/** * Get a string token for logging/debugging purposes that contains role information and containing entityID. * * @param entityID the containing entityID * @param role the role descriptor * * @return the constructed role ID token. */ protected String getRoleIDToken(@Nonnull @NotEmpty final String entityID, @Nonnull final RoleDescriptor role) { final String roleName = role.getElementQName().getLocalPart(); return "[Role: " + entityID + "::" + roleName + "]"; }
/** {@inheritDoc} */ public boolean apply(RoleDescriptor input) { if (input == null) { return false; } QName schemaType = input.getSchemaType(); if (schemaType != null && Objects.equals(role, schemaType)) { return true; } return Objects.equals(role, input.getElementQName()); }
/** * Gets the effective name for the role. This is either the element QName for roles defined within the SAML metadata * specification or the element schema type QName for those that are not. * * @param role role to get the effective name for * * @return effective name of the role * * @throws FilterException thrown if the effective role name can not be determined */ protected QName getRoleName(@Nonnull final RoleDescriptor role) throws FilterException { QName roleName = role.getElementQName(); if (extRoleDescriptor.equals(roleName)) { roleName = role.getSchemaType(); if (roleName == null) { throw new FilterException("Role descriptor element was " + extRoleDescriptor + " but did not contain a schema type. This is illegal."); } } return roleName; }
/** {@inheritDoc} */ public boolean apply(@Nullable final Endpoint endpoint) { if (endpoint == null) { return false; } final RoleDescriptor role = (RoleDescriptor) endpoint.getParent(); if (role == null) { return false; } QName roleType = role.getSchemaType(); if (roleType == null) { roleType = role.getElementQName(); } QName endpointType = endpoint.getSchemaType(); if (endpointType == null) { endpointType = endpoint.getElementQName(); } final Set<QName> indexableEndpoints = endpointTypes.get(roleType); if (indexableEndpoints != null && indexableEndpoints.contains(endpointType)) { return true; } return false; }
/** {@inheritDoc} */ @Nullable @NonnullElements @Unmodifiable @NotLive public Set<MetadataIndexKey> generateKeys(@Nonnull EntityDescriptor descriptor) { Constraint.isNotNull(descriptor, "EntityDescriptor was null"); HashSet<MetadataIndexKey> result = new HashSet<>(); for (RoleDescriptor role : descriptor.getRoleDescriptors()) { QName type = role.getSchemaType(); if (type != null) { result.add(new RoleMetadataIndexKey(type)); } else { result.add(new RoleMetadataIndexKey(role.getElementQName())); } } return result; }
if (!roleChild.isSigned()) { log.trace("RoleDescriptor member '{}' was not signed, skipping signature processing...", roleChild.getElementQName()); continue; } else { log.trace("Processing signed RoleDescriptor member: {}", roleChild.getElementQName()); log.error("RoleDescriptor '{}' subordinate to entity '{}' failed signature verification, " + "removing from metadata provider", roleChild.getElementQName(), entityID);
if (children != null && !children.isEmpty()) { QName role = descriptor.getSchemaType() != null ? roleDescriptor.getSchemaType() : roleDescriptor.getElementQName(); log.trace("Processing SourceID extensions for entityID '{}' with role '{}'", descriptor.getEntityID(), role);
if (arsList != null && !arsList.isEmpty()) { QName role = descriptor.getSchemaType() != null ? roleDescriptor.getSchemaType() : roleDescriptor.getElementQName(); log.trace("Processing ArtifactResolutionService locations for entityID '{}' with role '{}'", descriptor.getEntityID(), role);
/** * Build signature signing parameters signature signing parameters. * * @param descriptor the descriptor * @param service the service * @return the signature signing parameters */ @SneakyThrows protected SignatureSigningParameters buildSignatureSigningParameters(final RoleDescriptor descriptor, final SamlRegisteredService service) { val criteria = new CriteriaSet(); val signatureSigningConfiguration = getSignatureSigningConfiguration(descriptor, service); criteria.add(new SignatureSigningConfigurationCriterion(signatureSigningConfiguration)); criteria.add(new RoleDescriptorCriterion(descriptor)); val resolver = new SAMLMetadataSignatureSigningParametersResolver(); LOGGER.trace("Resolving signature signing parameters for [{}]", descriptor.getElementQName().getLocalPart()); @NonNull val params = resolver.resolveSingle(criteria); LOGGER.trace("Created signature signing parameters." + "\nSignature algorithm: [{}]" + "\nSignature canonicalization algorithm: [{}]" + "\nSignature reference digest methods: [{}]", params.getSignatureAlgorithm(), params.getSignatureCanonicalizationAlgorithm(), params.getSignatureReferenceDigestMethod()); return params; }
QName roleType = role.getSchemaType(); if (roleType == null) { roleType = role.getElementQName();
new CriteriaSet(new EntityIdCriterion(peerEntityId), new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME))); peer.setRole(roleDescriptor.getElementQName()); val protocol = context.getSubcontext(SAMLProtocolContext.class, true); protocol.setProtocol(SAMLConstants.SAML20P_NS);
? roleDescriptor.getSchemaType() : roleDescriptor.getElementQName());