Package net.shibboleth.oidc.metadata.impl

Class ClientInformationNodeProcessor

    • Constructor Detail

      • ClientInformationNodeProcessor

        public ClientInformationNodeProcessor​(@Nonnull
                                      List<KeyInfoProvider> keyInfoProviders)
        Constructor.
        Parameters:
        keyInfoProviders - The list of key info providers.

    • Method Detail

      • parseClientID

        @Nullable
protected com.nimbusds.oauth2.sdk.id.ClientID parseClientID​(@Nonnull
                                                            SPSSODescriptor roleDescriptor)
        Converts the entityID of the given SPSSODescriptor into a ClientID. The value is fetched from the EntityDescriptor, expected to be the parent element of the given role decriptor.
        Parameters:
        roleDescriptor - The SPSSODescriptor to be used as a source.
        Returns:
        The entityID value as ClientID.

      • parseClientSecret

        @Nullable
protected com.nimbusds.oauth2.sdk.auth.Secret parseClientSecret​(@Nonnull
                                                                Iterable<Credential> credentials)
        Fetches the client secret from given the set of Credentials. The first credential matching the type NimbusSecretCredential is used as the source.
        Parameters:
        credentials - The source set of Credentials.
        Returns:
        The client secret as Secret.

      • populateMetadata

        @Nonnull
protected com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata populateMetadata​(@Nonnull
                                                                                 SPSSODescriptor roleDescriptor,
                                                                                 @Nonnull
                                                                                 Iterable<Credential> credentials,
                                                                                 @Nonnull
                                                                                 String clientId)
        Populates the OIDCClientMetadata using the values found from the given SPSSODescriptor, the set of Credentials and the client ID.
        Parameters:
        roleDescriptor - The SPSSODescriptor to be used as a source.
        credentials - The source set of Credentials to be used for client secret and remote/local JWKS.
        clientId - The client ID.
        Returns:
        The OIDCClientMetadata parsed from the given parameters.

      • getOAuthRPExtensions

        @Nullable
protected OAuthRPExtensions getOAuthRPExtensions​(@Nonnull
                                                 SPSSODescriptor roleDescriptor)
        Get the OAuthRPExtensions from the given SPSSODescriptor, it it was found from its extensions.
        Parameters:
        roleDescriptor - The role descriptor to get the extensions from.
        Returns:
        The extensions, if they were found from the role descriptor. null otherwise.

      • resolveCredentials

        @Nonnull
protected Iterable<Credential> resolveCredentials​(@Nonnull
                                                  SPSSODescriptor roleDescriptor)
        Get all the credentials attached to the given SPSSODescriptor. They are resolved using the keyInfoCredentialResolver.
        Parameters:
        roleDescriptor - The role descriptor to parse the credentials from.
        Returns:
        All the resolved credentials. Or empty set if none was found.

      • parseJwkSet

        @Nullable
protected com.nimbusds.jose.jwk.JWKSet parseJwkSet​(@Nonnull
                                                   Iterable<Credential> credentials,
                                                   @Nonnull
                                                   String clientId)
        Convert the given credentials into the Nimbus JWKSet.
        Parameters:
        credentials - The set to be converted.
        clientId - The client ID related to the credentials.
        Returns:
        The given credentials converted into a JWKSet.

      • parseJwkUri

        @Nullable
protected URI parseJwkUri​(@Nonnull
                          Iterable<Credential> credentials,
                          @Nonnull
                          String clientId)
        Convert the given credentials into a JWKS URI.
        Parameters:
        credentials - The set to be converted.
        clientId - The client ID related to the credentials.
        Returns:
        The given credentials converted into a JWKS URI

      • parseClientAuthenticationMethod

        @Nullable
protected com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod parseClientAuthenticationMethod​(@Nonnull
                                                                                                  OAuthRPExtensions extensions)
        Parse the ClientAuthenticationMethod from the given extensions.
        Parameters:
        extensions - The extensions to parse from.
        Returns:
        The client authentication method, or null it was not found.

      • parseApplicationType

        @Nonnull
protected com.nimbusds.openid.connect.sdk.rp.ApplicationType parseApplicationType​(@Nonnull
                                                                                  OAuthRPExtensions extensions)
        Parse the ApplicationType from the given extensions.
        Parameters:
        extensions - The extensions to parse from.
        Returns:
        ApplicationType.NATIVE if it was defined in the extensions, ApplicationType.WEB otherwise.

      • parseSubjectType

        @Nonnull
protected com.nimbusds.openid.connect.sdk.SubjectType parseSubjectType​(@Nonnull
                                                                       SPSSODescriptor roleDescriptor)
        Parse the SubjectType from the given role descriptor's name ID formats.
        Parameters:
        roleDescriptor - The role descriptor to parse from. Only the first nameID definition is taken into consideration.
        Returns:
        SubjectType.PAIRWISE if pairwise was defined as the name ID format. SubjectType.PUBLIC otherwise.

      • parseDefaultAcrValues

        @Nonnull
protected List<com.nimbusds.openid.connect.sdk.claims.ACR> parseDefaultAcrValues​(@Nonnull
                                                                                 OAuthRPExtensions extensions)
        Parse the default ACR values from the given extensions.
        Parameters:
        extensions - The extensions to parse from.
        Returns:
        The list of ACR values that were found.

      • parseGrantTypes

        @Nonnull
protected Set<com.nimbusds.oauth2.sdk.GrantType> parseGrantTypes​(@Nonnull
                                                                 OAuthRPExtensions extensions)
        Parse the GrantTypes from the given extensions.
        Parameters:
        extensions - The extensions to parse from.
        Returns:
        The set of grant types that were found.

      • parseResponseTypes

        @Nonnull
protected Set<com.nimbusds.oauth2.sdk.ResponseType> parseResponseTypes​(@Nonnull
                                                                       OAuthRPExtensions extensions)
        Parse the ResponseTypes from the given extensions.
        Parameters:
        extensions - The extensions to parse from.
        Returns:
        The set of response types that were found.

      • parseScopes

        @Nonnull
protected com.nimbusds.oauth2.sdk.Scope parseScopes​(@Nonnull
                                                    OAuthRPExtensions extensions)
        Parse the Scope from the given extensions.
        Parameters:
        extensions - The extensions to parse from.
        Returns:
        The scope that was found.

      • parseJweAlgorithm

        @Nullable
protected com.nimbusds.jose.JWEAlgorithm parseJweAlgorithm​(@Nullable
                                                           String value)
        Parse the JWEAlgorithm from the given metadata value.
        Parameters:
        value - The metadata value to parse from.
        Returns:
        The JWE algorithm, or null if no value was found.

      • parseJwsAlgorithm

        @Nullable
protected com.nimbusds.jose.JWSAlgorithm parseJwsAlgorithm​(@Nullable
                                                           String value)
        Parse the JWSAlgorithm from the given metadata value.
        Parameters:
        value - The metadata value to parse from.
        Returns:
        The JWS algorithm, or null if no value was found.

      • parseEncryptionMethod

        @Nullable
protected com.nimbusds.jose.EncryptionMethod parseEncryptionMethod​(@Nullable
                                                                   String value)
        Parse the EncryptionMethod from the given metadata value.
        Parameters:
        value - The metadata value to parse from.
        Returns:
        The encryption method, or null if no value was found.

      • parseRedirectUris

        @Nonnull
protected Set<URI> parseRedirectUris​(@Nonnull
                                     SPSSODescriptor roleDescriptor)
        Parse the redirection URIs from the given role descriptor. Only the assertion consumer service URLs whose binding matches to BINDING_ID_REDIRECT_URI are taken into consideration.
        Parameters:
        roleDescriptor - The role descriptor to parse from.
        Returns:
        The set of redirection URIs that were successfully parsed.

      • parseUris

        @Nonnull
protected Set<URI> parseUris​(@Nonnull
                             List<? extends MetadataValueSAMLObject> listOfValues)
        Parse the URIs from the given list of metadata values.
        Parameters:
        listOfValues - The list to parse from.
        Returns:
        Set of URIs that were successfully parsed from the list.

      • parseAudiences

        @Nullable
@NonnullElements
protected List<String> parseAudiences​(@Nonnull
                                      OAuthRPExtensions extensions)
        Parse the SAML Audience elements.
        Parameters:
        extensions - extension container
        Returns:
        audience collection or null

      • getListValues

        @Nonnull
@NonnullElements
protected Collection<String> getListValues​(@Nullable
                                           String metadataValue)
        Parse an XML value list from a metadata value object into a collection of strings.
        Parameters:
        metadataValue - input object
        Returns:
        possibly empty value collection

      • getSingleURIValue

        @Nullable
protected URI getSingleURIValue​(@Nonnull
                                MetadataValueSAMLObject metadataValue)
        Converts the metadata value object value into a URI.
        Parameters:
        metadataValue - The metadata object value to convert from.
        Returns:
        The value as URI if it was successfully parsed, null otherwise.

      • getSingleURIValue

        @Nullable
protected URI getSingleURIValue​(@Nullable
                                String value)
        Converts the given String into a URI.
        Parameters:
        value - The raw string value.
        Returns:
        The value as URI if it was successfully parsed, null otherwise.