Package net.shibboleth.oidc.metadata.impl

Class ClientInformationNodeProcessor

    • Field Detail

      • BINDING_ID_REDIRECT_URI

        public static final String BINDING_ID_REDIRECT_URI
        The ACS binding identifier matching to the redirect_uri.
        See Also:
        Constant Field Values

      • BINDING_ID_FRONT_SLO_URI

        public static final String BINDING_ID_FRONT_SLO_URI
        The SLO binding identifier matching to the front-channel uri.
        See Also:
        Constant Field Values

      • BINDING_ID_BACK_SLO_URI

        public static final String BINDING_ID_BACK_SLO_URI
        The SLO binding identifier matching to the back-channel uri.
        See Also:
        Constant Field Values

      • log

        private final org.slf4j.Logger log
        Class logger.

    • Constructor Detail

      • ClientInformationNodeProcessor

        public ClientInformationNodeProcessor​(@Nonnull
                                      List<KeyInfoProvider> keyInfoProviders)
        Constructor.
        Parameters:
        keyInfoProviders - The list of key info providers.

    • Method Detail

      • parseClientID

        @Nullable
protected com.nimbusds.oauth2.sdk.id.ClientID parseClientID​(@Nonnull
                                                            SPSSODescriptor roleDescriptor)
        Converts the entityID of the given SPSSODescriptor into a ClientID. The value is fetched from the EntityDescriptor, expected to be the parent element of the given role decriptor.
        Parameters:
        roleDescriptor - The SPSSODescriptor to be used as a source.
        Returns:
        The entityID value as ClientID.

      • parseClientSecret

        @Nullable
protected com.nimbusds.oauth2.sdk.auth.Secret parseClientSecret​(@Nonnull
                                                                Iterable<Credential> credentials)
        Fetches the client secret from given the set of Credentials. The first credential matching the type NimbusSecretCredential is used as the source.
        Parameters:
        credentials - The source set of Credentials.
        Returns:
        The client secret as Secret.

      • populateMetadata

        @Nonnull
protected com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata populateMetadata​(@Nonnull
                                                                                 SPSSODescriptor roleDescriptor,
                                                                                 @Nonnull
                                                                                 Iterable<Credential> credentials,
                                                                                 @Nonnull
                                                                                 String clientId)
        Populates the OIDCClientMetadata using the values found from the given SPSSODescriptor, the set of Credentials and the client ID.
        Parameters:
        roleDescriptor - The SPSSODescriptor to be used as a source.
        credentials - The source set of Credentials to be used for client secret and remote/local JWKS.
        clientId - The client ID.
        Returns:
        The OIDCClientMetadata parsed from the given parameters.

      • getOAuthRPExtensions

        @Nullable
protected OAuthRPExtensions getOAuthRPExtensions​(@Nonnull
                                                 SPSSODescriptor roleDescriptor)
        Get the OAuthRPExtensions from the given SPSSODescriptor, it it was found from its extensions.
        Parameters:
        roleDescriptor - The role descriptor to get the extensions from.
        Returns:
        The extensions, if they were found from the role descriptor. null otherwise.

      • resolveCredentials

        @Nonnull
protected Iterable<Credential> resolveCredentials​(@Nonnull
                                                  SPSSODescriptor roleDescriptor)
        Get all the credentials attached to the given SPSSODescriptor. They are resolved using the keyInfoCredentialResolver.
        Parameters:
        roleDescriptor - The role descriptor to parse the credentials from.
        Returns:
        All the resolved credentials. Or empty set if none was found.

      • parseJwkSet

        @Nullable
protected com.nimbusds.jose.jwk.JWKSet parseJwkSet​(@Nonnull
                                                   Iterable<Credential> credentials,
                                                   @Nonnull
                                                   String clientId)
        Convert the given credentials into the Nimbus JWKSet.
        Parameters:
        credentials - The set to be converted.
        clientId - The client ID related to the credentials.
        Returns:
        The given credentials converted into a JWKSet.

      • parseJwkUri

        @Nullable
protected URI parseJwkUri​(@Nonnull
                          Iterable<Credential> credentials,
                          @Nonnull
                          String clientId)
        Convert the given credentials into a JWKS URI.
        Parameters:
        credentials - The set to be converted.
        clientId - The client ID related to the credentials.
        Returns:
        The given credentials converted into a JWKS URI

      • parseClientAuthenticationMethod

        @Nullable
protected com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod parseClientAuthenticationMethod​(@Nonnull
                                                                                                  OAuthRPExtensions extensions)
        Parse the ClientAuthenticationMethod from the given extensions.
        Parameters:
        extensions - The extensions to parse from.
        Returns:
        The client authentication method, or null it was not found.

      • parseApplicationType

        @Nonnull
protected com.nimbusds.openid.connect.sdk.rp.ApplicationType parseApplicationType​(@Nonnull
                                                                                  OAuthRPExtensions extensions)
        Parse the ApplicationType from the given extensions.
        Parameters:
        extensions - The extensions to parse from.
        Returns:
        ApplicationType.NATIVE if it was defined in the extensions, ApplicationType.WEB otherwise.

      • parseSubjectType

        @Nonnull
protected com.nimbusds.openid.connect.sdk.SubjectType parseSubjectType​(@Nonnull
                                                                       SPSSODescriptor roleDescriptor)
        Parse the SubjectType from the given role descriptor's name ID formats.
        Parameters:
        roleDescriptor - The role descriptor to parse from. Only the first nameID definition is taken into consideration.
        Returns:
        SubjectType.PAIRWISE if pairwise was defined as the name ID format. SubjectType.PUBLIC otherwise.

      • parseDefaultAcrValues

        @Nonnull
protected List<com.nimbusds.openid.connect.sdk.claims.ACR> parseDefaultAcrValues​(@Nonnull
                                                                                 OAuthRPExtensions extensions)
        Parse the default ACR values from the given extensions.
        Parameters:
        extensions - The extensions to parse from.
        Returns:
        The list of ACR values that were found.

      • parseGrantTypes

        @Nonnull
protected Set<com.nimbusds.oauth2.sdk.GrantType> parseGrantTypes​(@Nonnull
                                                                 OAuthRPExtensions extensions)
        Parse the GrantTypes from the given extensions.
        Parameters:
        extensions - The extensions to parse from.
        Returns:
        The set of grant types that were found.

      • parseResponseTypes

        @Nonnull
protected Set<com.nimbusds.oauth2.sdk.ResponseType> parseResponseTypes​(@Nonnull
                                                                       OAuthRPExtensions extensions)
        Parse the ResponseTypes from the given extensions.
        Parameters:
        extensions - The extensions to parse from.
        Returns:
        The set of response types that were found.

      • parseScopes

        @Nonnull
protected com.nimbusds.oauth2.sdk.Scope parseScopes​(@Nonnull
                                                    OAuthRPExtensions extensions)
        Parse the Scope from the given extensions.
        Parameters:
        extensions - The extensions to parse from.
        Returns:
        The scope that was found.

      • parseJweAlgorithm

        @Nullable
protected com.nimbusds.jose.JWEAlgorithm parseJweAlgorithm​(@Nullable
                                                           String value)
        Parse the JWEAlgorithm from the given metadata value.
        Parameters:
        value - The metadata value to parse from.
        Returns:
        The JWE algorithm, or null if no value was found.

      • parseJwsAlgorithm

        @Nullable
protected com.nimbusds.jose.JWSAlgorithm parseJwsAlgorithm​(@Nullable
                                                           String value)
        Parse the JWSAlgorithm from the given metadata value.
        Parameters:
        value - The metadata value to parse from.
        Returns:
        The JWS algorithm, or null if no value was found.

      • parseEncryptionMethod

        @Nullable
protected com.nimbusds.jose.EncryptionMethod parseEncryptionMethod​(@Nullable
                                                                   String value)
        Parse the EncryptionMethod from the given metadata value.
        Parameters:
        value - The metadata value to parse from.
        Returns:
        The encryption method, or null if no value was found.

      • parseRedirectUris

        @Nonnull
protected Set<URI> parseRedirectUris​(@Nonnull
                                     SPSSODescriptor roleDescriptor)
        Parse the redirection URIs from the given role descriptor. Only the assertion consumer service URLs whose binding matches to BINDING_ID_REDIRECT_URI are taken into consideration.
        Parameters:
        roleDescriptor - The role descriptor to parse from.
        Returns:
        The set of redirection URIs that were successfully parsed.

      • parseUris

        @Nonnull
protected Set<URI> parseUris​(@Nonnull
                             List<? extends MetadataValueSAMLObject> listOfValues)
        Parse the URIs from the given list of metadata values.
        Parameters:
        listOfValues - The list to parse from.
        Returns:
        Set of URIs that were successfully parsed from the list.

      • parseAudiences

        @Nullable
@NonnullElements
protected List<String> parseAudiences​(@Nonnull
                                      OAuthRPExtensions extensions)
        Parse the SAML Audience elements.
        Parameters:
        extensions - extension container
        Returns:
        audience collection or null

      • parseLogoutUris

        @Nonnull
protected Set<URI> parseLogoutUris​(@Nonnull
                                   SPSSODescriptor roleDescriptor,
                                   @Nonnull
                                   String binding)
        Parse the single logout URIs from the given role descriptor. Only the single logout service URLs whose binding matches to the one given in the parameters are taken into consideration.
        Parameters:
        roleDescriptor - The role descriptor to parse from.
        binding - The binding to look after.
        Returns:
        The set of single logout URIs that were successfully parsed.

      • getListValues

        @Nonnull
@NonnullElements
protected Collection<String> getListValues​(@Nullable
                                           String metadataValue)
        Parse an XML value list from a metadata value object into a collection of strings.
        Parameters:
        metadataValue - input object
        Returns:
        possibly empty value collection

      • getSingleURIValue

        @Nullable
protected URI getSingleURIValue​(@Nonnull
                                MetadataValueSAMLObject metadataValue)
        Converts the metadata value object value into a URI.
        Parameters:
        metadataValue - The metadata object value to convert from.
        Returns:
        The value as URI if it was successfully parsed, null otherwise.

      • getSingleURIValue

        @Nullable
protected URI getSingleURIValue​(@Nullable
                                String value)
        Converts the given String into a URI.
        Parameters:
        value - The raw string value.
        Returns:
        The value as URI if it was successfully parsed, null otherwise.