KeyUtil.java revision 272ac8a1a482b3baeff7293aac5de828cfd1ee69
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: KeyUtil.java,v 1.10 2009/08/28 23:42:14 exu Exp $
*
* Portions Copyrighted 2013-2014 ForgeRock AS
*/
/**
* The <code>KeyUtil</code> provides methods to obtain
* the hosting entity's signing key and decryption key, and
* to obtain a partner entity's signature verification key
* and encryption related information
*/
public class KeyUtil {
// key is EntityID|Role
// value is EncInfo
// key is EntityID|Role
// value is X509Certificate
static {
try {
} catch (ClassNotFoundException cnfe) {
"KeyUtil static block:" +
" Couldn't find the class.",
cnfe);
} catch (InstantiationException ie) {
"KeyUtil static block:" +
" Couldn't instantiate the key provider instance.",
ie);
} catch (IllegalAccessException iae) {
"KeyUtil static block:" +
" Couldn't access the default constructor.",
iae);
}
}
private KeyUtil() {
}
/**
* Returns the instance of <code>KeyProvider</code>.
* @return <code>KeyProvider</code>
*/
public static KeyProvider getKeyProviderInstance() {
return kp;
}
/**
* Returns the host entity's signing certificate alias.
* @param baseConfig <code>BaseConfigType</code> for the host entity
* @return <code>String</code> for host entity's signing
* certificate alias
*/
return alias;
}
}
return null;
}
/**
* Returns the host entity's decryption key.
* @param baseConfig <code>BaseConfigType</code> for the host entity
* @return <code>PrivateKey</code> for decrypting a message received
* by the host entity
*/
}
}
return decryptionKey;
}
/**
* Returns the partner entity's signature verification certificate.
* @param roled <code>RoleDescriptor</code> for the partner entity
* @param entityID partner entity's ID
* @param role entity's role
* @return <code>X509Certificate</code> for verifying the partner
* entity's signature
*/
public static X509Certificate getVerificationCert(
) {
// first try to get it from cache
return cert;
}
// else get it from meta
"Null RoleDescriptorType input for entityID=" +
);
return null;
}
"No signing KeyDescriptor for entityID=" +
);
return null;
}
"No signing cert for entityID=" +
);
return null;
}
return cert;
}
/**
* Returns the encryption information which will be used in
* encrypting messages intended for the partner entity.
* @param roled <code>RoleDescriptor</code> for the partner entity
* @param entityID partner entity's ID
* @param role entity's role
* @return <code>EncInfo</code> which includes partner entity's
* public key for wrapping the secret key, data encryption algorithm,
* and data encryption strength
*/
public static EncInfo getEncInfo(
) {
"Entering... \nEntityID=" +
);
}
// first try to get it from cache
return encInfo;
}
// else get it from meta
"Null RoleDescriptorType input for entityID=" +
);
return null;
}
"No encryption KeyDescriptor for entityID=" +
);
return null;
}
"No encryption cert for entityID=" +
);
return null;
}
int keySize = 0;
keySize =
break;
}
}
}
}
}
keySize = 128;
}
}
}
return encInfo;
}
/**
* Returns <code>KeyDescriptorType</code> from
* <code>RoleDescriptorType</code>.
* @param roled <code>RoleDescriptorType</code> which contains
* <code>KeyDescriptor</code>s.
* @param usage type of the <code>KeyDescriptorType</code> to be retrieved.
* Its value is "encryption" or "signing".
* @return KeyDescriptorType in <code>RoleDescriptorType</code> that matched
* the usage type.
*/
public static KeyDescriptorType getKeyDescriptor(
) {
}
continue;
}
break;
} else {
}
}
return kd;
} else {
return noUsageKD;
}
}
/**
* Returns certificate stored in <code>KeyDescriptorType</code>.
* @param kd <code>KeyDescriptorType</code> which contains certificate info
* @return X509Certificate contained in <code>KeyDescriptorType</code>; or
* <code>null</code> if no certificate is included.
*/
) {
"No KeyInfo.");
return null;
}
//iterate and search the X509DataElement node
if (content instanceof X509DataElement) {
}
}
return null;
}
//iterate and search the X509Certificate node
if (content instanceof
}
}
return null;
}
try {
"Unable to get CertificateFactory "+
"for X.509 type", ce);
return null;
}
try {
}
"Unable to generate certificate from byte "+
"array input stream.", ce);
return null;
}
return retCert;
}
/**
* Returns the partner entity's signature verification certificate.
*
* @param pepDesc <code>XACMLAuthzDecisionQueryDescriptorElement</code>
* for the partner entity
* @param entityID Policy Enforcement Point (PEP) entity identifier.
* @return <code>X509Certificate</code> for verifying the partner
* entity's signature
*/
public static X509Certificate getPEPVerificationCert(
);
}
// first try to get it from cache
return cert;
}
// else get it from meta
"Null DescriptorType input for entityID=" +
);
return null;
}
"No signing KeyDescriptor for entityID=" +
);
return null;
}
"No signing cert for entityID=" +
);
return null;
}
return cert;
}
/**
* Returns <code>KeyDescriptorType</code> object.
*
* @param kdList List containing <code>KeyDescriptor</code>s.
* @param usage type of the <code>KeyDescriptorType</code> to be retrieved.
* Value can be "encryption" or "signing".
* @return <code>KeyDescriptorType</code> in
* <code>XACMLAuthzDecisionQueryDescriptorElement</code>
* that matched the usage type.
*/
continue;
}
}
break;
} else {
}
}
return kd;
} else {
return noUsageKD;
}
}
return noUsageKD;
}
/**
* Returns the encryption information which will be used in
* encrypting messages intended for the partner entity.
*
* @param pepDesc <code>XACMLAuthzDecisionQueryDescriptorElement</code>
* for the partner entity
* @param pepEntityID partner entity's ID
* @return <code>EncInfo</code> which includes partner entity's
* public key for wrapping the secret key, data encryption algorithm,
* and data encryption strength
*/
public static EncInfo getPEPEncInfo(
"Entering... \nEntityID=" +
);
}
// first try to get it from cache
return encInfo;
}
// else get it from meta
"Null PEP Descriptor input for entityID=" +
);
return null;
}
"No encryption KeyDescriptor for entityID=" +
);
return null;
}
}
/**
* Returns the <code>EncInfo</code> from the <code>KeyDescriptor</code>.
*
* @param kd the M<code>KeyDescriptor</code> object.
* @param entityID the entity identfier
* @param role the role of the entity . Value can be PEP or PDP.
* @return <code>EncInfo</code> the encryption info.
*/
"No encryption cert for entityID=" +
);
return null;
}
int keySize = 0;
keySize =
}
}
}
keySize = 128;
}
}
}
return encInfo;
}
/**
* Returns the partner entity's signature verification certificate.
*
* @param pdpDesc <code>XACMLPDPDescriptorElement</code> of partner entity
* @param entityID partner entity's ID
* @return <code>X509Certificate</code> for verifying the partner
* entity's signature
*/
public static X509Certificate getPDPVerificationCert(
"Entering... \nEntityID=" +
);
}
// first try to get it from cache
return cert;
}
// else get it from meta
"Null DescriptorType input for entityID=" +
);
return null;
}
"No signing KeyDescriptor for entityID=" +
);
return null;
}
"No signing cert for entityID=" +
);
return null;
}
return cert;
}
/**
* Clears the cache. This method is called when metadata is updated.
*/
public static void clear() {
}
}