Package org.opensaml.xmlsec.impl

Class BasicSignatureSigningParametersResolver

    • Field Detail

      • log

        private org.slf4j.Logger log
        Logger.

      • algorithmRegistry

        private AlgorithmRegistry algorithmRegistry
        The AlgorithmRegistry used when processing algorithm URIs.

    • Constructor Detail

      • BasicSignatureSigningParametersResolver

        public BasicSignatureSigningParametersResolver()
        Constructor.

    • Method Detail

      • logResult

        protected void logResult​(@Nonnull
                         SignatureSigningParameters params)
        Log the resolved parameters.
        Parameters:
        params - the resolved param

      • validate

        protected boolean validate​(@Nonnull
                           SignatureSigningParameters params)
        Validate that the SignatureSigningParameters instance has all the required properties populated.
        Parameters:
        params - the parameters instance to evaluate
        Returns:
        true if parameters instance passes validation, false otherwise

      • getIncludeExcludePredicate

        @Nonnull
protected Predicate<String> getIncludeExcludePredicate​(@Nonnull
                                                       CriteriaSet criteria)
        Get a predicate which implements the effective configured include/exclude policy.
        Parameters:
        criteria - the input criteria being evaluated
        Returns:
        include/exclude predicate instance

      • getWhitelistBlacklistPredicate

        @Deprecated(since="4.1.0",
            forRemoval=true)
@Nonnull
protected Predicate<String> getWhitelistBlacklistPredicate​(@Nonnull
                                                           CriteriaSet criteria)
        Deprecated, for removal: This API element is subject to removal in a future version.
        Get a predicate which implements the effective configured include/exclude policy.
        Parameters:
        criteria - the input criteria being evaluated
        Returns:
        include/exclude predicate instance

      • resolveAndPopulateCredentialAndSignatureAlgorithm

        protected void resolveAndPopulateCredentialAndSignatureAlgorithm​(@Nonnull
                                                                 SignatureSigningParameters params,
                                                                 @Nonnull
                                                                 CriteriaSet criteria,
                                                                 Predicate<String> includeExcludePredicate)
        Resolve and populate the signing credential and signature method algorithm URI on the supplied parameters instance.
        Parameters:
        params - the parameters instance being populated
        criteria - the input criteria being evaluated
        includeExcludePredicate - the include/exclude predicate with which to evaluate the candidate signing method algorithm URIs

      • getAlgorithmRuntimeSupportedPredicate

        @Nonnull
protected Predicate<String> getAlgorithmRuntimeSupportedPredicate()
        Get a predicate which evaluates whether a cryptographic algorithm is supported by the runtime environment.
        Returns:
        the predicate

      • credentialSupportsAlgorithm

        protected boolean credentialSupportsAlgorithm​(@Nonnull
                                              Credential credential,
                                              @Nonnull @NotEmpty
                                              String algorithm)
        Evaluate whether the specified credential is supported for use with the specified algorithm URI.
        Parameters:
        credential - the credential to evaluate
        algorithm - the algorithm URI to evaluate
        Returns:
        true if credential may be used with the supplied algorithm URI, false otherwise

      • getEffectiveSigningCredentials

        @Nonnull
protected List<Credential> getEffectiveSigningCredentials​(@Nonnull
                                                          CriteriaSet criteria)
        Get the effective list of signing credentials to consider.
        Parameters:
        criteria - the input criteria being evaluated
        Returns:
        the list of credentials

      • getEffectiveSignatureAlgorithms

        @Nonnull
protected List<String> getEffectiveSignatureAlgorithms​(@Nonnull
                                                       CriteriaSet criteria,
                                                       @Nonnull
                                                       Predicate<String> includeExcludePredicate)
        Get the effective list of signature algorithm URIs to consider, including application of include/exclude policy.
        Parameters:
        criteria - the input criteria being evaluated
        includeExcludePredicate - the include/exclude predicate to use
        Returns:
        the list of effective algorithm URIs

      • resolveReferenceDigestMethod

        @Nullable
protected String resolveReferenceDigestMethod​(@Nonnull
                                              CriteriaSet criteria,
                                              @Nonnull
                                              Predicate<String> includeExcludePredicate)
        Resolve and return the digest method algorithm URI to use, including application of include/exclude policy.
        Parameters:
        criteria - the input criteria being evaluated
        includeExcludePredicate - the include/exclude predicate to use
        Returns:
        the resolved digest method algorithm URI

      • resolveCanonicalizationAlgorithm

        @Nullable
protected String resolveCanonicalizationAlgorithm​(@Nonnull
                                                  CriteriaSet criteria)
        Resolve and return the canonicalization algorithm URI to use.
        Parameters:
        criteria - the input criteria being evaluated
        Returns:
        the canonicalization algorithm URI

      • resolveReferenceCanonicalizationAlgorithm

        @Nullable
protected String resolveReferenceCanonicalizationAlgorithm​(@Nonnull
                                                           CriteriaSet criteria)
        Resolve and return the reference canonicalization algorithm URI to use.
        Parameters:
        criteria - the input criteria being evaluated
        Returns:
        the reference canonicalization algorithm URI

      • resolveKeyInfoGenerator

        @Nullable
protected KeyInfoGenerator resolveKeyInfoGenerator​(@Nonnull
                                                   CriteriaSet criteria,
                                                   @Nonnull
                                                   Credential signingCredential)
        Resolve and return the KeyInfoGenerator instance to use with the specified credential.
        Parameters:
        criteria - the input criteria being evaluated
        signingCredential - the credential being evaluated
        Returns:
        KeyInfo generator instance, or null

      • resolveHMACOutputLength

        @Nullable
protected Integer resolveHMACOutputLength​(@Nonnull
                                          CriteriaSet criteria,
                                          @Nonnull
                                          Credential signingCredential,
                                          @Nonnull @NotEmpty
                                          String algorithmURI)
        Resolve and return the effective HMAC output length to use, if applicable to the specified signing credential and signature method algorithm URI.
        Parameters:
        criteria - the input criteria being evaluated
        signingCredential - the signing credential being evaluated
        algorithmURI - the signature method algorithm URI being evaluated
        Returns:
        the HMAC output length to use, or null