Example 1 with KeyDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.KeyDescriptorType in project OpenAM by OpenRock.
the class KeyUtil method getEncInfo.
/**
* Returns the encryption information which will be used in
* encrypting messages intended for the partner entity.
* @param providerDescriptor <code>ProviderDescriptorType</code> for
* the partner entity
* @param entityID partner entity's ID
* @param isIDP whether partner entity's role is IDP or SP
* @return <code>EncInfo</code> which includes partner entity's
* public key for wrapping the secret key, data encryption algorithm,
* and data encryption strength
*/
public static EncInfo getEncInfo(ProviderDescriptorType providerDescriptor, String entityID, boolean isIDP) {
String role = (isIDP) ? "idp" : "sp";
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("KeyUtil.getEncInfo: " + "Entering... \nEntityID=" + entityID + "\nRole=" + role);
}
// first try to get it from cache
String index = entityID.trim() + "|" + role;
EncInfo encInfo = (EncInfo) encHash.get(index);
if (encInfo != null) {
return encInfo;
}
// else get it from meta
if (providerDescriptor == null) {
FSUtils.debug.error("KeyUtil.getEncInfo: " + "Null ProviderDescriptorType input for entityID=" + entityID + " in " + role + " role.");
return null;
}
KeyDescriptorType kd = getKeyDescriptor(providerDescriptor, "encryption");
if (kd == null) {
FSUtils.debug.error("KeyUtil.getEncInfo: " + "No encryption KeyDescriptor for entityID=" + entityID + " in " + role + " role.");
return null;
}
X509Certificate cert = getCert(kd);
if (cert == null) {
FSUtils.debug.error("KeyUtil.getEncInfo: " + "No encryption cert for entityID=" + entityID + " in " + role + " role.");
return null;
}
String algorithm = kd.getEncryptionMethod();
int keySize = kd.getKeySize().intValue();
if ((algorithm == null) || (algorithm.length() == 0)) {
algorithm = XMLCipher.AES_128;
keySize = 128;
}
PublicKey pk = cert.getPublicKey();
if (pk != null) {
encInfo = new EncInfo(pk, algorithm, keySize);
}
if (encInfo != null) {
encHash.put(index, encInfo);
}
return encInfo;
}
Also used :
PublicKey(java.security.PublicKey)
KeyDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.KeyDescriptorType)
X509Certificate(java.security.cert.X509Certificate)
Example 2 with KeyDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.KeyDescriptorType in project OpenAM by OpenRock.
the class KeyUtil method getKeyDescriptor.
/**
* Returns <code>KeyDescriptorType</code> from
* <code>ProviderDescriptorType</code>.
* @param providerDescriptor <code>ProviderDescriptorType</code> which
* contains <code>KeyDescriptor</code>s.
* @param usage type of the <code>KeyDescriptorType</code> to be retrieved.
* Its value is "encryption" or "signing".
* @return KeyDescriptorType in <code>ProviderDescriptorType</code> that
* matched the usage type.
*/
public static KeyDescriptorType getKeyDescriptor(ProviderDescriptorType providerDescriptor, String usage) {
if (providerDescriptor == null) {
return null;
}
List list = providerDescriptor.getKeyDescriptor();
Iterator iter = list.iterator();
KeyDescriptorType kd = null;
String use = null;
KeyDescriptorType noUsageKD = null;
while (iter.hasNext()) {
kd = (KeyDescriptorType) iter.next();
use = kd.getUse();
if ((use == null) || (use.trim().length() == 0)) {
if (noUsageKD == null) {
noUsageKD = kd;
}
continue;
}
if (use.trim().toLowerCase().equals(usage)) {
break;
} else {
kd = null;
}
}
if (kd != null) {
return kd;
} else {
return noUsageKD;
}
}
Also used :
Iterator(java.util.Iterator)
List(java.util.List)
KeyDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.KeyDescriptorType)
Example 3 with KeyDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.KeyDescriptorType in project OpenAM by OpenRock.
the class KeyUtil method getVerificationCert.
/**
* Returns the partner entity's signature verification certificate.
* @param providerDescriptor <code>ProviderDescriptorType</code> for
* the partner entity
* @param entityID partner entity's ID
* @param isIDP whether partner entity's role is IDP or SP
* @return <code>X509Certificate</code> for verifying the partner
* entity's signature
*/
public static X509Certificate getVerificationCert(ProviderDescriptorType providerDescriptor, String entityID, boolean isIDP) {
String role = (isIDP) ? "idp" : "sp";
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("KeyUtil.getVerificationCert: " + "Entering... \nEntityID=" + entityID + "\nRole=" + role);
}
// first try to get it from cache
String index = entityID.trim() + "|" + role;
X509Certificate cert = (X509Certificate) sigHash.get(index);
if (cert != null) {
return cert;
}
// else get it from meta
if (providerDescriptor == null) {
FSUtils.debug.error("KeyUtil.getVerificationCert: " + "Null ProviderDescriptorType input for entityID=" + entityID + " in " + role + " role.");
return null;
}
KeyDescriptorType kd = getKeyDescriptor(providerDescriptor, "signing");
if (kd == null) {
FSUtils.debug.error("KeyUtil.getVerificationCert: " + "No signing KeyDescriptor for entityID=" + entityID + " in " + role + " role.");
return null;
}
cert = getCert(kd);
if (cert == null) {
FSUtils.debug.error("KeyUtil.getVerificationCert: " + "No signing cert for entityID=" + entityID + " in " + role + " role.");
return null;
}
sigHash.put(index, cert);
return cert;
}
Also used :
KeyDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.KeyDescriptorType)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
KeyDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.KeyDescriptorType)3
X509Certificate (java.security.cert.X509Certificate)2
PublicKey (java.security.PublicKey)1
Iterator (java.util.Iterator)1
List (java.util.List)1
