1 files changed, 122 insertions, 0 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java
new file mode 100644
index 00000000..1611d623
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/opensaml/EaafKeyStoreX509CredentialAdapter.java
@@ -0,0 +1,122 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml;
+
+import java.security.KeyStore;
+
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+
+import org.opensaml.security.x509.X509Credential;
+import org.opensaml.security.x509.impl.KeyStoreX509CredentialAdapter;
+
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * OpenSAML2 KeyStore adapter.
+ *
+ * @author tlenz
+ *
+ */
+@Slf4j
+public class EaafKeyStoreX509CredentialAdapter extends KeyStoreX509CredentialAdapter
+    implements EaafX509Credential {
+
+  private String signatureAlgorithmtToUse;
+  private String keyEncryptionAlgorithmtToUse;
+
+  /**
+   * Get an OpenSAML2 keystore.
+   *
+   * @param store                Java KeyStore
+   * @param alias                Key alias
+   * @param password             key Password
+   * @param keyStoreFriendlyName Friendlyname of this keystore for logging
+   *                             purposes
+   * @throws CredentialsNotAvailableException In case of an initialization
+   *                                          exception
+   */
+  public EaafKeyStoreX509CredentialAdapter(@Nonnull final KeyStore store, @Nonnull final String alias,
+      @Nullable final char[] password, @Nonnull String keyStoreFriendlyName)
+      throws CredentialsNotAvailableException {
+    super(store, alias, password);
+
+    if (getPrivateKey() == null && getSecretKey() == null) {
+      log.error("KeyStore: {} Key with alias: {} not found or contains no PrivateKey.",
+          keyStoreFriendlyName, alias);
+      throw new CredentialsNotAvailableException("internal.pvp.00",
+          new Object[] { keyStoreFriendlyName, alias });
+
+    }
+
+    try {
+      setSignatureAlgorithmForSigning(Saml2Utils.getKeyOperationAlgorithmFromCredential(this,
+          PvpConstants.DEFAULT_SIGNING_METHODE_RSA,
+          PvpConstants.DEFAULT_SIGNING_METHODE_EC));
+
+      setKeyEncryptionAlgorithmForDataEncryption(
+          Saml2Utils.getKeyOperationAlgorithmFromCredential(this,
+          PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA,
+          PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC));
+
+    } catch (final SamlSigningException e) {
+      throw new CredentialsNotAvailableException("internal.pvp.01", new Object[] { keyStoreFriendlyName,
+          alias }, e);
+
+    }
+
+  }
+
+  @Override
+  public Class<? extends X509Credential> getCredentialType() {
+    return X509Credential.class;
+  }
+
+  @Override
+  public String getSignatureAlgorithmForSigning() {
+    return this.signatureAlgorithmtToUse;
+
+  }
+
+  @Override
+  public void setSignatureAlgorithmForSigning(String sigAlg) {
+    this.signatureAlgorithmtToUse = sigAlg;
+
+  }
+
+  @Override
+  public String getKeyEncryptionAlgorithmForDataEncryption() {
+    return this.keyEncryptionAlgorithmtToUse;
+
+  }
+
+  @Override
+  public void setKeyEncryptionAlgorithmForDataEncryption(String sigAlg) {
+    this.keyEncryptionAlgorithmtToUse = sigAlg;
+
+  }
+
+}