Package org.opensaml.saml.security.impl

Class SAMLMetadataSignatureSigningParametersResolver

java.lang.Object

org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver<SignatureSigningParameters>

org.opensaml.xmlsec.impl.BasicSignatureSigningParametersResolver

org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver

All Implemented Interfaces:

Resolver<SignatureSigningParameters,CriteriaSet>, SignatureSigningParametersResolver

public class SAMLMetadataSignatureSigningParametersResolver
extends BasicSignatureSigningParametersResolver

A specialization of BasicSignatureSigningParametersResolver which also supports input of SAML metadata, specifically the SigningMethod and DigestMethod extension elements.

In addition to the Criterion inputs documented in BasicSignatureSigningParametersResolver, the following inputs are also supported:

• RoleDescriptorCriterion - optional

Field Summary

Fields

Modifier and Type	Field	Description
private org.slf4j.Logger	log	Logger.

Constructor Summary

Constructors

Constructor	Description
SAMLMetadataSignatureSigningParametersResolver()

Method Summary

Modifier and Type	Method	Description
protected boolean	credentialSupportsSigningMethod(Credential credential, SigningMethod signingMethod)	Evaluate whether the specified credential is supported for use with the specified SigningMethod.
protected List<XMLObject>	getExtensions(RoleDescriptor roleDescriptor, QName extensionName)	Get the extensions indicated by the passed QName.
protected void	resolveAndPopulateCredentialAndSignatureAlgorithm(SignatureSigningParameters params, CriteriaSet criteria, Predicate<String> whitelistBlacklistPredicate)
protected String	resolveReferenceDigestMethod(CriteriaSet criteria, Predicate<String> whitelistBlacklistPredicate)

Methods inherited from class org.opensaml.xmlsec.impl.BasicSignatureSigningParametersResolver

credentialSupportsAlgorithm, getAlgorithmRegistry, getAlgorithmRuntimeSupportedPredicate, getEffectiveSignatureAlgorithms, getEffectiveSigningCredentials, getWhitelistBlacklistPredicate, logResult, resolve, resolveCanonicalizationAlgorithm, resolveHMACOutputLength, resolveKeyInfoGenerator, resolveReferenceCanonicalizationAlgorithm, resolveSingle, setAlgorithmRegistry, validate

Methods inherited from class org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver

lookupKeyInfoGenerator, resolveAndPopulateWhiteAndBlacklists, resolveEffectiveBlacklist, resolveEffectiveWhitelist, resolveWhitelistBlacklistPrecedence, resolveWhitelistBlacklistPredicate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

@Nonnull
private org.slf4j.Logger log

Logger.

Constructor Detail

SAMLMetadataSignatureSigningParametersResolver

public SAMLMetadataSignatureSigningParametersResolver()

Method Detail

resolveAndPopulateCredentialAndSignatureAlgorithm

protected void resolveAndPopulateCredentialAndSignatureAlgorithm(@Nonnull
                                                                 SignatureSigningParameters params,
                                                                 @Nonnull
                                                                 CriteriaSet criteria,
                                                                 @Nonnull
                                                                 Predicate<String> whitelistBlacklistPredicate)

Overrides:

resolveAndPopulateCredentialAndSignatureAlgorithm in class BasicSignatureSigningParametersResolver

credentialSupportsSigningMethod

protected boolean credentialSupportsSigningMethod(@Nonnull
                                                  Credential credential,
                                                  @Nonnull @NotEmpty
                                                  SigningMethod signingMethod)

Evaluate whether the specified credential is supported for use with the specified SigningMethod.

Parameters:

credential - the credential to evaluate

signingMethod - the signing method to evaluate

Returns:

true if credential may be used with the supplied algorithm URI, false otherwise

resolveReferenceDigestMethod

@Nullable
protected String resolveReferenceDigestMethod(@Nonnull
                                              CriteriaSet criteria,
                                              @Nonnull
                                              Predicate<String> whitelistBlacklistPredicate)

Overrides:

resolveReferenceDigestMethod in class BasicSignatureSigningParametersResolver

getExtensions

@Nullable
protected List<XMLObject> getExtensions(@Nonnull
                                        RoleDescriptor roleDescriptor,
                                        @Nonnull
                                        QName extensionName)

Get the extensions indicated by the passed QName. The passed RoleDescriptor's Extensions element is examined first. If at least 1 such extension is found there, that list is returned. If no such extensions are found on the RoleDescriptor, then the RoleDescriptor's parent EntityDescriptor will be examined, if it exists.

Parameters:

roleDescriptor - the role descriptor instance to examine

extensionName - the extension name for which to search

Returns:

the list of extension XMLObjects found, or null