public class SAMLMetadataEncryptionParametersResolver extends BasicEncryptionParametersResolver
BasicEncryptionParametersResolver which resolves
credentials and algorithm preferences against SAML metadata via a MetadataCredentialResolver.
In addition to the Criterion inputs documented in
BasicEncryptionParametersResolver, the inputs and associated modes of operation documented for
MetadataCredentialResolver are also supported and required.
The CriteriaSet instance passed to the configured metadata credential resolver will be a copy
of the input criteria set, with the addition of a UsageCriterion containing the value
UsageType.ENCRYPTION, which will replace any existing usage criterion instance.
| Modifier and Type | Field and Description |
|---|---|
private MetadataCredentialResolver |
credentialResolver
Metadata credential resolver.
|
private Logger |
log
Logger.
|
| Constructor and Description |
|---|
SAMLMetadataEncryptionParametersResolver(MetadataCredentialResolver resolver)
Constructor.
|
| Modifier and Type | Method and Description |
|---|---|
protected boolean |
credentialSupportsEncryptionMethod(org.opensaml.security.credential.Credential credential,
EncryptionMethod encryptionMethod)
Evaluate whether the specified credential is supported for use with the specified
EncryptionMethod. |
protected MetadataCredentialResolver |
getMetadataCredentialResolver()
Get the metadata credential resolver instance to use to resolve encryption credentials.
|
protected void |
resolveAndPopulateCredentialsAndAlgorithms(org.opensaml.xmlsec.EncryptionParameters params,
net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate) |
protected String |
resolveDataEncryptionAlgorithm(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate,
SAMLMDCredentialContext metadataCredContext)
Determine the data encryption algorithm URI to use.
|
protected String |
resolveKeyTransportAlgorithm(org.opensaml.security.credential.Credential keyTransportCredential,
net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate,
String dataEncryptionAlgorithm,
SAMLMDCredentialContext metadataCredContext)
Determine the key transport algorithm URI to use with the specified credential.
|
credentialSupportsAlgorithm, generateDataEncryptionCredential, getAlgorithmRegistry, getAlgorithmRuntimeSupportedPredicate, getEffectiveDataEncryptionAlgorithms, getEffectiveDataEncryptionCredentials, getEffectiveKeyTransportAlgorithms, getEffectiveKeyTransportCredentials, getWhitelistBlacklistPredicate, isAutoGenerateDataEncryptionCredential, isDataEncryptionAlgorithm, isKeyTransportAlgorithm, logResult, processDataEncryptionCredentialAutoGeneration, resolve, resolveDataEncryptionAlgorithm, resolveDataEncryptionAlgorithm, resolveDataKeyInfoGenerator, resolveKeyTransportAlgorithm, resolveKeyTransportAlgorithm, resolveKeyTransportKeyInfoGenerator, resolveSingle, setAlgorithmRegistry, setAutoGenerateDataEncryptionCredential, validatelookupKeyInfoGenerator, resolveAndPopulateWhiteAndBlacklists, resolveEffectiveBlacklist, resolveEffectiveWhitelist, resolveWhitelistBlacklistPrecedence, resolveWhitelistBlacklistPredicateprivate Logger log
private MetadataCredentialResolver credentialResolver
public SAMLMetadataEncryptionParametersResolver(@Nonnull MetadataCredentialResolver resolver)
resolver - the metadata credential resolver instance to use to resolve encryption credentials@Nonnull protected MetadataCredentialResolver getMetadataCredentialResolver()
protected void resolveAndPopulateCredentialsAndAlgorithms(@Nonnull org.opensaml.xmlsec.EncryptionParameters params, @Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, @Nonnull com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
resolveAndPopulateCredentialsAndAlgorithms in class BasicEncryptionParametersResolver@Nullable protected String resolveKeyTransportAlgorithm(@Nonnull org.opensaml.security.credential.Credential keyTransportCredential, @Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, @Nonnull com.google.common.base.Predicate<String> whitelistBlacklistPredicate, @Nullable String dataEncryptionAlgorithm, @Nullable SAMLMDCredentialContext metadataCredContext)
SAMLMDCredentialContext are considered first,
followed by locally configured algorithms.keyTransportCredential - the key transport credential to evaluatecriteria - the criteria instance being evaluatedwhitelistBlacklistPredicate - the whitelist/blacklist predicate with which to evaluate the
candidate data encryption and key transport algorithm URIsdataEncryptionAlgorithm - the optional data encryption algorithm URI to considermetadataCredContext - the credential context extracted from metadata@Nullable protected String resolveDataEncryptionAlgorithm(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, @Nonnull com.google.common.base.Predicate<String> whitelistBlacklistPredicate, @Nullable SAMLMDCredentialContext metadataCredContext)
SAMLMDCredentialContext are considered first,
followed by locally configured algorithms.criteria - the criteria instance being evaluatedwhitelistBlacklistPredicate - the whitelist/blacklist predicate with which to evaluate the
candidate data encryption and key transport algorithm URIsmetadataCredContext - the credential context extracted from metadataprotected boolean credentialSupportsEncryptionMethod(@Nonnull org.opensaml.security.credential.Credential credential, @Nonnull@NotEmpty EncryptionMethod encryptionMethod)
EncryptionMethod.credential - the credential to evaluateencryptionMethod - the encryption method to evaluateCopyright © 1999–2014. All rights reserved.