public class InlineX509DataProvider extends AbstractKeyInfoProvider
KeyInfoProvider
which provides basic support for
extracting a X509Credential
from an X509Data
child of KeyInfo.
This provider supports only inline X509Certificate
's and X509CRL
s.
If only one certificate is present, it is assumed to be the end-entity certificate containing the public key
represented by this KeyInfo. If multiple certificates are present, and any instances of X509SubjectName
,
X509IssuerSerial
, X509SKI
, or X509Digest
are also present, they will be used to identify
the end-entity certificate, in accordance with the XML Signature specification. If a public key from a previously
resolved KeyValue
is available in the resolution context, it will also be
used to identify the end-entity certificate. If the end-entity certificate can not otherwise be identified, the
cert contained in the first X509Certificate element will be treated as the end-entity certificate.Constructor and Description |
---|
InlineX509DataProvider()
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected X509Certificate |
findCertFromDigest(List<X509Certificate> certs,
List<X509Digest> digests)
Find the certificate from the chain that matches one of the specified digests.
|
protected X509Certificate |
findCertFromIssuerSerials(List<X509Certificate> certs,
List<X509IssuerSerial> serials)
Find the certificate from the chain identified by one of the specified issuer serials.
|
protected X509Certificate |
findCertFromKey(List<X509Certificate> certs,
PublicKey key)
Find the certificate from the chain that contains the specified key.
|
protected X509Certificate |
findCertFromSubjectKeyIdentifier(List<X509Certificate> certs,
List<X509SKI> skis)
Find the certificate from the chain that contains one of the specified subject key identifiers.
|
protected X509Certificate |
findCertFromSubjectNames(List<X509Certificate> certs,
List<X509SubjectName> names)
Find the certificate from the chain that contains one of the specified subject names.
|
protected X509Certificate |
findEntityCert(List<X509Certificate> certs,
X509Data x509Data,
PublicKey resolvedKey)
Find the end-entity cert in the list of certs contained in the X509Data.
|
X500DNHandler |
getX500DNHandler()
Get the handler which process X.500 distinguished names.
|
boolean |
handles(XMLObject keyInfoChild)
Evaluate whether the given provider should attempt to handle resolving a credential
from the specified KeyInfo child.
|
Collection<Credential> |
process(KeyInfoCredentialResolver resolver,
XMLObject keyInfoChild,
net.shibboleth.utilities.java.support.resolver.CriteriaSet criteriaSet,
KeyInfoResolutionContext kiContext)
Process a specified KeyInfo child (XMLobject) and attempt to resolve a credential from it.
|
void |
setX500DNHandler(X500DNHandler handler)
Set the handler which process X.500 distinguished names.
|
buildCredentialContext, extractKeyValue
@Nonnull public X500DNHandler getX500DNHandler()
public void setX500DNHandler(@Nonnull X500DNHandler handler)
handler
- the new X500DNHandler instancepublic boolean handles(@Nonnull XMLObject keyInfoChild)
true
does not guarantee that a credential can or will be
extracted form the particular KeyInfo child, only that processing should be attempted.keyInfoChild
- the KeyInfo child object to consider@Nullable public Collection<Credential> process(@Nonnull KeyInfoCredentialResolver resolver, @Nonnull XMLObject keyInfoChild, @Nullable net.shibboleth.utilities.java.support.resolver.CriteriaSet criteriaSet, @Nonnull KeyInfoResolutionContext kiContext) throws SecurityException
resolver
- reference to a resolver which is calling the providerkeyInfoChild
- the KeyInfo child being processedcriteriaSet
- the credential criteria the credential must satisfykiContext
- the resolution context, used for sharing state amongst resolvers and providersSecurityException
- if there is an error during credential resolution.
Note: failure to resolve a credential is not an error.@Nullable protected X509Certificate findEntityCert(@Nullable List<X509Certificate> certs, @Nonnull X509Data x509Data, @Nullable PublicKey resolvedKey)
certs
- list of X509Certificate
x509Data
- X509Data element which might contain other info helping to finding the end-entity certresolvedKey
- a key which might have previously been resolved from a KeyValue@Nullable protected X509Certificate findCertFromKey(@Nonnull List<X509Certificate> certs, @Nullable PublicKey key)
certs
- list of certificates to evaluatekey
- key to use as search criteria@Nullable protected X509Certificate findCertFromSubjectNames(@Nonnull List<X509Certificate> certs, @Nonnull List<X509SubjectName> names)
certs
- list of certificates to evaluatenames
- X509 subject names to use as search criteria@Nullable protected X509Certificate findCertFromIssuerSerials(@Nonnull List<X509Certificate> certs, @Nonnull List<X509IssuerSerial> serials)
certs
- list of certificates to evaluateserials
- X509 issuer serials to use as search criteria@Nullable protected X509Certificate findCertFromSubjectKeyIdentifier(@Nonnull List<X509Certificate> certs, @Nonnull List<X509SKI> skis)
certs
- list of certificates to evaluateskis
- X509 subject key identifiers to use as search criteria@Nullable protected X509Certificate findCertFromDigest(@Nonnull List<X509Certificate> certs, @Nonnull List<X509Digest> digests)
certs
- list of certificates to evaluatedigests
- X509 digests to use as search criteriaCopyright © 2016. All rights reserved.