BasicSignatureSigningParametersResolver (Red Hat JBoss Enterprise Application Platform 7.0.0.GA public API)

java.lang.Object
- org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver<SignatureSigningParameters>
- - org.opensaml.xmlsec.impl.BasicSignatureSigningParametersResolver

All Implemented Interfaces:

Resolver<SignatureSigningParameters,CriteriaSet>, SignatureSigningParametersResolver

Direct Known Subclasses:

SAMLMetadataSignatureSigningParametersResolver
```
public class BasicSignatureSigningParametersResolver
extends AbstractSecurityParametersResolver<SignatureSigningParameters>
implements SignatureSigningParametersResolver
```
Basic implementation of SignatureSigningParametersResolver.
The following Criterion inputs are supported:
- SignatureSigningConfigurationCriterion - required
- KeyInfoGenerationProfileCriterion - optional

Constructor Summary

Constructors
Constructor and Description

BasicSignatureSigningParametersResolver()
Constructor.

Constructors
Constructor and Description
`BasicSignatureSigningParametersResolver()` Constructor.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected boolean`	`credentialSupportsAlgorithm(Credential credential, String algorithm)` Evaluate whether the specified credential is supported for use with the specified algorithm URI.
`AlgorithmRegistry`	`getAlgorithmRegistry()` Get the `AlgorithmRegistry` instance used when resolving algorithm URIs.
`protected com.google.common.base.Predicate<String>`	`getAlgorithmRuntimeSupportedPredicate()` Get a predicate which evaluates whether a cryptographic algorithm is supported by the runtime environment.
`protected List<String>`	`getEffectiveSignatureAlgorithms(CriteriaSet criteria, com.google.common.base.Predicate<String> whitelistBlacklistPredicate)` Get the effective list of signature algorithm URIs to consider, including application of whitelist/blacklist policy.
`protected List<Credential>`	`getEffectiveSigningCredentials(CriteriaSet criteria)` Get the effective list of signing credentials to consider.
`protected com.google.common.base.Predicate<String>`	`getWhitelistBlacklistPredicate(CriteriaSet criteria)` Get a predicate which implements the effective configured whitelist/blacklist policy.
`protected void`	`logResult(SignatureSigningParameters params)` Log the resolved parameters.
`Iterable<SignatureSigningParameters>`	`resolve(CriteriaSet criteria)` Process the specified criteria and return the resulting instances of the product type which satisfy the criteria.
`protected void`	`resolveAndPopulateCredentialAndSignatureAlgorithm(SignatureSigningParameters params, CriteriaSet criteria, com.google.common.base.Predicate<String> whitelistBlacklistPredicate)` Resolve and populate the signing credential and signature method algorithm URI on the supplied parameters instance.
`protected String`	`resolveCanonicalizationAlgorithm(CriteriaSet criteria)` Resolve and return the canonicalization algorithm URI to use.
`protected Integer`	`resolveHMACOutputLength(CriteriaSet criteria, Credential signingCredential, String algorithmURI)` Resolve and return the effective HMAC output length to use, if applicable to the specified signing credential and signature method algorithm URI.
`protected KeyInfoGenerator`	`resolveKeyInfoGenerator(CriteriaSet criteria, Credential signingCredential)` Resolve and return the `KeyInfoGenerator` instance to use with the specified credential.
`protected String`	`resolveReferenceDigestMethod(CriteriaSet criteria, com.google.common.base.Predicate<String> whitelistBlacklistPredicate)` Resolve and return the digest method algorithm URI to use, including application of whitelist/blacklist policy.
`SignatureSigningParameters`	`resolveSingle(CriteriaSet criteria)` Process the specified criteria and return a single instance of the product type which satisfies the criteria.
`void`	`setAlgorithmRegistry(AlgorithmRegistry registry)` Set the `AlgorithmRegistry` instance used when resolving algorithm URIs.
`protected boolean`	`validate(SignatureSigningParameters params)` Validate that the `SignatureSigningParameters` instance has all the required properties populated.

Methods inherited from class org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver
lookupKeyInfoGenerator, resolveAndPopulateWhiteAndBlacklists, resolveEffectiveBlacklist, resolveEffectiveWhitelist, resolveWhitelistBlacklistPrecedence, resolveWhitelistBlacklistPredicate

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- BasicSignatureSigningParametersResolver
```
public BasicSignatureSigningParametersResolver()
```
  Constructor.

Method Detail

getAlgorithmRegistry
```
public AlgorithmRegistry getAlgorithmRegistry()
```
Get the AlgorithmRegistry instance used when resolving algorithm URIs. Defaults to the registry obtained via AlgorithmSupport.getGlobalAlgorithmRegistry().

Returns:

the algorithm registry instance

setAlgorithmRegistry
```
public void setAlgorithmRegistry(@Nonnull
                                 AlgorithmRegistry registry)
```
Set the AlgorithmRegistry instance used when resolving algorithm URIs. Defaults to the registry obtained via AlgorithmSupport.getGlobalAlgorithmRegistry().

Parameters:

registry - the new algorithm registry instance

resolve
```
@Nonnull
public Iterable<SignatureSigningParameters> resolve(@Nonnull
                                                             CriteriaSet criteria)
                                                      throws ResolverException
```
Process the specified criteria and return the resulting instances of the product type which satisfy the criteria.

Specified by:

resolve in interface Resolver<SignatureSigningParameters,CriteriaSet>

Parameters:

criteria - the criteria to evaluate or process

Returns:

instances which satisfy the criteria

Throws:

ResolverException - thrown if there is an error processing the specified criteria

resolveSingle
```
@Nullable
public SignatureSigningParameters resolveSingle(@Nonnull
                                                          CriteriaSet criteria)
                                                   throws ResolverException
```
Process the specified criteria and return a single instance of the product type which satisfies the criteria. If multiple items satisfy the criteria, the choice of which single item to return is implementation-dependent.

Specified by:

resolveSingle in interface Resolver<SignatureSigningParameters,CriteriaSet>

Parameters:

criteria - the criteria to evaluate or process

Returns:

a single instance satisfying the criteria, or null

Throws:

ResolverException - thrown if there is an error processing the specified criteria

logResult

protected void logResult(@Nonnull
                         SignatureSigningParameters params)

Log the resolved parameters.

Parameters:: params - the resolved param

validate
```
protected boolean validate(@Nonnull
                           SignatureSigningParameters params)
```
Validate that the SignatureSigningParameters instance has all the required properties populated.

Parameters:

params - the parameters instance to evaluate

Returns:

true if parameters instance passes validation, false otherwise

getWhitelistBlacklistPredicate

@Nonnull
protected com.google.common.base.Predicate<String> getWhitelistBlacklistPredicate(@Nonnull
                                                                                           CriteriaSet criteria)

Get a predicate which implements the effective configured whitelist/blacklist policy.

Parameters:: criteria - the input criteria being evaluated
Returns:: a whitelist/blacklist predicate instance

resolveAndPopulateCredentialAndSignatureAlgorithm

protected void resolveAndPopulateCredentialAndSignatureAlgorithm(@Nonnull
                                                                 SignatureSigningParameters params,
                                                                 @Nonnull
                                                                 CriteriaSet criteria,
                                                                 com.google.common.base.Predicate<String> whitelistBlacklistPredicate)

Resolve and populate the signing credential and signature method algorithm URI on the supplied parameters instance.

Parameters:: params - the parameters instance being populated; criteria - the input criteria being evaluated; whitelistBlacklistPredicate - the whitelist/blacklist predicate with which to evaluate the candidate signing method algorithm URIs

getAlgorithmRuntimeSupportedPredicate
```
@Nonnull
protected com.google.common.base.Predicate<String> getAlgorithmRuntimeSupportedPredicate()
```
Get a predicate which evaluates whether a cryptographic algorithm is supported by the runtime environment.

Returns:

the predicate

credentialSupportsAlgorithm

protected boolean credentialSupportsAlgorithm(@Nonnull
                                              Credential credential,
                                              @Nonnull @NotEmpty
                                              String algorithm)

Evaluate whether the specified credential is supported for use with the specified algorithm URI.

Parameters:: credential - the credential to evaluate; algorithm - the algorithm URI to evaluate
Returns:: true if credential may be used with the supplied algorithm URI, false otherwise

getEffectiveSigningCredentials

@Nonnull
protected List<Credential> getEffectiveSigningCredentials(@Nonnull
                                                                   CriteriaSet criteria)

Get the effective list of signing credentials to consider.

Parameters:: criteria - the input criteria being evaluated
Returns:: the list of credentials

getEffectiveSignatureAlgorithms

@Nonnull
protected List<String> getEffectiveSignatureAlgorithms(@Nonnull
                                                                CriteriaSet criteria,
                                                                @Nonnull
                                                                com.google.common.base.Predicate<String> whitelistBlacklistPredicate)

Get the effective list of signature algorithm URIs to consider, including application of whitelist/blacklist policy.

Parameters:: criteria - the input criteria being evaluated; whitelistBlacklistPredicate - the whitelist/blacklist predicate to use
Returns:: the list of effective algorithm URIs

resolveReferenceDigestMethod

@Nullable
protected String resolveReferenceDigestMethod(@Nonnull
                                                        CriteriaSet criteria,
                                                        @Nonnull
                                                        com.google.common.base.Predicate<String> whitelistBlacklistPredicate)

Resolve and return the digest method algorithm URI to use, including application of whitelist/blacklist policy.

Parameters:: criteria - the input criteria being evaluated; whitelistBlacklistPredicate - the whitelist/blacklist predicate to use
Returns:: the resolved digest method algorithm URI

resolveCanonicalizationAlgorithm

@Nullable
protected String resolveCanonicalizationAlgorithm(@Nonnull
                                                            CriteriaSet criteria)

Resolve and return the canonicalization algorithm URI to use.

Parameters:: criteria - the input criteria being evaluated
Returns:: the canonicalization algorithm URI

resolveKeyInfoGenerator

@Nullable
protected KeyInfoGenerator resolveKeyInfoGenerator(@Nonnull
                                                             CriteriaSet criteria,
                                                             @Nonnull
                                                             Credential signingCredential)

Resolve and return the KeyInfoGenerator instance to use with the specified credential.

Parameters:: criteria - the input criteria being evaluated; signingCredential - the credential being evaluated
Returns:: KeyInfo generator instance, or null

resolveHMACOutputLength

@Nullable
protected Integer resolveHMACOutputLength(@Nonnull
                                                    CriteriaSet criteria,
                                                    @Nonnull
                                                    Credential signingCredential,
                                                    @Nonnull @NotEmpty
                                                    String algorithmURI)

Resolve and return the effective HMAC output length to use, if applicable to the specified signing credential and signature method algorithm URI.

Parameters:: criteria - the input criteria being evaluated; signingCredential - the signing credential being evaluated; algorithmURI - the signature method algorithm URI being evaluated
Returns:: the HMAC output length to use, or null

Class BasicSignatureSigningParametersResolver

Constructor Summary

Method Summary

Methods inherited from class org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver

Methods inherited from class java.lang.Object

Constructor Detail

BasicSignatureSigningParametersResolver

Method Detail

getAlgorithmRegistry

setAlgorithmRegistry

resolve

resolveSingle