/* * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in * compliance with the Licence. You may obtain a copy of the Licence at: * https://joinup.ec.europa.eu/news/understanding-eupl-v12 * * Unless required by applicable law or agreed to in writing, software distributed under the Licence * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the Licence for the specific language governing permissions and limitations under * the Licence. * * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. */ package at.gv.egiz.eaaf.modules.pvp2.impl.opensaml; import java.security.KeyStore; import javax.annotation.Nonnull; import javax.annotation.Nullable; import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import org.opensaml.security.x509.X509Credential; import org.opensaml.security.x509.impl.KeyStoreX509CredentialAdapter; import lombok.extern.slf4j.Slf4j; /** * OpenSAML2 KeyStore adapter. * * @author tlenz * */ @Slf4j public class EaafKeyStoreX509CredentialAdapter extends KeyStoreX509CredentialAdapter implements EaafX509Credential { private String signatureAlgorithmtToUse; private String keyEncryptionAlgorithmtToUse; /** * Get an OpenSAML2 keystore. * * @param store Java KeyStore * @param alias Key alias * @param password key Password * @param keyStoreFriendlyName Friendlyname of this keystore for logging * purposes * @throws CredentialsNotAvailableException In case of an initialization * exception */ public EaafKeyStoreX509CredentialAdapter(@Nonnull final KeyStore store, @Nonnull final String alias, @Nullable final char[] password, @Nonnull String keyStoreFriendlyName) throws CredentialsNotAvailableException { super(store, alias, password); if (getPrivateKey() == null && getSecretKey() == null) { log.error("KeyStore: {} Key with alias: {} not found or contains no PrivateKey.", keyStoreFriendlyName, alias); throw new CredentialsNotAvailableException("internal.pvp.00", new Object[] { keyStoreFriendlyName, alias }); } try { setSignatureAlgorithmForSigning(Saml2Utils.getKeyOperationAlgorithmFromCredential(this, PvpConstants.DEFAULT_SIGNING_METHODE_RSA, PvpConstants.DEFAULT_SIGNING_METHODE_EC)); setKeyEncryptionAlgorithmForDataEncryption( Saml2Utils.getKeyOperationAlgorithmFromCredential(this, PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA, PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC)); } catch (final SamlSigningException e) { throw new CredentialsNotAvailableException("internal.pvp.01", new Object[] { keyStoreFriendlyName, alias }, e); } } @Override public Class getCredentialType() { return X509Credential.class; } @Override public String getSignatureAlgorithmForSigning() { return this.signatureAlgorithmtToUse; } @Override public void setSignatureAlgorithmForSigning(String sigAlg) { this.signatureAlgorithmtToUse = sigAlg; } @Override public String getKeyEncryptionAlgorithmForDataEncryption() { return this.keyEncryptionAlgorithmtToUse; } @Override public void setKeyEncryptionAlgorithmForDataEncryption(String sigAlg) { this.keyEncryptionAlgorithmtToUse = sigAlg; } }