/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: KeyUtil.java,v 1.5 2009/06/08 23:41:03 madan_ranganath Exp $
*
* Portions Copyrighted 2013-2016 ForgeRock AS
*/
/**
* The <code>KeyUtil</code> provides methods to obtain
* the hosting entity's signing key and decryption key, and
* to obtain a partner entity's signature verification key
* and encryption related information
*/
public class KeyUtil {
// key is EntityID|Role
// value is EncInfo
// key is EntityID|Role
// value is X509Certificate
static {
try {
} catch (ClassNotFoundException cnfe) {
"KeyUtil static block:" +
" Couldn't find the class.",
cnfe);
} catch (InstantiationException ie) {
"KeyUtil static block:" +
" Couldn't instantiate the key provider instance.",
ie);
} catch (IllegalAccessException iae) {
"KeyUtil static block:" +
" Couldn't access the default constructor.",
iae);
}
}
private KeyUtil() {
}
/**
* Returns the instance of <code>KeyProvider</code>.
* @return <code>KeyProvider</code>
*/
return kp;
}
/**
* Returns the host entity's signing certificate alias.
* @param baseConfig <code>BaseConfigType</code> for the host entity
* @return <code>String</code> for host entity's signing
* certificate alias
*/
return alias;
}
}
return null;
}
/**
* Returns the host entity's decryption key.
* @param baseConfig <code>BaseConfigType</code> for the host entity
* @return <code>PrivateKey</code> for decrypting a message received
* by the host entity
*/
} else {
}
}
if (decryptionKey == null) {
}
return decryptionKey;
}
/**
* Returns the partner entity's signature verification certificate.
* @param providerDescriptor <code>ProviderDescriptorType</code> for
* the partner entity
* @param entityID partner entity's ID
* @param isIDP whether partner entity's role is IDP or SP
* @return <code>X509Certificate</code> for verifying the partner
* entity's signature
*/
boolean isIDP) {
}
// first try to get it from cache
return cert;
}
// else get it from meta
if (providerDescriptor == null) {
"Null ProviderDescriptorType input for entityID=" +
return null;
}
"No signing KeyDescriptor for entityID=" +
return null;
}
"No signing cert for entityID=" +
return null;
}
return cert;
}
/**
* Returns the encryption information which will be used in
* encrypting messages intended for the partner entity.
* @param providerDescriptor <code>ProviderDescriptorType</code> for
* the partner entity
* @param entityID partner entity's ID
* @param isIDP whether partner entity's role is IDP or SP
* @return <code>EncInfo</code> which includes partner entity's
* public key for wrapping the secret key, data encryption algorithm,
* and data encryption strength
*/
}
// first try to get it from cache
return encInfo;
}
// else get it from meta
if (providerDescriptor == null) {
"Null ProviderDescriptorType input for entityID=" +
return null;
}
"No encryption KeyDescriptor for entityID=" +
return null;
}
"No encryption cert for entityID=" +
return null;
}
keySize = 128;
}
}
}
return encInfo;
}
/**
* Returns <code>KeyDescriptorType</code> from
* <code>ProviderDescriptorType</code>.
* @param providerDescriptor <code>ProviderDescriptorType</code> which
* contains <code>KeyDescriptor</code>s.
* @param usage type of the <code>KeyDescriptorType</code> to be retrieved.
* Its value is "encryption" or "signing".
* @return KeyDescriptorType in <code>ProviderDescriptorType</code> that
* matched the usage type.
*/
if (providerDescriptor == null) {
return null;
}
}
continue;
}
break;
} else {
}
}
return kd;
} else {
return noUsageKD;
}
}
/**
* Returns certificate stored in <code>KeyDescriptorType</code> in
* <code>ProviderDescriptorType</code>.
* @param providerDescriptor <code>ProviderDescriptorType</code> which
* contains <code>KeyDescriptor</code>s.
* @param usage type of the <code>KeyDescriptorType</code> to be retrieved.
* Its value is "encryption" or "signing".
* @return X509Certificate contained in <code>KeyDescriptorType</code>; or
* <code>null</code> if no certificate is included.
*/
}
/**
* Returns certificate stored in <code>KeyDescriptorType</code>.
* @param kd <code>KeyDescriptorType</code> which contains certificate info
* @return X509Certificate contained in <code>KeyDescriptorType</code>; or
* <code>null</code> if no certificate is included.
*/
return null;
}
return null;
}
byte[] bt =
getValue();
try {
"Unable to get CertificateFactory for X.509 type", ce);
return null;
}
try {
}
"Unable to generate certificate from byte "+
"array input stream.", ce);
return null;
}
return retCert;
}
}