X500SubjectCanonicalization (Shibboleth IdP :: Authentication Implementation 3.4.1 API)

java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - org.opensaml.profile.action.AbstractProfileAction<InboundMessageType,OutboundMessageType>
  - - org.opensaml.profile.action.AbstractConditionalProfileAction<InboundMessageType,OutboundMessageType>
    - - net.shibboleth.idp.profile.AbstractProfileAction<InboundMessageType,OutboundMessageType>
      - net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction
        
        net.shibboleth.idp.authn.impl.X500SubjectCanonicalization

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, org.springframework.beans.factory.Aware, org.springframework.context.MessageSource, org.springframework.context.MessageSourceAware, org.springframework.webflow.execution.Action
```
public class X500SubjectCanonicalization
extends AbstractSubjectCanonicalizationAction
```
An action that operates on a SubjectCanonicalizationContext child of the current ProfileRequestContext, and transforms the input Subject into a principal name by searching for one and only one X509Certificate public credential, or in its absence one and only one X500Principal.
A list of OIDs is used to locate an RDN to extract from the Subject DN and use as the principal name after applying the transforms from the base class.

Alternatively, a list of subjectAltName extension types may be specified, which takes precedence over the subject, if a match is found.
Event:

EventIds.PROCEED_EVENT_ID, AuthnEventIds.INVALID_SUBJECT

Precondition:
```
ProfileRequestContext.getSubcontext(SubjectCanonicalizationContext.class) != null
```
Postcondition:
```
SubjectCanonicalizationContext.getPrincipalName() != null
  || SubjectCanonicalizationContext.getException() != null
```

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

static class X500SubjectCanonicalization.ActivationCondition
A predicate that determines if this action can run or not.

Nested Classes
Modifier and Type	Class and Description
`static class`	`X500SubjectCanonicalization.ActivationCondition` A predicate that determines if this action can run or not.

Field Summary

Fields
Modifier and Type	Field and Description
`private X509Certificate`	`certificate` The certificate to operate on.
`private static String`	`CN_OID` Common Name (CN) OID.
`private X500SubjectCanonicalization.ActivationCondition`	`embeddedPredicate` Supplies logic for pre-execute test.
`private org.slf4j.Logger`	`log` Class logger.
`private List<String>`	`objectIds` OIDs to search for.
`private List<Integer>`	`subjectAltNameTypes` subjectAltName types to search for.
`private X500Principal`	`x500Principal` The subject DN to operate on.

Constructor Summary

Constructors
Constructor and Description

X500SubjectCanonicalization()
Constructor.

Constructors
Constructor and Description
`X500SubjectCanonicalization()` Constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`protected void`	`doExecute(ProfileRequestContext profileRequestContext, SubjectCanonicalizationContext c14nContext)`
`protected boolean`	`doPreExecute(ProfileRequestContext profileRequestContext, SubjectCanonicalizationContext c14nContext)`
`protected String`	`findRDN(org.cryptacular.x509.dn.RDNSequence sequence, String oid)` Find an RDN with the specified OID.
`void`	`setObjectIds(List<String> ids)` Set the OIDs to search for, in order of preference.
`void`	`setSubjectAltNameTypes(List<Integer> types)` Set the subjectAltName types to search for, in order of preference.

Methods inherited from class net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction
applyTransforms, doExecute, doPreExecute, setLookupStrategy, setLowercase, setTransforms, setTrim, setUppercase

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

Field Detail

CN_OID
```
private static final String CN_OID
```
Common Name (CN) OID.

See Also:
Constant Field Values

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

embeddedPredicate

@Nonnull
private final X500SubjectCanonicalization.ActivationCondition embeddedPredicate

Supplies logic for pre-execute test.

subjectAltNameTypes

@Nonnull
@NonnullElements
private List<Integer> subjectAltNameTypes

subjectAltName types to search for.

objectIds

@Nonnull
@NonnullElements
private List<String> objectIds

OIDs to search for.

certificate

@Nullable
private X509Certificate certificate

The certificate to operate on.

x500Principal

@Nullable
private X500Principal x500Principal

The subject DN to operate on.

Constructor Detail
- X500SubjectCanonicalization
```
public X500SubjectCanonicalization()
```
  Constructor.

Method Detail

setSubjectAltNameTypes

public void setSubjectAltNameTypes(@Nonnull@NonnullElements
                          List<Integer> types)

Set the subjectAltName types to search for, in order of preference.

Parameters:: types - types to search for

setObjectIds

public void setObjectIds(@Nonnull@NonnullElements
                List<String> ids)

Set the OIDs to search for, in order of preference.

Parameters:: ids - RDN OIDs to search for

doPreExecute

protected boolean doPreExecute(@Nonnull
                   ProfileRequestContext profileRequestContext,
                   @Nonnull
                   SubjectCanonicalizationContext c14nContext)

Overrides:: doPreExecute in class AbstractSubjectCanonicalizationAction

doExecute

protected void doExecute(@Nonnull
             ProfileRequestContext profileRequestContext,
             @Nonnull
             SubjectCanonicalizationContext c14nContext)

Overrides:: doExecute in class AbstractSubjectCanonicalizationAction

findRDN

@Nullable
protected String findRDN(@Nonnull
                      org.cryptacular.x509.dn.RDNSequence sequence,
                      @Nonnull@NotEmpty
                      String oid)

Find an RDN with the specified OID.

Parameters:: sequence - the DN components; oid - the OID to look for
Returns:: the first matching RDN value, or null

Class X500SubjectCanonicalization

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent