IDFFMetaSecurityUtils.java revision 272ac8a1a482b3baeff7293aac5de828cfd1ee69
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: IDFFMetaSecurityUtils.java,v 1.5 2009/06/08 23:40:42 madan_ranganath Exp $
*
* Portions Copyrighted 2011-2014 ForgeRock AS
*/
/**
* The <code>IDFFMetaSecurityUtils</code> class provides metadata security
* related utility functions.
*/
public final class IDFFMetaSecurityUtils {
private static boolean keyProviderInitialized = false;
private IDFFMetaSecurityUtils() {
}
private static synchronized void initializeKeyStore() {
if (keyProviderInitialized) {
return;
}
if (keyProvider != null) {
}
keyProviderInitialized = true;
}
/**
* Returns BASE64 encoded X509 Certificate string corresponding to the
* certificate alias.
* @param certAlias Alias of the Certificate to be retrieved.
* @return BASE64 encoded X509 Certificate string, return null if null
* or empty certificate alias is specified.
* @throws IDFFMetaException if unable to retrieve the certificate from the
* internal key store.
*/
throws IDFFMetaException
{
return null;
}
if (!keyProviderInitialized) {
}
try {
if (debug.messageEnabled()) {
"IDFFMetaSecurityUtils.buildX509Certificate:", ex);
}
}
}
}
/**
* Updates signing or encryption key info for SP or IDP.
* This will update both signing/encryption alias on extended metadata and
* certificates in standard metadata.
* @param realm Realm the entity resides.
* @param entityID ID of the entity to be updated.
* @param certAlias Alias of the certificate to be set to the entity. If
* null, will remove existing key information from the SP or IDP.
* @param isSigning true if this is signing certificate alias, false if
* this is encryption certification alias.
* @param isIDP true if this is for IDP signing/encryption alias, false
* if this is for SP signing/encryption alias
* @param encAlgo Encryption algorithm URI, this is applicable for
* encryption cert only.
* @param keySize Encryption key size, this is applicable for
* encryption cert only.
* @throws IDFFMetaException if failed to update the certificate alias for
* the entity.
*/
}
if (isIDP) {
}
// update standard metadata
// remove key info
if (isSigning) {
} else {
}
} else {
// update extended metadata
if (isSigning) {
} else {
}
}
} else {
}
// update standard metadata
// remove key info
if (isSigning) {
} else {
}
} else {
// update extended metadata
if (isSigning) {
} else {
}
}
}
}
// NOTE : we only support one signing and one encryption key right now
// the code need to be change if we need to support multiple signing
}
}
}
boolean isSigningUse) {
if (isSigningUse) {
keyUse = "signing";
}
}
}
}
private static void setExtendedAttributeValue(
try {
}
}
}
} catch (JAXBException e) {
throw new IDFFMetaException(e);
}
}
private static KeyDescriptorElement getKeyDescriptor(
throws IDFFMetaException {
try {
.append("\" use=\"");
if (isSigning) {
} else {
}
.append("</EncryptionMethod>\n");
}
.append("<X509Data>\n")
.append("<X509Certificate>\n")
.append("</X509Certificate>\n")
.append("</X509Data>\n")
.append("</KeyInfo>\n");
return (KeyDescriptorElement)
} catch (JAXBException e) {
throw new IDFFMetaException(e);
}
}
}