Package org.opensaml.saml.saml2.profile.impl

Class EncryptNameIDs

java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction
org.opensaml.saml.saml2.profile.impl.EncryptNameIDs
All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, ProfileAction
public class EncryptNameIDs extends AbstractEncryptAction
Action that encrypts all NameIDs in a message obtained from a lookup strategy, by default the outbound message context.

Specific formats may be excluded from encryption, by default excluding the "entity" format.

Event:
EventIds.PROCEED_EVENT_ID, EventIds.UNABLE_TO_ENCRYPT
Postcondition:
All SAML NameIDs in all locations have been replaced with encrypted versions. It's possible for some to be replaced but others not if an error occurs.

  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.

    • messageLookupStrategy

      @Nonnull private Function<ProfileRequestContext,SAMLObject> messageLookupStrategy
      Strategy used to locate the message to operate on.

    • excludedFormats

      @Nonnull private Set<String> excludedFormats
      Formats to exclude from encryption.

    • message

      @NonnullBeforeExec private SAMLObject message
      The message to operate on.

  • Constructor Details

    • EncryptNameIDs

      public EncryptNameIDs()
      Constructor.

  • Method Details

    • setMessageLookupStrategy

      public void setMessageLookupStrategy(@Nonnull Function<ProfileRequestContext,SAMLObject> strategy)
      Set the strategy used to locate the Response to operate on.
      Parameters:
      strategy - strategy used to locate the Response to operate on

    • setExcludedFormats

      public void setExcludedFormats(@Nonnull Collection<String> formats)
      Set the NameID formats to ignore and leave unencrypted.
      Parameters:
      formats - formats to exclude

    • getApplicableParameters

      @Nullable protected EncryptionParameters getApplicableParameters(@Nullable EncryptionContext ctx)
      Return the right set of parameters for the operation to be performed, or none if no encryption should occur.
      Specified by:
      getApplicableParameters in class AbstractEncryptAction
      Parameters:
      ctx - possibly null input context to pull parameters from
      Returns:
      the right parameter set, or null for none

    • doPreExecute

      protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext)
      Overrides:
      doPreExecute in class AbstractEncryptAction

    • doExecute

      protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext)
      Overrides:
      doExecute in class AbstractProfileAction

    • shouldEncrypt

      private boolean shouldEncrypt(@Nonnull NameID name)
      Return true iff the NameID should be encrypted.
      Parameters:
      name - NameID to check
      Returns:
      true iff encryption should happen

    • processSubject

      private void processSubject(@Nullable Subject subject) throws EncryptionException
      Encrypt any NameIDs found in a subject and replace them with the result.
      Parameters:
      subject - subject to operate on
      Throws:
      EncryptionException - if an error occurs

    • processLogoutRequest

      private void processLogoutRequest(@Nonnull LogoutRequest request) throws EncryptionException
      Encrypt a NameID found in a LogoutRequest and replace it with the result.
      Parameters:
      request - request to operate on
      Throws:
      EncryptionException - if an error occurs

    • processManageNameIDRequest

      private void processManageNameIDRequest(@Nonnull ManageNameIDRequest request) throws EncryptionException
      Encrypt a NameID found in a ManageNameIDRequest and replace it with the result.
      Parameters:
      request - request to operate on
      Throws:
      EncryptionException - if an error occurs

    • processNameIDMappingRequest

      private void processNameIDMappingRequest(@Nonnull NameIDMappingRequest request) throws EncryptionException
      Encrypt a NameID found in a NameIDMappingRequest and replace it with the result.
      Parameters:
      request - request to operate on
      Throws:
      EncryptionException - if an error occurs

    • processNameIDMappingResponse

      private void processNameIDMappingResponse(@Nonnull NameIDMappingResponse response) throws EncryptionException
      Encrypt a NameID found in a NameIDMappingResponse and replace it with the result.
      Parameters:
      response - response to operate on
      Throws:
      EncryptionException - if an error occurs

    • processAssertion

      private void processAssertion(@Nonnull Assertion assertion) throws EncryptionException
      Decrypt any EncryptedID found in an assertion and replace it with the result.
      Parameters:
      assertion - assertion to operate on
      Throws:
      EncryptionException - if an error occurs