com.sun.identity.saml2.key

Class KeyUtil

java.lang.Object

com.sun.identity.saml2.key.KeyUtil

public class KeyUtil
extends Object

The KeyUtil provides methods to obtain the hosting entity's signing key and decryption key, and to obtain a partner entity's signature verification key and encryption related information

Field Summary

Fields

Modifier and Type	Field and Description
protected static Hashtable	encHash
protected static Map<String,Set<X509Certificate>>	sigHash

Method Summary

Modifier and Type	Method and Description
static void	clear() Clears the cache.
static X509Certificate	getCert(KeyDescriptorType kd) Returns certificate stored in KeyDescriptorType.
static PrivateKey	getDecryptionKey(BaseConfigType baseConfig) Returns the host entity's decryption key.
static Set<PrivateKey>	getDecryptionKeys(BaseConfigType baseConfig) Returns the host entity's decryption keys.
static Set<PrivateKey>	getDecryptionKeys(String realm, String entityID, String role) Returns the hosted entity's decryption keys.
static EncInfo	getEncInfo(RoleDescriptorType roled, String entityID, String role) Returns the encryption information which will be used in encrypting messages intended for the partner entity.
static KeyDescriptorType	getKeyDescriptor(RoleDescriptorType roled, String usage) Returns KeyDescriptorType from RoleDescriptorType.
static List<KeyDescriptorType>	getKeyDescriptors(RoleDescriptorType roleDescriptor, String usage) Returns the KeyDescriptorTypes from RoleDescriptorType that matches the requested usage.
static KeyProvider	getKeyProviderInstance() Returns the instance of KeyProvider.
static Set<X509Certificate>	getPDPVerificationCerts(XACMLPDPDescriptorElement pdpDescriptor, String entityID) Returns the partner entity's signature verification certificates.
static EncInfo	getPEPEncInfo(XACMLAuthzDecisionQueryDescriptorElement pepDesc, String pepEntityID) Returns the encryption information which will be used in encrypting messages intended for the partner entity.
static Set<X509Certificate>	getPEPVerificationCerts(XACMLAuthzDecisionQueryDescriptorElement pepDescriptor, String entityID) Returns the partner entity's signature verification certificates.
static String	getSigningCertAlias(BaseConfigType baseConfig) Returns the host entity's signing certificate alias.
static Set<X509Certificate>	getVerificationCerts(RoleDescriptorType roleDescriptor, String entityID, String role) Returns the partner entity's signature verification certificate.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

encHash

protected static Hashtable encHash

sigHash

protected static Map<String,Set<X509Certificate>> sigHash

Method Detail

getKeyProviderInstance

public static KeyProvider getKeyProviderInstance()

Returns the instance of KeyProvider.

Returns:

KeyProvider

getSigningCertAlias

public static String getSigningCertAlias(BaseConfigType baseConfig)

Returns the host entity's signing certificate alias.

Parameters:

baseConfig - BaseConfigType for the host entity

Returns:

String for host entity's signing certificate alias

getDecryptionKeys

public static Set<PrivateKey> getDecryptionKeys(String realm,
                                                String entityID,
                                                String role)

Returns the hosted entity's decryption keys.

Parameters:

realm - The realm the hosted entity belongs to.

entityID - The entity ID.

role - The role of the hosted entity.

Returns:

The Set of PrivateKeys for decrypting a message received by the hosted entity.

getDecryptionKeys

public static Set<PrivateKey> getDecryptionKeys(BaseConfigType baseConfig)

Returns the host entity's decryption keys.

Parameters:

baseConfig - BaseConfigType for the host entity.

Returns:

The Set of PrivateKeys for decrypting a message received by the hosted entity.

getDecryptionKey

public static PrivateKey getDecryptionKey(BaseConfigType baseConfig)

Returns the host entity's decryption key.

Parameters:

baseConfig - BaseConfigType for the host entity

Returns:

PrivateKey for decrypting a message received by the host entity

getVerificationCerts

public static Set<X509Certificate> getVerificationCerts(RoleDescriptorType roleDescriptor,
                                                        String entityID,
                                                        String role)

Returns the partner entity's signature verification certificate.

Parameters:

roleDescriptor - RoleDescriptor for the partner entity.

entityID - Partner entity's ID.

role - Entity's role.

Returns:

The set of signing X509Certificate for verifying the partner entity's signature.

getEncInfo

public static EncInfo getEncInfo(RoleDescriptorType roled,
                                 String entityID,
                                 String role)

Returns the encryption information which will be used in encrypting messages intended for the partner entity.

Parameters:

roled - RoleDescriptor for the partner entity

entityID - partner entity's ID

role - entity's role

Returns:

EncInfo which includes partner entity's public key for wrapping the secret key, data encryption algorithm, and data encryption strength

getKeyDescriptors

public static List<KeyDescriptorType> getKeyDescriptors(RoleDescriptorType roleDescriptor,
                                                        String usage)

Returns the KeyDescriptorTypes from RoleDescriptorType that matches the requested usage. KeyDescriptors without usage defined are also included in this list, as by definition they should be suitable for any purposes.

Parameters:

roleDescriptor - RoleDescriptorType which contains KeyDescriptorTypes.

usage - Type of the KeyDescriptorTypes to be retrieved. Its value is "encryption" or "signing".

Returns:

KeyDescriptorTypes in RoleDescriptorType that matched the usage type.

getKeyDescriptor

public static KeyDescriptorType getKeyDescriptor(RoleDescriptorType roled,
                                                 String usage)

Returns KeyDescriptorType from RoleDescriptorType.

Parameters:

roled - RoleDescriptorType which contains KeyDescriptors.

usage - type of the KeyDescriptorType to be retrieved. Its value is "encryption" or "signing".

Returns:

KeyDescriptorType in RoleDescriptorType that matched the usage type.

getCert

public static X509Certificate getCert(KeyDescriptorType kd)

Returns certificate stored in KeyDescriptorType.

Parameters:

kd - KeyDescriptorType which contains certificate info

Returns:

X509Certificate contained in KeyDescriptorType; or null if no certificate is included.

getPEPVerificationCerts

public static Set<X509Certificate> getPEPVerificationCerts(XACMLAuthzDecisionQueryDescriptorElement pepDescriptor,
                                                           String entityID)

Returns the partner entity's signature verification certificates.

Parameters:

pepDescriptor - XACMLAuthzDecisionQueryDescriptorElement for the partner entity.

entityID - Policy Enforcement Point (PEP) entity identifier.

Returns:

The Set of signing X509Certificates for verifying the partner entity's signature.

getPEPEncInfo

public static EncInfo getPEPEncInfo(XACMLAuthzDecisionQueryDescriptorElement pepDesc,
                                    String pepEntityID)

Returns the encryption information which will be used in encrypting messages intended for the partner entity.

Parameters:

pepDesc - XACMLAuthzDecisionQueryDescriptorElement for the partner entity

pepEntityID - partner entity's ID

Returns:

EncInfo which includes partner entity's public key for wrapping the secret key, data encryption algorithm, and data encryption strength

getPDPVerificationCerts

public static Set<X509Certificate> getPDPVerificationCerts(XACMLPDPDescriptorElement pdpDescriptor,
                                                           String entityID)

Returns the partner entity's signature verification certificates.

Parameters:

pdpDescriptor - XACMLPDPDescriptorElement of partner entity.

entityID - partner entity's ID.

Returns:

The Set of signing X509Certificates for verifying the partner entity's signature.

clear

public static void clear()

Clears the cache. This method is called when metadata is updated.