Class PopulateEncryptionParameters
java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
net.shibboleth.idp.profile.AbstractProfileAction
net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction,Aware,MessageSource,MessageSourceAware,Action
Action that resolves and populates
EncryptionParameters on an EncryptionContext
created/accessed via a lookup function, by default on a RelyingPartyContext child of the
profile request context.
The resolution process is contingent on the active profile configuration requesting encryption
of some kind, and an EncryptionContext is also created to capture these requirements.
The OpenSAML default, per-RelyingParty, and default per-profile EncryptionConfiguration
objects are input to the resolution process, along with the relying party's SAML metadata, which in
most cases will be the source of the eventual encryption key.
-
Field Summary
FieldsModifier and TypeFieldDescriptionStrategy used to look up a per-requestEncryptionConfigurationlist.private EncryptionParametersResolverResolver for parameters to store into context.private booleanFlag tracking whether assertion encryption is required.private booleanFlag tracking whether assertion encryption is required.private booleanFlag tracking whether assertion encryption is required.private List<EncryptionConfiguration>Active configurations to feed into resolver.Strategy used to look up theEncryptionContextto store parameters in.private booleanIs encryption optional in the case no parameters can be resolved?private final org.slf4j.LoggerClass logger.Strategy used to look up a SAML peer context.private QNameMetadata role type to provide to resolver.Strategy used to look up aRelyingPartyContextfor configuration options.private StringMetadata protocolSupportEnumeration value to provide to resolver. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate CriteriaSetbuildCriteriaSet(ProfileRequestContext profileRequestContext, List<EncryptionConfiguration> configurations) Build the criteria used as input to theEncryptionParametersResolver.protected voiddoExecute(ProfileRequestContext profileRequestContext) protected voidprotected booleandoPreExecute(ProfileRequestContext profileRequestContext) voidsetConfigurationLookupStrategy(Function<ProfileRequestContext, List<EncryptionConfiguration>> strategy) Set the strategy used to look up a per-requestEncryptionConfigurationlist.voidSet the strategy used to look up theEncryptionContextto set the flags for.voidSet the encParamsresolver to use for the parameters to store into the context.voidSet lookup strategy forSAMLPeerEntityContextfor input to resolution.voidsetProtocol(String protocol) Set the protocol constant to use during resolution.voidSet the strategy used to return theRelyingPartyContextfor configuration options.voidSet the operational role to use during resolution.Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getBean, getBean, getMessage, getMessage, getMessage, getParameter, getParameter, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategyMethods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationConditionMethods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, ensureHttpServletRequest, ensureHttpServletResponse, execute, getHttpServletRequest, getHttpServletRequestSupplier, getHttpServletResponse, getHttpServletResponseSupplier, getLogPrefix, isPreExecuteCalled, setHttpServletRequestSupplier, setHttpServletResponseSupplierMethods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent
checkComponentActive, checkSetterPreconditions, destroy, doDestroy, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitializedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface net.shibboleth.shared.component.InitializableComponent
initialize, isInitialized
-
Field Details
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
relyingPartyContextLookupStrategy
@Nonnull private Function<ProfileRequestContext,RelyingPartyContext> relyingPartyContextLookupStrategyStrategy used to look up aRelyingPartyContextfor configuration options. -
encryptionContextLookupStrategy
Strategy used to look up theEncryptionContextto store parameters in. -
peerContextLookupStrategy
Strategy used to look up a SAML peer context. -
samlProtocol
Metadata protocolSupportEnumeration value to provide to resolver. -
peerRole
Metadata role type to provide to resolver. -
configurationLookupStrategy
@NonnullAfterInit private Function<ProfileRequestContext,List<EncryptionConfiguration>> configurationLookupStrategyStrategy used to look up a per-requestEncryptionConfigurationlist. -
encParamsresolver
Resolver for parameters to store into context. -
encryptionConfigurations
Active configurations to feed into resolver. -
encryptionOptional
private boolean encryptionOptionalIs encryption optional in the case no parameters can be resolved? -
encryptAssertions
private boolean encryptAssertionsFlag tracking whether assertion encryption is required. -
encryptIdentifiers
private boolean encryptIdentifiersFlag tracking whether assertion encryption is required. -
encryptAttributes
private boolean encryptAttributesFlag tracking whether assertion encryption is required.
-
-
Constructor Details
-
PopulateEncryptionParameters
public PopulateEncryptionParameters()Constructor.
-
-
Method Details
-
setRelyingPartyContextLookupStrategy
public void setRelyingPartyContextLookupStrategy(@Nonnull Function<ProfileRequestContext, RelyingPartyContext> strategy) Set the strategy used to return theRelyingPartyContextfor configuration options.- Parameters:
strategy- lookup strategy
-
setEncryptionContextLookupStrategy
public void setEncryptionContextLookupStrategy(@Nonnull Function<ProfileRequestContext, EncryptionContext> strategy) Set the strategy used to look up theEncryptionContextto set the flags for.- Parameters:
strategy- lookup strategy
-
setProtocol
Set the protocol constant to use during resolution.- Parameters:
protocol- the protocol constant to set
-
setRole
Set the operational role to use during resolution.- Parameters:
role- the operational role to set
-
setConfigurationLookupStrategy
public void setConfigurationLookupStrategy(@Nonnull Function<ProfileRequestContext, List<EncryptionConfiguration>> strategy) Set the strategy used to look up a per-requestEncryptionConfigurationlist.- Parameters:
strategy- lookup strategy
-
setPeerContextLookupStrategy
public void setPeerContextLookupStrategy(@Nullable Function<ProfileRequestContext, SAMLPeerEntityContext> strategy) Set lookup strategy forSAMLPeerEntityContextfor input to resolution.- Parameters:
strategy- lookup strategy
-
setEncryptionParametersResolver
Set the encParamsresolver to use for the parameters to store into the context.- Parameters:
newResolver- encParamsresolver to use
-
doInitialize
- Overrides:
doInitializein classAbstractInitializableComponent- Throws:
ComponentInitializationException
-
doPreExecute
- Overrides:
doPreExecutein classAbstractConditionalProfileAction
-
doExecute
- Overrides:
doExecutein classAbstractProfileAction
-
buildCriteriaSet
@Nonnull private CriteriaSet buildCriteriaSet(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull List<EncryptionConfiguration> configurations) Build the criteria used as input to theEncryptionParametersResolver.- Parameters:
profileRequestContext- current profile request contextconfigurations- theEncryptionConfigurations- Returns:
- the criteria set to use
-