org.springframework.security.saml.key
Class JKSKeyManager

java.lang.Object
  org.springframework.security.saml.key.JKSKeyManager

All Implemented Interfaces:

org.opensaml.xml.security.credential.CredentialResolver, org.opensaml.xml.security.Resolver<org.opensaml.xml.security.credential.Credential,org.opensaml.xml.security.CriteriaSet>, KeyManager

public class JKSKeyManager
extends Object
implements KeyManager

Class provides access to private and trusted keys for SAML Extension configuration. Keys are stored in the underlaying KeyStore object. Class also provides additional convenience methods for loading of certificates and public keys.

Author:

Vladimir Schafer

Constructor Summary

JKSKeyManager(KeyStore keyStore, Map<String,String> passwords, String defaultKey)
Default constructor which uses an existing KeyStore instance for loading of credentials.

JKSKeyManager(org.springframework.core.io.Resource storeFile, String storePass, Map<String,String> passwords, String defaultKey)
Default constructor which instantiates a new KeyStore used to load all credentials.

Method Summary

Set<String>	getAvailableCredentials() Method provides list of all credentials available in the storage.
X509Certificate	getCertificate(String alias) Returns certificate with the given alias from the keystore.
org.opensaml.xml.security.credential.Credential	getCredential(String keyName) Returns Credential object used to sign the messages issued by this entity.
org.opensaml.xml.security.credential.Credential	getDefaultCredential() Returns Credential object used to sign the messages issued by this entity.
String	getDefaultCredentialName() Method provides name of the credential which should be used by default when no other is specified.
KeyStore	getKeyStore()
PublicKey	getPublicKey(String alias) Returns public key with the given alias
Iterable<org.opensaml.xml.security.credential.Credential>	resolve(org.opensaml.xml.security.CriteriaSet criteriaSet)
org.opensaml.xml.security.credential.Credential	resolveSingle(org.opensaml.xml.security.CriteriaSet criteriaSet)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

JKSKeyManager

public JKSKeyManager(KeyStore keyStore,
                     Map<String,String> passwords,
                     String defaultKey)

Default constructor which uses an existing KeyStore instance for loading of credentials. Available keys are calculated automatically.

Parameters:

keyStore - key store to use

passwords - passwords used to access private keys

defaultKey - default key

JKSKeyManager

public JKSKeyManager(org.springframework.core.io.Resource storeFile,
                     String storePass,
                     Map<String,String> passwords,
                     String defaultKey)

Default constructor which instantiates a new KeyStore used to load all credentials. Available keys are calculated automatically.

Parameters:

storeFile - file pointing to the JKS keystore

storePass - password to access the keystore

passwords - passwords used to access private keys

defaultKey - default key

Method Detail

getCertificate

public X509Certificate getCertificate(String alias)

Returns certificate with the given alias from the keystore.

Specified by:

getCertificate in interface KeyManager

Parameters:

alias - alias of certificate to find

Returns:

certificate with the given alias or null if not found

getPublicKey

public PublicKey getPublicKey(String alias)

Returns public key with the given alias

Parameters:

alias - alias of the key to find

Returns:

public key of the alias or null if not found

resolve

public Iterable<org.opensaml.xml.security.credential.Credential> resolve(org.opensaml.xml.security.CriteriaSet criteriaSet)
                                                                  throws org.opensaml.xml.security.SecurityException

Specified by:

resolve in interface org.opensaml.xml.security.Resolver<org.opensaml.xml.security.credential.Credential,org.opensaml.xml.security.CriteriaSet>

Throws:

org.opensaml.xml.security.SecurityException

resolveSingle

public org.opensaml.xml.security.credential.Credential resolveSingle(org.opensaml.xml.security.CriteriaSet criteriaSet)
                                                              throws org.opensaml.xml.security.SecurityException

Specified by:

resolveSingle in interface org.opensaml.xml.security.Resolver<org.opensaml.xml.security.credential.Credential,org.opensaml.xml.security.CriteriaSet>

Throws:

org.opensaml.xml.security.SecurityException

getCredential

public org.opensaml.xml.security.credential.Credential getCredential(String keyName)

Returns Credential object used to sign the messages issued by this entity. Public, X509 and Private keys are set in the credential.

Specified by:

getCredential in interface KeyManager

Parameters:

keyName - name of the key to use, in case of null default key is used

Returns:

credential

getDefaultCredential

public org.opensaml.xml.security.credential.Credential getDefaultCredential()

Returns Credential object used to sign the messages issued by this entity. Public, X509 and Private keys are set in the credential.

Specified by:

getDefaultCredential in interface KeyManager

Returns:

credential

getDefaultCredentialName

public String getDefaultCredentialName()

Description copied from interface: KeyManager

Method provides name of the credential which should be used by default when no other is specified. It must be possible to call getCredential with the returned name in order to obtain Credential value.

Specified by:

getDefaultCredentialName in interface KeyManager

Returns:

default credential name

getAvailableCredentials

public Set<String> getAvailableCredentials()

Description copied from interface: KeyManager

Method provides list of all credentials available in the storage.

Specified by:

getAvailableCredentials in interface KeyManager

Returns:

available credentials

getKeyStore

public KeyStore getKeyStore()