Package net.shibboleth.idp.authn.impl
Class X500SubjectCanonicalization
java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
net.shibboleth.idp.profile.AbstractProfileAction
net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction
net.shibboleth.idp.authn.impl.X500SubjectCanonicalization
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction,Aware,MessageSource,MessageSourceAware,Action
An action that operates on a
SubjectCanonicalizationContext child of the current
ProfileRequestContext, and transforms the input Subject
into a principal name by searching for one and only one X509Certificate public credential,
or in its absence one and only one X500Principal.
A list of OIDs is used to locate an RDN to extract from the Subject DN and use as the principal name after applying the transforms from the base class.
Alternatively, a list of subjectAltName extension types may be specified, which takes precedence over the subject, if a match is found.
- Event:
EventIds.PROCEED_EVENT_ID,AuthnEventIds.INVALID_SUBJECT- Precondition:
ProfileRequestContext.getSubcontext(SubjectCanonicalizationContext.class) != null
- Postcondition:
SubjectCanonicalizationContext.getPrincipalName() != null || SubjectCanonicalizationContext.getException() != null
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classA predicate that determines if this action can run or not. -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate X509CertificateThe certificate to operate on.private static final StringCommon Name (CN) OID.private final X500SubjectCanonicalization.ActivationConditionSupplies logic for pre-execute test.private final org.slf4j.LoggerClass logger.OIDs to search for.subjectAltName types to search for.private X500PrincipalThe subject DN to operate on. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected voiddoExecute(ProfileRequestContext profileRequestContext, SubjectCanonicalizationContext c14nContext) Performs this authentication action.protected booleandoPreExecute(ProfileRequestContext profileRequestContext, SubjectCanonicalizationContext c14nContext) Performs this c14n action's pre-execute step.protected StringFind an RDN with the specified OID.voidsetObjectIds(List<String> ids) Set the OIDs to search for, in order of preference.voidsetSubjectAltNameTypes(List<Integer> types) Set the subjectAltName types to search for, in order of preference.Methods inherited from class net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction
applyTransforms, doExecute, doPreExecute, setLookupStrategy, setLowercase, setTransforms, setTrim, setUppercaseMethods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getBean, getBean, getMessage, getMessage, getMessage, getParameter, getParameter, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategyMethods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationConditionMethods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletRequestSupplier, getHttpServletResponse, getHttpServletResponseSupplier, getLogPrefix, setHttpServletRequest, setHttpServletRequestSupplier, setHttpServletResponse, setHttpServletResponseSupplierMethods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitializedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
Field Details
-
CN_OID
Common Name (CN) OID.- See Also:
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
embeddedPredicate
Supplies logic for pre-execute test. -
subjectAltNameTypes
subjectAltName types to search for. -
objectIds
OIDs to search for. -
certificate
The certificate to operate on. -
x500Principal
The subject DN to operate on.
-
-
Constructor Details
-
X500SubjectCanonicalization
public X500SubjectCanonicalization()Constructor.
-
-
Method Details
-
setSubjectAltNameTypes
Set the subjectAltName types to search for, in order of preference.- Parameters:
types- types to search for
-
setObjectIds
Set the OIDs to search for, in order of preference.- Parameters:
ids- RDN OIDs to search for
-
doPreExecute
protected boolean doPreExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext c14nContext) Performs this c14n action's pre-execute step. Default implementation just returns true iff a subject is set.- Overrides:
doPreExecutein classAbstractSubjectCanonicalizationAction- Parameters:
profileRequestContext- the current IdP profile request contextc14nContext- the current subject canonicalization context- Returns:
- true iff execution should continue
-
doExecute
protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull SubjectCanonicalizationContext c14nContext) Performs this authentication action. Default implementation throws an exception.- Overrides:
doExecutein classAbstractSubjectCanonicalizationAction- Parameters:
profileRequestContext- the current IdP profile request contextc14nContext- the current subject canonicalization context
-
findRDN
@Nullable protected String findRDN(@Nonnull org.cryptacular.x509.dn.RDNSequence sequence, @Nonnull @NotEmpty String oid) Find an RDN with the specified OID.- Parameters:
sequence- the DN componentsoid- the OID to look for- Returns:
- the first matching RDN value, or null
-