Class EncryptNameIDs
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- org.opensaml.profile.action.AbstractProfileAction
-
- org.opensaml.profile.action.AbstractConditionalProfileAction
-
- org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction
-
- org.opensaml.saml.saml2.profile.impl.EncryptNameIDs
-
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction
public class EncryptNameIDs extends AbstractEncryptAction
Action that encrypts allNameIDs in a message obtained from a lookup strategy, by default the outbound message context.Specific formats may be excluded from encryption, by default excluding the "entity" format.
- Event:
EventIds.PROCEED_EVENT_ID,EventIds.UNABLE_TO_ENCRYPT- Postcondition:
- All SAML
NameIDs in all locations have been replaced with encrypted versions. It's possible for some to be replaced but others not if an error occurs.
-
-
Field Summary
Fields Modifier and Type Field Description private Set<String>excludedFormatsFormats to exclude from encryption.private org.slf4j.LoggerlogClass logger.private SAMLObjectmessageThe message to operate on.private Function<ProfileRequestContext,SAMLObject>messageLookupStrategyStrategy used to locate the message to operate on.
-
Constructor Summary
Constructors Constructor Description EncryptNameIDs()Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voiddoExecute(ProfileRequestContext profileRequestContext)protected booleandoPreExecute(ProfileRequestContext profileRequestContext)protected EncryptionParametersgetApplicableParameters(EncryptionContext ctx)Return the right set of parameters for the operation to be performed, or none if no encryption should occur.private voidprocessAssertion(Assertion assertion)Decrypt anyEncryptedIDfound in an assertion and replace it with the result.private voidprocessLogoutRequest(LogoutRequest request)Encrypt aNameIDfound in a LogoutRequest and replace it with the result.private voidprocessManageNameIDRequest(ManageNameIDRequest request)Encrypt aNameIDfound in a ManageNameIDRequest and replace it with the result.private voidprocessNameIDMappingRequest(NameIDMappingRequest request)Encrypt aNameIDfound in a NameIDMappingRequest and replace it with the result.private voidprocessNameIDMappingResponse(NameIDMappingResponse response)Encrypt aNameIDfound in a NameIDMappingResponse and replace it with the result.private voidprocessSubject(Subject subject)Encrypt anyNameIDs found in a subject and replace them with the result.voidsetExcludedFormats(Collection<String> formats)Set theNameIDformats to ignore and leave unencrypted.voidsetMessageLookupStrategy(Function<ProfileRequestContext,SAMLObject> strategy)Set the strategy used to locate theResponseto operate on.private booleanshouldEncrypt(NameID name)Return true iff the NameID should be encrypted.-
Methods inherited from class org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction
getEncrypter, setEncryptionContextLookupStrategy, setEncryptToSelf, setEncryptToSelfParametersStrategy, setKeyPlacementLookupStrategy, setRecipientLookupStrategy, setSelfRecipientLookupStrategy
-
Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition
-
Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
-
-
-
Field Detail
-
log
@Nonnull private final org.slf4j.Logger log
Class logger.
-
messageLookupStrategy
@Nonnull private Function<ProfileRequestContext,SAMLObject> messageLookupStrategy
Strategy used to locate the message to operate on.
-
excludedFormats
@Nonnull @NonnullElements private Set<String> excludedFormats
Formats to exclude from encryption.
-
message
@Nullable private SAMLObject message
The message to operate on.
-
-
Method Detail
-
setMessageLookupStrategy
public void setMessageLookupStrategy(@Nonnull Function<ProfileRequestContext,SAMLObject> strategy)Set the strategy used to locate theResponseto operate on.- Parameters:
strategy- strategy used to locate theResponseto operate on
-
setExcludedFormats
public void setExcludedFormats(@Nonnull @NonnullElements Collection<String> formats)
Set theNameIDformats to ignore and leave unencrypted.- Parameters:
formats- formats to exclude
-
getApplicableParameters
@Nullable protected EncryptionParameters getApplicableParameters(@Nullable EncryptionContext ctx)
Return the right set of parameters for the operation to be performed, or none if no encryption should occur.- Specified by:
getApplicableParametersin classAbstractEncryptAction- Parameters:
ctx- possibly null input context to pull parameters from- Returns:
- the right parameter set, or null for none
-
doPreExecute
protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext)- Overrides:
doPreExecutein classAbstractEncryptAction
-
doExecute
protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext)- Overrides:
doExecutein classAbstractProfileAction
-
shouldEncrypt
private boolean shouldEncrypt(@Nullable NameID name)Return true iff the NameID should be encrypted.- Parameters:
name- NameID to check- Returns:
- true iff encryption should happen
-
processSubject
private void processSubject(@Nullable Subject subject) throws EncryptionExceptionEncrypt anyNameIDs found in a subject and replace them with the result.- Parameters:
subject- subject to operate on- Throws:
EncryptionException- if an error occurs
-
processLogoutRequest
private void processLogoutRequest(@Nonnull LogoutRequest request) throws EncryptionExceptionEncrypt aNameIDfound in a LogoutRequest and replace it with the result.- Parameters:
request- request to operate on- Throws:
EncryptionException- if an error occurs
-
processManageNameIDRequest
private void processManageNameIDRequest(@Nonnull ManageNameIDRequest request) throws EncryptionExceptionEncrypt aNameIDfound in a ManageNameIDRequest and replace it with the result.- Parameters:
request- request to operate on- Throws:
EncryptionException- if an error occurs
-
processNameIDMappingRequest
private void processNameIDMappingRequest(@Nonnull NameIDMappingRequest request) throws EncryptionExceptionEncrypt aNameIDfound in a NameIDMappingRequest and replace it with the result.- Parameters:
request- request to operate on- Throws:
EncryptionException- if an error occurs
-
processNameIDMappingResponse
private void processNameIDMappingResponse(@Nonnull NameIDMappingResponse response) throws EncryptionExceptionEncrypt aNameIDfound in a NameIDMappingResponse and replace it with the result.- Parameters:
response- response to operate on- Throws:
EncryptionException- if an error occurs
-
processAssertion
private void processAssertion(@Nonnull Assertion assertion) throws EncryptionExceptionDecrypt anyEncryptedIDfound in an assertion and replace it with the result.- Parameters:
assertion- assertion to operate on- Throws:
EncryptionException- if an error occurs
-
-