Package net.shibboleth.oidc.profile.impl
Class PopulateJWTEncryptionParameters
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- org.opensaml.profile.action.AbstractProfileAction
-
- org.opensaml.profile.action.AbstractConditionalProfileAction
-
- net.shibboleth.idp.profile.AbstractProfileAction
-
- net.shibboleth.oidc.profile.impl.PopulateJWTEncryptionParameters
-
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction,Aware,MessageSource,MessageSourceAware,Action
public class PopulateJWTEncryptionParameters extends net.shibboleth.idp.profile.AbstractProfileActionAction that resolves and populatesEncryptionParameterson anSecurityParametersContextcreated/accessed via a lookup function, by default on a child of the outbound message context.The resolution process is contingent on the active profile configuration requesting encryption.
The default, per-RelyingParty, and default per-profile
EncryptionConfigurationobjects are input to the resolution process, along with the relying party's client metadata, any static credentials configured on the relying party, and the OpenID Provider metadata (which in most cases will be the source of the eventual encryption key)- Since:
- 2.2.0
- Event:
EventIds.PROCEED_EVENT_ID,EventIds.INVALID_PROFILE_CTX,EventIds.INVALID_SEC_CFG- Postcondition:
- set the encryption parameters onto the security parameters context
-
-
Field Summary
Fields Modifier and Type Field Description private Function<ProfileRequestContext,List<EncryptionConfiguration>>configurationLookupStrategyStrategy used to look up a per-requestEncryptionConfigurationlist.private EncryptionParametersResolverencParamsresolverResolver for parameters to store into context.private List<EncryptionConfiguration>encryptionConfigurationsActive configurations to feed into resolver.private SecurityParametersContextencryptionContextContext to populate.private booleanencryptionOptionalWhether encryption is optional.private Predicate<ProfileRequestContext>encryptionOptionalPredicatePredicate to determine how to proceed if no encryption parameters are resolved.private StringforFriendlyNameA friendly name to log as the subject of encryption parameter resolution.private org.slf4j.LoggerlogClass logger.private Function<ProfileRequestContext,OIDCMetadataContext>oidcClientMetadataContextLookupStrategyStrategy used to look up a OIDC client metadata context.private Function<ProfileRequestContext,OIDCProviderMetadataContext>oidcProviderMetadataContextLookupStrategyStrategy used to look up a OIDC provider metadata context.private Function<ProfileRequestContext,net.shibboleth.idp.profile.context.RelyingPartyContext>relyingPartyContextLookupStrategyLookup function for relying party context.private Function<ProfileRequestContext,SecurityParametersContext>securityParametersContextLookupStrategyStrategy used to look up theSecurityParametersContextto extract parameters from.
-
Constructor Summary
Constructors Constructor Description PopulateJWTEncryptionParameters()Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description private CriteriaSetbuildCriteriaSet(ProfileRequestContext profileRequestContext)Build the criteria used as input to theEncryptionParametersResolver.protected voiddoExecute(ProfileRequestContext profileRequestContext)protected voiddoInitialize()protected booleandoPreExecute(ProfileRequestContext profileRequestContext)voidsetClientMetadataContextLookupStrategy(Function<ProfileRequestContext,OIDCMetadataContext> strategy)Set lookup strategy forOIDCMetadataContextfor input to resolution.voidsetConfigurationLookupStrategy(Function<ProfileRequestContext,List<EncryptionConfiguration>> strategy)Set the strategy used to look up a per-requestEncryptionConfigurationlist.voidsetEncryptionOptional(boolean flag)Sets the boolean condition to apply to determine how to proceed if encryption parameter resolution fails.voidsetEncryptionOptionalPredicate(Predicate<ProfileRequestContext> condition)Sets the condition to apply to determine how to proceed if encryption parameter resolution fails.voidsetEncryptionParametersResolver(EncryptionParametersResolver newResolver)Set the encParamsresolver to use for the parameters to store into the context.voidsetForFriendlyName(String name)Set the friendly name to log as the subject of encryption parameter resolution.voidsetProviderMetadataContextLookupStrategy(Function<ProfileRequestContext,OIDCProviderMetadataContext> strategy)Set lookup strategy forOIDCProviderMetadataContextfor input to resolution.voidsetRelyingPartyContextLookupStrategy(Function<ProfileRequestContext,net.shibboleth.idp.profile.context.RelyingPartyContext> strategy)Set lookup strategy for relying party context.voidsetSecurityParametersContextLookupStrategy(Function<ProfileRequestContext,SecurityParametersContext> strategy)Set the lookup strategy to locate the security parameters context.-
Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getBean, getBean, getMessage, getMessage, getMessage, getParameter, getParameter, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy
-
Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition
-
Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletRequestSupplier, getHttpServletResponse, getHttpServletResponseSupplier, getLogPrefix, setHttpServletRequest, setHttpServletRequestSupplier, setHttpServletResponse, setHttpServletResponseSupplier
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
-
-
-
Field Detail
-
log
@Nonnull private final org.slf4j.Logger log
Class logger.
-
forFriendlyName
@Nonnull private String forFriendlyName
A friendly name to log as the subject of encryption parameter resolution.
-
encryptionOptionalPredicate
@Nonnull private Predicate<ProfileRequestContext> encryptionOptionalPredicate
Predicate to determine how to proceed if no encryption parameters are resolved.
-
securityParametersContextLookupStrategy
@Nonnull private Function<ProfileRequestContext,SecurityParametersContext> securityParametersContextLookupStrategy
Strategy used to look up theSecurityParametersContextto extract parameters from.
-
configurationLookupStrategy
@NonnullAfterInit private Function<ProfileRequestContext,List<EncryptionConfiguration>> configurationLookupStrategy
Strategy used to look up a per-requestEncryptionConfigurationlist.
-
encParamsresolver
@NonnullAfterInit private EncryptionParametersResolver encParamsresolver
Resolver for parameters to store into context.
-
encryptionConfigurations
@Nullable @NonnullElements private List<EncryptionConfiguration> encryptionConfigurations
Active configurations to feed into resolver.
-
oidcClientMetadataContextLookupStrategy
@Nullable private Function<ProfileRequestContext,OIDCMetadataContext> oidcClientMetadataContextLookupStrategy
Strategy used to look up a OIDC client metadata context.
-
oidcProviderMetadataContextLookupStrategy
@Nullable private Function<ProfileRequestContext,OIDCProviderMetadataContext> oidcProviderMetadataContextLookupStrategy
Strategy used to look up a OIDC provider metadata context.
-
relyingPartyContextLookupStrategy
@Nonnull private Function<ProfileRequestContext,net.shibboleth.idp.profile.context.RelyingPartyContext> relyingPartyContextLookupStrategy
Lookup function for relying party context.
-
encryptionOptional
private boolean encryptionOptional
Whether encryption is optional.
-
encryptionContext
private SecurityParametersContext encryptionContext
Context to populate.
-
-
Method Detail
-
setRelyingPartyContextLookupStrategy
public void setRelyingPartyContextLookupStrategy(@Nonnull Function<ProfileRequestContext,net.shibboleth.idp.profile.context.RelyingPartyContext> strategy)Set lookup strategy for relying party context.- Parameters:
strategy- lookup strategy
-
setSecurityParametersContextLookupStrategy
public void setSecurityParametersContextLookupStrategy(Function<ProfileRequestContext,SecurityParametersContext> strategy)
Set the lookup strategy to locate the security parameters context.- Parameters:
strategy- the lookup strategy
-
setClientMetadataContextLookupStrategy
public void setClientMetadataContextLookupStrategy(@Nullable Function<ProfileRequestContext,OIDCMetadataContext> strategy)Set lookup strategy forOIDCMetadataContextfor input to resolution.- Parameters:
strategy- lookup strategy
-
setProviderMetadataContextLookupStrategy
public void setProviderMetadataContextLookupStrategy(@Nullable Function<ProfileRequestContext,OIDCProviderMetadataContext> strategy)Set lookup strategy forOIDCProviderMetadataContextfor input to resolution.- Parameters:
strategy- lookup strategy
-
setForFriendlyName
public void setForFriendlyName(@Nonnull @NotEmpty String name)
Set the friendly name to log as the subject of encryption parameter resolution.- Parameters:
name- the friendly name
-
setConfigurationLookupStrategy
public void setConfigurationLookupStrategy(@Nonnull Function<ProfileRequestContext,List<EncryptionConfiguration>> strategy)Set the strategy used to look up a per-requestEncryptionConfigurationlist.- Parameters:
strategy- lookup strategy
-
setEncryptionParametersResolver
public void setEncryptionParametersResolver(@Nonnull EncryptionParametersResolver newResolver)Set the encParamsresolver to use for the parameters to store into the context.- Parameters:
newResolver- encParamsresolver to use
-
setEncryptionOptionalPredicate
public void setEncryptionOptionalPredicate(@Nonnull Predicate<ProfileRequestContext> condition)Sets the condition to apply to determine how to proceed if encryption parameter resolution fails.- Parameters:
condition- condition to set
-
setEncryptionOptional
public void setEncryptionOptional(@Nonnull boolean flag)Sets the boolean condition to apply to determine how to proceed if encryption parameter resolution fails.- Parameters:
flag- the flag to set
-
doInitialize
protected void doInitialize() throws ComponentInitializationException- Overrides:
doInitializein classAbstractInitializableComponent- Throws:
ComponentInitializationException
-
doPreExecute
protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext)- Overrides:
doPreExecutein classAbstractConditionalProfileAction
-
doExecute
protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext)- Overrides:
doExecutein classAbstractProfileAction
-
buildCriteriaSet
@Nonnull private CriteriaSet buildCriteriaSet(@Nonnull ProfileRequestContext profileRequestContext)
Build the criteria used as input to theEncryptionParametersResolver.- Parameters:
profileRequestContext- current profile request context- Returns:
- the criteria set to use
-
-