Package org.opensaml.saml.saml2.profile.impl

Class DecryptNameIDs

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.saml.saml2.profile.impl.AbstractDecryptAction

org.opensaml.saml.saml2.profile.impl.DecryptNameIDs

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction

public class DecryptNameIDs
extends AbstractDecryptAction

Action to decrypt an EncryptedID element and replace it with the decrypted NameID in situ.

All of the built-in SAML message types that may include an EncryptedID are potentially handled, but the actual message to handle is obtained via strategy function, by default the inbound message.

Event:

EventIds.PROCEED_EVENT_ID, SAMLEventIds.DECRYPT_NAMEID_FAILED

Field Summary

Fields

Modifier and Type	Field	Description
private org.slf4j.Logger	log	Class logger.

Constructor Summary

Constructors

Constructor	Description
DecryptNameIDs()

Method Summary

Modifier and Type	Method	Description
protected void	doExecute(ProfileRequestContext profileRequestContext)	Performs this action.
private void	processAssertion(ProfileRequestContext profileRequestContext, Assertion assertion)	Decrypt any EncryptedID found in an assertion and replace it with the result.
private NameID	processEncryptedID(ProfileRequestContext profileRequestContext, EncryptedID encID)	Decrypt an EncryptedID and return the result.
private void	processLogoutRequest(ProfileRequestContext profileRequestContext, LogoutRequest request)	Decrypt any EncryptedID found in a LogoutRequest and replace it with the result.
private void	processManageNameIDRequest(ProfileRequestContext profileRequestContext, ManageNameIDRequest request)	Decrypt any EncryptedID found in a ManageNameIDRequest and replace it with the result.
private void	processNameIDMappingRequest(ProfileRequestContext profileRequestContext, NameIDMappingRequest request)	Decrypt any EncryptedID found in a NameIDMappingRequest and replace it with the result.
private void	processNameIDMappingResponse(ProfileRequestContext profileRequestContext, NameIDMappingResponse response)	Decrypt any EncryptedID found in a NameIDMappingResponse and replace it with the result.
private NewID	processNewEncryptedID(ProfileRequestContext profileRequestContext, NewEncryptedID encID)	Decrypt a NewEncryptedID and return the result.
private void	processSubject(ProfileRequestContext profileRequestContext, Subject subject)	Decrypt any EncryptedID found in a subject and replace it with the result.

Methods inherited from class org.opensaml.saml.saml2.profile.impl.AbstractDecryptAction

doPreExecute, getDecrypter, getDecryptionPredicate, getSAMLObject, isErrorFatal, setDecryptionPredicate, setErrorFatal, setMessageLookupStrategy, setSecurityParametersContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Details

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

Constructor Details

DecryptNameIDs

public DecryptNameIDs()

Method Details

doExecute

protected void doExecute(@Nonnull
ProfileRequestContext profileRequestContext)

Performs this action. Actions must override this method to perform their work.

Overrides:

doExecute in class AbstractProfileAction

Parameters:

profileRequestContext - the current IdP profile request context

processEncryptedID

@Nullable
private NameID processEncryptedID(@Nonnull
ProfileRequestContext profileRequestContext,
@Nonnull
EncryptedID encID)
                           throws DecryptionException

Decrypt an EncryptedID and return the result.

Parameters:

profileRequestContext - current profile request context

encID - the encrypted object

Returns:

the decrypted name, or null if the object did not need decryption

Throws:

DecryptionException - if an error occurs during decryption

processNewEncryptedID

@Nullable
private NewID processNewEncryptedID(@Nonnull
ProfileRequestContext profileRequestContext,
@Nonnull
NewEncryptedID encID)
                             throws DecryptionException

Decrypt a NewEncryptedID and return the result.

Parameters:

profileRequestContext - current profile request context

encID - the encrypted object

Returns:

the decrypted name, or null if the object did not need decryption

Throws:

DecryptionException - if an error occurs during decryption

processSubject

private void processSubject(@Nonnull
ProfileRequestContext profileRequestContext,
@Nullable
Subject subject)
                     throws DecryptionException

Decrypt any EncryptedID found in a subject and replace it with the result.

Parameters:

profileRequestContext - current profile request context

subject - subject to operate on

Throws:

DecryptionException - if an error occurs

processLogoutRequest

private void processLogoutRequest(@Nonnull
ProfileRequestContext profileRequestContext,
@Nonnull
LogoutRequest request)
                           throws DecryptionException

Decrypt any EncryptedID found in a LogoutRequest and replace it with the result.

Parameters:

profileRequestContext - current profile request context

request - request to operate on

Throws:

DecryptionException - if an error occurs

processManageNameIDRequest

private void processManageNameIDRequest(@Nonnull
ProfileRequestContext profileRequestContext,
@Nonnull
ManageNameIDRequest request)
                                 throws DecryptionException

Decrypt any EncryptedID found in a ManageNameIDRequest and replace it with the result.

Parameters:

profileRequestContext - current profile request context

request - request to operate on

Throws:

DecryptionException - if an error occurs

processNameIDMappingRequest

private void processNameIDMappingRequest(@Nonnull
ProfileRequestContext profileRequestContext,
@Nonnull
NameIDMappingRequest request)
                                  throws DecryptionException

Decrypt any EncryptedID found in a NameIDMappingRequest and replace it with the result.

Parameters:

profileRequestContext - current profile request context

request - request to operate on

Throws:

DecryptionException - if an error occurs

processNameIDMappingResponse

private void processNameIDMappingResponse(@Nonnull
ProfileRequestContext profileRequestContext,
@Nonnull
NameIDMappingResponse response)
                                   throws DecryptionException

Decrypt any EncryptedID found in a NameIDMappingResponse and replace it with the result.

Parameters:

profileRequestContext - current profile request context

response - response to operate on

Throws:

DecryptionException - if an error occurs

processAssertion

private void processAssertion(@Nonnull
ProfileRequestContext profileRequestContext,
@Nonnull
Assertion assertion)
                       throws DecryptionException

Decrypt any EncryptedID found in an assertion and replace it with the result.

Parameters:

profileRequestContext - current profile request context

assertion - assertion to operate on

Throws:

DecryptionException - if an error occurs