Package net.shibboleth.idp.authn.impl
Class X500SubjectCanonicalization
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- org.opensaml.profile.action.AbstractProfileAction
-
- org.opensaml.profile.action.AbstractConditionalProfileAction
-
- net.shibboleth.idp.profile.AbstractProfileAction
-
- net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction
-
- net.shibboleth.idp.authn.impl.X500SubjectCanonicalization
-
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction,Aware,MessageSource,MessageSourceAware,Action
public class X500SubjectCanonicalization extends AbstractSubjectCanonicalizationAction
An action that operates on aSubjectCanonicalizationContextchild of the currentProfileRequestContext, and transforms the inputSubjectinto a principal name by searching for one and only oneX509Certificatepublic credential, or in its absence one and only oneX500Principal.A list of OIDs is used to locate an RDN to extract from the Subject DN and use as the principal name after applying the transforms from the base class.
Alternatively, a list of subjectAltName extension types may be specified, which takes precedence over the subject, if a match is found.
- Event:
EventIds.PROCEED_EVENT_ID,AuthnEventIds.INVALID_SUBJECT- Precondition:
ProfileRequestContext.getSubcontext(SubjectCanonicalizationContext.class) != null
- Postcondition:
SubjectCanonicalizationContext.getPrincipalName() != null || SubjectCanonicalizationContext.getException() != null
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classX500SubjectCanonicalization.ActivationConditionA predicate that determines if this action can run or not.
-
Field Summary
Fields Modifier and Type Field Description private X509CertificatecertificateThe certificate to operate on.private static StringCN_OIDCommon Name (CN) OID.private X500SubjectCanonicalization.ActivationConditionembeddedPredicateSupplies logic for pre-execute test.private org.slf4j.LoggerlogClass logger.private List<String>objectIdsOIDs to search for.private List<Integer>subjectAltNameTypessubjectAltName types to search for.private X500Principalx500PrincipalThe subject DN to operate on.
-
Constructor Summary
Constructors Constructor Description X500SubjectCanonicalization()Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voiddoExecute(ProfileRequestContext profileRequestContext, SubjectCanonicalizationContext c14nContext)protected booleandoPreExecute(ProfileRequestContext profileRequestContext, SubjectCanonicalizationContext c14nContext)protected StringfindRDN(org.cryptacular.x509.dn.RDNSequence sequence, String oid)Find an RDN with the specified OID.voidsetObjectIds(List<String> ids)Set the OIDs to search for, in order of preference.voidsetSubjectAltNameTypes(List<Integer> types)Set the subjectAltName types to search for, in order of preference.-
Methods inherited from class net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction
applyTransforms, doExecute, doPreExecute, setLookupStrategy, setLowercase, setTransforms, setTrim, setUppercase
-
Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy
-
Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition
-
Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
-
-
-
Field Detail
-
CN_OID
private static final String CN_OID
Common Name (CN) OID.- See Also:
- Constant Field Values
-
log
@Nonnull private final org.slf4j.Logger log
Class logger.
-
embeddedPredicate
@Nonnull private final X500SubjectCanonicalization.ActivationCondition embeddedPredicate
Supplies logic for pre-execute test.
-
subjectAltNameTypes
@Nonnull @NonnullElements private List<Integer> subjectAltNameTypes
subjectAltName types to search for.
-
objectIds
@Nonnull @NonnullElements private List<String> objectIds
OIDs to search for.
-
certificate
@Nullable private X509Certificate certificate
The certificate to operate on.
-
x500Principal
@Nullable private X500Principal x500Principal
The subject DN to operate on.
-
-
Method Detail
-
setSubjectAltNameTypes
public void setSubjectAltNameTypes(@Nullable @NonnullElements List<Integer> types)
Set the subjectAltName types to search for, in order of preference.- Parameters:
types- types to search for
-
setObjectIds
public void setObjectIds(@Nullable @NonnullElements List<String> ids)
Set the OIDs to search for, in order of preference.- Parameters:
ids- RDN OIDs to search for
-
doPreExecute
protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext c14nContext)- Overrides:
doPreExecutein classAbstractSubjectCanonicalizationAction
-
doExecute
protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext c14nContext)- Overrides:
doExecutein classAbstractSubjectCanonicalizationAction
-
-