Spring Security SAML

org.springframework.security.saml.key
Class JKSKeyManager

java.lang.Object
  extended by org.springframework.security.saml.key.JKSKeyManager
All Implemented Interfaces:
org.opensaml.xml.security.credential.CredentialResolver, org.opensaml.xml.security.Resolver<org.opensaml.xml.security.credential.Credential,org.opensaml.xml.security.CriteriaSet>, KeyManager

public class JKSKeyManager
extends Object
implements KeyManager

Class provides access to private and trusted keys for SAML Extension configuration. Keys are stored in the underlaying KeyStore object. Class also provides additional convenience methods for loading of certificates and public keys.

Author:
Vladimir Schafer

Constructor Summary
JKSKeyManager(KeyStore keyStore, Map<String,String> passwords, String defaultKey)
          Default constructor which uses an existing KeyStore instance for loading of credentials.
JKSKeyManager(org.springframework.core.io.Resource storeFile, String storePass, Map<String,String> passwords, String defaultKey)
          Default constructor which instantiates a new KeyStore used to load all credentials.
 
Method Summary
 Set<String> getAvailableCredentials()
          Method provides list of all credentials available in the storage.
 X509Certificate getCertificate(String alias)
          Returns certificate with the given alias from the keystore.
 org.opensaml.xml.security.credential.Credential getCredential(String keyName)
          Returns Credential object used to sign the messages issued by this entity.
 org.opensaml.xml.security.credential.Credential getDefaultCredential()
          Returns Credential object used to sign the messages issued by this entity.
 String getDefaultCredentialName()
          Method provides name of the credential which should be used by default when no other is specified.
 KeyStore getKeyStore()
           
 PublicKey getPublicKey(String alias)
          Returns public key with the given alias
 Iterable<org.opensaml.xml.security.credential.Credential> resolve(org.opensaml.xml.security.CriteriaSet criteriaSet)
           
 org.opensaml.xml.security.credential.Credential resolveSingle(org.opensaml.xml.security.CriteriaSet criteriaSet)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

JKSKeyManager

public JKSKeyManager(KeyStore keyStore,
                     Map<String,String> passwords,
                     String defaultKey)
Default constructor which uses an existing KeyStore instance for loading of credentials. Available keys are calculated automatically.

Parameters:
keyStore - key store to use
passwords - passwords used to access private keys
defaultKey - default key

JKSKeyManager

public JKSKeyManager(org.springframework.core.io.Resource storeFile,
                     String storePass,
                     Map<String,String> passwords,
                     String defaultKey)
Default constructor which instantiates a new KeyStore used to load all credentials. Available keys are calculated automatically.

Parameters:
storeFile - file pointing to the JKS keystore
storePass - password to access the keystore
passwords - passwords used to access private keys
defaultKey - default key
Method Detail

getCertificate

public X509Certificate getCertificate(String alias)
Returns certificate with the given alias from the keystore.

Specified by:
getCertificate in interface KeyManager
Parameters:
alias - alias of certificate to find
Returns:
certificate with the given alias or null if not found

getPublicKey

public PublicKey getPublicKey(String alias)
Returns public key with the given alias

Parameters:
alias - alias of the key to find
Returns:
public key of the alias or null if not found

resolve

public Iterable<org.opensaml.xml.security.credential.Credential> resolve(org.opensaml.xml.security.CriteriaSet criteriaSet)
                                                                  throws org.opensaml.xml.security.SecurityException
Specified by:
resolve in interface org.opensaml.xml.security.Resolver<org.opensaml.xml.security.credential.Credential,org.opensaml.xml.security.CriteriaSet>
Throws:
org.opensaml.xml.security.SecurityException

resolveSingle

public org.opensaml.xml.security.credential.Credential resolveSingle(org.opensaml.xml.security.CriteriaSet criteriaSet)
                                                              throws org.opensaml.xml.security.SecurityException
Specified by:
resolveSingle in interface org.opensaml.xml.security.Resolver<org.opensaml.xml.security.credential.Credential,org.opensaml.xml.security.CriteriaSet>
Throws:
org.opensaml.xml.security.SecurityException

getCredential

public org.opensaml.xml.security.credential.Credential getCredential(String keyName)
Returns Credential object used to sign the messages issued by this entity. Public, X509 and Private keys are set in the credential.

Specified by:
getCredential in interface KeyManager
Parameters:
keyName - name of the key to use, in case of null default key is used
Returns:
credential

getDefaultCredential

public org.opensaml.xml.security.credential.Credential getDefaultCredential()
Returns Credential object used to sign the messages issued by this entity. Public, X509 and Private keys are set in the credential.

Specified by:
getDefaultCredential in interface KeyManager
Returns:
credential

getDefaultCredentialName

public String getDefaultCredentialName()
Description copied from interface: KeyManager
Method provides name of the credential which should be used by default when no other is specified. It must be possible to call getCredential with the returned name in order to obtain Credential value.

Specified by:
getDefaultCredentialName in interface KeyManager
Returns:
default credential name

getAvailableCredentials

public Set<String> getAvailableCredentials()
Description copied from interface: KeyManager
Method provides list of all credentials available in the storage.

Specified by:
getAvailableCredentials in interface KeyManager
Returns:
available credentials

getKeyStore

public KeyStore getKeyStore()

Spring Security SAML