Package org.opensaml.xmlsec.impl

Class BasicSignatureSigningParametersResolver

java.lang.Object
org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver<SignatureSigningParameters>
org.opensaml.xmlsec.impl.BasicSignatureSigningParametersResolver
All Implemented Interfaces:
Resolver<SignatureSigningParameters,CriteriaSet>, SignatureSigningParametersResolver
Direct Known Subclasses:
SAMLMetadataSignatureSigningParametersResolver
public class BasicSignatureSigningParametersResolver extends AbstractSecurityParametersResolver<SignatureSigningParameters> implements SignatureSigningParametersResolver
Basic implementation of SignatureSigningParametersResolver.

The following Criterion inputs are supported:

  • Field Details

    • log

      private org.slf4j.Logger log
      Logger.

    • algorithmRegistry

      private AlgorithmRegistry algorithmRegistry
      The AlgorithmRegistry used when processing algorithm URIs.

  • Constructor Details

    • BasicSignatureSigningParametersResolver

      public BasicSignatureSigningParametersResolver()
      Constructor.

  • Method Details

    • getAlgorithmRegistry

      public AlgorithmRegistry getAlgorithmRegistry()
      Get the AlgorithmRegistry instance used when resolving algorithm URIs. Defaults to the registry obtained via AlgorithmSupport.getGlobalAlgorithmRegistry().
      Returns:
      the algorithm registry instance

    • setAlgorithmRegistry

      public void setAlgorithmRegistry(@Nonnull AlgorithmRegistry registry)
      Set the AlgorithmRegistry instance used when resolving algorithm URIs. Defaults to the registry obtained via AlgorithmSupport.getGlobalAlgorithmRegistry().
      Parameters:
      registry - the new algorithm registry instance

    • resolve

      @Nonnull public Iterable<SignatureSigningParameters> resolve(@Nonnull CriteriaSet criteria) throws ResolverException
      Specified by:
      resolve in interface Resolver<SignatureSigningParameters,CriteriaSet>
      Throws:
      ResolverException

    • resolveSingle

      @Nullable public SignatureSigningParameters resolveSingle(@Nonnull CriteriaSet criteria) throws ResolverException
      Specified by:
      resolveSingle in interface Resolver<SignatureSigningParameters,CriteriaSet>
      Throws:
      ResolverException

    • logResult

      protected void logResult(@Nonnull SignatureSigningParameters params)
      Log the resolved parameters.
      Parameters:
      params - the resolved param

    • validate

      protected boolean validate(@Nonnull SignatureSigningParameters params)
      Validate that the SignatureSigningParameters instance has all the required properties populated.
      Parameters:
      params - the parameters instance to evaluate
      Returns:
      true if parameters instance passes validation, false otherwise

    • getIncludeExcludePredicate

      @Nonnull protected Predicate<String> getIncludeExcludePredicate(@Nonnull CriteriaSet criteria)
      Get a predicate which implements the effective configured include/exclude policy.
      Parameters:
      criteria - the input criteria being evaluated
      Returns:
      include/exclude predicate instance

    • getWhitelistBlacklistPredicate

      @Deprecated(since="4.1.0", forRemoval=true) @Nonnull protected Predicate<String> getWhitelistBlacklistPredicate(@Nonnull CriteriaSet criteria)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Get a predicate which implements the effective configured include/exclude policy.
      Parameters:
      criteria - the input criteria being evaluated
      Returns:
      include/exclude predicate instance

    • resolveAndPopulateCredentialAndSignatureAlgorithm

      protected void resolveAndPopulateCredentialAndSignatureAlgorithm(@Nonnull SignatureSigningParameters params, @Nonnull CriteriaSet criteria, Predicate<String> includeExcludePredicate)
      Resolve and populate the signing credential and signature method algorithm URI on the supplied parameters instance.
      Parameters:
      params - the parameters instance being populated
      criteria - the input criteria being evaluated
      includeExcludePredicate - the include/exclude predicate with which to evaluate the candidate signing method algorithm URIs

    • getAlgorithmRuntimeSupportedPredicate

      @Nonnull protected Predicate<String> getAlgorithmRuntimeSupportedPredicate()
      Get a predicate which evaluates whether a cryptographic algorithm is supported by the runtime environment.
      Returns:
      the predicate

    • credentialSupportsAlgorithm

      protected boolean credentialSupportsAlgorithm(@Nonnull Credential credential, @Nonnull @NotEmpty String algorithm)
      Evaluate whether the specified credential is supported for use with the specified algorithm URI.
      Parameters:
      credential - the credential to evaluate
      algorithm - the algorithm URI to evaluate
      Returns:
      true if credential may be used with the supplied algorithm URI, false otherwise

    • getEffectiveSigningCredentials

      @Nonnull protected List<Credential> getEffectiveSigningCredentials(@Nonnull CriteriaSet criteria)
      Get the effective list of signing credentials to consider.
      Parameters:
      criteria - the input criteria being evaluated
      Returns:
      the list of credentials

    • getEffectiveSignatureAlgorithms

      @Nonnull protected List<String> getEffectiveSignatureAlgorithms(@Nonnull CriteriaSet criteria, @Nonnull Predicate<String> includeExcludePredicate)
      Get the effective list of signature algorithm URIs to consider, including application of include/exclude policy.
      Parameters:
      criteria - the input criteria being evaluated
      includeExcludePredicate - the include/exclude predicate to use
      Returns:
      the list of effective algorithm URIs

    • resolveReferenceDigestMethod

      @Nullable protected String resolveReferenceDigestMethod(@Nonnull CriteriaSet criteria, @Nonnull Predicate<String> includeExcludePredicate)
      Resolve and return the digest method algorithm URI to use, including application of include/exclude policy.
      Parameters:
      criteria - the input criteria being evaluated
      includeExcludePredicate - the include/exclude predicate to use
      Returns:
      the resolved digest method algorithm URI

    • resolveCanonicalizationAlgorithm

      @Nullable protected String resolveCanonicalizationAlgorithm(@Nonnull CriteriaSet criteria)
      Resolve and return the canonicalization algorithm URI to use.
      Parameters:
      criteria - the input criteria being evaluated
      Returns:
      the canonicalization algorithm URI

    • resolveReferenceCanonicalizationAlgorithm

      @Nullable protected String resolveReferenceCanonicalizationAlgorithm(@Nonnull CriteriaSet criteria)
      Resolve and return the reference canonicalization algorithm URI to use.
      Parameters:
      criteria - the input criteria being evaluated
      Returns:
      the reference canonicalization algorithm URI

    • resolveKeyInfoGenerator

      @Nullable protected KeyInfoGenerator resolveKeyInfoGenerator(@Nonnull CriteriaSet criteria, @Nonnull Credential signingCredential)
      Resolve and return the KeyInfoGenerator instance to use with the specified credential.
      Parameters:
      criteria - the input criteria being evaluated
      signingCredential - the credential being evaluated
      Returns:
      KeyInfo generator instance, or null

    • resolveHMACOutputLength

      @Nullable protected Integer resolveHMACOutputLength(@Nonnull CriteriaSet criteria, @Nonnull Credential signingCredential, @Nonnull @NotEmpty String algorithmURI)
      Resolve and return the effective HMAC output length to use, if applicable to the specified signing credential and signature method algorithm URI.
      Parameters:
      criteria - the input criteria being evaluated
      signingCredential - the signing credential being evaluated
      algorithmURI - the signature method algorithm URI being evaluated
      Returns:
      the HMAC output length to use, or null