Package org.opensaml.xmlsec.impl
Class BasicSignatureSigningParametersResolver
- java.lang.Object
-
- org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver<SignatureSigningParameters>
-
- org.opensaml.xmlsec.impl.BasicSignatureSigningParametersResolver
-
- All Implemented Interfaces:
Resolver<SignatureSigningParameters,CriteriaSet>
,SignatureSigningParametersResolver
public class BasicSignatureSigningParametersResolver extends AbstractSecurityParametersResolver<SignatureSigningParameters> implements SignatureSigningParametersResolver
Basic implementation ofSignatureSigningParametersResolver
.The following
Criterion
inputs are supported:SignatureSigningConfigurationCriterion
- requiredKeyInfoGenerationProfileCriterion
- optional
-
-
Field Summary
Fields Modifier and Type Field Description private AlgorithmRegistry
algorithmRegistry
The AlgorithmRegistry used when processing algorithm URIs.private org.slf4j.Logger
log
Logger.
-
Constructor Summary
Constructors Constructor Description BasicSignatureSigningParametersResolver()
Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected boolean
credentialSupportsAlgorithm(Credential credential, String algorithm)
Evaluate whether the specified credential is supported for use with the specified algorithm URI.AlgorithmRegistry
getAlgorithmRegistry()
Get theAlgorithmRegistry
instance used when resolving algorithm URIs.protected Predicate<String>
getAlgorithmRuntimeSupportedPredicate()
Get a predicate which evaluates whether a cryptographic algorithm is supported by the runtime environment.protected List<String>
getEffectiveSignatureAlgorithms(CriteriaSet criteria, Predicate<String> whitelistBlacklistPredicate)
Get the effective list of signature algorithm URIs to consider, including application of whitelist/blacklist policy.protected List<Credential>
getEffectiveSigningCredentials(CriteriaSet criteria)
Get the effective list of signing credentials to consider.protected Predicate<String>
getWhitelistBlacklistPredicate(CriteriaSet criteria)
Get a predicate which implements the effective configured whitelist/blacklist policy.protected void
logResult(SignatureSigningParameters params)
Log the resolved parameters.Iterable<SignatureSigningParameters>
resolve(CriteriaSet criteria)
protected void
resolveAndPopulateCredentialAndSignatureAlgorithm(SignatureSigningParameters params, CriteriaSet criteria, Predicate<String> whitelistBlacklistPredicate)
Resolve and populate the signing credential and signature method algorithm URI on the supplied parameters instance.protected String
resolveCanonicalizationAlgorithm(CriteriaSet criteria)
Resolve and return the canonicalization algorithm URI to use.protected Integer
resolveHMACOutputLength(CriteriaSet criteria, Credential signingCredential, String algorithmURI)
Resolve and return the effective HMAC output length to use, if applicable to the specified signing credential and signature method algorithm URI.protected KeyInfoGenerator
resolveKeyInfoGenerator(CriteriaSet criteria, Credential signingCredential)
Resolve and return theKeyInfoGenerator
instance to use with the specified credential.protected String
resolveReferenceCanonicalizationAlgorithm(CriteriaSet criteria)
Resolve and return the reference canonicalization algorithm URI to use.protected String
resolveReferenceDigestMethod(CriteriaSet criteria, Predicate<String> whitelistBlacklistPredicate)
Resolve and return the digest method algorithm URI to use, including application of whitelist/blacklist policy.SignatureSigningParameters
resolveSingle(CriteriaSet criteria)
void
setAlgorithmRegistry(AlgorithmRegistry registry)
Set theAlgorithmRegistry
instance used when resolving algorithm URIs.protected boolean
validate(SignatureSigningParameters params)
Validate that theSignatureSigningParameters
instance has all the required properties populated.-
Methods inherited from class org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver
lookupKeyInfoGenerator, resolveAndPopulateWhiteAndBlacklists, resolveEffectiveBlacklist, resolveEffectiveWhitelist, resolveWhitelistBlacklistPrecedence, resolveWhitelistBlacklistPredicate
-
-
-
-
Field Detail
-
log
private org.slf4j.Logger log
Logger.
-
algorithmRegistry
private AlgorithmRegistry algorithmRegistry
The AlgorithmRegistry used when processing algorithm URIs.
-
-
Method Detail
-
getAlgorithmRegistry
public AlgorithmRegistry getAlgorithmRegistry()
Get theAlgorithmRegistry
instance used when resolving algorithm URIs. Defaults to the registry obtained viaAlgorithmSupport.getGlobalAlgorithmRegistry()
.- Returns:
- the algorithm registry instance
-
setAlgorithmRegistry
public void setAlgorithmRegistry(@Nonnull AlgorithmRegistry registry)
Set theAlgorithmRegistry
instance used when resolving algorithm URIs. Defaults to the registry obtained viaAlgorithmSupport.getGlobalAlgorithmRegistry()
.- Parameters:
registry
- the new algorithm registry instance
-
resolve
@Nonnull public Iterable<SignatureSigningParameters> resolve(@Nonnull CriteriaSet criteria) throws ResolverException
- Specified by:
resolve
in interfaceResolver<SignatureSigningParameters,CriteriaSet>
- Throws:
ResolverException
-
resolveSingle
@Nullable public SignatureSigningParameters resolveSingle(@Nonnull CriteriaSet criteria) throws ResolverException
- Specified by:
resolveSingle
in interfaceResolver<SignatureSigningParameters,CriteriaSet>
- Throws:
ResolverException
-
logResult
protected void logResult(@Nonnull SignatureSigningParameters params)
Log the resolved parameters.- Parameters:
params
- the resolved param
-
validate
protected boolean validate(@Nonnull SignatureSigningParameters params)
Validate that theSignatureSigningParameters
instance has all the required properties populated.- Parameters:
params
- the parameters instance to evaluate- Returns:
- true if parameters instance passes validation, false otherwise
-
getWhitelistBlacklistPredicate
@Nonnull protected Predicate<String> getWhitelistBlacklistPredicate(@Nonnull CriteriaSet criteria)
Get a predicate which implements the effective configured whitelist/blacklist policy.- Parameters:
criteria
- the input criteria being evaluated- Returns:
- a whitelist/blacklist predicate instance
-
resolveAndPopulateCredentialAndSignatureAlgorithm
protected void resolveAndPopulateCredentialAndSignatureAlgorithm(@Nonnull SignatureSigningParameters params, @Nonnull CriteriaSet criteria, Predicate<String> whitelistBlacklistPredicate)
Resolve and populate the signing credential and signature method algorithm URI on the supplied parameters instance.- Parameters:
params
- the parameters instance being populatedcriteria
- the input criteria being evaluatedwhitelistBlacklistPredicate
- the whitelist/blacklist predicate with which to evaluate the candidate signing method algorithm URIs
-
getAlgorithmRuntimeSupportedPredicate
@Nonnull protected Predicate<String> getAlgorithmRuntimeSupportedPredicate()
Get a predicate which evaluates whether a cryptographic algorithm is supported by the runtime environment.- Returns:
- the predicate
-
credentialSupportsAlgorithm
protected boolean credentialSupportsAlgorithm(@Nonnull Credential credential, @Nonnull @NotEmpty String algorithm)
Evaluate whether the specified credential is supported for use with the specified algorithm URI.- Parameters:
credential
- the credential to evaluatealgorithm
- the algorithm URI to evaluate- Returns:
- true if credential may be used with the supplied algorithm URI, false otherwise
-
getEffectiveSigningCredentials
@Nonnull protected List<Credential> getEffectiveSigningCredentials(@Nonnull CriteriaSet criteria)
Get the effective list of signing credentials to consider.- Parameters:
criteria
- the input criteria being evaluated- Returns:
- the list of credentials
-
getEffectiveSignatureAlgorithms
@Nonnull protected List<String> getEffectiveSignatureAlgorithms(@Nonnull CriteriaSet criteria, @Nonnull Predicate<String> whitelistBlacklistPredicate)
Get the effective list of signature algorithm URIs to consider, including application of whitelist/blacklist policy.- Parameters:
criteria
- the input criteria being evaluatedwhitelistBlacklistPredicate
- the whitelist/blacklist predicate to use- Returns:
- the list of effective algorithm URIs
-
resolveReferenceDigestMethod
@Nullable protected String resolveReferenceDigestMethod(@Nonnull CriteriaSet criteria, @Nonnull Predicate<String> whitelistBlacklistPredicate)
Resolve and return the digest method algorithm URI to use, including application of whitelist/blacklist policy.- Parameters:
criteria
- the input criteria being evaluatedwhitelistBlacklistPredicate
- the whitelist/blacklist predicate to use- Returns:
- the resolved digest method algorithm URI
-
resolveCanonicalizationAlgorithm
@Nullable protected String resolveCanonicalizationAlgorithm(@Nonnull CriteriaSet criteria)
Resolve and return the canonicalization algorithm URI to use.- Parameters:
criteria
- the input criteria being evaluated- Returns:
- the canonicalization algorithm URI
-
resolveReferenceCanonicalizationAlgorithm
@Nullable protected String resolveReferenceCanonicalizationAlgorithm(@Nonnull CriteriaSet criteria)
Resolve and return the reference canonicalization algorithm URI to use.- Parameters:
criteria
- the input criteria being evaluated- Returns:
- the reference canonicalization algorithm URI
-
resolveKeyInfoGenerator
@Nullable protected KeyInfoGenerator resolveKeyInfoGenerator(@Nonnull CriteriaSet criteria, @Nonnull Credential signingCredential)
Resolve and return theKeyInfoGenerator
instance to use with the specified credential.- Parameters:
criteria
- the input criteria being evaluatedsigningCredential
- the credential being evaluated- Returns:
- KeyInfo generator instance, or null
-
resolveHMACOutputLength
@Nullable protected Integer resolveHMACOutputLength(@Nonnull CriteriaSet criteria, @Nonnull Credential signingCredential, @Nonnull @NotEmpty String algorithmURI)
Resolve and return the effective HMAC output length to use, if applicable to the specified signing credential and signature method algorithm URI.- Parameters:
criteria
- the input criteria being evaluatedsigningCredential
- the signing credential being evaluatedalgorithmURI
- the signature method algorithm URI being evaluated- Returns:
- the HMAC output length to use, or null
-
-