BasicSignatureSigningParametersResolver

java.lang.Object
- org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver<SignatureSigningParameters>
- - org.opensaml.xmlsec.impl.BasicSignatureSigningParametersResolver

All Implemented Interfaces:

net.shibboleth.utilities.java.support.resolver.Resolver<SignatureSigningParameters,net.shibboleth.utilities.java.support.resolver.CriteriaSet>, SignatureSigningParametersResolver

Direct Known Subclasses:

SAMLMetadataSignatureSigningParametersResolver
```
public class BasicSignatureSigningParametersResolver
extends AbstractSecurityParametersResolver<SignatureSigningParameters>
implements SignatureSigningParametersResolver
```
Basic implementation of SignatureSigningParametersResolver.
The following Criterion inputs are supported:
- SignatureSigningConfigurationCriterion - required
- KeyInfoGenerationProfileCriterion - optional

Field Summary

Fields
Modifier and Type Field and Description

private AlgorithmRegistry algorithmRegistry
The AlgorithmRegistry used when processing algorithm URIs.

private org.slf4j.Logger log
Logger.

Fields
Modifier and Type	Field and Description
`private AlgorithmRegistry`	`algorithmRegistry` The AlgorithmRegistry used when processing algorithm URIs.
`private org.slf4j.Logger`	`log` Logger.

Constructor Summary

Constructors
Constructor and Description

BasicSignatureSigningParametersResolver()
Constructor.

Constructors
Constructor and Description
`BasicSignatureSigningParametersResolver()` Constructor.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected boolean`	`credentialSupportsAlgorithm(Credential credential, java.lang.String algorithm)` Evaluate whether the specified credential is supported for use with the specified algorithm URI.
`AlgorithmRegistry`	`getAlgorithmRegistry()` Get the `AlgorithmRegistry` instance used when resolving algorithm URIs.
`protected com.google.common.base.Predicate<java.lang.String>`	`getAlgorithmRuntimeSupportedPredicate()` Get a predicate which evaluates whether a cryptographic algorithm is supported by the runtime environment.
`protected java.util.List<java.lang.String>`	`getEffectiveSignatureAlgorithms(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, com.google.common.base.Predicate<java.lang.String> whitelistBlacklistPredicate)` Get the effective list of signature algorithm URIs to consider, including application of whitelist/blacklist policy.
`protected java.util.List<Credential>`	`getEffectiveSigningCredentials(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)` Get the effective list of signing credentials to consider.
`protected com.google.common.base.Predicate<java.lang.String>`	`getWhitelistBlacklistPredicate(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)` Get a predicate which implements the effective configured whitelist/blacklist policy.
`protected void`	`logResult(SignatureSigningParameters params)` Log the resolved parameters.
`java.lang.Iterable<SignatureSigningParameters>`	`resolve(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)`
`protected void`	`resolveAndPopulateCredentialAndSignatureAlgorithm(SignatureSigningParameters params, net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, com.google.common.base.Predicate<java.lang.String> whitelistBlacklistPredicate)` Resolve and populate the signing credential and signature method algorithm URI on the supplied parameters instance.
`protected java.lang.String`	`resolveCanonicalizationAlgorithm(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)` Resolve and return the canonicalization algorithm URI to use.
`protected java.lang.Integer`	`resolveHMACOutputLength(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, Credential signingCredential, java.lang.String algorithmURI)` Resolve and return the effective HMAC output length to use, if applicable to the specified signing credential and signature method algorithm URI.
`protected KeyInfoGenerator`	`resolveKeyInfoGenerator(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, Credential signingCredential)` Resolve and return the `KeyInfoGenerator` instance to use with the specified credential.
`protected java.lang.String`	`resolveReferenceDigestMethod(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, com.google.common.base.Predicate<java.lang.String> whitelistBlacklistPredicate)` Resolve and return the digest method algorithm URI to use, including application of whitelist/blacklist policy.
`SignatureSigningParameters`	`resolveSingle(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)`
`void`	`setAlgorithmRegistry(AlgorithmRegistry registry)` Set the `AlgorithmRegistry` instance used when resolving algorithm URIs.
`protected boolean`	`validate(SignatureSigningParameters params)` Validate that the `SignatureSigningParameters` instance has all the required properties populated.

Methods inherited from class org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver
lookupKeyInfoGenerator, resolveAndPopulateWhiteAndBlacklists, resolveEffectiveBlacklist, resolveEffectiveWhitelist, resolveWhitelistBlacklistPrecedence, resolveWhitelistBlacklistPredicate

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail
- log
```
private org.slf4j.Logger log
```
  Logger.
- algorithmRegistry
```
private AlgorithmRegistry algorithmRegistry
```
  The AlgorithmRegistry used when processing algorithm URIs.

Constructor Detail
- BasicSignatureSigningParametersResolver
```
public BasicSignatureSigningParametersResolver()
```
  Constructor.

Method Detail

getAlgorithmRegistry
```
public AlgorithmRegistry getAlgorithmRegistry()
```
Get the AlgorithmRegistry instance used when resolving algorithm URIs. Defaults to the registry obtained via AlgorithmSupport.getGlobalAlgorithmRegistry().

Returns:

the algorithm registry instance

setAlgorithmRegistry
```
public void setAlgorithmRegistry(@Nonnull
                                 AlgorithmRegistry registry)
```
Set the AlgorithmRegistry instance used when resolving algorithm URIs. Defaults to the registry obtained via AlgorithmSupport.getGlobalAlgorithmRegistry().

Parameters:

registry - the new algorithm registry instance

resolve

@Nonnull
public java.lang.Iterable<SignatureSigningParameters> resolve(@Nonnull
                                                                       net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
                                                                throws net.shibboleth.utilities.java.support.resolver.ResolverException

Specified by:: resolve in interface net.shibboleth.utilities.java.support.resolver.Resolver<SignatureSigningParameters,net.shibboleth.utilities.java.support.resolver.CriteriaSet>
Throws:: net.shibboleth.utilities.java.support.resolver.ResolverException

resolveSingle

@Nullable
public SignatureSigningParameters resolveSingle(@Nonnull
                                                          net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
                                                   throws net.shibboleth.utilities.java.support.resolver.ResolverException

Specified by:: resolveSingle in interface net.shibboleth.utilities.java.support.resolver.Resolver<SignatureSigningParameters,net.shibboleth.utilities.java.support.resolver.CriteriaSet>
Throws:: net.shibboleth.utilities.java.support.resolver.ResolverException

logResult

protected void logResult(@Nonnull
                         SignatureSigningParameters params)

Log the resolved parameters.

Parameters:: params - the resolved param

validate
```
protected boolean validate(@Nonnull
                           SignatureSigningParameters params)
```
Validate that the SignatureSigningParameters instance has all the required properties populated.

Parameters:

params - the parameters instance to evaluate

Returns:

true if parameters instance passes validation, false otherwise

getWhitelistBlacklistPredicate

@Nonnull
protected com.google.common.base.Predicate<java.lang.String> getWhitelistBlacklistPredicate(@Nonnull
                                                                                                     net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)

Get a predicate which implements the effective configured whitelist/blacklist policy.

Parameters:: criteria - the input criteria being evaluated
Returns:: a whitelist/blacklist predicate instance

resolveAndPopulateCredentialAndSignatureAlgorithm

protected void resolveAndPopulateCredentialAndSignatureAlgorithm(@Nonnull
                                                                 SignatureSigningParameters params,
                                                                 @Nonnull
                                                                 net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
                                                                 com.google.common.base.Predicate<java.lang.String> whitelistBlacklistPredicate)

Resolve and populate the signing credential and signature method algorithm URI on the supplied parameters instance.

Parameters:: params - the parameters instance being populated; criteria - the input criteria being evaluated; whitelistBlacklistPredicate - the whitelist/blacklist predicate with which to evaluate the candidate signing method algorithm URIs

getAlgorithmRuntimeSupportedPredicate
```
@Nonnull
protected com.google.common.base.Predicate<java.lang.String> getAlgorithmRuntimeSupportedPredicate()
```
Get a predicate which evaluates whether a cryptographic algorithm is supported by the runtime environment.

Returns:

the predicate

credentialSupportsAlgorithm

protected boolean credentialSupportsAlgorithm(@Nonnull
                                              Credential credential,
                                              @Nonnull @NotEmpty
                                              java.lang.String algorithm)

Evaluate whether the specified credential is supported for use with the specified algorithm URI.

Parameters:: credential - the credential to evaluate; algorithm - the algorithm URI to evaluate
Returns:: true if credential may be used with the supplied algorithm URI, false otherwise

getEffectiveSigningCredentials

@Nonnull
protected java.util.List<Credential> getEffectiveSigningCredentials(@Nonnull
                                                                             net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)

Get the effective list of signing credentials to consider.

Parameters:: criteria - the input criteria being evaluated
Returns:: the list of credentials

getEffectiveSignatureAlgorithms

@Nonnull
protected java.util.List<java.lang.String> getEffectiveSignatureAlgorithms(@Nonnull
                                                                                    net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
                                                                                    @Nonnull
                                                                                    com.google.common.base.Predicate<java.lang.String> whitelistBlacklistPredicate)

Get the effective list of signature algorithm URIs to consider, including application of whitelist/blacklist policy.

Parameters:: criteria - the input criteria being evaluated; whitelistBlacklistPredicate - the whitelist/blacklist predicate to use
Returns:: the list of effective algorithm URIs

resolveReferenceDigestMethod

@Nullable
protected java.lang.String resolveReferenceDigestMethod(@Nonnull
                                                                  net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
                                                                  @Nonnull
                                                                  com.google.common.base.Predicate<java.lang.String> whitelistBlacklistPredicate)

Resolve and return the digest method algorithm URI to use, including application of whitelist/blacklist policy.

Parameters:: criteria - the input criteria being evaluated; whitelistBlacklistPredicate - the whitelist/blacklist predicate to use
Returns:: the resolved digest method algorithm URI

resolveCanonicalizationAlgorithm

@Nullable
protected java.lang.String resolveCanonicalizationAlgorithm(@Nonnull
                                                                      net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)

Resolve and return the canonicalization algorithm URI to use.

Parameters:: criteria - the input criteria being evaluated
Returns:: the canonicalization algorithm URI

resolveKeyInfoGenerator

@Nullable
protected KeyInfoGenerator resolveKeyInfoGenerator(@Nonnull
                                                             net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
                                                             @Nonnull
                                                             Credential signingCredential)

Resolve and return the KeyInfoGenerator instance to use with the specified credential.

Parameters:: criteria - the input criteria being evaluated; signingCredential - the credential being evaluated
Returns:: KeyInfo generator instance, or null

resolveHMACOutputLength

@Nullable
protected java.lang.Integer resolveHMACOutputLength(@Nonnull
                                                              net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
                                                              @Nonnull
                                                              Credential signingCredential,
                                                              @Nonnull @NotEmpty
                                                              java.lang.String algorithmURI)

Resolve and return the effective HMAC output length to use, if applicable to the specified signing credential and signature method algorithm URI.

Parameters:: criteria - the input criteria being evaluated; signingCredential - the signing credential being evaluated; algorithmURI - the signature method algorithm URI being evaluated
Returns:: the HMAC output length to use, or null

Class BasicSignatureSigningParametersResolver

Field Summary

Constructor Summary

Method Summary

Methods inherited from class org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver

Methods inherited from class java.lang.Object

Field Detail

log

algorithmRegistry

Constructor Detail