Package net.shibboleth.idp.authn.impl
Class X509CertificateCredentialValidator
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
-
- net.shibboleth.idp.authn.AbstractCredentialValidator
-
- net.shibboleth.idp.authn.impl.X509CertificateCredentialValidator
-
- All Implemented Interfaces:
CredentialValidator,PrincipalSupportingComponent,Component,DestructableComponent,IdentifiableComponent,IdentifiedComponent,InitializableComponent
@ThreadSafeAfterInit public class X509CertificateCredentialValidator extends AbstractCredentialValidator
A credential validator that validates an X.509 certificate.- Since:
- 4.2.0
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface net.shibboleth.idp.authn.CredentialValidator
CredentialValidator.ErrorHandler, CredentialValidator.WarningHandler
-
-
Field Summary
Fields Modifier and Type Field Description private Function<AuthenticationContext,CertificateContext>certContextLookupStrategyLookup strategy for cert context.private org.slf4j.LoggerlogClass logger.private booleansaveCertificateToCredentialSetWhether to save the certificate in the Java Subject's public credentials.private TrustEngine<? super X509Credential>trustEngineOptional trust engine to validate certificates against.
-
Constructor Summary
Constructors Constructor Description X509CertificateCredentialValidator()Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected SubjectdoValidate(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext, CredentialValidator.WarningHandler warningHandler, CredentialValidator.ErrorHandler errorHandler)protected SubjectpopulateSubject(X509Certificate certificate)Builds a subject with "standard" content from the validation.voidsetCertificateContextLookupStrategy(Function<AuthenticationContext,CertificateContext> strategy)Set the lookup strategy to locate theUsernamePasswordContext.voidsetSaveCertificateToCredentialSet(boolean flag)Set whether to save the certificate in the Java Subject's public credentials.voidsetTrustEngine(TrustEngine<? super X509Credential> tm)Set aTrustEngineto use.-
Methods inherited from class net.shibboleth.idp.authn.AbstractCredentialValidator
getLogPrefix, getSupportedPrincipals, isAcceptable, populateSubject, setActivationCondition, setId, setSupportedPrincipals, validate
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
doInitialize, getId
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiedComponent
getId
-
-
-
-
Field Detail
-
log
@Nonnull private final org.slf4j.Logger log
Class logger.
-
certContextLookupStrategy
@Nonnull private Function<AuthenticationContext,CertificateContext> certContextLookupStrategy
Lookup strategy for cert context.
-
trustEngine
@Nullable private TrustEngine<? super X509Credential> trustEngine
Optional trust engine to validate certificates against.
-
saveCertificateToCredentialSet
private boolean saveCertificateToCredentialSet
Whether to save the certificate in the Java Subject's public credentials.
-
-
Method Detail
-
setCertificateContextLookupStrategy
public void setCertificateContextLookupStrategy(@Nonnull Function<AuthenticationContext,CertificateContext> strategy)Set the lookup strategy to locate theUsernamePasswordContext.- Parameters:
strategy- lookup strategy
-
setTrustEngine
public void setTrustEngine(@Nullable TrustEngine<? super X509Credential> tm)Set aTrustEngineto use.- Parameters:
tm- trust engine to use
-
setSaveCertificateToCredentialSet
public void setSaveCertificateToCredentialSet(boolean flag)
Set whether to save the certificate in the Java Subject's public credentials.Defaults to true
- Parameters:
flag- flag to set
-
doValidate
@Nullable protected Subject doValidate(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext, @Nullable CredentialValidator.WarningHandler warningHandler, @Nullable CredentialValidator.ErrorHandler errorHandler) throws Exception
- Specified by:
doValidatein classAbstractCredentialValidator- Throws:
Exception
-
populateSubject
@Nonnull protected Subject populateSubject(@Nonnull X509Certificate certificate)
Builds a subject with "standard" content from the validation.- Parameters:
certificate- the certificate validated- Returns:
- the decorated subject
-
-