public class LocalKeyInfoCredentialResolver extends BasicProviderKeyInfoCredentialResolver
BasicProviderKeyInfoCredentialResolver
which is capable of using information from a KeyInfo
to resolve
local credentials from a supplied CredentialResolver
which manages local credentials.
The local credential resolver supplied should manage and return credentials which contain either a secret (symmetric) key or the private key half of a key pair.
A typical use case for this class would be as a resolver of decryption keys,
such as is needed by Decrypter
.
Resolution proceeds as follows:
BasicProviderKeyInfoCredentialResolver
resolution process which is not a local credential will be removed
from the effective set of credentials to be returned. Note that a configured
KeyInfoProvider
may have itself already resolved local credentials using a
different mechanism. These will not be removed.KeyInfoResolutionContext.getKeyNames()
will also
be used as resolution criteria for local credentials and the resultant credentials
added to the set to be returned.Modifier and Type | Field and Description |
---|---|
private org.opensaml.security.credential.CredentialResolver |
localCredResolver
The resolver which is used to resolve local credentials.
|
Constructor and Description |
---|
LocalKeyInfoCredentialResolver(List<KeyInfoProvider> keyInfoProviders,
org.opensaml.security.credential.CredentialResolver localCredentialResolver)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
org.opensaml.security.credential.CredentialResolver |
getLocalCredentialResolver()
Get the resolver for local credentials.
|
protected boolean |
isLocalCredential(org.opensaml.security.credential.Credential credential)
Determine whether the credential is a local credential.
|
protected void |
postProcess(KeyInfoResolutionContext kiContext,
net.shibboleth.utilities.java.support.resolver.CriteriaSet criteriaSet,
List<org.opensaml.security.credential.Credential> credentials)
Hook for subclasses to do post-processing of the credential set after all KeyInfo children have been processed.
|
protected Collection<? extends org.opensaml.security.credential.Credential> |
resolveByKeyName(String keyName)
Resolve credentials from local resolver using key name criteria.
|
protected Collection<? extends org.opensaml.security.credential.Credential> |
resolveByPublicKey(PublicKey publicKey)
Resolve credentials from local resolver using public key criteria.
|
buildBasicCredential, extractKeyValue, getProviders, initResolutionContext, postProcessEmptyCredentials, processKeyInfoChild, processKeyInfoChildren, resolveFromSource, resolveKeyValue
isSatisfyAllPredicates, resolve, setSatisfyAllPredicates
resolveSingle
private final org.opensaml.security.credential.CredentialResolver localCredResolver
public LocalKeyInfoCredentialResolver(@Nonnull List<KeyInfoProvider> keyInfoProviders, @Nonnull org.opensaml.security.credential.CredentialResolver localCredentialResolver)
keyInfoProviders
- the list of KeyInfoProvider
s to use in this resolverlocalCredentialResolver
- resolver of local credentials@Nonnull public org.opensaml.security.credential.CredentialResolver getLocalCredentialResolver()
protected void postProcess(@Nonnull KeyInfoResolutionContext kiContext, @Nullable net.shibboleth.utilities.java.support.resolver.CriteriaSet criteriaSet, @Nonnull List<org.opensaml.security.credential.Credential> credentials) throws net.shibboleth.utilities.java.support.resolver.ResolverException
postProcess
in class BasicProviderKeyInfoCredentialResolver
kiContext
- KeyInfo resolution contextcriteriaSet
- the credential criteria used to resolve credentialscredentials
- the list which will store the resolved credentialsnet.shibboleth.utilities.java.support.resolver.ResolverException
- thrown if there is an error during processingprotected boolean isLocalCredential(@Nonnull org.opensaml.security.credential.Credential credential)
credential
- the credential to evaluate@Nonnull protected Collection<? extends org.opensaml.security.credential.Credential> resolveByKeyName(@Nonnull String keyName) throws net.shibboleth.utilities.java.support.resolver.ResolverException
keyName
- the key name criterianet.shibboleth.utilities.java.support.resolver.ResolverException
- thrown if there is a problem resolving credentials from the
local credential resolver@Nonnull protected Collection<? extends org.opensaml.security.credential.Credential> resolveByPublicKey(@Nonnull PublicKey publicKey) throws net.shibboleth.utilities.java.support.resolver.ResolverException
publicKey
- the public key criterianet.shibboleth.utilities.java.support.resolver.ResolverException
- thrown if there is a problem resolving credentials from the
local credential resolverCopyright © 1999–2020 Shibboleth Consortium. All rights reserved.