PopulateEncryptionParameters (Shibboleth IdP :: SAML Profile Implementation 3.4.0 API)

java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - org.opensaml.profile.action.AbstractProfileAction<InboundMessageType,OutboundMessageType>
  - - org.opensaml.profile.action.AbstractConditionalProfileAction<InboundMessageType,OutboundMessageType>
    - - net.shibboleth.idp.profile.AbstractProfileAction
      - net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, org.springframework.beans.factory.Aware, org.springframework.context.MessageSource, org.springframework.context.MessageSourceAware, org.springframework.webflow.execution.Action
```
public class PopulateEncryptionParameters
extends AbstractProfileAction
```
Action that resolves and populates EncryptionParameters on an EncryptionContext created/accessed via a lookup function, by default on a RelyingPartyContext child of the profile request context.
The resolution process is contingent on the active profile configuration requesting encryption of some kind, and an EncryptionContext is also created to capture these requirements.

The OpenSAML default, per-RelyingParty, and default per-profile EncryptionConfiguration objects are input to the resolution process, along with the relying party's SAML metadata, which in most cases will be the source of the eventual encryption key.

Event:

EventIds.PROCEED_EVENT_ID, EventIds.INVALID_PROFILE_CTX, EventIds.INVALID_SEC_CFG, IdPEventIds.INVALID_RELYING_PARTY_CTX, IdPEventIds.INVALID_PROFILE_CONFIG

Field Summary

Fields
Modifier and Type	Field and Description
`private com.google.common.base.Function<ProfileRequestContext,List<EncryptionConfiguration>>`	`configurationLookupStrategy` Strategy used to look up a per-request `EncryptionConfiguration` list.
`private EncryptionParametersResolver`	`encParamsresolver` Resolver for parameters to store into context.
`private boolean`	`encryptAssertions` Flag tracking whether assertion encryption is required.
`private boolean`	`encryptAttributes` Flag tracking whether assertion encryption is required.
`private boolean`	`encryptIdentifiers` Flag tracking whether assertion encryption is required.
`private List<EncryptionConfiguration>`	`encryptionConfigurations` Active configurations to feed into resolver.
`private com.google.common.base.Function<ProfileRequestContext,EncryptionContext>`	`encryptionContextLookupStrategy` Strategy used to look up the `EncryptionContext` to store parameters in.
`private boolean`	`encryptionOptional` Is encryption optional in the case no parameters can be resolved?
`private org.slf4j.Logger`	`log` Class logger.
`private com.google.common.base.Function<ProfileRequestContext,SAMLPeerEntityContext>`	`peerContextLookupStrategy` Strategy used to look up a SAML peer context.
`private QName`	`peerRole` Metadata role type to provide to resolver.
`private com.google.common.base.Function<ProfileRequestContext,RelyingPartyContext>`	`relyingPartyContextLookupStrategy` Strategy used to look up a `RelyingPartyContext` for configuration options.
`private String`	`samlProtocol` Metadata protocolSupportEnumeration value to provide to resolver.

Constructor Summary

Constructors
Constructor and Description

PopulateEncryptionParameters()
Constructor.

Constructors
Constructor and Description
`PopulateEncryptionParameters()` Constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`private CriteriaSet`	`buildCriteriaSet(ProfileRequestContext profileRequestContext)` Build the criteria used as input to the `EncryptionParametersResolver`.
`protected void`	`doExecute(ProfileRequestContext profileRequestContext)`
`protected void`	`doInitialize()`
`protected boolean`	`doPreExecute(ProfileRequestContext profileRequestContext)`
`void`	`setConfigurationLookupStrategy(com.google.common.base.Function<ProfileRequestContext,List<EncryptionConfiguration>> strategy)` Set the strategy used to look up a per-request `EncryptionConfiguration` list.
`void`	`setEncryptionContextLookupStrategy(com.google.common.base.Function<ProfileRequestContext,EncryptionContext> strategy)` Set the strategy used to look up the `EncryptionContext` to set the flags for.
`void`	`setEncryptionParametersResolver(EncryptionParametersResolver newResolver)` Set the encParamsresolver to use for the parameters to store into the context.
`void`	`setPeerContextLookupStrategy(com.google.common.base.Function<ProfileRequestContext,SAMLPeerEntityContext> strategy)` Set lookup strategy for `SAMLPeerEntityContext` for input to resolution.
`void`	`setProtocol(String protocol)` Set the protocol constant to use during resolution.
`void`	`setRelyingPartyContextLookupStrategy(com.google.common.base.Function<ProfileRequestContext,RelyingPartyContext> strategy)` Set the strategy used to return the `RelyingPartyContext` for configuration options.
`void`	`setRole(QName role)` Set the operational role to use during resolution.

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

Field Detail
- log
```
@Nonnull
private final org.slf4j.Logger log
```
  Class logger.
- relyingPartyContextLookupStrategy
```
@Nonnull
private com.google.common.base.Function<ProfileRequestContext,RelyingPartyContext> relyingPartyContextLookupStrategy
```
  Strategy used to look up a RelyingPartyContext for configuration options.
- encryptionContextLookupStrategy
```
@Nonnull
private com.google.common.base.Function<ProfileRequestContext,EncryptionContext> encryptionContextLookupStrategy
```
  Strategy used to look up the EncryptionContext to store parameters in.
- peerContextLookupStrategy
```
@Nullable
private com.google.common.base.Function<ProfileRequestContext,SAMLPeerEntityContext> peerContextLookupStrategy
```
  Strategy used to look up a SAML peer context.
- samlProtocol
```
@Nullable
private String samlProtocol
```
  Metadata protocolSupportEnumeration value to provide to resolver.
- peerRole
```
@Nullable
private QName peerRole
```
  Metadata role type to provide to resolver.
- configurationLookupStrategy
```
@NonnullAfterInit
private com.google.common.base.Function<ProfileRequestContext,List<EncryptionConfiguration>> configurationLookupStrategy
```
  Strategy used to look up a per-request EncryptionConfiguration list.
- encParamsresolver
```
@NonnullAfterInit
private EncryptionParametersResolver encParamsresolver
```
  Resolver for parameters to store into context.
- encryptionConfigurations
```
@Nullable
@NonnullElements
private List<EncryptionConfiguration> encryptionConfigurations
```
  Active configurations to feed into resolver.
- encryptionOptional
```
private boolean encryptionOptional
```
  Is encryption optional in the case no parameters can be resolved?
- encryptAssertions
```
private boolean encryptAssertions
```
  Flag tracking whether assertion encryption is required.
- encryptIdentifiers
```
private boolean encryptIdentifiers
```
  Flag tracking whether assertion encryption is required.
- encryptAttributes
```
private boolean encryptAttributes
```
  Flag tracking whether assertion encryption is required.

Constructor Detail
- PopulateEncryptionParameters
```
public PopulateEncryptionParameters()
```
  Constructor.

Method Detail

setRelyingPartyContextLookupStrategy

public void setRelyingPartyContextLookupStrategy(@Nonnull
                                        com.google.common.base.Function<ProfileRequestContext,RelyingPartyContext> strategy)

Set the strategy used to return the RelyingPartyContext for configuration options.

Parameters:: strategy - lookup strategy

setEncryptionContextLookupStrategy

public void setEncryptionContextLookupStrategy(@Nonnull
                                      com.google.common.base.Function<ProfileRequestContext,EncryptionContext> strategy)

Set the strategy used to look up the EncryptionContext to set the flags for.

Parameters:: strategy - lookup strategy

setProtocol
```
public void setProtocol(@Nullable
               String protocol)
```
Set the protocol constant to use during resolution.

Parameters:
protocol - the protocol constant to set

setRole
```
public void setRole(@Nullable
           QName role)
```
Set the operational role to use during resolution.

Parameters:
role - the operational role to set

setConfigurationLookupStrategy

public void setConfigurationLookupStrategy(@Nonnull
                                  com.google.common.base.Function<ProfileRequestContext,List<EncryptionConfiguration>> strategy)

Set the strategy used to look up a per-request EncryptionConfiguration list.

Parameters:: strategy - lookup strategy

setPeerContextLookupStrategy

public void setPeerContextLookupStrategy(@Nullable
                                com.google.common.base.Function<ProfileRequestContext,SAMLPeerEntityContext> strategy)

Set lookup strategy for SAMLPeerEntityContext for input to resolution.

Parameters:: strategy - lookup strategy

setEncryptionParametersResolver

public void setEncryptionParametersResolver(@Nonnull
                                   EncryptionParametersResolver newResolver)

Set the encParamsresolver to use for the parameters to store into the context.

Parameters:: newResolver - encParamsresolver to use

doInitialize
```
protected void doInitialize()
                     throws ComponentInitializationException
```
Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
                   ProfileRequestContext profileRequestContext)

Overrides:: doPreExecute in class AbstractConditionalProfileAction

doExecute

protected void doExecute(@Nonnull
             ProfileRequestContext profileRequestContext)

Overrides:: doExecute in class AbstractProfileAction

buildCriteriaSet

@Nonnull
private CriteriaSet buildCriteriaSet(@Nonnull
                                   ProfileRequestContext profileRequestContext)

Build the criteria used as input to the EncryptionParametersResolver.

Parameters:: profileRequestContext - current profile request context
Returns:: the criteria set to use

Class PopulateEncryptionParameters

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

Field Detail

log

relyingPartyContextLookupStrategy

encryptionContextLookupStrategy

peerContextLookupStrategy

samlProtocol

peerRole

configurationLookupStrategy

encParamsresolver

encryptionConfigurations

encryptionOptional

encryptAssertions

encryptIdentifiers

encryptAttributes

Constructor Detail

PopulateEncryptionParameters