Package net.shibboleth.idp.plugin.oidc.op.profile.impl

Class AbstractSignJWTAction

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCResponseAction

net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCSigningResponseAction

net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractSignJWTAction

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

Direct Known Subclasses:

SignAccessToken, SignIDToken, SignUserInfoResponse

public abstract class AbstractSignJWTAction
extends AbstractOIDCSigningResponseAction

Abstract action for signing JWT. The extending class is expected to set claims set by implementing getClaimsSetToSign(). The signed jwt is received by extending class by implementing method setSignedJWT(com.nimbusds.jwt.SignedJWT).

Field Summary

Fields

Modifier and Type	Field	Description
private Credential	credential	resolved credential.
private org.slf4j.Logger	log	Class logger.
private String	typeHeader	"typ" header to insert while signing.

Constructor Summary

Constructors

Constructor	Description
AbstractSignJWTAction()

Method Summary

Modifier and Type	Method	Description
protected void	doExecute(ProfileRequestContext profileRequestContext)
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext)
protected abstract com.nimbusds.jwt.JWTClaimsSet	getClaimsSetToSign()	Called to get claim set to sign.
private com.nimbusds.jose.JWSSigner	getSigner(com.nimbusds.jose.Algorithm jwsAlgorithm)	Returns correct implementation of signer based on algorithm type.
protected com.nimbusds.jose.JWSAlgorithm	resolveAlgorithm()	Resolves JWS algorithm from signature signing parameters.
protected abstract void	setSignedJWT(com.nimbusds.jwt.SignedJWT jwt)	Called with signed JWT as parameter.
void	setTypeHeader(String type)	Sets the value to be inserted as a "typ" header for the JWS.

Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCSigningResponseAction

getSignatureSigningParameters, setSecurityParametersLookupStrategy

Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCResponseAction

getMetadataContext, getOidcResponseContext

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private org.slf4j.Logger log

Class logger.

typeHeader

@Nullable
@NotEmpty
private String typeHeader

"typ" header to insert while signing.

credential

@Nullable
private Credential credential

resolved credential.

Constructor Detail

AbstractSignJWTAction

public AbstractSignJWTAction()

Method Detail

setTypeHeader

public void setTypeHeader(@Nullable @NotEmpty
                          String type)

Sets the value to be inserted as a "typ" header for the JWS.

Parameters:

type - header value

Since:

3.1.0

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext)

Overrides:

doPreExecute in class AbstractOIDCSigningResponseAction

getSigner

private com.nimbusds.jose.JWSSigner getSigner(com.nimbusds.jose.Algorithm jwsAlgorithm)
                                       throws com.nimbusds.jose.JOSEException

Returns correct implementation of signer based on algorithm type.

Parameters:

jwsAlgorithm - JWS algorithm

Returns:

signer for algorithm and private key

Throws:

com.nimbusds.jose.JOSEException - if algorithm cannot be supported

resolveAlgorithm

protected com.nimbusds.jose.JWSAlgorithm resolveAlgorithm()

Resolves JWS algorithm from signature signing parameters.

Returns:

JWS algorithm

setSignedJWT

protected abstract void setSignedJWT(@Nullable
                                     com.nimbusds.jwt.SignedJWT jwt)

Called with signed JWT as parameter.

Parameters:

jwt - signed JWT.

getClaimsSetToSign

@Nonnull
protected abstract com.nimbusds.jwt.JWTClaimsSet getClaimsSetToSign()

Called to get claim set to sign.

Returns:

claim set to sign

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext)

Overrides:

doExecute in class AbstractProfileAction