public class BasicProviderKeyInfoCredentialResolver extends AbstractCriteriaFilteringCredentialResolver implements KeyInfoCredentialResolver
KeyInfoCredentialResolver
which resolves credentials based on a KeyInfo
element
using a configured list of KeyInfoProvider
's and optional post-processing hooks.
The majority of the processing of the KeyInfo and extraction of Credential
's from the KeyInfo is handled by
instances of KeyInfoProvider
. An ordered list of KeyInfoProviders must be supplied to the resolver when it
is constructed.
This resolver requires a KeyInfoCriteria
to be supplied as the resolution criteria. It is permissible,
however, for the criteria's KeyInfo data object to be null. This allows for more convenient processing logic, for
example, in cases when a parent element allows an optional KeyInfo and when in fact a given instance does not contain
one. Specialized subclasses of this resolver may still attempt to return credentials in an implementation or
context-specific manner, as described below.
Processing of the supplied KeyInfo element proceeds as follows:
KeyInfoResolutionContext
is instantiated. This resolution context is used to hold state shared amongst
all the providers and processing hooks which run within the resolver.KeyName
child elements present.KeyValue
child elements as described for
resolveKeyValue(KeyInfoResolutionContext, CriteriaSet, List)
If a credential is so resolved, its key will
also be placed in the resolution contextpostProcess(KeyInfoResolutionContext, CriteriaSet, List)
. The
default implementation is a no-op. This is an extension point by which subclasses may implement custom
post-processing of the effective credential set to be returned. One example use case is when the KeyInfo being
processed represents the public aspects (e.g. public key, or a key name or other identifier) of an encryption key
belonging to the resolving entity. The resolved public keys and other resolution context information may be used to
further resolve the credential or credentials containing the associated decryption key (i.e. a private or symmetric
key). For an example of such an implementation, see LocalKeyInfoCredentialResolver
postProcessEmptyCredentials(KeyInfoResolutionContext, CriteriaSet, List)
. The default implementation is a
no-op. This is an extension point by which subclasses may implement custom logic to resolve credentials in an
implementation or context-specific manner, if no other mechanism has succeeded. Example usages might be to return a
default set of credentials, or to use non-KeyInfo-derived criteria or contextual information to determine the
credential or credentials to return.Constructor and Description |
---|
BasicProviderKeyInfoCredentialResolver(List<KeyInfoProvider> keyInfoProviders)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected Credential |
buildBasicCredential(Key key,
Set<String> keyNames)
Construct a basic credential containing the specified key and set of key names.
|
protected Key |
extractKeyValue(Credential cred)
Utility method to extract any key that might be present in the specified Credential.
|
protected List<KeyInfoProvider> |
getProviders()
Return the list of the KeyInfoProvider instances used in this resolver configuration.
|
protected void |
initResolutionContext(KeyInfoResolutionContext kiContext,
KeyInfo keyInfo,
CriteriaSet criteriaSet)
Initialize the resolution context that will be used by the providers.
|
protected void |
postProcess(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
List<Credential> credentials)
Hook for subclasses to do post-processing of the credential set after all KeyInfo children have been processed.
|
protected void |
postProcessEmptyCredentials(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
List<Credential> credentials)
Hook for processing the case where no credentials were returned by any resolution method by any provider, nor by
the processing of the
postProcess(KeyInfoResolutionContext, CriteriaSet, List) hook. |
protected Collection<Credential> |
processKeyInfoChild(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
XMLObject keyInfoChild)
Process the given KeyInfo child with the registered providers.
|
protected void |
processKeyInfoChildren(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
List<Credential> credentials)
Use registered providers to process the non-KeyValue children of KeyInfo.
|
protected Iterable<Credential> |
resolveFromSource(CriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the
implementation-specific type of underlying credential source.
|
protected void |
resolveKeyValue(KeyInfoResolutionContext kiContext,
CriteriaSet criteriaSet,
List<KeyValue> keyValues)
Resolve the key from any KeyValue element that may be present, and store the resulting key in the resolution
context.
|
isMeetAllCriteria, isUnevaluableSatisfies, resolve, setMeetAllCriteria, setUnevaluableSatisfies
resolveSingle
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
resolve, resolveSingle
public BasicProviderKeyInfoCredentialResolver(List<KeyInfoProvider> keyInfoProviders)
keyInfoProviders
- the list of KeyInfoProvider's to use in this resolverprotected List<KeyInfoProvider> getProviders()
protected Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet) throws SecurityException
resolveFromSource
in class AbstractCriteriaFilteringCredentialResolver
criteriaSet
- the set of criteria used to resolve credentials from the credential sourceSecurityException
- thrown if there is an error resolving credentials from the credential sourceprotected void postProcess(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet, List<Credential> credentials) throws SecurityException
kiContext
- KeyInfo resolution contextcriteriaSet
- the credential criteria used to resolve credentialscredentials
- the list which will store the resolved credentialsSecurityException
- thrown if there is an error during processingprotected void postProcessEmptyCredentials(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet, List<Credential> credentials) throws SecurityException
postProcess(KeyInfoResolutionContext, CriteriaSet, List)
hook.kiContext
- KeyInfo resolution contextcriteriaSet
- the credential criteria used to resolve credentialscredentials
- the list which will store the resolved credentialsSecurityException
- thrown if there is an error during processingprotected void processKeyInfoChildren(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet, List<Credential> credentials) throws SecurityException
kiContext
- KeyInfo resolution contextcriteriaSet
- the credential criteria used to resolve credentialscredentials
- the list which will store the resolved credentialsSecurityException
- thrown if there is a provider error processing the KeyInfo childrenprotected Collection<Credential> processKeyInfoChild(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet, XMLObject keyInfoChild) throws SecurityException
kiContext
- KeyInfo resolution contextcriteriaSet
- the credential criteria used to resolve credentialskeyInfoChild
- the KeyInfo to evaluateSecurityException
- thrown if there is a provider error processing the KeyInfo childprotected void initResolutionContext(KeyInfoResolutionContext kiContext, KeyInfo keyInfo, CriteriaSet criteriaSet) throws SecurityException
KeyName
children
present. Finally if a credential is resolveble by any registered provider from a plain KeyValue
child,
the key from that credential is also stored in the context.kiContext
- KeyInfo resolution contextkeyInfo
- the KeyInfo to evaluatecriteriaSet
- the credential criteria used to resolve credentialsSecurityException
- thrown if there is an error processing the KeyValue childrenprotected void resolveKeyValue(KeyInfoResolutionContext kiContext, CriteriaSet criteriaSet, List<KeyValue> keyValues) throws SecurityException
kiContext
- KeyInfo resolution contextcriteriaSet
- the credential criteria used to resolve credentialskeyValues
- the KeyValue children to evaluateSecurityException
- thrown if there is an error resolving the key from the KeyValueprotected Credential buildBasicCredential(Key key, Set<String> keyNames) throws SecurityException
key
- the key to include in the credentialkeyNames
- the key names to include in the credentialSecurityException
- if there is an error building the credentialprotected Key extractKeyValue(Credential cred)
cred
- the Credential to evaluateCopyright © 2018 JBoss by Red Hat. All rights reserved.