Package net.shibboleth.oidc.metadata.policy.impl

Class MetadataPolicyHelper

java.lang.Object

net.shibboleth.oidc.metadata.policy.impl.MetadataPolicyHelper

public final class MetadataPolicyHelper
extends Object

Static utility methods related to metadata policies.

Constructor Summary

Constructors

Modifier	Constructor	Description
private	MetadataPolicyHelper()	Constructor.

Method Summary

Modifier and Type	Method	Description
private static List<Object>	doMergeForTwoLists(List<?> superior, List<?> subordinate, boolean union)	Merges two metadata policy list values.
private static Object	doMergeForTwoObjects(Object superior, Object subordinate, boolean union)	Merges two metadata policy values that can be either single valued or lists.
static boolean	isSubsetOfValues(Object candidate, Collection<?> values)	Checks if the given candiate is a subset of the given values.
static boolean	isSupersetOfValues(Object candidate, Collection<?> values)	Checks if the given candidate is a superset of the given values.
static MetadataPolicy	mergeMetadataPolicies(MetadataPolicy superior, MetadataPolicy subordinate)	Merges two metadata policies with the rules defined in the OIDC federation spec 5.1.3.1:

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

MetadataPolicyHelper

private MetadataPolicyHelper()

Constructor.

Method Detail

isSupersetOfValues

public static boolean isSupersetOfValues(@Nonnull
                                         Object candidate,
                                         @Nonnull
                                         Collection<?> values)

Checks if the given candidate is a superset of the given values.

Parameters:

candidate - The candidate to be checked. May not be null.

values - The values to be checked. May not be null.

Returns:

true if the candidate is a superset of the values or they are equal, false otherwise.

isSubsetOfValues

public static boolean isSubsetOfValues(@Nonnull
                                       Object candidate,
                                       @Nonnull
                                       Collection<?> values)

Checks if the given candiate is a subset of the given values.

Parameters:

candidate - The candidate to be checked. May not be null.

values - The values to be checked. May not be null.

Returns:

true if the candidate is a subset of the values or they are equal, false otherwise.

mergeMetadataPolicies

@Nullable
public static MetadataPolicy mergeMetadataPolicies(@Nullable
                                                   MetadataPolicy superior,
                                                   @Nullable
                                                   MetadataPolicy subordinate)
                                            throws ConstraintViolationException

Merges two metadata policies with the rules defined in the OIDC federation spec 5.1.3.1:

• subset_of: The result of merging the values of two subset_of operators is the intersection of the operator values.
• one_of: The result of merging the values of two one_of operators is the intersection of the operator values.
• superset_of: The result of merging the values of two superset_of operators is the union of the operator values.
• add: The result of merging the values of two add operators is the union of the values.
• value: Merging two value operators is NOT allowed unless the two operator values are equal.
• default: Merging two default operators is NOT allowed unless the two operator values are equal.
• essential: If a superior has specified essential=true, then a subordinate cannot change that. If a superior has specified essential=false, then a subordinate is allowed to change that to essential=true. If a superior has not specified essential, then a subordinate can set essential to true or false.

In addition to the list above, 'regex' operator is treated in the same way as 'value' and 'default'.

Parameters:

superior - The superior metadata policy.

subordinate - The subordinate metadata policy.

Returns:

The merged metadata policy.

Throws:

ConstraintViolationException - If two 'value' or 'default' operators with different values are attempted to be merged.

doMergeForTwoObjects

@Nullable
private static Object doMergeForTwoObjects(@Nullable
                                           Object superior,
                                           @Nullable
                                           Object subordinate,
                                           boolean union)
                                    throws ConstraintViolationException

Merges two metadata policy values that can be either single valued or lists.

Parameters:

superior - The superior metadata value.

subordinate - The subordinate metadata value.

union - Flag to indicate the use of union. Intersection is used if false.

Returns:

The merged value.

Throws:

ConstraintViolationException - If the values are conflicting: two different values cannot be merged when union-flag is true.

doMergeForTwoLists

@Nullable
private static List<Object> doMergeForTwoLists(@Nullable
                                               List<?> superior,
                                               @Nullable
                                               List<?> subordinate,
                                               boolean union)

Merges two metadata policy list values.

Parameters:

superior - The superior value.

subordinate - The subordinate value.

union - Flag to indicate the use of union. Intersection is used if false.

Returns:

The merged value.