Package net.shibboleth.idp.authn.impl

Class X509CertificateCredentialValidator

java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponent
net.shibboleth.idp.authn.AbstractCredentialValidator
net.shibboleth.idp.authn.impl.X509CertificateCredentialValidator
All Implemented Interfaces:
CredentialValidator, PrincipalSupportingComponent, Component, DestructableComponent, IdentifiableComponent, IdentifiedComponent, InitializableComponent
@ThreadSafeAfterInit public class X509CertificateCredentialValidator extends AbstractCredentialValidator
A credential validator that validates an X.509 certificate.
Since:
4.2.0

  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.

    • certContextLookupStrategy

      @Nonnull private Function<AuthenticationContext,CertificateContext> certContextLookupStrategy
      Lookup strategy for cert context.

    • trustEngine

      @Nullable private TrustEngine<? super X509Credential> trustEngine
      Optional trust engine to validate certificates against.

    • saveCertificateToCredentialSet

      private boolean saveCertificateToCredentialSet
      Whether to save the certificate in the Java Subject's public credentials.

  • Constructor Details

    • X509CertificateCredentialValidator

      public X509CertificateCredentialValidator()
      Constructor.

  • Method Details

    • setCertificateContextLookupStrategy

      public void setCertificateContextLookupStrategy(@Nonnull Function<AuthenticationContext,CertificateContext> strategy)
      Set the lookup strategy to locate the UsernamePasswordContext.
      Parameters:
      strategy - lookup strategy

    • setTrustEngine

      public void setTrustEngine(@Nullable TrustEngine<? super X509Credential> tm)
      Set a TrustEngine to use.
      Parameters:
      tm - trust engine to use

    • setSaveCertificateToCredentialSet

      public void setSaveCertificateToCredentialSet(boolean flag)
      Set whether to save the certificate in the Java Subject's public credentials.

      Defaults to true

      Parameters:
      flag - flag to set

    • doValidate

      @Nullable protected Subject doValidate(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext, @Nullable CredentialValidator.WarningHandler warningHandler, @Nullable CredentialValidator.ErrorHandler errorHandler) throws Exception
      Override method for subclasses to use to perform the actual validation.
      Specified by:
      doValidate in class AbstractCredentialValidator
      Parameters:
      profileRequestContext - profile request context
      authenticationContext - authentication context
      warningHandler - optional warning handler interface
      errorHandler - optional error handler interface
      Returns:
      the validated result, or null if inapplicable
      Throws:
      Exception - if an error occurs

    • populateSubject

      @Nonnull protected Subject populateSubject(@Nonnull X509Certificate certificate)
      Builds a subject with "standard" content from the validation.
      Parameters:
      certificate - the certificate validated
      Returns:
      the decorated subject