public class IndependentKeySelectorImpl extends KeySelector
KeySelectorImpl
tries to prevent dependencies against the IAIK Libraries. It is experimental.
A KeySelector
implementation that tries to get a
public or secret key from the given
KeyInfo
.
It supports the dereferencing of
RetrievalMethod
s and decryption of
EncryptedKey
s.
If a public key is required (e.g. for signature validation or for encryption)
this KeySelector first tries to find a
KeyValue
element in the given KeyInfo.
Then examines X509Data
elements for a
appropriate public key and finally looks for raw certificates referenced by a
RetrievalMethod
.
If a secret key is required this KeySelector looks for
EncryptedKey
s inside the given KeyInfo
and tries to decrypt them.
AgreementMethod
s are not directly
supported, however the method
select(javax.xml.crypto.enc.keyinfo.AgreementMethod, javax.xml.crypto.KeySelector.Purpose, javax.xml.crypto.AlgorithmMethod, javax.xml.crypto.XMLCryptoContext)
may be overwritten to add support for key agreement.
The selection of private keys is obviously not supported as private keys should not be present in the KeyInfo in any case.
If this KeySelector is unable to get the requested key from the given KeyInfo
select(iaik.xml.crypto.utils.IndependentKeySelectorImpl.KeyInfoHints, javax.xml.crypto.KeySelector.Purpose, javax.xml.crypto.AlgorithmMethod, javax.xml.crypto.XMLCryptoContext)
is called. Overwrite this method to support the retrieval of keys from
external sources using the
IndependentKeySelectorImpl.KeyInfoHints
collected from the given KeyInfo.
Modifier and Type | Class and Description |
---|---|
static class |
IndependentKeySelectorImpl.KeyInfoHints
This class collects all information found in the KeyInfo.
|
static class |
IndependentKeySelectorImpl.KeySelectorResultImpl
An implementation of the
KeySelectorResult that carries the
selected key. |
static class |
IndependentKeySelectorImpl.X509KeySelectorResultImpl
An implementation of the
KeySelectorResult that carries the
selected key and certification and revocation information found in the
KeyInfo corresponding to the selected key. |
KeySelector.Purpose
Modifier and Type | Field and Description |
---|---|
protected String |
failReason_
The reason why selecting a key failed.
|
Constructor and Description |
---|
IndependentKeySelectorImpl()
Creates a new instance of this
KeySelectorImpl . |
Modifier and Type | Method and Description |
---|---|
static X509Certificate[] |
convertCertificateChain(Certificate[] acertificate) |
String |
getFailReason()
Returns the reason why selecting a key has failed.
|
protected static boolean |
matchIssuerDN(X509Certificate cert,
X509IssuerSerial issuerSerial)
Evaluates if the issuer DN matches the certificate's issuer DN.
|
protected boolean |
matchIssuerSN(X509Certificate cert,
X509IssuerSerial issuerSerial) |
protected static boolean |
matchSubjectDN(X509Certificate cert,
String x509SubjectName)
Evaluates if x509SubjectName does match SubjectDN of KeyInfo
X509Certificate.
|
protected IndependentKeySelectorImpl.KeyInfoHints |
newKeyInfoHints(KeyInfo keyInfo,
XMLCryptoContext context)
This method returns
IndependentKeySelectorImpl.KeyInfoHints which collects the following bits
of information from KeyInfo . |
protected KeySelectorResult |
select(AgreementMethod agreementMethod,
KeySelector.Purpose purpose,
AlgorithmMethod method,
XMLCryptoContext context)
Selects a key using the given AgreementMethod.
|
protected KeySelectorResult |
select(EncryptedKey encryptedKey,
KeySelector.Purpose purpose,
AlgorithmMethod method,
XMLCryptoContext context)
Selects a secret key from the given EncryptedKey.
|
protected KeySelectorResult |
select(IndependentKeySelectorImpl.KeyInfoHints hints,
KeySelector.Purpose purpose,
AlgorithmMethod method,
XMLCryptoContext context)
Selects a key when the key is not in the key info.
|
protected KeySelectorResult |
select(IndependentKeySelectorImpl.KeyInfoHints hints,
KeySelectorResult[] results)
Returns the first result, however if necessary this method can be overidden
so that in the case of multiple
KeySelectorResult s a selection can
be done. |
KeySelectorResult |
select(KeyInfo keyInfo,
KeySelector.Purpose purpose,
AlgorithmMethod method,
XMLCryptoContext context)
Attempts to find a key that satisfies the specified constraints from the
information provided in the
keyInfo . |
protected KeySelectorResult |
select(KeySelector.Purpose purpose,
AlgorithmMethod method,
XMLCryptoContext context)
Override this method if your application does not take advantage of
KeyInfo . |
protected KeySelectorResult |
select(KeyValue keyValue,
KeySelector.Purpose purpose,
AlgorithmMethod method,
XMLCryptoContext context)
Selects the public key form the given KeyValue.
|
protected KeySelectorResult |
select(X509Certificate cert,
KeySelector.Purpose purpose,
AlgorithmMethod method,
XMLCryptoContext context)
Selects the public key from the given X509 certificate and returns an
IndependentKeySelectorImpl.X509KeySelectorResultImpl bearing the selected key and the given
X509 certificate. |
protected KeySelectorResult |
select(X509Data x509Data,
KeySelector.Purpose purpose,
AlgorithmMethod method,
XMLCryptoContext context)
Selects a key using the given list of
X509Data elements. |
singletonKeySelector
protected String failReason_
public IndependentKeySelectorImpl()
KeySelectorImpl
.public final KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod method, XMLCryptoContext context) throws KeySelectorException
keyInfo
.select
in class KeySelector
keyInfo
- a KeyInfo
(may be null
)purpose
- the key's purpose KeySelector.Purpose.SIGN
, KeySelector.Purpose.VERIFY
,
KeySelector.Purpose.ENCRYPT
, or KeySelector.Purpose.DECRYPT
)method
- the algorithm method that this key is to be used for. Only keys that
are compatible with the algorithm and meet the constraints of the
specified algorithm should be returned.context
- an XMLCryptoContext
that may contain useful information
for finding an appropriate key. If this key selector supports
resolving RetrievalMethod
types, the context's baseURI
and
dereferencer
parameters (if specified) should be used
by the selector to resolve and dereference the URI.KeySelectorException
- if an exceptional condition occurs while attempting to find a key.
Note that an inability to find a key is not considered an exception
(null
should be returned in that case). However, an
error condition (ex: network communications failure) that prevented
the KeySelector
from finding a potential key should be
considered an exception.KeySelector.select(javax.xml.crypto.dsig.keyinfo.KeyInfo,
javax.xml.crypto.KeySelector.Purpose,
javax.xml.crypto.AlgorithmMethod, javax.xml.crypto.XMLCryptoContext)
protected IndependentKeySelectorImpl.KeyInfoHints newKeyInfoHints(KeyInfo keyInfo, XMLCryptoContext context) throws KeySelectorException
IndependentKeySelectorImpl.KeyInfoHints
which collects the following bits
of information from KeyInfo
. IndependentKeySelectorImpl.KeyInfoHints
if you need to resolve other KeyInfo
information, like keyInfo
- context
- KeySelectorException
protected KeySelectorResult select(IndependentKeySelectorImpl.KeyInfoHints hints, KeySelector.Purpose purpose, AlgorithmMethod method, XMLCryptoContext context) throws KeySelectorException
Overwrite this method to return a key using the hints given in the key info.
purpose
- one of KeySelector.Purpose.SIGN
,
KeySelector.Purpose.VERIFY
,
KeySelector.Purpose.ENCRYPT
or
KeySelector.Purpose.DECRYPT
.method
- the algorithm methodcontext
- the contextnull
KeySelectorException
protected KeySelectorResult select(EncryptedKey encryptedKey, KeySelector.Purpose purpose, AlgorithmMethod method, XMLCryptoContext context) throws KeySelectorException
This method tries to decrypt the given EncryptedKey.
encryptedKey
- the encrypted key elementpurpose
- one of KeySelector.Purpose.SIGN
,
KeySelector.Purpose.VERIFY
,
KeySelector.Purpose.ENCRYPT
or
KeySelector.Purpose.DECRYPT
.method
- the algorithm method to get the key forcontext
- the contextKeySelectorException
- if an exception occurs during decryption of the encrypted keyprotected KeySelectorResult select(AgreementMethod agreementMethod, KeySelector.Purpose purpose, AlgorithmMethod method, XMLCryptoContext context) throws KeySelectorException
Overwrite this method to return a key in case an AgreementMethod is given.
agreementMethod
- the agreement methodpurpose
- one of KeySelector.Purpose.SIGN
,
KeySelector.Purpose.VERIFY
,
KeySelector.Purpose.ENCRYPT
or
KeySelector.Purpose.DECRYPT
.method
- the algorithm method to get the key forcontext
- the contextnull
KeySelectorException
- if an exception occurs during key agreementprotected KeySelectorResult select(X509Data x509Data, KeySelector.Purpose purpose, AlgorithmMethod method, XMLCryptoContext context) throws KeySelectorException
X509Data
elements. This
method only returns a key within the KeySelectorResult if a
X509Certificate
element is included in the KeyInfo. X509Data
, such as X509IssuerSerial
or
X509SubjectName
, is included, the method checks if this data
matches the corresponding data of the X509Certificate
. If, for
example, the KeyInfo includes a X509Certificate
and a
X509SubjectName
, but the X509SubjectName
does not
match the SubjectDN (RFC2253 representation) of the certificate, the method
will not return a key.x509Data
- a list of X509DataImpl
spurpose
- one of KeySelector.Purpose.SIGN
,
KeySelector.Purpose.VERIFY
,
KeySelector.Purpose.ENCRYPT
or
KeySelector.Purpose.DECRYPT
.method
- the algorithm method to get the key forcontext
- the contextX509Certificate
is included in the KeyInfo and the
data of one certificate matches other X509Data (e.g.
X509SubjectName
, if present. The method does not
retrun a key if no X509Certificate
is included, even
if othe X509Data is present.KeySelectorException
- if exception occurs during key selectionpublic static X509Certificate[] convertCertificateChain(Certificate[] acertificate) throws KeySelectorException
KeySelectorException
protected boolean matchIssuerSN(X509Certificate cert, X509IssuerSerial issuerSerial)
protected static boolean matchSubjectDN(X509Certificate cert, String x509SubjectName)
cert
- x509SubjectName
- cert
.protected static boolean matchIssuerDN(X509Certificate cert, X509IssuerSerial issuerSerial) throws KeySelectorException
cert
- the certificateissuerSerial
- KeySelectorException
protected KeySelectorResult select(KeyValue keyValue, KeySelector.Purpose purpose, AlgorithmMethod method, XMLCryptoContext context) throws KeySelectorException
keyValue
- the KeyValue element to get the public key frompurpose
- one of KeySelector.Purpose.SIGN
,
KeySelector.Purpose.VERIFY
,
KeySelector.Purpose.ENCRYPT
or
KeySelector.Purpose.DECRYPT
.method
- the algorithm method to get the key forcontext
- the contextIndependentKeySelectorImpl
bearing the public key from the
given KeyValue, or null
if the key value is not
appropriate for the given method
KeySelectorException
protected KeySelectorResult select(X509Certificate cert, KeySelector.Purpose purpose, AlgorithmMethod method, XMLCryptoContext context) throws KeySelectorException
IndependentKeySelectorImpl.X509KeySelectorResultImpl
bearing the selected key and the given
X509 certificate.
Overwrite this method if special key treatment is necessary.
cert
- the X509 certificate to get the public key frompurpose
- the purpose (one of
KeySelector.Purpose.VERIFY
,
KeySelector.Purpose.ENCRYPT
)method
- the algorithm method to get the key forcontext
- the contextIndependentKeySelectorImpl.X509KeySelectorResultImpl
bearing the public key from the
given certificate and the certificate itself, if the key algorithm
is appropriate for the given algorithm method and the purpose is
verify or encrypt, otherwise null
KeySelectorException
- if obtaining the key from the given certificate failsprotected KeySelectorResult select(IndependentKeySelectorImpl.KeyInfoHints hints, KeySelectorResult[] results)
KeySelectorResult
s a selection can
be done.hints
- the hints to determine the resultsresults
- the potential resultsprotected KeySelectorResult select(KeySelector.Purpose purpose, AlgorithmMethod method, XMLCryptoContext context) throws KeySelectorException
KeyInfo
. It will be called if no KeyInfo
is used or did not
yield a Result.purpose
- the purpose (one of
KeySelector.Purpose.SIGN
,
KeySelector.Purpose.DECRYPT
)
KeySelector.Purpose.VERIFY
,
KeySelector.Purpose.ENCRYPT
)method
- the algorithm method to get the key forcontext
- the contextKeySelectorResult
bearing the private or public key.KeySelectorException
- if obtaining the key failspublic String getFailReason()
© 2002-2005 IAIK, © 2004, 2006 - 2019 Stiftung SIC