Package net.shibboleth.idp.authn.impl
Class X500SubjectCanonicalization
java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
net.shibboleth.idp.profile.AbstractProfileAction
net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction
net.shibboleth.idp.authn.impl.X500SubjectCanonicalization
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction,Aware,MessageSource,MessageSourceAware,Action
An action that operates on a
SubjectCanonicalizationContext child of the current
ProfileRequestContext, and transforms the input Subject
into a principal name by searching for one and only one X509Certificate public credential,
or in its absence one and only one X500Principal.
A list of OIDs is used to locate an RDN to extract from the Subject DN and use as the principal name after applying the transforms from the base class.
Alternatively, a list of subjectAltName extension types may be specified, which takes precedence over the subject, if a match is found.
- Event:
EventIds.PROCEED_EVENT_ID,AuthnEventIds.INVALID_SUBJECT- Precondition:
ProfileRequestContext.getSubcontext(SubjectCanonicalizationContext.class) != null
- Postcondition:
SubjectCanonicalizationContext.getPrincipalName() != null || SubjectCanonicalizationContext.getException() != null
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classA predicate that determines if this action can run or not. -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate X509CertificateThe certificate to operate on.private static final StringCommon Name (CN) OID.private final X500SubjectCanonicalization.ActivationConditionSupplies logic for pre-execute test.private final org.slf4j.LoggerClass logger.OIDs to search for.subjectAltName types to search for.private X500PrincipalThe subject DN to operate on. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voiddoExecute(ProfileRequestContext profileRequestContext, SubjectCanonicalizationContext c14nContext) Performs this authentication action.protected booleandoPreExecute(ProfileRequestContext profileRequestContext, SubjectCanonicalizationContext c14nContext) Performs this c14n action's pre-execute step.protected StringFind an RDN with the specified OID.voidsetObjectIds(List<String> ids) Set the OIDs to search for, in order of preference.voidsetSubjectAltNameTypes(List<Integer> types) Set the subjectAltName types to search for, in order of preference.Methods inherited from class net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction
applyTransforms, doExecute, doPreExecute, setLookupStrategy, setLowercase, setTransforms, setTrim, setUppercaseMethods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategyMethods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationConditionMethods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponseMethods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitializedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
Field Details
-
CN_OID
Common Name (CN) OID.- See Also:
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
embeddedPredicate
Supplies logic for pre-execute test. -
subjectAltNameTypes
subjectAltName types to search for. -
objectIds
OIDs to search for. -
certificate
The certificate to operate on. -
x500Principal
The subject DN to operate on.
-
-
Constructor Details
-
X500SubjectCanonicalization
public X500SubjectCanonicalization()Constructor.
-
-
Method Details
-
setSubjectAltNameTypes
Set the subjectAltName types to search for, in order of preference.- Parameters:
types- types to search for
-
setObjectIds
Set the OIDs to search for, in order of preference.- Parameters:
ids- RDN OIDs to search for
-
doPreExecute
protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext c14nContext) Performs this c14n action's pre-execute step. Default implementation just returns true iff a subject is set.- Overrides:
doPreExecutein classAbstractSubjectCanonicalizationAction- Parameters:
profileRequestContext- the current IdP profile request contextc14nContext- the current subject canonicalization context- Returns:
- true iff execution should continue
-
doExecute
protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext c14nContext) Performs this authentication action. Default implementation throws an exception.- Overrides:
doExecutein classAbstractSubjectCanonicalizationAction- Parameters:
profileRequestContext- the current IdP profile request contextc14nContext- the current subject canonicalization context
-
findRDN
@Nullable protected String findRDN(@Nonnull org.cryptacular.x509.dn.RDNSequence sequence, @Nonnull @NotEmpty String oid) Find an RDN with the specified OID.- Parameters:
sequence- the DN componentsoid- the OID to look for- Returns:
- the first matching RDN value, or null
-