@Nullable @Override public Credential apply(String keyName) { final CriteriaSet cs = new CriteriaSet(); cs.add(new EntityIdCriterion(keyName)); try { return resolver.resolveSingle(cs); } catch (Throwable cause) { return Exceptions.throwUnsafely(cause); } } }
/** {@inheritDoc} */ @Override @Nullable protected String buildRequestURL(@Nonnull final CriteriaSet criteria) { final String entityID = StringSupport.trimOrNull(criteria.get(EntityIdCriterion.class).getEntityId()); if (entityID == null) { return null; } final String url = getRequestURLBuilder().apply(entityID); log.debug("{} URL generated by request builder was: {}", getLogPrefix(), url); return url; }
/** {@inheritDoc} */ @Override @Nonnull protected CriteriaSet buildCriteriaSet(@Nullable final String entityID, @Nonnull final MessageContext messageContext) throws MessageHandlerException { final CriteriaSet criteriaSet = new CriteriaSet(); if (!Strings.isNullOrEmpty(entityID)) { criteriaSet.add(new EntityIdCriterion(entityID) ); } criteriaSet.add(new EntityRoleCriterion(peerContext.getRole())); criteriaSet.add(new ProtocolCriterion(samlProtocolContext.getProtocol())); criteriaSet.add( new UsageCriterion(UsageType.SIGNING) ); final SecurityParametersContext secParamsContext = messageContext.getSubcontext(SecurityParametersContext.class); if (secParamsContext != null && secParamsContext.getSignatureValidationParameters() != null) { criteriaSet.add( new SignatureValidationParametersCriterion(secParamsContext.getSignatureValidationParameters())); } return criteriaSet; }
/** * Get the effective {@link UsageType} input to use. * * @param criteriaSet the criteria set being processed * @return the effective usage value */ @Nonnull protected UsageType getEffectiveUsageInput(@Nonnull final CriteriaSet criteriaSet) { final UsageCriterion usageCriteria = criteriaSet.get(UsageCriterion.class); if (usageCriteria != null) { return usageCriteria.getUsage(); } else { return UsageType.UNSPECIFIED; } }
/** * Resolve the list of self-encryption credentials. * * @param profileRequestContext the current profile request context * * @return the resolved credentials */ @Nonnull protected List<Credential> resolveCredentials( @Nonnull final ProfileRequestContext profileRequestContext) { try { ArrayList<Credential> credentials = new ArrayList<>(); Iterables.addAll(credentials, credentialResolver.resolve( new CriteriaSet(new UsageCriterion(UsageType.ENCRYPTION)))); return credentials; } catch (ResolverException e) { log.error("Error resolving IdP encryption credentials", e); return Collections.emptyList(); } }
@Nullable protected String resolveReferenceDigestMethod(@Nonnull final CriteriaSet criteria, @Nonnull final Predicate<String> whitelistBlacklistPredicate) { if (!criteria.contains(RoleDescriptorCriterion.class)) { return super.resolveReferenceDigestMethod(criteria, whitelistBlacklistPredicate); final List<XMLObject> digestMethods = getExtensions(criteria.get(RoleDescriptorCriterion.class).getRole(), DigestMethod.DEFAULT_ELEMENT_NAME);
/** {@inheritDoc} */ @Override @Nonnull protected CriteriaSet buildCriteriaSet(@Nullable final String entityID, @Nonnull final MessageContext messageContext) throws MessageHandlerException { final CriteriaSet criteriaSet = super.buildCriteriaSet(entityID, messageContext); try { log.trace("Attempting to build criteria based on contents of entity contxt class of type: {}", entityContextClass.getName()); final AbstractAuthenticatableSAMLEntityContext entityContext = messageContext.getSubcontext(entityContextClass); Constraint.isNotNull(entityContext, "Required authenticatable SAML entity context was not present " + "in message context: " + entityContextClass.getName()); Constraint.isNotNull(entityContext.getRole(), "SAML entity role was null"); criteriaSet.add(new EntityRoleCriterion(entityContext.getRole())); final SAMLProtocolContext protocolContext = messageContext.getSubcontext(SAMLProtocolContext.class); Constraint.isNotNull(protocolContext, "SAMLProtocolContext was null"); Constraint.isNotNull(protocolContext.getProtocol(), "SAML protocol was null"); criteriaSet.add(new ProtocolCriterion(protocolContext.getProtocol())); } catch (final ConstraintViolationException e) { throw new MessageHandlerException(e); } return criteriaSet; }
/** * Build the dynamic {@link CriteriaSet} instance to be used for TLS trust evaluation. * * @param request the HTTP client request * @param operationContext the current operation context * @return the new criteria set instance */ @Nonnull protected CriteriaSet buildTLSCriteriaSet(@Nonnull final HttpUriRequest request, @Nonnull final InOutOperationContext operationContext) { CriteriaSet criteriaSet = new CriteriaSet(); if (getTLSCriteriaSetStrategy() != null) { CriteriaSet resolved = getTLSCriteriaSetStrategy().apply(operationContext); if (resolved != null) { criteriaSet.addAll(resolved); } } if (!criteriaSet.contains(UsageType.class)) { criteriaSet.add(new UsageCriterion(UsageType.SIGNING)); } return criteriaSet; }
protected boolean doApply(@Nullable final String requesterId, @Nullable final String responderId, @Nullable final String format, @Nullable final String nameQualifier, @Nullable final String spNameQualifier) { ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this); metadataResolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(spNameQualifier))); if (affiliation != null) { final AffiliationDescriptor descriptor = affiliation.getAffiliationDescriptor();
/** * Verify that the required {@link EndpointCriterion} is present. * * @param criteria input criteria set * * @throws ResolverException if the input set is null or no {@link EndpointCriterion} is present */ private void validateCriteria(@Nullable final CriteriaSet criteria) throws ResolverException { if (criteria == null) { throw new ResolverException("CriteriaSet cannot be null"); } final EndpointCriterion epCriterion = criteria.get(EndpointCriterion.class); if (epCriterion == null) { throw new ResolverException("EndpointCriterion not supplied"); } }
/** * Resolve the RoleDescriptor from the criteria. * * @param criteria the input criteria * @return the input role descriptor criterion or null if could not be resolved */ private RoleDescriptor resolveRoleDescriptor(@Nonnull final CriteriaSet criteria) { if (criteria.contains(RoleDescriptorCriterion.class)) { return criteria.get(RoleDescriptorCriterion.class).getRole(); } return null; }
/** * Resolve the subject confirmation credentials. * * @param requestContext the current request context * @return the subject confirmation credentials, or null if not resolveable or there is an error */ private List<Credential> resolveConfirmationCredentials(@Nonnull final ProfileRequestContext requestContext) { final CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add(new RoleDescriptorCriterion(roleDescriptor)); criteriaSet.add(new UsageCriterion(UsageType.SIGNING)); // Add an entityID criterion just in case don't have a MetadataCredentialResolver, // and want to resolve via entityID + usage only, e.g. from a CollectionCredentialResolver // or other more general resolver type. criteriaSet.add(new EntityIdCriterion(relyingPartyId)); final ArrayList<Credential> creds = new ArrayList<>(); try { for (final Credential cred : credentialResolver.resolve(criteriaSet)) { if (cred != null) { creds.add(cred); } } return creds; } catch (final ResolverException e) { log.warn("Error resolving subject confirmation credentials for relying party: {}", relyingPartyId, e); return null; } }
@Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final CriteriaSet criteria = new CriteriaSet(new BindingCriterion(bindings), buildEndpointCriterion(bindings.get(0))); if (mdContext != null && mdContext.getRoleDescriptor() != null) { criteria.add(new RoleDescriptorCriterion(mdContext.getRoleDescriptor())); } else { log.debug("{} No metadata available for endpoint resolution", getLogPrefix()); getLogPrefix(), relyingPartyId, criteria.get(EndpointCriterion.class)); ActionSupport.buildEvent(profileRequestContext, SAMLEventIds.ENDPOINT_RESOLUTION_FAILED); return;
@Override public final Credential getCredential() { try { final CriteriaSet cs = new CriteriaSet(); final EntityIdCriterion criteria = new EntityIdCriterion(this.privateKey); cs.add(criteria); final X509Credential creds = (X509Credential) this.credentialResolver.resolveSingle(cs); return creds; } catch (final ResolverException e) { throw new SAMLException("Can't obtain SP private key", e); } }
/** * Adapt saml metadata and parse. Acts as a facade. * * @param resolver the resolver * @param registeredService the service * @param entityID the entity id * @return the saml metadata adaptor */ public static Optional<SamlRegisteredServiceServiceProviderMetadataFacade> get(final SamlRegisteredServiceCachingMetadataResolver resolver, final SamlRegisteredService registeredService, final String entityID) { return get(resolver, registeredService, entityID, new CriteriaSet()); }
val set = new CriteriaSet(); set.add(new EntityIdCriterion(service.getServiceId())); set.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME)); val entitySp = chainingMetadataResolver.resolveSingle(set); if (entitySp != null && entitySp.getCacheDuration() != null) { set.clear(); set.add(new EntityIdCriterion(service.getServiceId())); val entity = chainingMetadataResolver.resolveSingle(set); if (entity != null && entity.getCacheDuration() != null) {
/** * Build entity criteria for signing credential. * * @param profileRequest the profile request * @param criteriaSet the criteria set */ protected void buildEntityCriteriaForSigningCredential(final RequestAbstractType profileRequest, final CriteriaSet criteriaSet) { criteriaSet.add(new EntityIdCriterion(SamlIdPUtils.getIssuerFromSamlObject(profileRequest))); criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME)); }
/** {@inheritDoc} */ public String apply(CriteriaSet input) { if (input == null) { return null; } EntityIdCriterion entityIDCrit = input.get(EntityIdCriterion.class); if (entityIDCrit == null) { return null; } return entityIDCrit.getEntityId(); }
/** {@inheritDoc} */ @Nullable @NonnullElements @Unmodifiable @NotLive public Set<MetadataIndexKey> generateKeys(@Nonnull final CriteriaSet criteriaSet) { Constraint.isNotNull(criteriaSet, "CriteriaSet was null"); EntityRoleCriterion roleCrit = criteriaSet.get(EntityRoleCriterion.class); EndpointCriterion<Endpoint> endpointCrit = criteriaSet.get(EndpointCriterion.class); if (roleCrit != null && endpointCrit != null) { HashSet<MetadataIndexKey> result = new HashSet<>(); result.addAll(processCriteria(criteriaSet, roleCrit.getRole(), endpointCrit.getEndpoint())); return result; } else { return null; } }