Class EncryptNameIDs
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- org.opensaml.profile.action.AbstractProfileAction
-
- org.opensaml.profile.action.AbstractConditionalProfileAction
-
- org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction
-
- org.opensaml.saml.saml2.profile.impl.EncryptNameIDs
-
- All Implemented Interfaces:
Component
,DestructableComponent
,InitializableComponent
,ProfileAction
public class EncryptNameIDs extends AbstractEncryptAction
Action that encrypts allNameID
s in a message obtained from a lookup strategy, by default the outbound message context.Specific formats may be excluded from encryption, by default excluding the "entity" format.
- Event:
EventIds.PROCEED_EVENT_ID
,EventIds.UNABLE_TO_ENCRYPT
- Postcondition:
- All SAML
NameID
s in all locations have been replaced with encrypted versions. It's possible for some to be replaced but others not if an error occurs.
-
-
Field Summary
Fields Modifier and Type Field Description private Set<String>
excludedFormats
Formats to exclude from encryption.private org.slf4j.Logger
log
Class logger.private SAMLObject
message
The message to operate on.private Function<ProfileRequestContext,SAMLObject>
messageLookupStrategy
Strategy used to locate the message to operate on.
-
Constructor Summary
Constructors Constructor Description EncryptNameIDs()
Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
doExecute(ProfileRequestContext profileRequestContext)
protected boolean
doPreExecute(ProfileRequestContext profileRequestContext)
protected EncryptionParameters
getApplicableParameters(EncryptionContext ctx)
Return the right set of parameters for the operation to be performed, or none if no encryption should occur.private void
processAssertion(Assertion assertion)
Decrypt anyEncryptedID
found in an assertion and replace it with the result.private void
processLogoutRequest(LogoutRequest request)
Encrypt aNameID
found in a LogoutRequest and replace it with the result.private void
processManageNameIDRequest(ManageNameIDRequest request)
Encrypt aNameID
found in a ManageNameIDRequest and replace it with the result.private void
processNameIDMappingRequest(NameIDMappingRequest request)
Encrypt aNameID
found in a NameIDMappingRequest and replace it with the result.private void
processNameIDMappingResponse(NameIDMappingResponse response)
Encrypt aNameID
found in a NameIDMappingResponse and replace it with the result.private void
processSubject(Subject subject)
Encrypt anyNameID
s found in a subject and replace them with the result.void
setExcludedFormats(Collection<String> formats)
Set theNameID
formats to ignore and leave unencrypted.void
setMessageLookupStrategy(Function<ProfileRequestContext,SAMLObject> strategy)
Set the strategy used to locate theResponse
to operate on.private boolean
shouldEncrypt(NameID name)
Return true iff the NameID should be encrypted.-
Methods inherited from class org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction
getEncrypter, setEncryptionContextLookupStrategy, setEncryptToSelf, setEncryptToSelfParametersStrategy, setKeyPlacementLookupStrategy, setRecipientLookupStrategy, setSelfRecipientLookupStrategy
-
Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition
-
Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
-
-
-
Field Detail
-
log
@Nonnull private final org.slf4j.Logger log
Class logger.
-
messageLookupStrategy
@Nonnull private Function<ProfileRequestContext,SAMLObject> messageLookupStrategy
Strategy used to locate the message to operate on.
-
excludedFormats
@Nonnull @NonnullElements private Set<String> excludedFormats
Formats to exclude from encryption.
-
message
@Nullable private SAMLObject message
The message to operate on.
-
-
Method Detail
-
setMessageLookupStrategy
public void setMessageLookupStrategy(@Nonnull Function<ProfileRequestContext,SAMLObject> strategy)
Set the strategy used to locate theResponse
to operate on.- Parameters:
strategy
- strategy used to locate theResponse
to operate on
-
setExcludedFormats
public void setExcludedFormats(@Nonnull @NonnullElements Collection<String> formats)
Set theNameID
formats to ignore and leave unencrypted.- Parameters:
formats
- formats to exclude
-
getApplicableParameters
@Nullable protected EncryptionParameters getApplicableParameters(@Nullable EncryptionContext ctx)
Return the right set of parameters for the operation to be performed, or none if no encryption should occur.- Specified by:
getApplicableParameters
in classAbstractEncryptAction
- Parameters:
ctx
- possibly null input context to pull parameters from- Returns:
- the right parameter set, or null for none
-
doPreExecute
protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext)
- Overrides:
doPreExecute
in classAbstractEncryptAction
-
doExecute
protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext)
- Overrides:
doExecute
in classAbstractProfileAction
-
shouldEncrypt
private boolean shouldEncrypt(@Nullable NameID name)
Return true iff the NameID should be encrypted.- Parameters:
name
- NameID to check- Returns:
- true iff encryption should happen
-
processSubject
private void processSubject(@Nullable Subject subject) throws EncryptionException
Encrypt anyNameID
s found in a subject and replace them with the result.- Parameters:
subject
- subject to operate on- Throws:
EncryptionException
- if an error occurs
-
processLogoutRequest
private void processLogoutRequest(@Nonnull LogoutRequest request) throws EncryptionException
Encrypt aNameID
found in a LogoutRequest and replace it with the result.- Parameters:
request
- request to operate on- Throws:
EncryptionException
- if an error occurs
-
processManageNameIDRequest
private void processManageNameIDRequest(@Nonnull ManageNameIDRequest request) throws EncryptionException
Encrypt aNameID
found in a ManageNameIDRequest and replace it with the result.- Parameters:
request
- request to operate on- Throws:
EncryptionException
- if an error occurs
-
processNameIDMappingRequest
private void processNameIDMappingRequest(@Nonnull NameIDMappingRequest request) throws EncryptionException
Encrypt aNameID
found in a NameIDMappingRequest and replace it with the result.- Parameters:
request
- request to operate on- Throws:
EncryptionException
- if an error occurs
-
processNameIDMappingResponse
private void processNameIDMappingResponse(@Nonnull NameIDMappingResponse response) throws EncryptionException
Encrypt aNameID
found in a NameIDMappingResponse and replace it with the result.- Parameters:
response
- response to operate on- Throws:
EncryptionException
- if an error occurs
-
processAssertion
private void processAssertion(@Nonnull Assertion assertion) throws EncryptionException
Decrypt anyEncryptedID
found in an assertion and replace it with the result.- Parameters:
assertion
- assertion to operate on- Throws:
EncryptionException
- if an error occurs
-
-