public class KeyStoreCredentialResolver extends AbstractCriteriaFilteringCredentialResolver
CredentialResolver
that extracts Credential
's from a key store.
If no key usage type is presented at construction time this resolver will return the key, if available, regardless of the usage type provided to its resolve method.
Resolution will fail if an EntityIdCriterion
is not part of the input criteria set.
Modifier and Type | Field and Description |
---|---|
private Map<String,String> |
keyPasswords
Passwords for keys.
|
private KeyStore |
keyStore
Key store credentials are retrieved from.
|
private UsageType |
keystoreUsage
Usage type of all keys in the store.
|
private org.slf4j.Logger |
log
Class logger.
|
Constructor and Description |
---|
KeyStoreCredentialResolver(KeyStore store,
Map<String,String> passwords)
Constructor.
|
KeyStoreCredentialResolver(KeyStore store,
Map<String,String> passwords,
UsageType usage)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected Credential |
buildCredential(KeyStore.Entry keyStoreEntry,
String entityID,
UsageType usage)
Build a credential instance from the key store entry.
|
protected void |
checkCriteriaRequirements(CriteriaSet criteriaSet)
Check that required credential criteria are available.
|
protected boolean |
matchUsage(UsageType keyStoreUsage,
UsageType criteriaUsage)
Match usage enum type values from keystore configured usage and from credential criteria.
|
protected X509Credential |
processPrivateKeyEntry(KeyStore.PrivateKeyEntry privateKeyEntry,
String entityID,
UsageType usage)
Build an X509Credential from a keystore private key entry.
|
protected Credential |
processSecretKeyEntry(KeyStore.SecretKeyEntry secretKeyEntry,
String entityID,
UsageType usage)
Build a Credential from a keystore secret key entry.
|
protected X509Credential |
processTrustedCertificateEntry(KeyStore.TrustedCertificateEntry trustedCertEntry,
String entityID,
UsageType usage)
Build an X509Credential from a keystore trusted certificate entry.
|
protected Iterable<Credential> |
resolveFromSource(CriteriaSet criteriaSet)
Subclasses are required to implement this method to resolve credentials from the
implementation-specific type of underlying credential source.
|
isSatisfyAllPredicates, resolve, setSatisfyAllPredicates
resolveSingle
private final org.slf4j.Logger log
private final KeyStore keyStore
private final Map<String,String> keyPasswords
private final UsageType keystoreUsage
public KeyStoreCredentialResolver(@Nonnull KeyStore store, @Nonnull Map<String,String> passwords)
store
- key store credentials are retrieved frompasswords
- for key entries, map key is the entity id, map value is the passwordpublic KeyStoreCredentialResolver(@Nonnull KeyStore store, @Nonnull Map<String,String> passwords, @Nullable UsageType usage)
store
- key store credentials are retrieved frompasswords
- for key entries, map key is the entity id, map value is the passwordusage
- usage type of all keys in the store@Nonnull protected Iterable<Credential> resolveFromSource(@Nullable CriteriaSet criteriaSet) throws ResolverException
resolveFromSource
in class AbstractCriteriaFilteringCredentialResolver
criteriaSet
- the set of criteria used to resolve credentials from the credential sourceResolverException
- thrown if there is an error resolving credentials from the credential sourceprotected void checkCriteriaRequirements(@Nullable CriteriaSet criteriaSet)
criteriaSet
- the credential criteria set to evaluateprotected boolean matchUsage(@Nonnull UsageType keyStoreUsage, @Nonnull UsageType criteriaUsage)
keyStoreUsage
- the usage type configured for the keystorecriteriaUsage
- the value from credential criteria@Nonnull protected Credential buildCredential(@Nonnull KeyStore.Entry keyStoreEntry, @Nonnull String entityID, @Nonnull UsageType usage) throws ResolverException
keyStoreEntry
- the key store entry to processentityID
- the entityID to include in the credentialusage
- the usage type to include in the credentialResolverException
- throw if there is a problem building a credential from the key store entryprotected X509Credential processTrustedCertificateEntry(@Nonnull KeyStore.TrustedCertificateEntry trustedCertEntry, @Nonnull String entityID, @Nonnull UsageType usage)
trustedCertEntry
- the entry being processedentityID
- the entityID to setusage
- the usage type to setprotected X509Credential processPrivateKeyEntry(@Nonnull KeyStore.PrivateKeyEntry privateKeyEntry, @Nonnull String entityID, @Nonnull UsageType usage)
privateKeyEntry
- the entry being processedentityID
- the entityID to setusage
- the usage type to setprotected Credential processSecretKeyEntry(@Nonnull KeyStore.SecretKeyEntry secretKeyEntry, @Nonnull String entityID, @Nonnull UsageType usage)
secretKeyEntry
- the entry being processedentityID
- the entityID to setusage
- the usage type to setCopyright © 1999–2018 Shibboleth Consortium. All rights reserved.