Package net.shibboleth.idp.plugin.oidc.op.profile.impl

Class PopulateOIDCEncryptionParameters

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.plugin.oidc.op.profile.impl.PopulateOIDCEncryptionParameters

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class PopulateOIDCEncryptionParameters
extends net.shibboleth.idp.profile.AbstractProfileAction

Action that resolves and populates EncryptionParameters on an EncryptionContext created/accessed via a lookup function, by default on a RelyingPartyContext child of the profile request context. The parameters are used either to encrypt id token / userinfo response or to decrypt request object. For the first case the parameters are set with EncryptionContext.setAssertionEncryptionParameters(org.opensaml.xmlsec.EncryptionParameters), for request object decryption the parameters are set with EncryptionContext.setAttributeEncryptionParameters(org.opensaml.xmlsec.EncryptionParameters). Yes, we are stealing and bit misusing existing Shib context for our own almost similar purposes.

The OpenSAML default, per-RelyingParty, and default per-profile EncryptionConfiguration objects are input to the resolution process, along with the relying party's oidc client registration data, which in most cases will be the source of the eventual encryption key.

Field Summary

Fields

Modifier and Type	Field	Description
private Function<ProfileRequestContext,List<EncryptionConfiguration>>	configurationLookupStrategy	Strategy used to look up a per-request EncryptionConfiguration list.
private EncryptionParametersResolver	encParamsresolver	Resolver for parameters to store into context.
private List<EncryptionConfiguration>	encryptionConfigurations	Active configurations to feed into resolver.
private EncryptionContext	encryptionContext	Context to populate.
private Function<ProfileRequestContext,EncryptionContext>	encryptionContextLookupStrategy	Strategy used to look up the EncryptionContext to store parameters in.
private boolean	encryptionOptional	Whether encryption is optional.
private Predicate<ProfileRequestContext>	encryptionOptionalPredicate	Predicate to determine how to proceed if no encryption parameters are resolved.
private boolean	forDecryption	Whether we resolve encryption or decryption parameters.
private org.slf4j.Logger	log	Class logger.
private Function<ProfileRequestContext,net.shibboleth.oidc.metadata.context.OIDCMetadataContext>	oidcMetadataContextLookupStrategy	Strategy used to look up a OIDC metadata context.

Constructor Summary

Constructors

Constructor	Description
PopulateOIDCEncryptionParameters()	Constructor.

Method Summary

Modifier and Type	Method	Description
private CriteriaSet	buildCriteriaSet(ProfileRequestContext profileRequestContext)	Build the criteria used as input to the EncryptionParametersResolver.
protected void	doExecute(ProfileRequestContext profileRequestContext)
protected void	doInitialize()
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext)
void	setConfigurationLookupStrategy(Function<ProfileRequestContext,List<EncryptionConfiguration>> strategy)	Set the strategy used to look up a per-request EncryptionConfiguration list.
void	setEncryptionContextLookupStrategy(Function<ProfileRequestContext,EncryptionContext> strategy)	Set the strategy used to look up the EncryptionContext to set the flags for.
void	setEncryptionOptionalPredicate(Predicate<ProfileRequestContext> condition)	Sets the condition to apply to determine how to proceed if encryption parameter resolution fails.
void	setEncryptionParametersResolver(EncryptionParametersResolver newResolver)	Set the encParamsresolver to use for the parameters to store into the context.
void	setForDecryption(boolean flag)	Whether we resolve encryption or decryption parameters.
void	setOidcMetadataContextLookupStrategy(Function<ProfileRequestContext,net.shibboleth.oidc.metadata.context.OIDCMetadataContext> strategy)	Set the strategy used to look up the OIDCMetadataContext to locate client registered encryption parameters.

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

forDecryption

private boolean forDecryption

Whether we resolve encryption or decryption parameters.

encryptionOptionalPredicate

@Nonnull
private Predicate<ProfileRequestContext> encryptionOptionalPredicate

Predicate to determine how to proceed if no encryption parameters are resolved.

encryptionContextLookupStrategy

@Nonnull
private Function<ProfileRequestContext,EncryptionContext> encryptionContextLookupStrategy

Strategy used to look up the EncryptionContext to store parameters in.

configurationLookupStrategy

@NonnullAfterInit
private Function<ProfileRequestContext,List<EncryptionConfiguration>> configurationLookupStrategy

Strategy used to look up a per-request EncryptionConfiguration list.

encParamsresolver

@NonnullAfterInit
private EncryptionParametersResolver encParamsresolver

Resolver for parameters to store into context.

encryptionConfigurations

@Nullable
@NonnullElements
private List<EncryptionConfiguration> encryptionConfigurations

Active configurations to feed into resolver.

oidcMetadataContextLookupStrategy

@Nullable
private Function<ProfileRequestContext,net.shibboleth.oidc.metadata.context.OIDCMetadataContext> oidcMetadataContextLookupStrategy

Strategy used to look up a OIDC metadata context.

encryptionOptional

private boolean encryptionOptional

Whether encryption is optional.

encryptionContext

private EncryptionContext encryptionContext

Context to populate.

Constructor Detail

PopulateOIDCEncryptionParameters

public PopulateOIDCEncryptionParameters()

Constructor.

Method Detail

setForDecryption

public void setForDecryption(boolean flag)

Whether we resolve encryption or decryption parameters.

Parameters:

flag - true if we should resolve decryption parameters.

setEncryptionOptionalPredicate

public void setEncryptionOptionalPredicate(@Nonnull
                                           Predicate<ProfileRequestContext> condition)

Sets the condition to apply to determine how to proceed if encryption parameter resolution fails.

Parameters:

condition - condition to set

Since:

3.1.0

setEncryptionContextLookupStrategy

public void setEncryptionContextLookupStrategy(@Nonnull
                                               Function<ProfileRequestContext,EncryptionContext> strategy)

Set the strategy used to look up the EncryptionContext to set the flags for.

Parameters:

strategy - lookup strategy

setOidcMetadataContextLookupStrategy

public void setOidcMetadataContextLookupStrategy(@Nonnull
                                                 Function<ProfileRequestContext,net.shibboleth.oidc.metadata.context.OIDCMetadataContext> strategy)

Set the strategy used to look up the OIDCMetadataContext to locate client registered encryption parameters.

Parameters:

strategy - lookup strategy

setConfigurationLookupStrategy

public void setConfigurationLookupStrategy(@Nonnull
                                           Function<ProfileRequestContext,List<EncryptionConfiguration>> strategy)

Set the strategy used to look up a per-request EncryptionConfiguration list.

Parameters:

strategy - lookup strategy

setEncryptionParametersResolver

public void setEncryptionParametersResolver(@Nonnull
                                            EncryptionParametersResolver newResolver)

Set the encParamsresolver to use for the parameters to store into the context.

Parameters:

newResolver - encParamsresolver to use

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class AbstractInitializableComponent

Throws:

ComponentInitializationException

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext)

Overrides:

doPreExecute in class AbstractConditionalProfileAction

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext)

Overrides:

doExecute in class AbstractProfileAction

buildCriteriaSet

@Nonnull
private CriteriaSet buildCriteriaSet(@Nonnull
                                     ProfileRequestContext profileRequestContext)

Build the criteria used as input to the EncryptionParametersResolver.

Parameters:

profileRequestContext - current profile request context

Returns:

the criteria set to use