net.shibboleth.idp.saml.saml2.profile.impl

Class PopulateEncryptionParameters

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction<InboundMessageType,OutboundMessageType>

org.opensaml.profile.action.AbstractConditionalProfileAction<InboundMessageType,OutboundMessageType>

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, org.opensaml.profile.action.ProfileAction, org.springframework.beans.factory.Aware, org.springframework.context.MessageSource, org.springframework.context.MessageSourceAware, org.springframework.webflow.execution.Action

public class PopulateEncryptionParameters
extends AbstractProfileAction

Action that resolves and populates EncryptionParameters on an EncryptionContext created/accessed via a lookup function, by default on a RelyingPartyContext child of the profile request context.

The resolution process is contingent on the active profile configuration requesting encryption of some kind, and an EncryptionContext is also created to capture these requirements.

The OpenSAML default, per-RelyingParty, and default per-profile EncryptionConfiguration objects are input to the resolution process, along with the relying party's SAML metadata, which in most cases will be the source of the eventual encryption key.

Event:

EventIds.PROCEED_EVENT_ID, EventIds.INVALID_PROFILE_CTX, EventIds.INVALID_SEC_CFG, IdPEventIds.INVALID_RELYING_PARTY_CTX, IdPEventIds.INVALID_PROFILE_CONFIG

Field Summary

Fields

Modifier and Type	Field and Description
private Function<org.opensaml.profile.context.ProfileRequestContext,List<org.opensaml.xmlsec.EncryptionConfiguration>>	configurationLookupStrategy Strategy used to look up a per-request EncryptionConfiguration list.
private org.opensaml.xmlsec.EncryptionParametersResolver	encParamsresolver Resolver for parameters to store into context.
private boolean	encryptAssertions Flag tracking whether assertion encryption is required.
private boolean	encryptAttributes Flag tracking whether assertion encryption is required.
private boolean	encryptIdentifiers Flag tracking whether assertion encryption is required.
private List<org.opensaml.xmlsec.EncryptionConfiguration>	encryptionConfigurations Active configurations to feed into resolver.
private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.profile.context.EncryptionContext>	encryptionContextLookupStrategy Strategy used to look up the EncryptionContext to store parameters in.
private boolean	encryptionOptional Is encryption optional in the case no parameters can be resolved?
private org.slf4j.Logger	log Class logger.
private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext>	peerContextLookupStrategy Strategy used to look up a SAML peer context.
private QName	peerRole Metadata role type to provide to resolver.
private Function<org.opensaml.profile.context.ProfileRequestContext,RelyingPartyContext>	relyingPartyContextLookupStrategy Strategy used to look up a RelyingPartyContext for configuration options.
private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.core.AuthnRequest>	requestLookupStrategy Strategy used to locate the AuthnRequest to operate on, if any.
private String	samlProtocol Metadata protocolSupportEnumeration value to provide to resolver.

Constructor Summary

Constructors

Constructor and Description
PopulateEncryptionParameters() Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
private CriteriaSet	buildCriteriaSet(org.opensaml.profile.context.ProfileRequestContext profileRequestContext) Build the criteria used as input to the EncryptionParametersResolver.
protected void	doExecute(org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
protected void	doInitialize()
protected boolean	doPreExecute(org.opensaml.profile.context.ProfileRequestContext profileRequestContext)
void	setConfigurationLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,List<org.opensaml.xmlsec.EncryptionConfiguration>> strategy) Set the strategy used to look up a per-request EncryptionConfiguration list.
void	setEncryptionContextLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.profile.context.EncryptionContext> strategy) Set the strategy used to look up the EncryptionContext to set the flags for.
void	setEncryptionParametersResolver(org.opensaml.xmlsec.EncryptionParametersResolver newResolver) Set the encParamsresolver to use for the parameters to store into the context.
void	setPeerContextLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext> strategy) Set lookup strategy for SAMLPeerEntityContext for input to resolution.
void	setProtocol(String protocol) Set the protocol constant to use during resolution.
void	setRelyingPartyContextLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,RelyingPartyContext> strategy) Set the strategy used to return the RelyingPartyContext for configuration options.
void	setRequestLookupStrategy(Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.core.AuthnRequest> strategy) Set the strategy used to locate the AuthnRequest to examine, if any.
void	setRole(QName role) Set the operational role to use during resolution.

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

requestLookupStrategy

@Nonnull
private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.core.AuthnRequest> requestLookupStrategy

Strategy used to locate the AuthnRequest to operate on, if any.

relyingPartyContextLookupStrategy

@Nonnull
private Function<org.opensaml.profile.context.ProfileRequestContext,RelyingPartyContext> relyingPartyContextLookupStrategy

Strategy used to look up a RelyingPartyContext for configuration options.

encryptionContextLookupStrategy

@Nonnull
private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.profile.context.EncryptionContext> encryptionContextLookupStrategy

Strategy used to look up the EncryptionContext to store parameters in.

peerContextLookupStrategy

@Nullable
private Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext> peerContextLookupStrategy

Strategy used to look up a SAML peer context.

samlProtocol

@Nullable
private String samlProtocol

Metadata protocolSupportEnumeration value to provide to resolver.

peerRole

@Nullable
private QName peerRole

Metadata role type to provide to resolver.

configurationLookupStrategy

@NonnullAfterInit
private Function<org.opensaml.profile.context.ProfileRequestContext,List<org.opensaml.xmlsec.EncryptionConfiguration>> configurationLookupStrategy

Strategy used to look up a per-request EncryptionConfiguration list.

encParamsresolver

@NonnullAfterInit
private org.opensaml.xmlsec.EncryptionParametersResolver encParamsresolver

Resolver for parameters to store into context.

encryptionConfigurations

@Nullable
@NonnullElements
private List<org.opensaml.xmlsec.EncryptionConfiguration> encryptionConfigurations

Active configurations to feed into resolver.

encryptionOptional

private boolean encryptionOptional

Is encryption optional in the case no parameters can be resolved?

encryptAssertions

private boolean encryptAssertions

Flag tracking whether assertion encryption is required.

encryptIdentifiers

private boolean encryptIdentifiers

Flag tracking whether assertion encryption is required.

encryptAttributes

private boolean encryptAttributes

Flag tracking whether assertion encryption is required.

Constructor Detail

PopulateEncryptionParameters

public PopulateEncryptionParameters()

Constructor.

Method Detail

setRequestLookupStrategy

public void setRequestLookupStrategy(@Nonnull
                            Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.core.AuthnRequest> strategy)

Set the strategy used to locate the AuthnRequest to examine, if any.

Parameters:

strategy - strategy used to locate the AuthnRequest

setRelyingPartyContextLookupStrategy

public void setRelyingPartyContextLookupStrategy(@Nonnull
                                        Function<org.opensaml.profile.context.ProfileRequestContext,RelyingPartyContext> strategy)

Set the strategy used to return the RelyingPartyContext for configuration options.

Parameters:

strategy - lookup strategy

setEncryptionContextLookupStrategy

public void setEncryptionContextLookupStrategy(@Nonnull
                                      Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.saml2.profile.context.EncryptionContext> strategy)

Set the strategy used to look up the EncryptionContext to set the flags for.

Parameters:

strategy - lookup strategy

setProtocol

public void setProtocol(@Nullable
               String protocol)

Set the protocol constant to use during resolution.

Parameters:

protocol - the protocol constant to set

setRole

public void setRole(@Nullable
           QName role)

Set the operational role to use during resolution.

Parameters:

role - the operational role to set

setConfigurationLookupStrategy

public void setConfigurationLookupStrategy(@Nonnull
                                  Function<org.opensaml.profile.context.ProfileRequestContext,List<org.opensaml.xmlsec.EncryptionConfiguration>> strategy)

Set the strategy used to look up a per-request EncryptionConfiguration list.

Parameters:

strategy - lookup strategy

setPeerContextLookupStrategy

public void setPeerContextLookupStrategy(@Nullable
                                Function<org.opensaml.profile.context.ProfileRequestContext,org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext> strategy)

Set lookup strategy for SAMLPeerEntityContext for input to resolution.

Parameters:

strategy - lookup strategy

setEncryptionParametersResolver

public void setEncryptionParametersResolver(@Nonnull
                                   org.opensaml.xmlsec.EncryptionParametersResolver newResolver)

Set the encParamsresolver to use for the parameters to store into the context.

Parameters:

newResolver - encParamsresolver to use

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
                   org.opensaml.profile.context.ProfileRequestContext profileRequestContext)

Overrides:

doPreExecute in class org.opensaml.profile.action.AbstractConditionalProfileAction

doExecute

protected void doExecute(@Nonnull
             org.opensaml.profile.context.ProfileRequestContext profileRequestContext)

Overrides:

doExecute in class org.opensaml.profile.action.AbstractProfileAction

buildCriteriaSet

@Nonnull
private CriteriaSet buildCriteriaSet(@Nonnull
                                   org.opensaml.profile.context.ProfileRequestContext profileRequestContext)

Build the criteria used as input to the EncryptionParametersResolver.

Parameters:

profileRequestContext - current profile request context

Returns:

the criteria set to use