Class BasicSignatureSigningParametersResolver

java.lang.Object
org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver<SignatureSigningParameters>
org.opensaml.xmlsec.impl.BasicSignatureSigningParametersResolver
All Implemented Interfaces:
Resolver<SignatureSigningParameters,​CriteriaSet>, SignatureSigningParametersResolver
Direct Known Subclasses:
SAMLMetadataSignatureSigningParametersResolver

public class BasicSignatureSigningParametersResolver
extends AbstractSecurityParametersResolver<SignatureSigningParameters>
implements SignatureSigningParametersResolver
Basic implementation of SignatureSigningParametersResolver.

The following Criterion inputs are supported:

  • Field Details

    • log

      private org.slf4j.Logger log
      Logger.
    • algorithmRegistry

      private AlgorithmRegistry algorithmRegistry
      The AlgorithmRegistry used when processing algorithm URIs.
  • Constructor Details

    • BasicSignatureSigningParametersResolver

      public BasicSignatureSigningParametersResolver()
      Constructor.
  • Method Details

    • getAlgorithmRegistry

      public AlgorithmRegistry getAlgorithmRegistry()
      Get the AlgorithmRegistry instance used when resolving algorithm URIs. Defaults to the registry obtained via AlgorithmSupport.getGlobalAlgorithmRegistry().
      Returns:
      the algorithm registry instance
    • setAlgorithmRegistry

      public void setAlgorithmRegistry​(@Nonnull AlgorithmRegistry registry)
      Set the AlgorithmRegistry instance used when resolving algorithm URIs. Defaults to the registry obtained via AlgorithmSupport.getGlobalAlgorithmRegistry().
      Parameters:
      registry - the new algorithm registry instance
    • resolve

      @Nonnull public Iterable<SignatureSigningParameters> resolve​(@Nonnull CriteriaSet criteria) throws ResolverException
      Specified by:
      resolve in interface Resolver<SignatureSigningParameters,​CriteriaSet>
      Throws:
      ResolverException
    • resolveSingle

      @Nullable public SignatureSigningParameters resolveSingle​(@Nonnull CriteriaSet criteria) throws ResolverException
      Specified by:
      resolveSingle in interface Resolver<SignatureSigningParameters,​CriteriaSet>
      Throws:
      ResolverException
    • logResult

      protected void logResult​(@Nonnull SignatureSigningParameters params)
      Log the resolved parameters.
      Parameters:
      params - the resolved param
    • validate

      protected boolean validate​(@Nonnull SignatureSigningParameters params)
      Validate that the SignatureSigningParameters instance has all the required properties populated.
      Parameters:
      params - the parameters instance to evaluate
      Returns:
      true if parameters instance passes validation, false otherwise
    • getIncludeExcludePredicate

      @Nonnull protected Predicate<String> getIncludeExcludePredicate​(@Nonnull CriteriaSet criteria)
      Get a predicate which implements the effective configured include/exclude policy.
      Parameters:
      criteria - the input criteria being evaluated
      Returns:
      include/exclude predicate instance
    • getWhitelistBlacklistPredicate

      @Deprecated(since="4.1.0", forRemoval=true) @Nonnull protected Predicate<String> getWhitelistBlacklistPredicate​(@Nonnull CriteriaSet criteria)
      Deprecated, for removal: This API element is subject to removal in a future version.
      Get a predicate which implements the effective configured include/exclude policy.
      Parameters:
      criteria - the input criteria being evaluated
      Returns:
      include/exclude predicate instance
    • resolveAndPopulateCredentialAndSignatureAlgorithm

      protected void resolveAndPopulateCredentialAndSignatureAlgorithm​(@Nonnull SignatureSigningParameters params, @Nonnull CriteriaSet criteria, Predicate<String> includeExcludePredicate)
      Resolve and populate the signing credential and signature method algorithm URI on the supplied parameters instance.
      Parameters:
      params - the parameters instance being populated
      criteria - the input criteria being evaluated
      includeExcludePredicate - the include/exclude predicate with which to evaluate the candidate signing method algorithm URIs
    • getAlgorithmRuntimeSupportedPredicate

      @Nonnull protected Predicate<String> getAlgorithmRuntimeSupportedPredicate()
      Get a predicate which evaluates whether a cryptographic algorithm is supported by the runtime environment.
      Returns:
      the predicate
    • credentialSupportsAlgorithm

      protected boolean credentialSupportsAlgorithm​(@Nonnull Credential credential, @Nonnull @NotEmpty String algorithm)
      Evaluate whether the specified credential is supported for use with the specified algorithm URI.
      Parameters:
      credential - the credential to evaluate
      algorithm - the algorithm URI to evaluate
      Returns:
      true if credential may be used with the supplied algorithm URI, false otherwise
    • getEffectiveSigningCredentials

      @Nonnull protected List<Credential> getEffectiveSigningCredentials​(@Nonnull CriteriaSet criteria)
      Get the effective list of signing credentials to consider.
      Parameters:
      criteria - the input criteria being evaluated
      Returns:
      the list of credentials
    • getEffectiveSignatureAlgorithms

      @Nonnull protected List<String> getEffectiveSignatureAlgorithms​(@Nonnull CriteriaSet criteria, @Nonnull Predicate<String> includeExcludePredicate)
      Get the effective list of signature algorithm URIs to consider, including application of include/exclude policy.
      Parameters:
      criteria - the input criteria being evaluated
      includeExcludePredicate - the include/exclude predicate to use
      Returns:
      the list of effective algorithm URIs
    • resolveReferenceDigestMethod

      @Nullable protected String resolveReferenceDigestMethod​(@Nonnull CriteriaSet criteria, @Nonnull Predicate<String> includeExcludePredicate)
      Resolve and return the digest method algorithm URI to use, including application of include/exclude policy.
      Parameters:
      criteria - the input criteria being evaluated
      includeExcludePredicate - the include/exclude predicate to use
      Returns:
      the resolved digest method algorithm URI
    • resolveCanonicalizationAlgorithm

      @Nullable protected String resolveCanonicalizationAlgorithm​(@Nonnull CriteriaSet criteria)
      Resolve and return the canonicalization algorithm URI to use.
      Parameters:
      criteria - the input criteria being evaluated
      Returns:
      the canonicalization algorithm URI
    • resolveReferenceCanonicalizationAlgorithm

      @Nullable protected String resolveReferenceCanonicalizationAlgorithm​(@Nonnull CriteriaSet criteria)
      Resolve and return the reference canonicalization algorithm URI to use.
      Parameters:
      criteria - the input criteria being evaluated
      Returns:
      the reference canonicalization algorithm URI
    • resolveKeyInfoGenerator

      @Nullable protected KeyInfoGenerator resolveKeyInfoGenerator​(@Nonnull CriteriaSet criteria, @Nonnull Credential signingCredential)
      Resolve and return the KeyInfoGenerator instance to use with the specified credential.
      Parameters:
      criteria - the input criteria being evaluated
      signingCredential - the credential being evaluated
      Returns:
      KeyInfo generator instance, or null
    • resolveHMACOutputLength

      @Nullable protected Integer resolveHMACOutputLength​(@Nonnull CriteriaSet criteria, @Nonnull Credential signingCredential, @Nonnull @NotEmpty String algorithmURI)
      Resolve and return the effective HMAC output length to use, if applicable to the specified signing credential and signature method algorithm URI.
      Parameters:
      criteria - the input criteria being evaluated
      signingCredential - the signing credential being evaluated
      algorithmURI - the signature method algorithm URI being evaluated
      Returns:
      the HMAC output length to use, or null