CarbonKeyStoreCredentialResolver.java

/*
 * Copyright (c) 2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
 *
 * WSO2 Inc. licenses this file to you under the Apache License,
 * Version 2.0 (the "License"); you may not use this file except
 * in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.wso2.carbon.identity.oauth2.token.handlers.grant.saml;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.KeyStoreCredentialResolver;
import org.opensaml.xml.security.criteria.EntityIDCriteria;
import org.wso2.carbon.identity.oauth2.util.X509CredentialImpl;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

public class CarbonKeyStoreCredentialResolver extends KeyStoreCredentialResolver {

    private static Log log = LogFactory.getLog(CarbonKeyStoreCredentialResolver.class);

    private KeyStore keyStore = null;
    private Set<Credential> credentialSet = null;

    public CarbonKeyStoreCredentialResolver(KeyStore store, Map<String, String> passwords) throws IllegalArgumentException {
        super(store, passwords);
        this.keyStore = store;
    }

    @Override
    public Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet) throws SecurityException {
        try {
            credentialSet = new HashSet<Credential>();
            Enumeration<String> en = keyStore.aliases();
            while (en.hasMoreElements()) {
                String alias = en.nextElement();
                X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
                Credential credential = new X509CredentialImpl(cert);
                if (criteriaSet.get(EntityIDCriteria.class) != null) {
                    if (criteriaSet.get(EntityIDCriteria.class).getEntityID().equals(alias)) {
                        credentialSet.add(credential);
                        break;
                    }
                } else {
                    credentialSet.add(credential);
                }
            }
            return credentialSet;
        } catch (KeyStoreException e) {
            log.error(e);
            throw new SecurityException("Error reading certificates from key store");
        }
    }
}