public class BasicSignatureSigningParametersResolver extends AbstractSecurityParametersResolver<SignatureSigningParameters> implements SignatureSigningParametersResolver
SignatureSigningParametersResolver
.
The following Criterion
inputs are supported:
SignatureSigningConfigurationCriterion
- requiredKeyInfoGenerationProfileCriterion
- optionalConstructor and Description |
---|
BasicSignatureSigningParametersResolver()
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected boolean |
credentialSupportsAlgorithm(Credential credential,
String algorithm)
Evaluate whether the specified credential is supported for use with the specified algorithm URI.
|
AlgorithmRegistry |
getAlgorithmRegistry()
Get the
AlgorithmRegistry instance used when resolving algorithm URIs. |
protected com.google.common.base.Predicate<String> |
getAlgorithmRuntimeSupportedPredicate()
Get a predicate which evaluates whether a cryptographic algorithm is supported
by the runtime environment.
|
protected List<String> |
getEffectiveSignatureAlgorithms(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
Get the effective list of signature algorithm URIs to consider, including application of
whitelist/blacklist policy.
|
protected List<Credential> |
getEffectiveSigningCredentials(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
Get the effective list of signing credentials to consider.
|
protected com.google.common.base.Predicate<String> |
getWhitelistBlacklistPredicate(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
Get a predicate which implements the effective configured whitelist/blacklist policy.
|
protected void |
logResult(SignatureSigningParameters params)
Log the resolved parameters.
|
Iterable<SignatureSigningParameters> |
resolve(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria) |
protected void |
resolveAndPopulateCredentialAndSignatureAlgorithm(SignatureSigningParameters params,
net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
Resolve and populate the signing credential and signature method algorithm URI on the
supplied parameters instance.
|
protected String |
resolveCanonicalizationAlgorithm(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
Resolve and return the canonicalization algorithm URI to use.
|
protected Integer |
resolveHMACOutputLength(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
Credential signingCredential,
String algorithmURI)
Resolve and return the effective HMAC output length to use, if applicable to the specified signing credential
and signature method algorithm URI.
|
protected KeyInfoGenerator |
resolveKeyInfoGenerator(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
Credential signingCredential)
Resolve and return the
KeyInfoGenerator instance to use with the specified credential. |
protected String |
resolveReferenceDigestMethod(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
Resolve and return the digest method algorithm URI to use, including application of whitelist/blacklist policy.
|
SignatureSigningParameters |
resolveSingle(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria) |
void |
setAlgorithmRegistry(AlgorithmRegistry registry)
Set the
AlgorithmRegistry instance used when resolving algorithm URIs. |
protected boolean |
validate(SignatureSigningParameters params)
Validate that the
SignatureSigningParameters instance has all the required properties populated. |
lookupKeyInfoGenerator, resolveAndPopulateWhiteAndBlacklists, resolveEffectiveBlacklist, resolveEffectiveWhitelist, resolveWhitelistBlacklistPrecedence, resolveWhitelistBlacklistPredicate
public BasicSignatureSigningParametersResolver()
public AlgorithmRegistry getAlgorithmRegistry()
AlgorithmRegistry
instance used when resolving algorithm URIs. Defaults to
the registry obtained via AlgorithmSupport.getGlobalAlgorithmRegistry()
.public void setAlgorithmRegistry(@Nonnull AlgorithmRegistry registry)
AlgorithmRegistry
instance used when resolving algorithm URIs. Defaults to
the registry obtained via AlgorithmSupport.getGlobalAlgorithmRegistry()
.registry
- the new algorithm registry instance@Nonnull public Iterable<SignatureSigningParameters> resolve(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria) throws net.shibboleth.utilities.java.support.resolver.ResolverException
resolve
in interface net.shibboleth.utilities.java.support.resolver.Resolver<SignatureSigningParameters,net.shibboleth.utilities.java.support.resolver.CriteriaSet>
net.shibboleth.utilities.java.support.resolver.ResolverException
@Nullable public SignatureSigningParameters resolveSingle(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria) throws net.shibboleth.utilities.java.support.resolver.ResolverException
resolveSingle
in interface net.shibboleth.utilities.java.support.resolver.Resolver<SignatureSigningParameters,net.shibboleth.utilities.java.support.resolver.CriteriaSet>
net.shibboleth.utilities.java.support.resolver.ResolverException
protected void logResult(@Nonnull SignatureSigningParameters params)
params
- the resolved paramprotected boolean validate(@Nonnull SignatureSigningParameters params)
SignatureSigningParameters
instance has all the required properties populated.params
- the parameters instance to evaluate@Nonnull protected com.google.common.base.Predicate<String> getWhitelistBlacklistPredicate(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
criteria
- the input criteria being evaluatedprotected void resolveAndPopulateCredentialAndSignatureAlgorithm(@Nonnull SignatureSigningParameters params, @Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
params
- the parameters instance being populatedcriteria
- the input criteria being evaluatedwhitelistBlacklistPredicate
- the whitelist/blacklist predicate with which to evaluate the
candidate signing method algorithm URIs@Nonnull protected com.google.common.base.Predicate<String> getAlgorithmRuntimeSupportedPredicate()
protected boolean credentialSupportsAlgorithm(@Nonnull Credential credential, @Nonnull @NotEmpty String algorithm)
credential
- the credential to evaluatealgorithm
- the algorithm URI to evaluate@Nonnull protected List<Credential> getEffectiveSigningCredentials(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
criteria
- the input criteria being evaluated@Nonnull protected List<String> getEffectiveSignatureAlgorithms(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, @Nonnull com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
criteria
- the input criteria being evaluatedwhitelistBlacklistPredicate
- the whitelist/blacklist predicate to use@Nullable protected String resolveReferenceDigestMethod(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, @Nonnull com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
criteria
- the input criteria being evaluatedwhitelistBlacklistPredicate
- the whitelist/blacklist predicate to use@Nullable protected String resolveCanonicalizationAlgorithm(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
criteria
- the input criteria being evaluated@Nullable protected KeyInfoGenerator resolveKeyInfoGenerator(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, @Nonnull Credential signingCredential)
KeyInfoGenerator
instance to use with the specified credential.criteria
- the input criteria being evaluatedsigningCredential
- the credential being evaluated@Nullable protected Integer resolveHMACOutputLength(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, @Nonnull Credential signingCredential, @Nonnull @NotEmpty String algorithmURI)
criteria
- the input criteria being evaluatedsigningCredential
- the signing credential being evaluatedalgorithmURI
- the signature method algorithm URI being evaluatedCopyright © 2019. All rights reserved.