/** * Resolve the subject confirmation credentials. * * @param requestContext the current request context * @return the subject confirmation credentials, or null if not resolveable or there is an error */ private List<Credential> resolveConfirmationCredentials(@Nonnull final ProfileRequestContext requestContext) { final CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add(new RoleDescriptorCriterion(roleDescriptor)); criteriaSet.add(new UsageCriterion(UsageType.SIGNING)); // Add an entityID criterion just in case don't have a MetadataCredentialResolver, // and want to resolve via entityID + usage only, e.g. from a CollectionCredentialResolver // or other more general resolver type. criteriaSet.add(new EntityIdCriterion(relyingPartyId)); final ArrayList<Credential> creds = new ArrayList<>(); try { for (final Credential cred : credentialResolver.resolve(criteriaSet)) { if (cred != null) { creds.add(cred); } } return creds; } catch (final ResolverException e) { log.warn("Error resolving subject confirmation credentials for relying party: {}", relyingPartyId, e); return null; } }
/** * Resolve the RoleDescriptor from the criteria. * * @param criteria the input criteria * @return the input role descriptor criterion or null if could not be resolved */ private RoleDescriptor resolveRoleDescriptor(@Nonnull final CriteriaSet criteria) { if (criteria.contains(RoleDescriptorCriterion.class)) { return criteria.get(RoleDescriptorCriterion.class).getRole(); } return null; }
/** * Build signature signing parameters signature signing parameters. * * @param descriptor the descriptor * @param service the service * @return the signature signing parameters */ @SneakyThrows protected SignatureSigningParameters buildSignatureSigningParameters(final RoleDescriptor descriptor, final SamlRegisteredService service) { val criteria = new CriteriaSet(); val signatureSigningConfiguration = getSignatureSigningConfiguration(descriptor, service); criteria.add(new SignatureSigningConfigurationCriterion(signatureSigningConfiguration)); criteria.add(new RoleDescriptorCriterion(descriptor)); val resolver = new SAMLMetadataSignatureSigningParametersResolver(); LOGGER.trace("Resolving signature signing parameters for [{}]", descriptor.getElementQName().getLocalPart()); @NonNull val params = resolver.resolveSingle(criteria); LOGGER.trace("Created signature signing parameters." + "\nSignature algorithm: [{}]" + "\nSignature canonicalization algorithm: [{}]" + "\nSignature reference digest methods: [{}]", params.getSignatureAlgorithm(), params.getSignatureCanonicalizationAlgorithm(), params.getSignatureReferenceDigestMethod()); return params; }
final List<XMLObject> digestMethods = getExtensions(criteria.get(RoleDescriptorCriterion.class).getRole(), DigestMethod.DEFAULT_ELEMENT_NAME);
if (metadataCtx != null && metadataCtx.getRoleDescriptor() != null) { log.debug("{} Adding metadata to resolution criteria for signing/digest algorithms", getLogPrefix()); criteria.add(new RoleDescriptorCriterion(metadataCtx.getRoleDescriptor()));
final List<Endpoint> endpoints = role.getRole().getEndpoints(endpointType); if (endpoints.isEmpty()) { log.debug("{} No endpoints in metadata of type {}", getLogPrefix(), endpointType);
buildEndpointCriterion(bindings.get(0))); if (mdContext != null && mdContext.getRoleDescriptor() != null) { criteria.add(new RoleDescriptorCriterion(mdContext.getRoleDescriptor())); } else { log.debug("{} No metadata available for endpoint resolution", getLogPrefix());
final List<XMLObject> signingMethods = getExtensions(criteria.get(RoleDescriptorCriterion.class).getRole(), SigningMethod.DEFAULT_ELEMENT_NAME);
if (metadataCtx != null && metadataCtx.getRoleDescriptor() != null) { log.debug("{} Adding role metadata to resolution criteria", getLogPrefix()); criteria.add(new RoleDescriptorCriterion(metadataCtx.getRoleDescriptor()));
final RoleDescriptor roleDescriptor = criteriaSet.get(RoleDescriptorCriterion.class).getRole(); return resolveFromRoleDescriptor(criteriaSet, roleDescriptor, usage); } else if (criteriaSet.contains(EntityIdCriterion.class) && criteriaSet.contains(EntityRoleCriterion.class)) {
@Override public SignatureSigningParameters build(final SSODescriptor descriptor) { try { final CriteriaSet criteria = new CriteriaSet(); criteria.add(new SignatureSigningConfigurationCriterion( getSignatureSigningConfiguration())); criteria.add(new RoleDescriptorCriterion(descriptor)); final SAMLMetadataSignatureSigningParametersResolver resolver = new SAMLMetadataSignatureSigningParametersResolver(); final SignatureSigningParameters params = resolver.resolveSingle(criteria); augmentSignatureSigningParameters(params); if (params == null) { throw new SAMLException("Could not determine the signature parameters"); } logger.info("Created signature signing parameters." + "\nSignature algorithm: {}" + "\nSignature canonicalization algorithm: {}" + "\nSignature reference digest methods: {}", params.getSignatureAlgorithm(), params.getSignatureCanonicalizationAlgorithm(), params.getSignatureReferenceDigestMethod()); return params; } catch (final Exception e) { throw new SAMLException(e); } }
RoleDescriptorCriterion roleDescriptorCriterion = new RoleDescriptorCriterion(peerRoleDescriptor);