Package org.opensaml.xmlsec.impl

Class BasicSignatureSigningParametersResolver

java.lang.Object

org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver<SignatureSigningParameters>

org.opensaml.xmlsec.impl.BasicSignatureSigningParametersResolver

All Implemented Interfaces:

Resolver<SignatureSigningParameters,CriteriaSet>, SignatureSigningParametersResolver

public class BasicSignatureSigningParametersResolver
extends AbstractSecurityParametersResolver<SignatureSigningParameters>
implements SignatureSigningParametersResolver

Basic implementation of SignatureSigningParametersResolver.

The following Criterion inputs are supported:

• SignatureSigningConfigurationCriterion - required
• KeyInfoGenerationProfileCriterion - optional

Field Summary

Fields

Modifier and Type	Field	Description
private AlgorithmRegistry	algorithmRegistry	The AlgorithmRegistry used when processing algorithm URIs.
private org.slf4j.Logger	log	Logger.

Constructor Summary

Constructors

Constructor	Description
BasicSignatureSigningParametersResolver()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected boolean	credentialSupportsAlgorithm(Credential credential, String algorithm)	Evaluate whether the specified credential is supported for use with the specified algorithm URI.
AlgorithmRegistry	getAlgorithmRegistry()	Get the AlgorithmRegistry instance used when resolving algorithm URIs.
protected Predicate<String>	getAlgorithmRuntimeSupportedPredicate()	Get a predicate which evaluates whether a cryptographic algorithm is supported by the runtime environment.
protected List<String>	getEffectiveSignatureAlgorithms(CriteriaSet criteria, Predicate<String> whitelistBlacklistPredicate)	Get the effective list of signature algorithm URIs to consider, including application of whitelist/blacklist policy.
protected List<Credential>	getEffectiveSigningCredentials(CriteriaSet criteria)	Get the effective list of signing credentials to consider.
protected Predicate<String>	getWhitelistBlacklistPredicate(CriteriaSet criteria)	Get a predicate which implements the effective configured whitelist/blacklist policy.
protected void	logResult(SignatureSigningParameters params)	Log the resolved parameters.
Iterable<SignatureSigningParameters>	resolve(CriteriaSet criteria)
protected void	resolveAndPopulateCredentialAndSignatureAlgorithm(SignatureSigningParameters params, CriteriaSet criteria, Predicate<String> whitelistBlacklistPredicate)	Resolve and populate the signing credential and signature method algorithm URI on the supplied parameters instance.
protected String	resolveCanonicalizationAlgorithm(CriteriaSet criteria)	Resolve and return the canonicalization algorithm URI to use.
protected Integer	resolveHMACOutputLength(CriteriaSet criteria, Credential signingCredential, String algorithmURI)	Resolve and return the effective HMAC output length to use, if applicable to the specified signing credential and signature method algorithm URI.
protected KeyInfoGenerator	resolveKeyInfoGenerator(CriteriaSet criteria, Credential signingCredential)	Resolve and return the KeyInfoGenerator instance to use with the specified credential.
protected String	resolveReferenceCanonicalizationAlgorithm(CriteriaSet criteria)	Resolve and return the reference canonicalization algorithm URI to use.
protected String	resolveReferenceDigestMethod(CriteriaSet criteria, Predicate<String> whitelistBlacklistPredicate)	Resolve and return the digest method algorithm URI to use, including application of whitelist/blacklist policy.
SignatureSigningParameters	resolveSingle(CriteriaSet criteria)
void	setAlgorithmRegistry(AlgorithmRegistry registry)	Set the AlgorithmRegistry instance used when resolving algorithm URIs.
protected boolean	validate(SignatureSigningParameters params)	Validate that the SignatureSigningParameters instance has all the required properties populated.

Methods inherited from class org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver

lookupKeyInfoGenerator, resolveAndPopulateWhiteAndBlacklists, resolveEffectiveBlacklist, resolveEffectiveWhitelist, resolveWhitelistBlacklistPrecedence, resolveWhitelistBlacklistPredicate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

private org.slf4j.Logger log

Logger.

algorithmRegistry

private AlgorithmRegistry algorithmRegistry

The AlgorithmRegistry used when processing algorithm URIs.

Constructor Detail

BasicSignatureSigningParametersResolver

public BasicSignatureSigningParametersResolver()

Constructor.

Method Detail

getAlgorithmRegistry

public AlgorithmRegistry getAlgorithmRegistry()

Get the AlgorithmRegistry instance used when resolving algorithm URIs. Defaults to the registry obtained via AlgorithmSupport.getGlobalAlgorithmRegistry().

Returns:

the algorithm registry instance

setAlgorithmRegistry

public void setAlgorithmRegistry(@Nonnull
                                 AlgorithmRegistry registry)

Set the AlgorithmRegistry instance used when resolving algorithm URIs. Defaults to the registry obtained via AlgorithmSupport.getGlobalAlgorithmRegistry().

Parameters:

registry - the new algorithm registry instance

resolve

@Nonnull
public Iterable<SignatureSigningParameters> resolve(@Nonnull
                                                    CriteriaSet criteria)
                                             throws ResolverException

Specified by:

resolve in interface Resolver<SignatureSigningParameters,CriteriaSet>

Throws:

ResolverException

resolveSingle

@Nullable
public SignatureSigningParameters resolveSingle(@Nonnull
                                                CriteriaSet criteria)
                                         throws ResolverException

Specified by:

resolveSingle in interface Resolver<SignatureSigningParameters,CriteriaSet>

Throws:

ResolverException

logResult

protected void logResult(@Nonnull
                         SignatureSigningParameters params)

Log the resolved parameters.

Parameters:

params - the resolved param

validate

protected boolean validate(@Nonnull
                           SignatureSigningParameters params)

Validate that the SignatureSigningParameters instance has all the required properties populated.

Parameters:

params - the parameters instance to evaluate

Returns:

true if parameters instance passes validation, false otherwise

getWhitelistBlacklistPredicate

@Nonnull
protected Predicate<String> getWhitelistBlacklistPredicate(@Nonnull
                                                           CriteriaSet criteria)

Get a predicate which implements the effective configured whitelist/blacklist policy.

Parameters:

criteria - the input criteria being evaluated

Returns:

a whitelist/blacklist predicate instance

resolveAndPopulateCredentialAndSignatureAlgorithm

protected void resolveAndPopulateCredentialAndSignatureAlgorithm(@Nonnull
                                                                 SignatureSigningParameters params,
                                                                 @Nonnull
                                                                 CriteriaSet criteria,
                                                                 Predicate<String> whitelistBlacklistPredicate)

Resolve and populate the signing credential and signature method algorithm URI on the supplied parameters instance.

Parameters:

params - the parameters instance being populated

criteria - the input criteria being evaluated

whitelistBlacklistPredicate - the whitelist/blacklist predicate with which to evaluate the candidate signing method algorithm URIs

getAlgorithmRuntimeSupportedPredicate

@Nonnull
protected Predicate<String> getAlgorithmRuntimeSupportedPredicate()

Get a predicate which evaluates whether a cryptographic algorithm is supported by the runtime environment.

Returns:

the predicate

credentialSupportsAlgorithm

protected boolean credentialSupportsAlgorithm(@Nonnull
                                              Credential credential,
                                              @Nonnull @NotEmpty
                                              String algorithm)

Evaluate whether the specified credential is supported for use with the specified algorithm URI.

Parameters:

credential - the credential to evaluate

algorithm - the algorithm URI to evaluate

Returns:

true if credential may be used with the supplied algorithm URI, false otherwise

getEffectiveSigningCredentials

@Nonnull
protected List<Credential> getEffectiveSigningCredentials(@Nonnull
                                                          CriteriaSet criteria)

Get the effective list of signing credentials to consider.

Parameters:

criteria - the input criteria being evaluated

Returns:

the list of credentials

getEffectiveSignatureAlgorithms

@Nonnull
protected List<String> getEffectiveSignatureAlgorithms(@Nonnull
                                                       CriteriaSet criteria,
                                                       @Nonnull
                                                       Predicate<String> whitelistBlacklistPredicate)

Get the effective list of signature algorithm URIs to consider, including application of whitelist/blacklist policy.

Parameters:

criteria - the input criteria being evaluated

whitelistBlacklistPredicate - the whitelist/blacklist predicate to use

Returns:

the list of effective algorithm URIs

resolveReferenceDigestMethod

@Nullable
protected String resolveReferenceDigestMethod(@Nonnull
                                              CriteriaSet criteria,
                                              @Nonnull
                                              Predicate<String> whitelistBlacklistPredicate)

Resolve and return the digest method algorithm URI to use, including application of whitelist/blacklist policy.

Parameters:

criteria - the input criteria being evaluated

whitelistBlacklistPredicate - the whitelist/blacklist predicate to use

Returns:

the resolved digest method algorithm URI

resolveCanonicalizationAlgorithm

@Nullable
protected String resolveCanonicalizationAlgorithm(@Nonnull
                                                  CriteriaSet criteria)

Resolve and return the canonicalization algorithm URI to use.

Parameters:

criteria - the input criteria being evaluated

Returns:

the canonicalization algorithm URI

resolveReferenceCanonicalizationAlgorithm

@Nullable
protected String resolveReferenceCanonicalizationAlgorithm(@Nonnull
                                                           CriteriaSet criteria)

Resolve and return the reference canonicalization algorithm URI to use.

Parameters:

criteria - the input criteria being evaluated

Returns:

the reference canonicalization algorithm URI

resolveKeyInfoGenerator

@Nullable
protected KeyInfoGenerator resolveKeyInfoGenerator(@Nonnull
                                                   CriteriaSet criteria,
                                                   @Nonnull
                                                   Credential signingCredential)

Resolve and return the KeyInfoGenerator instance to use with the specified credential.

Parameters:

criteria - the input criteria being evaluated

signingCredential - the credential being evaluated

Returns:

KeyInfo generator instance, or null

resolveHMACOutputLength

@Nullable
protected Integer resolveHMACOutputLength(@Nonnull
                                          CriteriaSet criteria,
                                          @Nonnull
                                          Credential signingCredential,
                                          @Nonnull @NotEmpty
                                          String algorithmURI)

Resolve and return the effective HMAC output length to use, if applicable to the specified signing credential and signature method algorithm URI.

Parameters:

criteria - the input criteria being evaluated

signingCredential - the signing credential being evaluated

algorithmURI - the signature method algorithm URI being evaluated

Returns:

the HMAC output length to use, or null