Package org.opensaml.saml.security.impl

Class SAMLMetadataSignatureSigningParametersResolver

  • All Implemented Interfaces:
    net.shibboleth.utilities.java.support.resolver.Resolver<org.opensaml.xmlsec.SignatureSigningParameters,​net.shibboleth.utilities.java.support.resolver.CriteriaSet>, org.opensaml.xmlsec.SignatureSigningParametersResolver
    public class SAMLMetadataSignatureSigningParametersResolver
extends org.opensaml.xmlsec.impl.BasicSignatureSigningParametersResolver
    A specialization of BasicSignatureSigningParametersResolver which also supports input of SAML metadata, specifically the SigningMethod and DigestMethod extension elements.

    In addition to the Criterion inputs documented in BasicSignatureSigningParametersResolver, the following inputs are also supported:

    • RoleDescriptorCriterion - optional

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private Logger log
      Logger.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected boolean credentialSupportsSigningMethod​(org.opensaml.security.credential.Credential credential, org.opensaml.saml.ext.saml2alg.SigningMethod signingMethod)
      Evaluate whether the specified credential is supported for use with the specified SigningMethod.
      protected List<org.opensaml.core.xml.XMLObject> getExtensions​(org.opensaml.saml.saml2.metadata.RoleDescriptor roleDescriptor, QName extensionName)
      Get the extensions indicated by the passed QName.
      protected void resolveAndPopulateCredentialAndSignatureAlgorithm​(org.opensaml.xmlsec.SignatureSigningParameters params, net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, Predicate<String> whitelistBlacklistPredicate)
      protected String resolveReferenceDigestMethod​(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, Predicate<String> whitelistBlacklistPredicate)

      • Methods inherited from class org.opensaml.xmlsec.impl.BasicSignatureSigningParametersResolver

        credentialSupportsAlgorithm, getAlgorithmRegistry, getAlgorithmRuntimeSupportedPredicate, getEffectiveSignatureAlgorithms, getEffectiveSigningCredentials, getWhitelistBlacklistPredicate, logResult, resolve, resolveCanonicalizationAlgorithm, resolveHMACOutputLength, resolveKeyInfoGenerator, resolveReferenceCanonicalizationAlgorithm, resolveSingle, setAlgorithmRegistry, validate

      • Methods inherited from class org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver

        lookupKeyInfoGenerator, resolveAndPopulateWhiteAndBlacklists, resolveEffectiveBlacklist, resolveEffectiveWhitelist, resolveWhitelistBlacklistPrecedence, resolveWhitelistBlacklistPredicate

    • Field Detail

      • log

        @Nonnull
private Logger log
        Logger.

    • Constructor Detail

      • SAMLMetadataSignatureSigningParametersResolver

        public SAMLMetadataSignatureSigningParametersResolver()

    • Method Detail

      • resolveAndPopulateCredentialAndSignatureAlgorithm

        protected void resolveAndPopulateCredentialAndSignatureAlgorithm​(@Nonnull
                                                                 org.opensaml.xmlsec.SignatureSigningParameters params,
                                                                 @Nonnull
                                                                 net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
                                                                 @Nonnull
                                                                 Predicate<String> whitelistBlacklistPredicate)
        Overrides:
        resolveAndPopulateCredentialAndSignatureAlgorithm in class org.opensaml.xmlsec.impl.BasicSignatureSigningParametersResolver

      • credentialSupportsSigningMethod

        protected boolean credentialSupportsSigningMethod​(@Nonnull
                                                  org.opensaml.security.credential.Credential credential,
                                                  @Nonnull @NotEmpty
                                                  org.opensaml.saml.ext.saml2alg.SigningMethod signingMethod)
        Evaluate whether the specified credential is supported for use with the specified SigningMethod.
        Parameters:
        credential - the credential to evaluate
        signingMethod - the signing method to evaluate
        Returns:
        true if credential may be used with the supplied algorithm URI, false otherwise

      • resolveReferenceDigestMethod

        @Nullable
protected String resolveReferenceDigestMethod​(@Nonnull
                                              net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
                                              @Nonnull
                                              Predicate<String> whitelistBlacklistPredicate)
        Overrides:
        resolveReferenceDigestMethod in class org.opensaml.xmlsec.impl.BasicSignatureSigningParametersResolver

      • getExtensions

        @Nullable
protected List<org.opensaml.core.xml.XMLObject> getExtensions​(@Nonnull
                                                              org.opensaml.saml.saml2.metadata.RoleDescriptor roleDescriptor,
                                                              @Nonnull
                                                              QName extensionName)
        Get the extensions indicated by the passed QName. The passed RoleDescriptor's Extensions element is examined first. If at least 1 such extension is found there, that list is returned. If no such extensions are found on the RoleDescriptor, then the RoleDescriptor's parent EntityDescriptor will be examined, if it exists.
        Parameters:
        roleDescriptor - the role descriptor instance to examine
        extensionName - the extension name for which to search
        Returns:
        the list of extension XMLObjects found, or null