net.shibboleth.idp.authn.impl

Class ValidateX509Certificate

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction<InboundMessageType,OutboundMessageType>

org.opensaml.profile.action.AbstractConditionalProfileAction<InboundMessageType,OutboundMessageType>

net.shibboleth.idp.profile.AbstractProfileAction<InboundMessageType,OutboundMessageType>

net.shibboleth.idp.authn.AbstractAuthenticationAction<InboundMessageType,OutboundMessageType>

net.shibboleth.idp.authn.AbstractValidationAction

net.shibboleth.idp.authn.impl.ValidateX509Certificate

All Implemented Interfaces:

PrincipalSupportingComponent, Component, DestructableComponent, InitializableComponent, ProfileAction, org.springframework.beans.factory.Aware, org.springframework.context.MessageSource, org.springframework.context.MessageSourceAware, org.springframework.webflow.execution.Action

public class ValidateX509Certificate
extends AbstractValidationAction

An action that checks for a CertificateContext containing X509Certificate objects, and directly produces an AuthenticationResult based on that identity, after optionally validating the certificate(s) against a TrustEngine.

Event:

EventIds.PROCEED_EVENT_ID, EventIds.INVALID_PROFILE_CTX, AuthnEventIds.INVALID_CREDENTIALS, AuthnEventIds.NO_CREDENTIALS

Precondition:

ProfileRequestContext.getSubcontext(AuthenticationContext.class).getAttemptedFlow() != null

Postcondition:

If AuthenticationContext.getSubcontext(CertificateContext.class) != null, then an AuthenticationResult is saved to the AuthenticationContext on a successful validation. On a failure, the AbstractValidationAction.handleError(ProfileRequestContext, AuthenticationContext, Exception, String) method is called.

Field Summary

Fields

Modifier and Type	Field and Description
private CertificateContext	certContext CertificateContext containing the credentials to validate.
private static String	DEFAULT_METRIC_NAME Default prefix for metrics.
private org.slf4j.Logger	log Class logger.
private TrustEngine<? super X509Credential>	trustEngine Optional trust engine to validate certificates against.

Constructor Summary

Constructors

Constructor and Description
ValidateX509Certificate() Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
protected void	doExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext)
protected Subject	populateSubject(Subject subject)
void	setTrustEngine(TrustEngine<? super X509Credential> tm) Set a TrustEngine to use.

Methods inherited from class net.shibboleth.idp.authn.AbstractValidationAction

addDefaultPrincipals, buildAuthenticationResult, getClassifiedErrors, getMetricName, getResultCachingPredicate, getSubject, getSupportedPrincipals, handleError, handleError, handleWarning, recordFailure, recordSuccess, setAddDefaultPrincipals, setClassifiedMessages, setMetricName, setRequesterLookupStrategy, setResponderLookupStrategy, setResultCachingPredicate, setSupportedPrincipals

Methods inherited from class net.shibboleth.idp.authn.AbstractAuthenticationAction

doExecute, doPreExecute, setLookupStrategy

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

DEFAULT_METRIC_NAME

@Nonnull
@NotEmpty
private static final String DEFAULT_METRIC_NAME

Default prefix for metrics.

See Also:

Constant Field Values

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

trustEngine

@Nullable
private TrustEngine<? super X509Credential> trustEngine

Optional trust engine to validate certificates against.

certContext

@Nullable
private CertificateContext certContext

CertificateContext containing the credentials to validate.

Constructor Detail

ValidateX509Certificate

public ValidateX509Certificate()

Constructor.

Method Detail

setTrustEngine

public void setTrustEngine(@Nullable
                  TrustEngine<? super X509Credential> tm)

Set a TrustEngine to use.

Parameters:

tm - trust engine to use

doPreExecute

protected boolean doPreExecute(@Nonnull
                   ProfileRequestContext profileRequestContext,
                   @Nonnull
                   AuthenticationContext authenticationContext)

Overrides:

doPreExecute in class AbstractValidationAction

doExecute

protected void doExecute(@Nonnull
             ProfileRequestContext profileRequestContext,
             @Nonnull
             AuthenticationContext authenticationContext)

Overrides:

doExecute in class AbstractAuthenticationAction

populateSubject

@Nonnull
protected Subject populateSubject(@Nonnull
                              Subject subject)

Specified by:

populateSubject in class AbstractValidationAction