/** * Resolve the EntityDescriptor from the criteria. * * @param criteria the input criteria * @return the input entity descriptor criterion, or null if could not be resolved */ private EntityDescriptor resolveEntityDescriptor(@Nonnull final CriteriaSet criteria) { final RoleDescriptor rd = resolveRoleDescriptor(criteria); if (rd != null && rd.getParent() != null && rd.getParent() instanceof EntityDescriptor) { return (EntityDescriptor)rd.getParent(); } return null; }
/** * Resolves credentials using a supplied instance of {@link RoleDescriptor}. * * @param criteriaSet the criteria set being processed * @param roleDescriptor the role descriptor being processed * @param usage intended usage of resolved credentials * * @return the resolved credentials or null * * @throws ResolverException thrown if the key, certificate, or CRL information is represented in an unsupported * format */ @Nonnull protected Collection<Credential> resolveFromRoleDescriptor(@Nonnull final CriteriaSet criteriaSet, @Nonnull final RoleDescriptor roleDescriptor, @Nonnull final UsageType usage) throws ResolverException { // EntityID here is optional. Not used in resolution, just info stored on the resolved credential(s). String entityID = null; if (roleDescriptor.getParent() instanceof EntityDescriptor) { entityID = ((EntityDescriptor)roleDescriptor.getParent()).getEntityID(); } log.debug("Resolving credentials from supplied RoleDescriptor using usage: {}. Effective entityID was: {}", usage, entityID); final HashSet<Credential> credentials = new HashSet<>(3); processRoleDescriptor(credentials, roleDescriptor, entityID, usage); return credentials; }
/** * Retrieves validation information from the provided role descriptor. * * @param roleDescriptor the role descriptor from which to resolve information. * @param accumulator accumulator of PKIX validation information to return * @throws ResolverException thrown if the key, certificate, or CRL information is represented in an unsupported * format * */ protected void resolvePKIXInfo(final Collection<PKIXValidationInformation> accumulator, final RoleDescriptor roleDescriptor) throws ResolverException { if (roleDescriptor.getParent() instanceof EntityDescriptor) { final EntityDescriptor entityDescriptor = (EntityDescriptor) roleDescriptor.getParent(); resolvePKIXInfo(accumulator, entityDescriptor.getExtensions()); // These would have been cached on the EntityDescriptor by another mechanism, // for example via pre-processing by the MetadataResolver. final LockableClassToInstanceMultiMap<Object> entityDescriptorObjectMetadata = entityDescriptor.getObjectMetadata(); final ReadWriteLock rwlock = entityDescriptorObjectMetadata.getReadWriteLock(); try { rwlock.readLock().lock(); accumulator.addAll(entityDescriptorObjectMetadata.get(PKIXValidationInformation.class)); } finally { rwlock.readLock().unlock(); } } }
metadataCtx.setEntityDescriptor((EntityDescriptor) roleMetadata.getParent()); metadataCtx.setRoleDescriptor(roleMetadata);
metadataCtx.setEntityDescriptor((EntityDescriptor) roleMetadata.getParent()); metadataCtx.setRoleDescriptor(roleMetadata);