Package com.sun.identity.saml2.key

Class KeyUtil

  • public class KeyUtil
extends Object
    The KeyUtil provides methods to obtain the hosting entity's signing key and decryption key, and to obtain a partner entity's signature verification key and encryption related information

    • Method Detail

      • getKeyProviderInstance

        public static KeyProvider getKeyProviderInstance()
        Returns the instance of KeyProvider.
        Returns:
        KeyProvider

      • getSigningCertAlias

        public static String getSigningCertAlias​(BaseConfigType baseConfig)
        Returns the host entity's signing certificate alias.
        Parameters:
        baseConfig - BaseConfigType for the host entity
        Returns:
        String for host entity's signing certificate alias

      • getDecryptionKeys

        public static Set<PrivateKey> getDecryptionKeys​(String realm,
                                                String entityID,
                                                String role)
        Returns the hosted entity's decryption keys.
        Parameters:
        realm - The realm the hosted entity belongs to.
        entityID - The entity ID.
        role - The role of the hosted entity.
        Returns:
        The Set of PrivateKeys for decrypting a message received by the hosted entity.

      • getDecryptionKeys

        public static Set<PrivateKey> getDecryptionKeys​(BaseConfigType baseConfig)
        Returns the host entity's decryption keys.
        Parameters:
        baseConfig - BaseConfigType for the host entity.
        Returns:
        The Set of PrivateKeys for decrypting a message received by the hosted entity.

      • getDecryptionKey

        public static PrivateKey getDecryptionKey​(BaseConfigType baseConfig)
        Returns the host entity's decryption key.
        Parameters:
        baseConfig - BaseConfigType for the host entity
        Returns:
        PrivateKey for decrypting a message received by the host entity

      • getVerificationCerts

        public static Set<X509Certificate> getVerificationCerts​(RoleDescriptorType roleDescriptor,
                                                        String entityID,
                                                        String role)
        Returns the partner entity's signature verification certificate.
        Parameters:
        roleDescriptor - RoleDescriptor for the partner entity.
        entityID - Partner entity's ID.
        role - Entity's role.
        Returns:
        The set of signing X509Certificate for verifying the partner entity's signature.

      • getEncInfo

        public static EncInfo getEncInfo​(RoleDescriptorType roled,
                                 String entityID,
                                 String role)
        Returns the encryption information which will be used in encrypting messages intended for the partner entity.
        Parameters:
        roled - RoleDescriptor for the partner entity
        entityID - partner entity's ID
        role - entity's role
        Returns:
        EncInfo which includes partner entity's public key for wrapping the secret key, data encryption algorithm, and data encryption strength

      • getKeyDescriptor

        public static KeyDescriptorType getKeyDescriptor​(RoleDescriptorType roled,
                                                 String usage)
        Returns KeyDescriptorType from RoleDescriptorType.
        Parameters:
        roled - RoleDescriptorType which contains KeyDescriptors.
        usage - type of the KeyDescriptorType to be retrieved. Its value is "encryption" or "signing".
        Returns:
        KeyDescriptorType in RoleDescriptorType that matched the usage type.

      • getCert

        public static X509Certificate getCert​(KeyDescriptorType kd)
        Returns certificate stored in KeyDescriptorType.
        Parameters:
        kd - KeyDescriptorType which contains certificate info
        Returns:
        X509Certificate contained in KeyDescriptorType; or null if no certificate is included.

      • getPEPVerificationCerts

        public static Set<X509Certificate> getPEPVerificationCerts​(XACMLAuthzDecisionQueryDescriptorElement pepDescriptor,
                                                           String entityID)
        Returns the partner entity's signature verification certificates.
        Parameters:
        pepDescriptor - XACMLAuthzDecisionQueryDescriptorElement for the partner entity.
        entityID - Policy Enforcement Point (PEP) entity identifier.
        Returns:
        The Set of signing X509Certificates for verifying the partner entity's signature.

      • getPEPEncInfo

        public static EncInfo getPEPEncInfo​(XACMLAuthzDecisionQueryDescriptorElement pepDesc,
                                    String pepEntityID)
        Returns the encryption information which will be used in encrypting messages intended for the partner entity.
        Parameters:
        pepDesc - XACMLAuthzDecisionQueryDescriptorElement for the partner entity
        pepEntityID - partner entity's ID
        Returns:
        EncInfo which includes partner entity's public key for wrapping the secret key, data encryption algorithm, and data encryption strength

      • getPDPVerificationCerts

        public static Set<X509Certificate> getPDPVerificationCerts​(XACMLPDPDescriptorElement pdpDescriptor,
                                                           String entityID)
        Returns the partner entity's signature verification certificates.
        Parameters:
        pdpDescriptor - XACMLPDPDescriptorElement of partner entity.
        entityID - partner entity's ID.
        Returns:
        The Set of signing X509Certificates for verifying the partner entity's signature.

      • clear

        public static void clear()
        Clears the cache. This method is called when metadata is updated.