Java KeyInfo类代码示例

import org.opensaml.xml.signature.KeyInfo; //导入依赖的package包/类
private static Signature setSignatureRaw(String signatureAlgorithm, X509Credential cred) throws SSOAgentException {
    Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
    signature.setSigningCredential(cred);
    signature.setSignatureAlgorithm(signatureAlgorithm);
    signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);

    try {
        KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
        X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
        org.opensaml.xml.signature.X509Certificate cert =
                (org.opensaml.xml.signature.X509Certificate) buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
        String value =
                org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded());
        cert.setValue(value);
        data.getX509Certificates().add(cert);
        keyInfo.getX509Datas().add(data);
        signature.setKeyInfo(keyInfo);
        return signature;

    } catch (CertificateEncodingException e) {
        throw new SSOAgentException("Error getting certificate", e);
    }
}
 

import org.opensaml.xml.signature.KeyInfo; //导入依赖的package包/类
/** Process the value of {@link X509Credential#getEntityCertificate()}.
 * 
 * @param keyInfo the KeyInfo that is being built
 * @param x509Data the X509Data that is being built
 * @param credential the Credential that is being processed
 * @throws SecurityException thrown if the certificate data can not be encoded from the Java certificate object
 */
protected void processEntityCertificate(KeyInfo keyInfo, X509Data x509Data, X509Credential credential) 
        throws SecurityException {
    
    if (credential.getEntityCertificate() == null) {
        return;
    }
    
    java.security.cert.X509Certificate javaCert = credential.getEntityCertificate();
    
    processCertX509DataOptions(x509Data, javaCert);
    processCertKeyNameOptions(keyInfo, javaCert);
    
    // The cert chain includes the entity cert, so don't add a duplicate
    if (options.emitEntityCertificate && ! options.emitEntityCertificateChain) {
        try {
            X509Certificate xmlCert = KeyInfoHelper.buildX509Certificate(javaCert);
            x509Data.getX509Certificates().add(xmlCert);
        } catch (CertificateEncodingException e) {
            throw new SecurityException("Error generating X509Certificate element " 
                    + "from credential's end-entity certificate", e);
        }
    }
    
}
 

import org.opensaml.xml.signature.KeyInfo; //导入依赖的package包/类
/**
 * Process the options related to generation of KeyName elements based on subject
 * alternative name information within the certificate data.
 * 
 * @param keyInfo the KeyInfo element being processed.
 * @param cert the certificate being processed
 */
protected void processSubjectAltNameKeyNames(KeyInfo keyInfo, java.security.cert.X509Certificate cert) {
    if (options.emitSubjectAltNamesAsKeyNames && options.subjectAltNames.size() > 0) {
        Integer[] nameTypes = new Integer[ options.subjectAltNames.size() ];
        options.subjectAltNames.toArray(nameTypes);
        for (Object altNameValue : X509Util.getAltNames(cert, nameTypes)) {
            // Each returned value should either be a String or a DER-encoded byte array.
            // See X509Certificate#getSubjectAlternativeNames for the type rules.
            if (altNameValue instanceof String) {
                KeyInfoHelper.addKeyName(keyInfo, (String) altNameValue);
            } else if (altNameValue instanceof byte[]){
                log.warn("Certificate contained an alt name value as a DER-encoded byte[] (not supported)");
            } else {
                log.warn("Certificate contained an alt name value with an unexpected type: {}",
                        altNameValue.getClass().getName());
            }
        }
    }
}
 

import org.opensaml.xml.signature.KeyInfo; //导入依赖的package包/类
/** Process the value of {@link X509Credential#getEntityCertificateChain()}.
 * 
 * @param keyInfo the KeyInfo that is being built
 * @param x509Data the X509Data that is being built
 * @param credential the Credential that is being processed
 * @throws SecurityException thrown if the certificate data can not be encoded from the Java certificate object
 */
protected void processEntityCertificateChain(KeyInfo keyInfo, X509Data x509Data, X509Credential credential) 
        throws SecurityException {
    
    if (options.emitEntityCertificateChain && credential.getEntityCertificateChain() != null) {
        for (java.security.cert.X509Certificate javaCert : credential.getEntityCertificateChain()) {
            try {
                X509Certificate xmlCert = KeyInfoHelper.buildX509Certificate(javaCert);
                x509Data.getX509Certificates().add(xmlCert);
            } catch (CertificateEncodingException e) {
                throw new SecurityException("Error generating X509Certificate element " 
                        + "from a certificate in credential's certificate chain", e);
            }
        }
    }
}
 

import org.opensaml.xml.signature.KeyInfo; //导入依赖的package包/类
/** Process the value of {@link X509Credential#getCRLs()}.
 * 
 * @param keyInfo the KeyInfo that is being built
 * @param x509Data the X509Data that is being built
 * @param credential the Credential that is being processed
 * @throws SecurityException thrown if the CRL data can not be encoded from the Java certificate object
 */
protected void processCRLs(KeyInfo keyInfo, X509Data x509Data, X509Credential credential) 
        throws SecurityException {
    
    if (options.emitCRLs && credential.getCRLs() != null) {
        for (java.security.cert.X509CRL javaCRL : credential.getCRLs()) {
            try {
                X509CRL xmlCRL = KeyInfoHelper.buildX509CRL(javaCRL);
                x509Data.getX509CRLs().add(xmlCRL);
            } catch (CRLException e) {
                throw new SecurityException("Error generating X509CRL element " 
                        + "from a CRL in credential's CRL list", e);
            }
        }
    }
}
 

import org.opensaml.xml.signature.KeyInfo; //导入依赖的package包/类
/**
 * Initialize the resolution context that will be used by the providers.
 * 
 * The supplied KeyInfo object is stored in the context, as well as the values of any {@link KeyName} children
 * present. Finally if a credential is resolveble by any registered provider from a plain {@link KeyValue} child,
 * the key from that credential is also stored in the context.
 * 
 * @param kiContext KeyInfo resolution context
 * @param keyInfo the KeyInfo to evaluate
 * @param criteriaSet the credential criteria used to resolve credentials
 * @throws SecurityException thrown if there is an error processing the KeyValue children
 */
protected void initResolutionContext(KeyInfoResolutionContext kiContext, KeyInfo keyInfo, CriteriaSet criteriaSet)
        throws SecurityException {

    kiContext.setKeyInfo(keyInfo);

    // Extract all KeyNames
    kiContext.getKeyNames().addAll(KeyInfoHelper.getKeyNames(keyInfo));
    log.debug("Found {} key names: {}", kiContext.getKeyNames().size(), kiContext.getKeyNames());

    // Extract the Credential based on the (singular) key from an existing KeyValue(s).
    resolveKeyValue(kiContext, criteriaSet, keyInfo.getKeyValues());

    // Extract the Credential based on the (singular) key from an existing DEREncodedKeyValue(s).
    resolveKeyValue(kiContext, criteriaSet, keyInfo.getXMLObjects(DEREncodedKeyValue.DEFAULT_ELEMENT_NAME));
}
 

import org.opensaml.xml.signature.KeyInfo; //导入依赖的package包/类
/**
 * Get the set of key names inside the specified {@link KeyInfo} as a list of strings.
 * 
 * @param keyInfo {@link KeyInfo} to retrieve key names from
 * 
 * @return a list of key name strings
 */
public static List<String> getKeyNames(KeyInfo keyInfo) {
    List<String> keynameList = new LinkedList<String>();

    if (keyInfo == null) {
        return keynameList;
    }

    List<KeyName> keyNames = keyInfo.getKeyNames();
    for (KeyName keyName : keyNames) {
        if (keyName.getValue() != null) {
            keynameList.add(keyName.getValue());
        }
    }

    return keynameList;
}
 

import org.opensaml.xml.signature.KeyInfo; //导入依赖的package包/类
/**
 * Get a list of the Java {@link java.security.cert.X509Certificate} within the given KeyInfo.
 * 
 * @param keyInfo key info to extract the certificates from
 * 
 * @return a list of Java {@link java.security.cert.X509Certificate}s
 * 
 * @throws CertificateException thrown if there is a problem converting the 
 *          X509 data into {@link java.security.cert.X509Certificate}s.
 */
public static List<X509Certificate> getCertificates(KeyInfo keyInfo) throws CertificateException {
    List<X509Certificate> certList = new LinkedList<X509Certificate>();

    if (keyInfo == null) {
        return certList;
    }

    List<X509Data> x509Datas = keyInfo.getX509Datas();
    for (X509Data x509Data : x509Datas) {
        if (x509Data != null) {
            certList.addAll(getCertificates(x509Data));
        }
    }

    return certList;
}
 

import org.opensaml.xml.signature.KeyInfo; //导入依赖的package包/类
/**
 * Get a list of the Java {@link java.security.cert.X509CRL}s within the given {@link KeyInfo}.
 * 
 * @param keyInfo the {@link KeyInfo} to extract the CRL's from
 * 
 * @return a list of Java {@link java.security.cert.X509CRL}s
 * 
 * @throws CRLException thrown if there is a problem converting the 
 *          CRL data into {@link java.security.cert.X509CRL}s
 */
public static List<X509CRL> getCRLs(KeyInfo keyInfo) throws CRLException {
    List<X509CRL> crlList = new LinkedList<X509CRL>();

    if (keyInfo == null) {
        return crlList;
    }

    List<X509Data> x509Datas = keyInfo.getX509Datas();
    for (X509Data x509Data : x509Datas) {
        if (x509Data != null) {
            crlList.addAll(getCRLs(x509Data));
        }
    }

    return crlList;
}
 

import org.opensaml.xml.signature.KeyInfo; //导入依赖的package包/类
/**
 * Converts a Java DSA or RSA public key into the corresponding XMLObject and stores it
 * in a {@link KeyInfo} in a new {@link KeyValue} element.
 * 
 * As input, only supports {@link PublicKey}s which are instances of either
 * {@link java.security.interfaces.DSAPublicKey} or
 * {@link java.security.interfaces.RSAPublicKey}
 * 
 * @param keyInfo the {@link KeyInfo} element to which to add the key
 * @param pk the native Java {@link PublicKey} to add
 * @throws IllegalArgumentException thrown if an unsupported public key
 *          type is passed
 */
public static void addPublicKey(KeyInfo keyInfo, PublicKey pk) throws IllegalArgumentException {
    KeyValue keyValue = (KeyValue) Configuration.getBuilderFactory()
        .getBuilder(KeyValue.DEFAULT_ELEMENT_NAME)
        .buildObject(KeyValue.DEFAULT_ELEMENT_NAME);
    
    if (pk instanceof RSAPublicKey) {
        keyValue.setRSAKeyValue(buildRSAKeyValue((RSAPublicKey) pk));
    } else if (pk instanceof DSAPublicKey) {
        keyValue.setDSAKeyValue(buildDSAKeyValue((DSAPublicKey) pk));
    } else {
       throw new IllegalArgumentException("Only RSAPublicKey and DSAPublicKey are supported");
    }
    
    keyInfo.getKeyValues().add(keyValue);
}
 

import org.opensaml.xml.signature.KeyInfo; //导入依赖的package包/类
/**
 * Dereference the URI attribute of the specified retrieval method into a KeyInfo.
 * 
 * @param ref the KeyInfoReference to process
 * @return the dereferenced KeyInfo
 */
protected KeyInfo dereferenceURI(KeyInfoReference ref) {
    String uri = ref.getURI();
    if (DatatypeHelper.isEmpty(uri) || !uri.startsWith("#")) {
        log.warn("EncryptedKey KeyInfoReference did not contain a same-document URI reference, cannot process");
        return null;
    }
    XMLObject target = ref.resolveIDFromRoot(uri.substring(1));
    if (target == null) {
        log.warn("EncryptedKey KeyInfoReference URI could not be dereferenced");
        return null;
    } else if (!(target instanceof KeyInfo)) {
        log.warn("The product of dereferencing the EncryptedKey KeyInfoReference was not a KeyInfo");
        return null;
    }
    return (KeyInfo) target;
}
 

import org.opensaml.xml.signature.KeyInfo; //导入依赖的package包/类
/**
 * Constructor.
 * 
 */
public Encrypter() {
    UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
    encryptedDataUnmarshaller = unmarshallerFactory.getUnmarshaller(EncryptedData.DEFAULT_ELEMENT_NAME);
    encryptedKeyUnmarshaller = unmarshallerFactory.getUnmarshaller(EncryptedKey.DEFAULT_ELEMENT_NAME);

    XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
    keyInfoBuilder = (XMLSignatureBuilder<KeyInfo>) builderFactory.getBuilder(KeyInfo.DEFAULT_ELEMENT_NAME);

    jcaProviderName = null;
}
 

import org.opensaml.xml.signature.KeyInfo; //导入依赖的package包/类
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentXMLObject, XMLObject childXMLObject)
        throws UnmarshallingException {
    EncryptedType et = (EncryptedType) parentXMLObject;

    if (childXMLObject instanceof EncryptionMethod) {
        et.setEncryptionMethod((EncryptionMethod) childXMLObject);
    } else if (childXMLObject instanceof KeyInfo) {
        et.setKeyInfo((KeyInfo) childXMLObject);
    } else if (childXMLObject instanceof CipherData) {
        et.setCipherData((CipherData) childXMLObject);
    } else if (childXMLObject instanceof EncryptionProperties) {
        et.setEncryptionProperties((EncryptionProperties) childXMLObject);
    } else {
        super.processChildElement(parentXMLObject, childXMLObject);
    }

}
 

import org.opensaml.xml.signature.KeyInfo; //导入依赖的package包/类
/**
 * Helper method for constructors.
 */
private void init() {
    builderFactory = Configuration.getBuilderFactory();
    keyInfoBuilder = 
        (XMLSignatureBuilder<KeyInfo>) builderFactory.getBuilder(KeyInfo.DEFAULT_ELEMENT_NAME);
    dataReferenceBuilder = 
        (XMLEncryptionBuilder<DataReference>) builderFactory.getBuilder(DataReference.DEFAULT_ELEMENT_NAME);
    referenceListBuilder = 
        (XMLEncryptionBuilder<ReferenceList>) builderFactory.getBuilder(ReferenceList.DEFAULT_ELEMENT_NAME);
    retrievalMethodBuilder = 
        (XMLSignatureBuilder<RetrievalMethod>) builderFactory.getBuilder(RetrievalMethod.DEFAULT_ELEMENT_NAME);
    keyNameBuilder = 
        (XMLSignatureBuilder<KeyName>) builderFactory.getBuilder(KeyName.DEFAULT_ELEMENT_NAME);
    carriedKeyNameBuilder = 
        (XMLEncryptionBuilder<CarriedKeyName>) builderFactory.getBuilder(CarriedKeyName.DEFAULT_ELEMENT_NAME);
    
    try{
        idGenerator = new SecureRandomIdentifierGenerator();
    }catch(NoSuchAlgorithmException e){
        log.error("JVM does not support SHA1PRNG random number generation algorithm.");
    }
    
    keyPlacement = KeyPlacement.PEER;
}
 

import org.opensaml.xml.signature.KeyInfo; //导入依赖的package包/类
@Test
public void testCreateSignature() {
	Signature s = SAMLUtil.createSignature("key");
	assertNotNull(s);
	assertNull(s.getCanonicalizationAlgorithm());
	assertTrue(s.getContentReferences().isEmpty());
	assertNull(s.getHMACOutputLength());
	assertNull(s.getSignatureAlgorithm());
	assertNull(s.getSigningCredential());
	
	KeyInfo ki = s.getKeyInfo();
	assertNotNull(ki);
	assertTrue(ki.getAgreementMethods().isEmpty());
	assertTrue(ki.getEncryptedKeys().isEmpty());
	assertNull(ki.getID());
	assertTrue(ki.getMgmtDatas().isEmpty());
	assertTrue(ki.getPGPDatas().isEmpty());
	assertTrue(ki.getRetrievalMethods().isEmpty());
	assertTrue(ki.getSPKIDatas().isEmpty());
	assertTrue(ki.getX509Datas().isEmpty());
	assertTrue(ki.getKeyValues().isEmpty());
	
	assertEquals(1, ki.getKeyNames().size());
	
	assertEquals("key", ki.getKeyNames().get(0).getValue());
}