Package net.shibboleth.idp.authn.impl

Class X509CertificateCredentialValidator

java.lang.Object

net.shibboleth.shared.component.AbstractInitializableComponent

net.shibboleth.shared.component.AbstractIdentifiedInitializableComponent

net.shibboleth.idp.authn.AbstractCredentialValidator

net.shibboleth.idp.authn.impl.X509CertificateCredentialValidator

All Implemented Interfaces:

CredentialValidator, PrincipalSupportingComponent, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent

@ThreadSafeAfterInit
public class X509CertificateCredentialValidator
extends AbstractCredentialValidator

A credential validator that validates an X.509 certificate.

Since:

4.2.0

Nested Class Summary

Nested classes/interfaces inherited from interface net.shibboleth.idp.authn.CredentialValidator

CredentialValidator.ErrorHandler, CredentialValidator.WarningHandler

Field Summary

Fields

Modifier and Type	Field	Description
private Function<AuthenticationContext,CertificateContext>	certContextLookupStrategy	Lookup strategy for cert context.
private final org.slf4j.Logger	log	Class logger.
private boolean	saveCertificateToCredentialSet	Whether to save the certificate in the Java Subject's public credentials.
private TrustEngine<? super X509Credential>	trustEngine	Optional trust engine to validate certificates against.

Constructor Summary

Constructors

Constructor	Description
X509CertificateCredentialValidator()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected Subject	doValidate(ProfileRequestContext profileRequestContext, AuthenticationContext authenticationContext, CredentialValidator.WarningHandler warningHandler, CredentialValidator.ErrorHandler errorHandler)	Override method for subclasses to use to perform the actual validation.
protected Subject	populateSubject(X509Certificate certificate)	Builds a subject with "standard" content from the validation.
void	setCertificateContextLookupStrategy(Function<AuthenticationContext,CertificateContext> strategy)	Set the lookup strategy to locate the UsernamePasswordContext.
void	setSaveCertificateToCredentialSet(boolean flag)	Set whether to save the certificate in the Java Subject's public credentials.
void	setTrustEngine(TrustEngine<? super X509Credential> tm)	Set a TrustEngine to use.

Methods inherited from class net.shibboleth.idp.authn.AbstractCredentialValidator

getLogPrefix, getSupportedPrincipals, isAcceptable, populateSubject, setActivationCondition, setId, setSupportedPrincipals, validate

Methods inherited from class net.shibboleth.shared.component.AbstractIdentifiedInitializableComponent

doInitialize, ensureId, getId, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException

Methods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent

checkComponentActive, checkSetterPreconditions, destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.shared.component.IdentifiedComponent

getId

Field Details

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

certContextLookupStrategy

@Nonnull
private Function<AuthenticationContext,CertificateContext> certContextLookupStrategy

Lookup strategy for cert context.

trustEngine

@Nullable
private TrustEngine<? super X509Credential> trustEngine

Optional trust engine to validate certificates against.

saveCertificateToCredentialSet

private boolean saveCertificateToCredentialSet

Whether to save the certificate in the Java Subject's public credentials.

Constructor Details

X509CertificateCredentialValidator

public X509CertificateCredentialValidator()

Constructor.

Method Details

setCertificateContextLookupStrategy

public void setCertificateContextLookupStrategy(@Nonnull
 Function<AuthenticationContext,CertificateContext> strategy)

Set the lookup strategy to locate the UsernamePasswordContext.

Parameters:

strategy - lookup strategy

setTrustEngine

public void setTrustEngine(@Nullable
 TrustEngine<? super X509Credential> tm)

Set a TrustEngine to use.

Parameters:

tm - trust engine to use

setSaveCertificateToCredentialSet

public void setSaveCertificateToCredentialSet(boolean flag)

Set whether to save the certificate in the Java Subject's public credentials.

Defaults to true

Parameters:

flag - flag to set

doValidate

@Nullable
protected Subject doValidate(@Nonnull
 ProfileRequestContext profileRequestContext,
 @Nonnull
 AuthenticationContext authenticationContext,
 @Nullable
 CredentialValidator.WarningHandler warningHandler,
 @Nullable
 CredentialValidator.ErrorHandler errorHandler)
                      throws Exception

Override method for subclasses to use to perform the actual validation.

Specified by:

doValidate in class AbstractCredentialValidator

Parameters:

profileRequestContext - profile request context

authenticationContext - authentication context

warningHandler - optional warning handler interface

errorHandler - optional error handler interface

Returns:

the validated result, or null if inapplicable

Throws:

Exception - if an error occurs

populateSubject

@Nonnull
protected Subject populateSubject(@Nonnull
 X509Certificate certificate)

Builds a subject with "standard" content from the validation.

Parameters:

certificate - the certificate validated

Returns:

the decorated subject