org.opensaml.xmlsec.keyinfo

Class KeyInfoSupport

java.lang.Object

org.opensaml.xmlsec.keyinfo.KeyInfoSupport

public class KeyInfoSupport
extends Object

Utility class for working with data inside a KeyInfo object. Methods are provided for converting the representation stored in the XMLTooling KeyInfo to Java java.security native types, and for storing these Java native types inside a KeyInfo.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	KeyInfoSupport() Constructor.

Method Summary

Modifier and Type	Method and Description
static void	addCertificate(KeyInfo keyInfo, X509Certificate cert) Converts a native Java X509Certificate into the corresponding XMLObject and stores it in a KeyInfo in the first X509Data element.
static void	addCRL(KeyInfo keyInfo, X509CRL crl) Converts a native Java X509CRL into the corresponding XMLObject and stores it in a KeyInfo in the first X509Data element.
static void	addDEREncodedPublicKey(KeyInfo keyInfo, PublicKey pk) Converts a Java public key into the corresponding XMLObject and stores it in a KeyInfo in a new DEREncodedKeyValue element.
static void	addKeyName(KeyInfo keyInfo, String keyNameValue) Add a new KeyName value to a KeyInfo.
static void	addPublicKey(KeyInfo keyInfo, PublicKey pk) Converts a Java DSA or RSA public key into the corresponding XMLObject and stores it in a KeyInfo in a new KeyValue element.
static DSAKeyValue	buildDSAKeyValue(DSAPublicKey dsaPubKey) Builds a DSAKeyValue XMLObject from the Java security DSA public key type.
protected static PublicKey	buildKey(KeySpec keySpec, String keyAlgorithm) Generates a public key from the given key spec.
static RSAKeyValue	buildRSAKeyValue(RSAPublicKey rsaPubKey) Builds an RSAKeyValue XMLObject from the Java security RSA public key type.
static X509Certificate	buildX509Certificate(X509Certificate cert) Builds an X509Certificate XMLObject from a native Java X509Certificate.
static X509CRL	buildX509CRL(X509CRL crl) Builds an X509CRL XMLObject from a native Java X509CRL.
static X509Digest	buildX509Digest(X509Certificate javaCert, String algorithmURI) Build an X509Digest containing the digest of the specified certificate.
static X509IssuerSerial	buildX509IssuerSerial(String issuerName, BigInteger serialNumber) Build an X509IssuerSerial containing a given issuer name and serial number.
static X509SKI	buildX509SKI(X509Certificate javaCert) Build an X509SKI containing the subject key identifier extension value contained within a certificate.
static X509SubjectName	buildX509SubjectName(String subjectName) Build an X509SubjectName containing a given subject name.
static BigInteger	decodeBigIntegerFromCryptoBinary(String base64Value) Decode a base64-encoded ds:CryptoBinary value to a native Java BigInteger type.
static String	encodeCryptoBinaryFromBigInteger(BigInteger bigInt) Encode a native Java BigInteger type to a base64-encoded ds:CryptoBinary value.
static X509Certificate	getCertificate(X509Certificate xmlCert) Convert an X509Certificate into a native Java representation.
static List<X509Certificate>	getCertificates(KeyInfo keyInfo) Get a list of the Java X509Certificate within the given KeyInfo.
static List<X509Certificate>	getCertificates(X509Data x509Data) Get a list of the Java X509Certificate within the given X509Data.
static X509CRL	getCRL(X509CRL xmlCRL) Convert an X509CRL into a native Java representation.
static List<X509CRL>	getCRLs(KeyInfo keyInfo) Get a list of the Java X509CRLs within the given KeyInfo.
static List<X509CRL>	getCRLs(X509Data x509Data) Get a list of the Java X509CRLs within the given X509Data.
static PublicKey	getDSAKey(DSAKeyValue keyDescriptor) Builds an DSA key from a DSAKeyValue element.
static PublicKey	getDSAKey(DSAKeyValue keyDescriptor, DSAParams dsaParams) Builds a DSA key from an DSAKeyValue element and the supplied Java DSAParams, which supplies key material from a shared key family.
static PublicKey	getKey(DEREncodedKeyValue keyValue) Extracts the public key within the DEREncodedKeyValue.
static PublicKey	getKey(KeyValue keyValue) Extracts the DSA or RSA public key within the KeyValue.
static KeyInfoGenerator	getKeyInfoGenerator(Credential credential, NamedKeyInfoGeneratorManager manager, String keyInfoProfileName) Obtains a KeyInfoGenerator for the specified Credential.
static List<String>	getKeyNames(KeyInfo keyInfo) Get the set of key names inside the specified KeyInfo as a list of strings.
static List<PublicKey>	getPublicKeys(KeyInfo keyInfo) Extracts all the public keys within the given KeyInfo's KeyValues and DEREncodedKeyValues.
static PublicKey	getRSAKey(RSAKeyValue keyDescriptor) Builds an RSA key from an RSAKeyValue element.
protected static CertificateFactory	getX509CertFactory() Get the Java certificate factory singleton.
static boolean	hasCompleteDSAParams(DSAKeyValue keyDescriptor) Check whether the specified DSAKeyValue element has the all optional DSA values which can be shared amongst many keys in a DSA "key family", and are presumed to be known from context.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

KeyInfoSupport

protected KeyInfoSupport()

Constructor.

Method Detail

getKeyNames

@Nonnull
public static List<String> getKeyNames(@Nullable
                                                KeyInfo keyInfo)

Get the set of key names inside the specified KeyInfo as a list of strings.

Parameters:

keyInfo - KeyInfo to retrieve key names from

Returns:

a list of key name strings

addKeyName

public static void addKeyName(@Nonnull
                              KeyInfo keyInfo,
                              @Nullable
                              String keyNameValue)

Add a new KeyName value to a KeyInfo.

Parameters:

keyInfo - the KeyInfo to which to add the new value

keyNameValue - the new key name value to add

getCertificates

@Nonnull
public static List<X509Certificate> getCertificates(@Nullable
                                                             KeyInfo keyInfo)
                                                      throws CertificateException

Get a list of the Java X509Certificate within the given KeyInfo.

Parameters:

keyInfo - key info to extract the certificates from

Returns:

a list of Java X509Certificates

Throws:

CertificateException - thrown if there is a problem converting the X509 data into X509Certificates.

getCertificates

@Nonnull
public static List<X509Certificate> getCertificates(@Nullable
                                                             X509Data x509Data)
                                                      throws CertificateException

Get a list of the Java X509Certificate within the given X509Data.

Parameters:

x509Data - X509Data from which to extract the certificate

Returns:

a list of Java X509Certificates

Throws:

CertificateException - thrown if there is a problem converting the X509 data into X509Certificates.

getCertificate

@Nullable
public static X509Certificate getCertificate(@Nullable
                                                       X509Certificate xmlCert)
                                                throws CertificateException

Convert an X509Certificate into a native Java representation.

Parameters:

xmlCert - an X509Certificate

Returns:

a X509Certificate

Throws:

CertificateException - thrown if there is a problem converting the X509 data into X509Certificates.

getCRLs

@Nonnull
public static List<X509CRL> getCRLs(@Nullable
                                             KeyInfo keyInfo)
                                      throws CRLException

Get a list of the Java X509CRLs within the given KeyInfo.

Parameters:

keyInfo - the KeyInfo to extract the CRLs from

Returns:

a list of Java X509CRLs

Throws:

CRLException - thrown if there is a problem converting the CRL data into X509CRL s

getCRLs

@Nonnull
public static List<X509CRL> getCRLs(@Nullable
                                             X509Data x509Data)
                                      throws CRLException

Get a list of the Java X509CRLs within the given X509Data.

Parameters:

x509Data - X509Data to extract the CRLs from

Returns:

a list of Java X509CRLs

Throws:

CRLException - thrown if there is a problem converting the CRL data into X509CRL s

getCRL

@Nullable
public static X509CRL getCRL(@Nullable
                                       X509CRL xmlCRL)
                                throws CRLException

Convert an X509CRL into a native Java representation.

Parameters:

xmlCRL - object to extract the CRL from

Returns:

a native Java X509CRL object

Throws:

CRLException - thrown if there is a problem converting the CRL data into X509CRL

addCertificate

public static void addCertificate(@Nonnull
                                  KeyInfo keyInfo,
                                  @Nonnull
                                  X509Certificate cert)
                           throws CertificateEncodingException

Converts a native Java X509Certificate into the corresponding XMLObject and stores it in a KeyInfo in the first X509Data element. The X509Data element will be created if necessary.

Parameters:

keyInfo - the KeyInfo object into which to add the certificate

cert - the Java X509Certificate to add

Throws:

CertificateEncodingException - thrown when there is an error converting the Java certificate representation to the XMLObject representation

addCRL

public static void addCRL(@Nonnull
                          KeyInfo keyInfo,
                          @Nonnull
                          X509CRL crl)
                   throws CRLException

Converts a native Java X509CRL into the corresponding XMLObject and stores it in a KeyInfo in the first X509Data element. The X509Data element will be created if necessary.

Parameters:

keyInfo - the KeyInfo object into which to add the CRL

crl - the Java X509CRL to add

Throws:

CRLException - thrown when there is an error converting the Java CRL representation to the XMLObject representation

buildX509Certificate

@Nonnull
public static X509Certificate buildX509Certificate(X509Certificate cert)
                                                     throws CertificateEncodingException

Builds an X509Certificate XMLObject from a native Java X509Certificate.

Parameters:

cert - the Java X509Certificate to convert

Returns:

a X509Certificate XMLObject

Throws:

CertificateEncodingException - thrown when there is an error converting the Java certificate representation to the XMLObject representation

buildX509CRL

@Nonnull
public static X509CRL buildX509CRL(X509CRL crl)
                                     throws CRLException

Builds an X509CRL XMLObject from a native Java X509CRL.

Parameters:

crl - the Java X509CRL to convert

Returns:

a X509CRL XMLObject

Throws:

CRLException - thrown when there is an error converting the Java CRL representation to the XMLObject representation

buildX509SubjectName

@Nonnull
public static X509SubjectName buildX509SubjectName(@Nullable
                                                            String subjectName)

Build an X509SubjectName containing a given subject name.

Parameters:

subjectName - the name content

Returns:

the new X509SubjectName

buildX509IssuerSerial

@Nonnull
public static X509IssuerSerial buildX509IssuerSerial(@Nullable
                                                              String issuerName,
                                                              @Nullable
                                                              BigInteger serialNumber)

Build an X509IssuerSerial containing a given issuer name and serial number.

Parameters:

issuerName - the name content

serialNumber - the serial number content

Returns:

the new X509IssuerSerial

buildX509SKI

@Nullable
public static X509SKI buildX509SKI(@Nonnull
                                             X509Certificate javaCert)

Build an X509SKI containing the subject key identifier extension value contained within a certificate.

Parameters:

javaCert - the Java X509Certificate from which to extract the subject key identifier value.

Returns:

a new X509SKI object, or null if the certificate did not contain the subject key identifier extension

buildX509Digest

@Nonnull
public static X509Digest buildX509Digest(@Nonnull
                                                  X509Certificate javaCert,
                                                  @Nonnull
                                                  String algorithmURI)
                                           throws NoSuchAlgorithmException,
                                                  CertificateEncodingException

Build an X509Digest containing the digest of the specified certificate.

Parameters:

javaCert - the Java X509Certificate to digest

algorithmURI - digest algorithm URI

Returns:

a new X509Digest object

Throws:

NoSuchAlgorithmException - if the algorithm specified cannot be used

CertificateEncodingException - if the certificate cannot be encoded

addPublicKey

public static void addPublicKey(@Nonnull
                                KeyInfo keyInfo,
                                @Nullable
                                PublicKey pk)

Converts a Java DSA or RSA public key into the corresponding XMLObject and stores it in a KeyInfo in a new KeyValue element. As input, only supports PublicKeys which are instances of either DSAPublicKey or RSAPublicKey

Parameters:

keyInfo - the KeyInfo element to which to add the key

pk - the native Java PublicKey to add

buildRSAKeyValue

@Nonnull
public static RSAKeyValue buildRSAKeyValue(@Nonnull
                                                    RSAPublicKey rsaPubKey)

Builds an RSAKeyValue XMLObject from the Java security RSA public key type.

Parameters:

rsaPubKey - a native Java RSAPublicKey

Returns:

an RSAKeyValue XMLObject

buildDSAKeyValue

@Nonnull
public static DSAKeyValue buildDSAKeyValue(@Nonnull
                                                    DSAPublicKey dsaPubKey)

Builds a DSAKeyValue XMLObject from the Java security DSA public key type.

Parameters:

dsaPubKey - a native Java DSAPublicKey

Returns:

an DSAKeyValue XMLObject

addDEREncodedPublicKey

public static void addDEREncodedPublicKey(@Nonnull
                                          KeyInfo keyInfo,
                                          @Nonnull
                                          PublicKey pk)
                                   throws NoSuchAlgorithmException,
                                          InvalidKeySpecException

Converts a Java public key into the corresponding XMLObject and stores it in a KeyInfo in a new DEREncodedKeyValue element.

Parameters:

keyInfo - the KeyInfo element to which to add the key

pk - the native Java PublicKey to convert

Throws:

NoSuchAlgorithmException - if the key type is unsupported

InvalidKeySpecException - if the key type does not support X.509 SPKI encoding

getPublicKeys

@Nonnull
public static List<PublicKey> getPublicKeys(@Nullable
                                                     KeyInfo keyInfo)
                                              throws KeyException

Extracts all the public keys within the given KeyInfo's KeyValues and DEREncodedKeyValues.

Parameters:

keyInfo - KeyInfo to extract the keys out of

Returns:

a list of native Java PublicKey objects

Throws:

KeyException - thrown if the given key data can not be converted into PublicKey

getKey

@Nullable
public static PublicKey getKey(@Nonnull
                                         KeyValue keyValue)
                                  throws KeyException

Extracts the DSA or RSA public key within the KeyValue.

Parameters:

keyValue - the KeyValue to extract the key from

Returns:

a native Java security Key object

Throws:

KeyException - thrown if the given key data can not be converted into PublicKey

getDSAKey

@Nonnull
public static PublicKey getDSAKey(@Nonnull
                                           DSAKeyValue keyDescriptor)
                                    throws KeyException

Builds an DSA key from a DSAKeyValue element. The element must contain values for all required DSA public key parameters, including values for shared key family values P, Q and G.

Parameters:

keyDescriptor - the DSAKeyValue key descriptor

Returns:

a new DSAPublicKey instance of PublicKey

Throws:

KeyException - thrown if the key algorithm is not supported by the JCE or the key spec does not contain valid information

getDSAKey

@Nonnull
public static PublicKey getDSAKey(@Nonnull
                                           DSAKeyValue keyDescriptor,
                                           @Nonnull
                                           DSAParams dsaParams)
                                    throws KeyException

Builds a DSA key from an DSAKeyValue element and the supplied Java DSAParams, which supplies key material from a shared key family.

Parameters:

keyDescriptor - the DSAKeyValue key descriptor

dsaParams - the DSAParams DSA key family parameters

Returns:

a new DSAPublicKey instance of PublicKey

Throws:

KeyException - thrown if the key algorithm is not supported by the JCE or the key spec does not contain valid information

hasCompleteDSAParams

public static boolean hasCompleteDSAParams(@Nullable
                                           DSAKeyValue keyDescriptor)

Check whether the specified DSAKeyValue element has the all optional DSA values which can be shared amongst many keys in a DSA "key family", and are presumed to be known from context.

Parameters:

keyDescriptor - the DSAKeyValue element to check

Returns:

true if all parameters are present and non-empty, false otherwise

getRSAKey

@Nonnull
public static PublicKey getRSAKey(@Nonnull
                                           RSAKeyValue keyDescriptor)
                                    throws KeyException

Builds an RSA key from an RSAKeyValue element.

Parameters:

keyDescriptor - the RSAKeyValue key descriptor

Returns:

a new RSAPublicKey instance of PublicKey

Throws:

KeyException - thrown if the key algorithm is not supported by the JCE or the key spec does not contain valid information

decodeBigIntegerFromCryptoBinary

@Nonnull
public static final BigInteger decodeBigIntegerFromCryptoBinary(@Nonnull
                                                                         String base64Value)

Decode a base64-encoded ds:CryptoBinary value to a native Java BigInteger type.

Parameters:

base64Value - base64-encoded CryptoBinary value

Returns:

the decoded BigInteger

encodeCryptoBinaryFromBigInteger

@Nonnull
public static final String encodeCryptoBinaryFromBigInteger(@Nonnull
                                                                     BigInteger bigInt)

Encode a native Java BigInteger type to a base64-encoded ds:CryptoBinary value.

Parameters:

bigInt - the BigInteger value

Returns:

the encoded CryptoBinary value

buildKey

@Nonnull
protected static PublicKey buildKey(@Nonnull
                                             KeySpec keySpec,
                                             @Nonnull
                                             String keyAlgorithm)
                                      throws KeyException

Generates a public key from the given key spec.

Parameters:

keySpec - KeySpec specification for the key

keyAlgorithm - key generation algorithm, only DSA and RSA supported

Returns:

the generated PublicKey

Throws:

KeyException - thrown if the key algorithm is not supported by the JCE or the key spec does not contain valid information

getKey

@Nonnull
public static PublicKey getKey(@Nonnull
                                        DEREncodedKeyValue keyValue)
                                 throws KeyException

Extracts the public key within the DEREncodedKeyValue.

Parameters:

keyValue - the DEREncodedKeyValue to extract the key from

Returns:

a native Java security Key object

Throws:

KeyException - thrown if the given key data can not be converted into PublicKey

getX509CertFactory

@Nonnull
protected static CertificateFactory getX509CertFactory()
                                                         throws CertificateException

Get the Java certificate factory singleton.

Returns:

CertificateFactory the factory used to create X509 certificate objects

Throws:

CertificateException - thrown if the factory can not be created

getKeyInfoGenerator

@Nullable
public static KeyInfoGenerator getKeyInfoGenerator(@Nonnull
                                                             Credential credential,
                                                             @Nonnull
                                                             NamedKeyInfoGeneratorManager manager,
                                                             @Nullable
                                                             String keyInfoProfileName)

Obtains a KeyInfoGenerator for the specified Credential.

The KeyInfoGenerator returned is resolved via the supplied NamedKeyInfoGeneratorManager and is determined by the type of the signing credential and an optional KeyInfo generator profile configuration name. If the latter is ommited, the default manager (NamedKeyInfoGeneratorManager.getDefaultManager()) of the security configuration's named generator manager will be used.

Parameters:

credential - the credential for which a generator is desired

manager - the NamedKeyInfoGeneratorManager instance to use

keyInfoProfileName - the named KeyInfoGeneratorManager configuration to use (may be null)

Returns:

a KeyInfoGenerator appropriate for the specified credential