/**
 * Build an X509Credential from a keystore trusted certificate entry.
 * 
 * @param trustedCertEntry the entry being processed
 * @param entityID the entityID to set
 * @param usage the usage type to set
 * @return new X509Credential instance
 */
protected X509Credential processTrustedCertificateEntry(KeyStore.TrustedCertificateEntry trustedCertEntry,
        String entityID, UsageType usage) {

    log.debug("Processing TrustedCertificateEntry from keystore");

    BasicX509Credential credential = new BasicX509Credential();
    credential.setEntityId(entityID);
    credential.setUsageType(usage);

    X509Certificate cert = (X509Certificate) trustedCertEntry.getTrustedCertificate();

    credential.setEntityCertificate(cert);

    ArrayList<X509Certificate> certChain = new ArrayList<X509Certificate>();
    certChain.add(cert);
    credential.setEntityCertificateChain(certChain);

    return credential;
}
 

/**
 * Build an X509Credential from a keystore private key entry.
 * 
 * @param privateKeyEntry the entry being processed
 * @param entityID the entityID to set
 * @param usage the usage type to set
 * @return new X509Credential instance
 */
protected X509Credential processPrivateKeyEntry(KeyStore.PrivateKeyEntry privateKeyEntry, String entityID,
        UsageType usage) {

    log.debug("Processing PrivateKeyEntry from keystore");

    BasicX509Credential credential = new BasicX509Credential();
    credential.setEntityId(entityID);
    credential.setUsageType(usage);

    credential.setPrivateKey(privateKeyEntry.getPrivateKey());

    credential.setEntityCertificate((X509Certificate) privateKeyEntry.getCertificate());
    credential.setEntityCertificateChain(Arrays.asList((X509Certificate[]) privateKeyEntry.getCertificateChain()));

    return credential;
}
 

/**
 * Create basic credentials needed to generate signature using EntitlementServiceComponent
 *
 * @return basicX509Credential
 */
private static BasicX509Credential createBasicCredentials() {

    Certificate certificate = null;
    PrivateKey issuerPK = null;

    KeyStoreManager keyMan = KeyStoreManager.getInstance(-1234);

    try {
        certificate = keyMan.getDefaultPrimaryCertificate();
        issuerPK = keyMan.getDefaultPrivateKey();
    } catch (Exception e) {
        log.error("Error occurred while getting the KeyStore from KeyManger.", e);
    }

    BasicX509Credential basicCredential = new BasicX509Credential();
    basicCredential.setEntityCertificate((java.security.cert.X509Certificate) certificate);
    basicCredential.setPrivateKey(issuerPK);

    return basicCredential;
}
 

/**
 * gets credential used to sign saml assertionts that are produced. This method
 * assumes the cert and pkcs formatted primary key are on file system. this data
 * could be stored elsewhere e.g keystore
 * 
 * a credential is used to sign saml response, and includes the private key
 * as well as a cert for the public key
 * 
 * @return
 * @throws Throwable
 */
public Credential getSigningCredential(String publicKeyLocation, String privateKeyLocation) throws Throwable {
	// create public key (cert) portion of credential
	InputStream inStream = new FileInputStream(publicKeyLocation);
	CertificateFactory cf = CertificateFactory.getInstance("X.509");
	X509Certificate publicKey = (X509Certificate)cf.generateCertificate(inStream);
	inStream.close();
	    
	// create private key
	RandomAccessFile raf = new RandomAccessFile(privateKeyLocation, "r");
	byte[] buf = new byte[(int)raf.length()];
	raf.readFully(buf);
	raf.close();
	
	PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(buf);
	KeyFactory kf = KeyFactory.getInstance("RSA");
	PrivateKey privateKey = kf.generatePrivate(kspec);
	
	// create credential and initialize
	BasicX509Credential credential = new BasicX509Credential();
	credential.setEntityCertificate(publicKey);
	credential.setPrivateKey(privateKey);
	
	return credential;
}
 

protected Assertion decryptAssertion(EncryptedAssertion encryptedAssertion, KeyStore.PrivateKeyEntry keystoreEntry) {
    BasicX509Credential decryptionCredential = new BasicX509Credential();

    decryptionCredential.setPrivateKey(keystoreEntry.getPrivateKey());

    StaticKeyInfoCredentialResolver resolver = new StaticKeyInfoCredentialResolver(decryptionCredential);

    ChainingEncryptedKeyResolver keyResolver = new ChainingEncryptedKeyResolver();
    keyResolver.getResolverChain().add(new InlineEncryptedKeyResolver());
    keyResolver.getResolverChain().add(new EncryptedElementTypeEncryptedKeyResolver());
    keyResolver.getResolverChain().add(new SimpleRetrievalMethodEncryptedKeyResolver());

    Decrypter decrypter = new Decrypter(null, resolver, keyResolver);
    decrypter.setRootInNewDocument(true);
    Assertion assertion = null;
    try {
        assertion = decrypter.decrypt(encryptedAssertion);
    } catch (DecryptionException e) {
        raiseSamlValidationError("Unable to decrypt SAML assertion", null);
    }
    return assertion;
}
 

/**
 * Get a simple, minimal credential containing an end-entity X.509 certificate, and optionally a private key.
 * 
 * @param cert the end-entity certificate to wrap
 * @param privateKey the private key to wrap, which may be null
 * @return a credential containing the certificate and key specified
 */
public static BasicX509Credential getSimpleCredential(X509Certificate cert, PrivateKey privateKey) {
    if (cert == null) {
        throw new IllegalArgumentException("A certificate is required");
    }
    BasicX509Credential cred = new BasicX509Credential();
    cred.setEntityCertificate(cert);
    cred.setPrivateKey(privateKey);
    return cred;
}
 

/**
 * sets the signing certs.
 *
 * @param signingCertificateFiles a list of certificate files to read in.
 */
public void setSigningCertificates(final List<Resource> signingCertificateFiles) {
    this.signingCertificates = signingCertificateFiles;

    final List<BasicX509Credential> signingCerts = new ArrayList<BasicX509Credential>();

    for (Resource file : signingCertificateFiles) {
        signingCerts.add(WsFederationUtils.getSigningCredential(file));
    }

    this.signingWallet = signingCerts;
}
 

private Credential initializeCredentialsFromKeystore(KeyStore.PrivateKeyEntry keystoreEntry) {
    BasicX509Credential signingCredential = new BasicX509Credential();

    PrivateKey pk = keystoreEntry.getPrivateKey();
    X509Certificate certificate = (X509Certificate) keystoreEntry.getCertificate();

    signingCredential.setEntityCertificate(certificate);
    signingCredential.setPrivateKey(pk);

    return signingCredential;
}
 

public List<BasicX509Credential> getSigningWallet() {
	return signingWallet;
}
 

public void setSigningWallet(List<BasicX509Credential> signingWallet) {
	this.signingWallet = signingWallet;
}
 

/**
 * gets the signing certificates.
 *
 * @return X509credentials of the signing certs
 */
public List<BasicX509Credential> getSigningCertificates() {
    return this.signingWallet;
}