Package net.shibboleth.idp.saml.saml2.profile.impl

Class PopulateEncryptionParameters

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class PopulateEncryptionParameters
extends AbstractProfileAction

Action that resolves and populates EncryptionParameters on an EncryptionContext created/accessed via a lookup function, by default on a RelyingPartyContext child of the profile request context.

The resolution process is contingent on the active profile configuration requesting encryption of some kind, and an EncryptionContext is also created to capture these requirements.

The OpenSAML default, per-RelyingParty, and default per-profile EncryptionConfiguration objects are input to the resolution process, along with the relying party's SAML metadata, which in most cases will be the source of the eventual encryption key.

Event:

EventIds.PROCEED_EVENT_ID, EventIds.INVALID_PROFILE_CTX, EventIds.INVALID_SEC_CFG, IdPEventIds.INVALID_RELYING_PARTY_CTX, IdPEventIds.INVALID_PROFILE_CONFIG

Field Summary

Fields

Modifier and Type	Field	Description
private Function<ProfileRequestContext,List<EncryptionConfiguration>>	configurationLookupStrategy	Strategy used to look up a per-request EncryptionConfiguration list.
private EncryptionParametersResolver	encParamsresolver	Resolver for parameters to store into context.
private boolean	encryptAssertions	Flag tracking whether assertion encryption is required.
private boolean	encryptAttributes	Flag tracking whether assertion encryption is required.
private boolean	encryptIdentifiers	Flag tracking whether assertion encryption is required.
private List<EncryptionConfiguration>	encryptionConfigurations	Active configurations to feed into resolver.
private Function<ProfileRequestContext,EncryptionContext>	encryptionContextLookupStrategy	Strategy used to look up the EncryptionContext to store parameters in.
private boolean	encryptionOptional	Is encryption optional in the case no parameters can be resolved?
private org.slf4j.Logger	log	Class logger.
private Function<ProfileRequestContext,SAMLPeerEntityContext>	peerContextLookupStrategy	Strategy used to look up a SAML peer context.
private QName	peerRole	Metadata role type to provide to resolver.
private Function<ProfileRequestContext,RelyingPartyContext>	relyingPartyContextLookupStrategy	Strategy used to look up a RelyingPartyContext for configuration options.
private String	samlProtocol	Metadata protocolSupportEnumeration value to provide to resolver.

Constructor Summary

Constructors

Constructor	Description
PopulateEncryptionParameters()	Constructor.

Method Summary

Modifier and Type	Method	Description
private CriteriaSet	buildCriteriaSet(ProfileRequestContext profileRequestContext)	Build the criteria used as input to the EncryptionParametersResolver.
protected void	doExecute(ProfileRequestContext profileRequestContext)
protected void	doInitialize()
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext)
void	setConfigurationLookupStrategy(Function<ProfileRequestContext,List<EncryptionConfiguration>> strategy)	Set the strategy used to look up a per-request EncryptionConfiguration list.
void	setEncryptionContextLookupStrategy(Function<ProfileRequestContext,EncryptionContext> strategy)	Set the strategy used to look up the EncryptionContext to set the flags for.
void	setEncryptionParametersResolver(EncryptionParametersResolver newResolver)	Set the encParamsresolver to use for the parameters to store into the context.
void	setPeerContextLookupStrategy(Function<ProfileRequestContext,SAMLPeerEntityContext> strategy)	Set lookup strategy for SAMLPeerEntityContext for input to resolution.
void	setProtocol(String protocol)	Set the protocol constant to use during resolution.
void	setRelyingPartyContextLookupStrategy(Function<ProfileRequestContext,RelyingPartyContext> strategy)	Set the strategy used to return the RelyingPartyContext for configuration options.
void	setRole(QName role)	Set the operational role to use during resolution.

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Details

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

relyingPartyContextLookupStrategy

@Nonnull
private Function<ProfileRequestContext,RelyingPartyContext> relyingPartyContextLookupStrategy

Strategy used to look up a RelyingPartyContext for configuration options.

encryptionContextLookupStrategy

@Nonnull
private Function<ProfileRequestContext,EncryptionContext> encryptionContextLookupStrategy

Strategy used to look up the EncryptionContext to store parameters in.

peerContextLookupStrategy

@Nullable
private Function<ProfileRequestContext,SAMLPeerEntityContext> peerContextLookupStrategy

Strategy used to look up a SAML peer context.

samlProtocol

@Nullable
private String samlProtocol

Metadata protocolSupportEnumeration value to provide to resolver.

peerRole

@Nullable
private QName peerRole

Metadata role type to provide to resolver.

configurationLookupStrategy

@NonnullAfterInit
private Function<ProfileRequestContext,List<EncryptionConfiguration>> configurationLookupStrategy

Strategy used to look up a per-request EncryptionConfiguration list.

encParamsresolver

@NonnullAfterInit
private EncryptionParametersResolver encParamsresolver

Resolver for parameters to store into context.

encryptionConfigurations

@Nullable
@NonnullElements
private List<EncryptionConfiguration> encryptionConfigurations

Active configurations to feed into resolver.

encryptionOptional

private boolean encryptionOptional

Is encryption optional in the case no parameters can be resolved?

encryptAssertions

private boolean encryptAssertions

Flag tracking whether assertion encryption is required.

encryptIdentifiers

private boolean encryptIdentifiers

Flag tracking whether assertion encryption is required.

encryptAttributes

private boolean encryptAttributes

Flag tracking whether assertion encryption is required.

Constructor Details

PopulateEncryptionParameters

public PopulateEncryptionParameters()

Constructor.

Method Details

setRelyingPartyContextLookupStrategy

public void setRelyingPartyContextLookupStrategy(@Nonnull
Function<ProfileRequestContext,RelyingPartyContext> strategy)

Set the strategy used to return the RelyingPartyContext for configuration options.

Parameters:

strategy - lookup strategy

setEncryptionContextLookupStrategy

public void setEncryptionContextLookupStrategy(@Nonnull
Function<ProfileRequestContext,EncryptionContext> strategy)

Set the strategy used to look up the EncryptionContext to set the flags for.

Parameters:

strategy - lookup strategy

setProtocol

public void setProtocol(@Nullable
String protocol)

Set the protocol constant to use during resolution.

Parameters:

protocol - the protocol constant to set

setRole

public void setRole(@Nullable
QName role)

Set the operational role to use during resolution.

Parameters:

role - the operational role to set

setConfigurationLookupStrategy

public void setConfigurationLookupStrategy(@Nonnull
Function<ProfileRequestContext,List<EncryptionConfiguration>> strategy)

Set the strategy used to look up a per-request EncryptionConfiguration list.

Parameters:

strategy - lookup strategy

setPeerContextLookupStrategy

public void setPeerContextLookupStrategy(@Nullable
Function<ProfileRequestContext,SAMLPeerEntityContext> strategy)

Set lookup strategy for SAMLPeerEntityContext for input to resolution.

Parameters:

strategy - lookup strategy

setEncryptionParametersResolver

public void setEncryptionParametersResolver(@Nonnull
EncryptionParametersResolver newResolver)

Set the encParamsresolver to use for the parameters to store into the context.

Parameters:

newResolver - encParamsresolver to use

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
ProfileRequestContext profileRequestContext)

Overrides:

doPreExecute in class AbstractConditionalProfileAction

doExecute

protected void doExecute(@Nonnull
ProfileRequestContext profileRequestContext)

Overrides:

doExecute in class AbstractProfileAction

buildCriteriaSet

@Nonnull
private CriteriaSet buildCriteriaSet(@Nonnull
ProfileRequestContext profileRequestContext)

Build the criteria used as input to the EncryptionParametersResolver.

Parameters:

profileRequestContext - current profile request context

Returns:

the criteria set to use