org.opensaml.saml.security.impl

Class SAMLMetadataSignatureSigningParametersResolver

java.lang.Object

org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver<org.opensaml.xmlsec.SignatureSigningParameters>

org.opensaml.xmlsec.impl.BasicSignatureSigningParametersResolver

org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver

All Implemented Interfaces:

net.shibboleth.utilities.java.support.resolver.Resolver<org.opensaml.xmlsec.SignatureSigningParameters,net.shibboleth.utilities.java.support.resolver.CriteriaSet>, org.opensaml.xmlsec.SignatureSigningParametersResolver

public class SAMLMetadataSignatureSigningParametersResolver
extends BasicSignatureSigningParametersResolver

A specialization of BasicSignatureSigningParametersResolver which also supports input of SAML metadata, specifically the SigningMethod and DigestMethod extension elements.

In addition to the Criterion inputs documented in BasicSignatureSigningParametersResolver, the following inputs are also supported:

• RoleDescriptorCriterion - optional

Field Summary

Fields

Modifier and Type	Field and Description
private Logger	log Logger.

Constructor Summary

Constructors

Constructor and Description
SAMLMetadataSignatureSigningParametersResolver()

Method Summary

Methods

Modifier and Type	Method and Description
protected boolean	credentialSupportsSigningMethod(org.opensaml.security.credential.Credential credential, SigningMethod signingMethod) Evaluate whether the specified credential is supported for use with the specified SigningMethod.
protected List<org.opensaml.core.xml.XMLObject>	getExtensions(RoleDescriptor roleDescriptor, QName extensionName) Get the extensions indicated by the passed QName.
protected void	resolveAndPopulateCredentialAndSignatureAlgorithm(org.opensaml.xmlsec.SignatureSigningParameters params, net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
protected String	resolveReferenceDigestMethod(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, com.google.common.base.Predicate<String> whitelistBlacklistPredicate)

Methods inherited from class org.opensaml.xmlsec.impl.BasicSignatureSigningParametersResolver

credentialSupportsAlgorithm, getAlgorithmRegistry, getAlgorithmRuntimeSupportedPredicate, getEffectiveSignatureAlgorithms, getEffectiveSigningCredentials, getWhitelistBlacklistPredicate, logResult, resolve, resolveCanonicalizationAlgorithm, resolveHMACOutputLength, resolveKeyInfoGenerator, resolveReferenceCanonicalizationAlgorithm, resolveSingle, setAlgorithmRegistry, validate

Methods inherited from class org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver

lookupKeyInfoGenerator, resolveAndPopulateWhiteAndBlacklists, resolveEffectiveBlacklist, resolveEffectiveWhitelist, resolveWhitelistBlacklistPrecedence, resolveWhitelistBlacklistPredicate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

@Nonnull
private Logger log

Logger.

Constructor Detail

SAMLMetadataSignatureSigningParametersResolver

public SAMLMetadataSignatureSigningParametersResolver()

Method Detail

resolveAndPopulateCredentialAndSignatureAlgorithm

protected void resolveAndPopulateCredentialAndSignatureAlgorithm(@Nonnull
                                                     org.opensaml.xmlsec.SignatureSigningParameters params,
                                                     @Nonnull
                                                     net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
                                                     @Nonnull
                                                     com.google.common.base.Predicate<String> whitelistBlacklistPredicate)

Overrides:

resolveAndPopulateCredentialAndSignatureAlgorithm in class BasicSignatureSigningParametersResolver

credentialSupportsSigningMethod

protected boolean credentialSupportsSigningMethod(@Nonnull
                                      org.opensaml.security.credential.Credential credential,
                                      @Nonnull@NotEmpty
                                      SigningMethod signingMethod)

Evaluate whether the specified credential is supported for use with the specified SigningMethod.

Parameters:

credential - the credential to evaluate

signingMethod - the signing method to evaluate

Returns:

true if credential may be used with the supplied algorithm URI, false otherwise

resolveReferenceDigestMethod

@Nullable
protected String resolveReferenceDigestMethod(@Nonnull
                                           net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
                                           @Nonnull
                                           com.google.common.base.Predicate<String> whitelistBlacklistPredicate)

Overrides:

resolveReferenceDigestMethod in class BasicSignatureSigningParametersResolver

getExtensions

@Nullable
protected List<org.opensaml.core.xml.XMLObject> getExtensions(@Nonnull
                                                           RoleDescriptor roleDescriptor,
                                                           @Nonnull
                                                           QName extensionName)

Get the extensions indicated by the passed QName. The passed RoleDescriptor's Extensions element is examined first. If at least 1 such extension is found there, that list is returned. If no such extensions are found on the RoleDescriptor, then the RoleDescriptor's parent EntityDescriptor will be examined, if it exists.

Parameters:

roleDescriptor - the role descriptor instance to examine

extensionName - the extension name for which to search

Returns:

the list of extension XMLObjects found, or null