org.opensaml.saml2.metadata.KeyDescriptor Java Examples

/** {@inheritDoc} */
protected void marshallAttributes(XMLObject xmlObject, Element domElement) throws MarshallingException {
    KeyDescriptor keyDescriptor = (KeyDescriptor) xmlObject;

    if (keyDescriptor.getUse() != null) {
        UsageType use = keyDescriptor.getUse();
        // UsageType enum contains more values than are allowed by SAML 2 schema
        if (use.equals(UsageType.SIGNING) || use.equals(UsageType.ENCRYPTION)) {
            domElement.setAttribute(KeyDescriptor.USE_ATTRIB_NAME, use.toString().toLowerCase());
        } else if (use.equals(UsageType.UNSPECIFIED)) {
            // emit nothing for unspecified - this is semantically equivalent to non-existent attribute
        } else {
            // Just in case values are unknowingly added to UsageType in the future...
            throw new MarshallingException("KeyDescriptor had illegal value for use attribute: " + use.toString());
        }
    }
}
 

/** {@inheritDoc} */
protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {
    KeyDescriptor keyDescriptor = (KeyDescriptor) samlObject;

    if (attribute.getName().equals(KeyDescriptor.USE_ATTRIB_NAME)) {
        try {
            UsageType usageType = UsageType.valueOf(UsageType.class, attribute.getValue().toUpperCase());
            // Only allow the enum values specified in the schema.
            if (usageType != UsageType.SIGNING && usageType != UsageType.ENCRYPTION) {
                throw new UnmarshallingException("Invalid key usage type: " + attribute.getValue());
            }
            keyDescriptor.setUse(usageType);
        } catch (IllegalArgumentException e) {
            throw new UnmarshallingException("Invalid key usage type: " + attribute.getValue());
        }
    }

    super.processAttribute(samlObject, attribute);
}
 

/** {@inheritDoc} */
protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
        throws UnmarshallingException {
    AffiliationDescriptor descriptor = (AffiliationDescriptor) parentSAMLObject;

    if (childSAMLObject instanceof Extensions) {
        descriptor.setExtensions((Extensions) childSAMLObject);
    } else if (childSAMLObject instanceof Signature) {
        descriptor.setSignature((Signature) childSAMLObject);
    } else if (childSAMLObject instanceof AffiliateMember) {
        descriptor.getMembers().add((AffiliateMember) childSAMLObject);
    } else if (childSAMLObject instanceof KeyDescriptor) {
        descriptor.getKeyDescriptors().add((KeyDescriptor) childSAMLObject);
    } else {
        super.processChildElement(parentSAMLObject, childSAMLObject);
    }
}
 

/** {@inheritDoc} */
protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
        throws UnmarshallingException {
    RoleDescriptor roleDescriptor = (RoleDescriptor) parentSAMLObject;

    if (childSAMLObject instanceof Extensions) {
        roleDescriptor.setExtensions((Extensions) childSAMLObject);
    } else if (childSAMLObject instanceof Signature) {
        roleDescriptor.setSignature((Signature) childSAMLObject);
    } else if (childSAMLObject instanceof KeyDescriptor) {
        roleDescriptor.getKeyDescriptors().add((KeyDescriptor) childSAMLObject);
    } else if (childSAMLObject instanceof Organization) {
        roleDescriptor.setOrganization((Organization) childSAMLObject);
    } else if (childSAMLObject instanceof ContactPerson) {
        roleDescriptor.getContactPersons().add((ContactPerson) childSAMLObject);
    } else {
        super.processChildElement(parentSAMLObject, childSAMLObject);
    }
}
 

public KeyDescriptor generateEncryptionKeyDescriptor(Credential signingCredential){
 KeyDescriptor encryptionKeyDescriptor =  new KeyDescriptorBuilder().buildObject();

 encryptionKeyDescriptor.setUse(UsageType.ENCRYPTION); 
 
 // Generating key info. The element will contain the public key. The key is used to by the IDP to encrypt data  
 try {  
  encryptionKeyDescriptor.setKeyInfo(getKeyInfoGenerator().generate(signingCredential));  
 } catch (SecurityException e) {  
  logger.error(e.getMessage(), e);  
 }  
 
 return encryptionKeyDescriptor;
}
 

/**
 * Constructor.
 * 
 * @param descriptor the KeyDescriptor context from which a credential was resolved
 */
public SAMLMDCredentialContext(KeyDescriptor descriptor) {
    keyDescriptor = descriptor;
    if (descriptor != null) {
        // KeyDescriptor / EncryptionMethod
        encMethods = descriptor.getEncryptionMethods();
        // KeyDescriptor -> RoleDescriptor
        role = (RoleDescriptor) descriptor.getParent();
    }
}
 

public KeyDescriptor generateSignKeyDescriptor(Credential signingCredential){
 KeyDescriptor signKeyDescriptor = new KeyDescriptorBuilder().buildObject();
    
    signKeyDescriptor.setUse(UsageType.SIGNING);  //Set usage  
    
    // Generating key info. The element will contain the public key. The key is used to by the IDP to verify signatures  
    try {  
     signKeyDescriptor.setKeyInfo(getKeyInfoGenerator().generate(signingCredential));  
    } catch (SecurityException e) {  
 	   logger.error(e.getMessage(), e);  
    }  
    
    return signKeyDescriptor;
}
 

/** {@inheritDoc} */
protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
        throws UnmarshallingException {
    KeyDescriptor keyDescriptor = (KeyDescriptor) parentSAMLObject;

    if (childSAMLObject instanceof KeyInfo) {
        keyDescriptor.setKeyInfo((KeyInfo) childSAMLObject);
    } else if (childSAMLObject instanceof EncryptionMethod) {
        keyDescriptor.getEncryptionMethods().add((EncryptionMethod) childSAMLObject);
    } else {
        super.processChildElement(parentSAMLObject, childSAMLObject);
    }
}
 

/**
 * Constructor.
 * 
 * @param namespaceURI the namespace the element is in
 * @param elementLocalName the local name of the XML element this Object represents
 * @param namespacePrefix the prefix for the given namespace
 */
protected RoleDescriptorImpl(String namespaceURI, String elementLocalName, String namespacePrefix) {
    super(namespaceURI, elementLocalName, namespacePrefix);
    unknownAttributes = new AttributeMap(this);
    supportedProtocols = new LazyList<String>();
    contactPersons = new XMLObjectChildrenList<ContactPerson>(this);
    keyDescriptors = new XMLObjectChildrenList<KeyDescriptor>(this);
}
 

/**
 * Checks that use attribute has only one of allowed values.
 * 
 * @param keyDescriptor the key descriptor to validate
 * @throws ValidationException throw in use attribute does not have a legal value
 */
protected void validateUse(KeyDescriptor keyDescriptor) throws ValidationException {
    UsageType use = keyDescriptor.getUse();
    if (use == null) {
        return;
    }
    if (       ! use.equals(UsageType.SIGNING) 
            && ! use.equals(UsageType.ENCRYPTION) 
            && ! use.equals(UsageType.UNSPECIFIED) ) {
        throw new ValidationException("Invalid value for use attribute: " + use.toString());
    }
}
 

/** {@inheritDoc} */
public List<KeyDescriptor> getKeyDescriptors() {
    return keyDescriptors;
}
 

/** {@inheritDoc} */
public List<KeyDescriptor> getKeyDescriptors() {
    return keyDescriptors;
}
 

/** {@inheritDoc} */
public KeyDescriptor buildObject() {
    return buildObject(SAMLConstants.SAML20MD_NS, KeyDescriptor.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20MD_PREFIX);
}
 

/** {@inheritDoc} */
public KeyDescriptor buildObject(String namespaceURI, String localName, String namespacePrefix) {
    return new KeyDescriptorImpl(namespaceURI, localName, namespacePrefix);
}
 

/** {@inheritDoc} */
public void validate(KeyDescriptor keyDescriptor) throws ValidationException {
    validateKeyInfo(keyDescriptor);
    validateUse(keyDescriptor);
}
 

/**
 * Retrieves credentials from the provided metadata.
 * 
 * @param entityID entityID of the credential owner
 * @param role role in which the entity is operating
 * @param protocol protocol over which the entity is operating (may be null)
 * @param usage intended usage of resolved credentials
 * 
 * @return the resolved credentials or null
 * 
 * @throws SecurityException thrown if the key, certificate, or CRL information is represented in an unsupported
 *             format
 */
protected Collection<Credential> retrieveFromMetadata(String entityID, QName role, String protocol, UsageType usage)
        throws SecurityException {

    log.debug("Attempting to retrieve credentials from metadata for entity: {}", entityID);
    Collection<Credential> credentials = new HashSet<Credential>(3);

    List<RoleDescriptor> roleDescriptors = getRoleDescriptors(entityID, role, protocol);
    if(roleDescriptors == null || roleDescriptors.isEmpty()){
        return credentials;
    }
        
    for (RoleDescriptor roleDescriptor : roleDescriptors) {
        List<KeyDescriptor> keyDescriptors = roleDescriptor.getKeyDescriptors();
        if(keyDescriptors == null || keyDescriptors.isEmpty()){
            return credentials;
        }            
        for (KeyDescriptor keyDescriptor : keyDescriptors) {
            UsageType mdUsage = keyDescriptor.getUse();
            if (mdUsage == null) {
                mdUsage = UsageType.UNSPECIFIED;
            }
            if (matchUsage(mdUsage, usage)) {
                if (keyDescriptor.getKeyInfo() != null) {
                    CriteriaSet critSet = new CriteriaSet();
                    critSet.add(new KeyInfoCriteria(keyDescriptor.getKeyInfo()));

                    Iterable<Credential> creds = getKeyInfoCredentialResolver().resolve(critSet);
                    if(credentials == null){
                        continue;
                    }
                    for (Credential cred : creds) {
                        if (cred instanceof BasicCredential) {
                            BasicCredential basicCred = (BasicCredential) cred;
                            basicCred.setEntityId(entityID);
                            basicCred.setUsageType(mdUsage);
                            basicCred.getCredentalContextSet().add(new SAMLMDCredentialContext(keyDescriptor));
                        }
                        credentials.add(cred);
                    }
                }
            }
        }

    }

    return credentials;
}
 

/**
 * Constructor
 * 
 * @param namespaceURI
 * @param elementLocalName
 * @param namespacePrefix
 */
protected AffiliationDescriptorImpl(String namespaceURI, String elementLocalName, String namespacePrefix) {
    super(namespaceURI, elementLocalName, namespacePrefix);
    unknownAttributes = new AttributeMap(this);
    members = new XMLObjectChildrenList<AffiliateMember>(this);
    keyDescriptors = new XMLObjectChildrenList<KeyDescriptor>(this);
}
 

/**
 * Checks that KeyInfo is present.
 * 
 * @param keyDescriptor the key descriptor to validate
 * @throws ValidationException thrown if KeyInfo is not present
 */
protected void validateKeyInfo(KeyDescriptor keyDescriptor) throws ValidationException {
    if (keyDescriptor.getKeyInfo()==null) {
        throw new ValidationException("KeyInfo required");
    }
}
 

/**
 * Get the key descriptor context.
 * 
 * @return key descriptor
 */
public KeyDescriptor getKeyDescriptor() {
    return keyDescriptor;
}