialization of BasicProviderKeyInfoCredentialResolver which is capable of using information from a KeyInfo to resolve local credentials from a supplied CredentialResolver which manages local credentials.

The local credential resolver supplied should manage and return credentials which contain either a secret (symmetric) key or the private key half of a key pair.

A typical use case for this class would be as a resolver of decryption keys, such as is needed by Decrypter.

Resolution proceeds as follows:

  1. Any credential resolved via the standard BasicProviderKeyInfoCredentialResolver resolution process which is not a local credential will be removed from the effective set of credentials to be returned. Note that a configured KeyInfoProvider may have itself already resolved local credentials using a different mechanism. These will not be removed.
  2. If a credential so removed contained a public key, that key will be used as a resolution criteria input to the local credential resolver. Any local credentials so resolved will be added to the set to be returned.
  3. Similarly, any key names from KeyInfoResolutionContext.getKeyNames() will also be used as resolution criteria for local credentials and the resultant credentials added to the set to be returned.

  • Field Details

    • log

      private final org.slf4j.Logger log
      Logger.

    • localCredResolver

      private final CredentialResolver localCredResolver
      The resolver which is used to resolve local credentials.

  • Constructor Details

  • Method Details

    • getLocalCredentialResolver

      @Nonnull public CredentialResolver getLocalCredentialResolver()
      Get the resolver for local credentials. The credentials managed and returned by this resolver should all contain either a secret (symmetric) or private key.
      Returns:
      resolver of local credentials

    • postProcess

      protected void postProcess(@Nonnull KeyInfoResolutionContext kiContext, @Nullable CriteriaSet criteriaSet, @Nonnull List<Credential> credentials) throws ResolverException
      Hook for subclasses to do post-processing of the credential set after all KeyInfo children have been processed. For example, the previously resolved credentials might be used to index into a store of local credentials, where the index is a key name or the public half of a key pair extracted from the KeyInfo.
      Overrides:
      postProcess in class BasicProviderKeyInfoCredentialResolver
      Parameters:
      kiContext - KeyInfo resolution context
      criteriaSet - the credential criteria used to resolve credentials
      credentials - the list which will store the resolved credentials
      Throws:
      ResolverException - thrown if there is an error during processing

    • isLocalCredential

      protected boolean isLocalCredential(@Nonnull Credential credential)
      Determine whether the credential is a local credential. A local credential will have either a private key or a secret (symmetric) key.
      Parameters:
      credential - the credential to evaluate
      Returns:
      true if the credential has either a private or secret key, false otherwise

    • resolveByKeyName

      @Nonnull protected Collection<? extends Credential> resolveByKeyName(@Nonnull String keyName) throws ResolverException
      Resolve credentials from local resolver using key name criteria.
      Parameters:
      keyName - the key name criteria
      Returns:
      collection of local credentials identified by the specified key name
      Throws:
      ResolverException - thrown if there is a problem resolving credentials from the local credential resolver

    • resolveByPublicKey

      @Nonnull protected Collection<? extends Credential> resolveByPublicKey(@Nonnull PublicKey publicKey) throws ResolverException
      Resolve credentials from local resolver using public key criteria.
      Parameters:
      publicKey - the public key criteria
      Returns:
      collection of local credentials which contain the private key corresponding to the specified public key
      Throws:
      ResolverException - thrown if there is a problem resolving credentials from the local credential resolver