Package org.opensaml.saml.saml2.profile.impl

Class AbstractEncryptAction

java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction
All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, ProfileAction
Direct Known Subclasses:
EncryptAssertions, EncryptAttributes, EncryptNameIDs
public abstract class AbstractEncryptAction
extends AbstractConditionalProfileAction
Abstract base class for actions that perform simple unicast SAML encryption to a single decrypting party.

The EncryptionContext governing the encryption process is located by a lookup strategy, by default a child of the outbound message context.

An optional recipient name is also obtained from a lookup strategy.

  • Field Details

  • Constructor Details

    • AbstractEncryptAction

      public AbstractEncryptAction()
      Constructor.

  • Method Details

    • setEncryptionContextLookupStrategy

      public void setEncryptionContextLookupStrategy​(@Nonnull Function<ProfileRequestContext,​EncryptionContext> strategy)
      Set the strategy used to locate the EncryptionContext associated with a given ProfileRequestContext.
      Parameters:
      strategy - lookup strategy

    • setRecipientLookupStrategy

      public void setRecipientLookupStrategy​(@Nonnull Function<ProfileRequestContext,​String> strategy)
      Set the strategy used to locate the encryption recipient.
      Parameters:
      strategy - lookup strategy

    • setKeyPlacementLookupStrategy

      public void setKeyPlacementLookupStrategy​(@Nonnull Function<ProfileRequestContext,​Encrypter.KeyPlacement> strategy)
      Set the strategy used to determine the encrypted key placement strategy.
      Parameters:
      strategy - lookup strategy

    • setEncryptToSelf

      public void setEncryptToSelf​(@Nonnull Predicate<ProfileRequestContext> predicate)
      Set the predicate used to determine whether to perform encrypt-to-self.
      Parameters:
      predicate - the encrypt-to-self predicate

    • setEncryptToSelfParametersStrategy

      public void setEncryptToSelfParametersStrategy​(@Nullable Function<Pair<ProfileRequestContext,​EncryptionParameters>,​List<EncryptionParameters>> strategy)
      Set the strategy used to resolve the encrypt-to-self parameters.
      Parameters:
      strategy - the encrypt-to-self predicate

    • setSelfRecipientLookupStrategy

      public void setSelfRecipientLookupStrategy​(@Nullable Function<ProfileRequestContext,​String> strategy)
      Set the strategy used to locate the self identity value to use.
      Parameters:
      strategy - lookup strategy

    • getEncrypter

      @Nullable public Encrypter getEncrypter()
      Get the encrypter.
      Returns:
      the encrypter

    • doPreExecute

      protected boolean doPreExecute​(@Nonnull ProfileRequestContext profileRequestContext)
      Called prior to execution, actions may override this method to perform pre-processing for a request.

      If false is returned, execution will not proceed, and the action should attach an EventContext to the context tree to signal how to continue with overall workflow processing.

      If returning successfully, the last step should be to return the result of the superclass version of this method.

      Overrides:
      doPreExecute in class AbstractConditionalProfileAction
      Parameters:
      profileRequestContext - the current IdP profile request context
      Returns:
      true iff execution should proceed

    • getApplicableParameters

      @Nullable protected abstract EncryptionParameters getApplicableParameters​(@Nullable EncryptionContext ctx)
      Return the right set of parameters for the operation to be performed, or none if no encryption should occur.
      Parameters:
      ctx - possibly null input context to pull parameters from
      Returns:
      the right parameter set, or null for none