Package org.opensaml.xmlsec.impl

Class BasicSignatureSigningParametersResolver

  • All Implemented Interfaces:
    net.shibboleth.utilities.java.support.resolver.Resolver<org.opensaml.xmlsec.SignatureSigningParameters,​net.shibboleth.utilities.java.support.resolver.CriteriaSet>, org.opensaml.xmlsec.SignatureSigningParametersResolver
    public class BasicSignatureSigningParametersResolver
extends AbstractSecurityParametersResolver<org.opensaml.xmlsec.SignatureSigningParameters>
implements org.opensaml.xmlsec.SignatureSigningParametersResolver
    Basic implementation of SignatureSigningParametersResolver.

    The following Criterion inputs are supported:

    • SignatureSigningConfigurationCriterion - required
    • KeyInfoGenerationProfileCriterion - optional

    • Field Detail

      • log

        private org.slf4j.Logger log
        Logger.

      • algorithmRegistry

        private org.opensaml.xmlsec.algorithm.AlgorithmRegistry algorithmRegistry
        The AlgorithmRegistry used when processing algorithm URIs.

    • Constructor Detail

      • BasicSignatureSigningParametersResolver

        public BasicSignatureSigningParametersResolver()
        Constructor.

    • Method Detail

      • getAlgorithmRegistry

        public org.opensaml.xmlsec.algorithm.AlgorithmRegistry getAlgorithmRegistry()
        Get the AlgorithmRegistry instance used when resolving algorithm URIs. Defaults to the registry obtained via AlgorithmSupport.getGlobalAlgorithmRegistry().
        Returns:
        the algorithm registry instance

      • setAlgorithmRegistry

        public void setAlgorithmRegistry​(@Nonnull
                                 org.opensaml.xmlsec.algorithm.AlgorithmRegistry registry)
        Set the AlgorithmRegistry instance used when resolving algorithm URIs. Defaults to the registry obtained via AlgorithmSupport.getGlobalAlgorithmRegistry().
        Parameters:
        registry - the new algorithm registry instance

      • resolve

        @Nonnull
public Iterable<org.opensaml.xmlsec.SignatureSigningParameters> resolve​(@Nonnull
                                                                        net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
                                                                 throws net.shibboleth.utilities.java.support.resolver.ResolverException
        Specified by:
        resolve in interface net.shibboleth.utilities.java.support.resolver.Resolver<org.opensaml.xmlsec.SignatureSigningParameters,​net.shibboleth.utilities.java.support.resolver.CriteriaSet>
        Throws:
        net.shibboleth.utilities.java.support.resolver.ResolverException

      • resolveSingle

        @Nullable
public org.opensaml.xmlsec.SignatureSigningParameters resolveSingle​(@Nonnull
                                                                    net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
                                                             throws net.shibboleth.utilities.java.support.resolver.ResolverException
        Specified by:
        resolveSingle in interface net.shibboleth.utilities.java.support.resolver.Resolver<org.opensaml.xmlsec.SignatureSigningParameters,​net.shibboleth.utilities.java.support.resolver.CriteriaSet>
        Throws:
        net.shibboleth.utilities.java.support.resolver.ResolverException

      • logResult

        protected void logResult​(@Nonnull
                         org.opensaml.xmlsec.SignatureSigningParameters params)
        Log the resolved parameters.
        Parameters:
        params - the resolved param

      • validate

        protected boolean validate​(@Nonnull
                           org.opensaml.xmlsec.SignatureSigningParameters params)
        Validate that the SignatureSigningParameters instance has all the required properties populated.
        Parameters:
        params - the parameters instance to evaluate
        Returns:
        true if parameters instance passes validation, false otherwise

      • getWhitelistBlacklistPredicate

        @Nonnull
protected Predicate<String> getWhitelistBlacklistPredicate​(@Nonnull
                                                           net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
        Get a predicate which implements the effective configured whitelist/blacklist policy.
        Parameters:
        criteria - the input criteria being evaluated
        Returns:
        a whitelist/blacklist predicate instance

      • resolveAndPopulateCredentialAndSignatureAlgorithm

        protected void resolveAndPopulateCredentialAndSignatureAlgorithm​(@Nonnull
                                                                 org.opensaml.xmlsec.SignatureSigningParameters params,
                                                                 @Nonnull
                                                                 net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
                                                                 Predicate<String> whitelistBlacklistPredicate)
        Resolve and populate the signing credential and signature method algorithm URI on the supplied parameters instance.
        Parameters:
        params - the parameters instance being populated
        criteria - the input criteria being evaluated
        whitelistBlacklistPredicate - the whitelist/blacklist predicate with which to evaluate the candidate signing method algorithm URIs

      • getAlgorithmRuntimeSupportedPredicate

        @Nonnull
protected Predicate<String> getAlgorithmRuntimeSupportedPredicate()
        Get a predicate which evaluates whether a cryptographic algorithm is supported by the runtime environment.
        Returns:
        the predicate

      • credentialSupportsAlgorithm

        protected boolean credentialSupportsAlgorithm​(@Nonnull
                                              org.opensaml.security.credential.Credential credential,
                                              @Nonnull @NotEmpty
                                              String algorithm)
        Evaluate whether the specified credential is supported for use with the specified algorithm URI.
        Parameters:
        credential - the credential to evaluate
        algorithm - the algorithm URI to evaluate
        Returns:
        true if credential may be used with the supplied algorithm URI, false otherwise

      • getEffectiveSigningCredentials

        @Nonnull
protected List<org.opensaml.security.credential.Credential> getEffectiveSigningCredentials​(@Nonnull
                                                                                           net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
        Get the effective list of signing credentials to consider.
        Parameters:
        criteria - the input criteria being evaluated
        Returns:
        the list of credentials

      • getEffectiveSignatureAlgorithms

        @Nonnull
protected List<String> getEffectiveSignatureAlgorithms​(@Nonnull
                                                       net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
                                                       @Nonnull
                                                       Predicate<String> whitelistBlacklistPredicate)
        Get the effective list of signature algorithm URIs to consider, including application of whitelist/blacklist policy.
        Parameters:
        criteria - the input criteria being evaluated
        whitelistBlacklistPredicate - the whitelist/blacklist predicate to use
        Returns:
        the list of effective algorithm URIs

      • resolveReferenceDigestMethod

        @Nullable
protected String resolveReferenceDigestMethod​(@Nonnull
                                              net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
                                              @Nonnull
                                              Predicate<String> whitelistBlacklistPredicate)
        Resolve and return the digest method algorithm URI to use, including application of whitelist/blacklist policy.
        Parameters:
        criteria - the input criteria being evaluated
        whitelistBlacklistPredicate - the whitelist/blacklist predicate to use
        Returns:
        the resolved digest method algorithm URI

      • resolveCanonicalizationAlgorithm

        @Nullable
protected String resolveCanonicalizationAlgorithm​(@Nonnull
                                                  net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
        Resolve and return the canonicalization algorithm URI to use.
        Parameters:
        criteria - the input criteria being evaluated
        Returns:
        the canonicalization algorithm URI

      • resolveReferenceCanonicalizationAlgorithm

        @Nullable
protected String resolveReferenceCanonicalizationAlgorithm​(@Nonnull
                                                           net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
        Resolve and return the reference canonicalization algorithm URI to use.
        Parameters:
        criteria - the input criteria being evaluated
        Returns:
        the reference canonicalization algorithm URI

      • resolveKeyInfoGenerator

        @Nullable
protected org.opensaml.xmlsec.keyinfo.KeyInfoGenerator resolveKeyInfoGenerator​(@Nonnull
                                                                               net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
                                                                               @Nonnull
                                                                               org.opensaml.security.credential.Credential signingCredential)
        Resolve and return the KeyInfoGenerator instance to use with the specified credential.
        Parameters:
        criteria - the input criteria being evaluated
        signingCredential - the credential being evaluated
        Returns:
        KeyInfo generator instance, or null

      • resolveHMACOutputLength

        @Nullable
protected Integer resolveHMACOutputLength​(@Nonnull
                                          net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
                                          @Nonnull
                                          org.opensaml.security.credential.Credential signingCredential,
                                          @Nonnull @NotEmpty
                                          String algorithmURI)
        Resolve and return the effective HMAC output length to use, if applicable to the specified signing credential and signature method algorithm URI.
        Parameters:
        criteria - the input criteria being evaluated
        signingCredential - the signing credential being evaluated
        algorithmURI - the signature method algorithm URI being evaluated
        Returns:
        the HMAC output length to use, or null