java.lang.Object
- org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver<EncryptionParameters>
- - org.opensaml.xmlsec.impl.BasicEncryptionParametersResolver
  - - net.shibboleth.idp.plugin.oidc.op.security.impl.OIDCClientInformationEncryptionParametersResolver

All Implemented Interfaces:

Resolver<EncryptionParameters,CriteriaSet>, EncryptionParametersResolver
```
public class OIDCClientInformationEncryptionParametersResolver
extends BasicEncryptionParametersResolver
```
A specialization of BasicEncryptionParametersResolver which resolves both encryption and decryption credentials and algorithm preferences using client registration data of OIDC client. The credentials and algorithm preferences are resolved for request object decryption, id token encryption and userinfo response encryption.
In addition to the Criterion inputs documented in BasicEncryptionParametersResolver, the inputs and associated modes of operation documented for ClientInformationCriterion are also supported.

Nested Class Summary

Nested Classes
Modifier and Type	Class	Description
`static class`	`OIDCClientInformationEncryptionParametersResolver.ParameterType`	Whether to create parameters for request object decryption, id token encryption or userinfo response encryption.

Field Summary

Fields
Modifier and Type	Field	Description
`private Duration`	`keyFetchInterval`	The remote key refresh interval.
`private org.slf4j.Logger`	`log`	Logger.
`private net.shibboleth.oidc.jwk.RemoteJwkSetCache`	`remoteJwkSetCache`	The cache for remote JWK key sets.
`private OIDCClientInformationEncryptionParametersResolver.ParameterType`	`target`	Whether to create parameters for request object decryption, id token encryption or userinfo response encryption.

Constructor Summary

Constructors
Constructor Description

OIDCClientInformationEncryptionParametersResolver()
Constructor.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`private SecretKey`	`generateSymmetricKey(byte[] clientSecret, com.nimbusds.jose.JWEAlgorithm keyTransportAlgorithm)`	Generate symmetric key from client secret.
`protected void`	`resolveAndPopulateCredentialsAndAlgorithms(EncryptionParameters params, CriteriaSet criteria, Predicate<String> whitelistBlacklistPredicate)`
`EncryptionParameters`	`resolveSingle(CriteriaSet criteria)`
`void`	`setKeyFetchInterval(Duration interval)`	Set the remote key refresh interval.
`void`	`setParameterType(OIDCClientInformationEncryptionParametersResolver.ParameterType value)`	Whether to create parameters for request object decryption, id token encryption or userinfo response encryption.
`void`	`setRemoteJwkSetCache(net.shibboleth.oidc.jwk.RemoteJwkSetCache jwkSetCache)`	Set the cache for remote JWK key sets.

Methods inherited from class org.opensaml.xmlsec.impl.BasicEncryptionParametersResolver
checkAndProcessKeyAgreement, credentialSupportsAlgorithm, generateDataEncryptionCredential, getAlgorithmRegistry, getAlgorithmRuntimeSupportedPredicate, getEffectiveDataEncryptionAlgorithms, getEffectiveDataEncryptionCredentials, getEffectiveKeyAgreementConfiguration, getEffectiveKeyTransportAlgorithms, getEffectiveKeyTransportCredentials, getIncludeExcludePredicate, getWhitelistBlacklistPredicate, isAutoGenerateDataEncryptionCredential, isDataEncryptionAlgorithm, isKeyTransportAlgorithm, logResult, populateRSAOAEPParams, processDataEncryptionCredentialAutoGeneration, resolve, resolveAndPopulateRSAOAEPParams, resolveDataEncryptionAlgorithm, resolveDataEncryptionAlgorithm, resolveDataKeyInfoGenerator, resolveKeyTransportAlgorithm, resolveKeyTransportAlgorithm, resolveKeyTransportAlgorithmPredicate, resolveKeyTransportKeyInfoGenerator, setAlgorithmRegistry, setAutoGenerateDataEncryptionCredential, validate

Methods inherited from class org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver
lookupKeyInfoGenerator, resolveAndPopulateIncludesExcludes, resolveEffectiveExcludes, resolveEffectiveIncludes, resolveIncludeExcludePrecedence, resolveIncludeExcludePredicate

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail
- log
```
private org.slf4j.Logger log
```
  Logger.
- target
```
private OIDCClientInformationEncryptionParametersResolver.ParameterType target
```
  Whether to create parameters for request object decryption, id token encryption or userinfo response encryption.
- remoteJwkSetCache
```
private net.shibboleth.oidc.jwk.RemoteJwkSetCache remoteJwkSetCache
```
  The cache for remote JWK key sets.
- keyFetchInterval
```
@Positive
private Duration keyFetchInterval
```
  The remote key refresh interval. Default value: 30 minutes.

Constructor Detail
- OIDCClientInformationEncryptionParametersResolver
```
public OIDCClientInformationEncryptionParametersResolver()
```
  Constructor.

Method Detail

setParameterType
```
public void setParameterType(OIDCClientInformationEncryptionParametersResolver.ParameterType value)
```
Whether to create parameters for request object decryption, id token encryption or userinfo response encryption.

Parameters:

value - Whether to create parameters for request object decryption, id token encryption or userinfo response encryption.

setRemoteJwkSetCache
```
public void setRemoteJwkSetCache(net.shibboleth.oidc.jwk.RemoteJwkSetCache jwkSetCache)
```
Set the cache for remote JWK key sets.

Parameters:

jwkSetCache - What to set.

setKeyFetchInterval

public void setKeyFetchInterval(@Positive
                                Duration interval)

Set the remote key refresh interval.

Parameters:: interval - What to set.

resolveSingle

@Nullable
public EncryptionParameters resolveSingle(@Nonnull
                                          CriteriaSet criteria)
                                   throws ResolverException

Specified by:: resolveSingle in interface Resolver<EncryptionParameters,CriteriaSet>
Overrides:: resolveSingle in class BasicEncryptionParametersResolver
Throws:: ResolverException

resolveAndPopulateCredentialsAndAlgorithms

protected void resolveAndPopulateCredentialsAndAlgorithms(@Nonnull
                                                          EncryptionParameters params,
                                                          @Nonnull
                                                          CriteriaSet criteria,
                                                          @Nonnull
                                                          Predicate<String> whitelistBlacklistPredicate)

Overrides:: resolveAndPopulateCredentialsAndAlgorithms in class BasicEncryptionParametersResolver

generateSymmetricKey
```
private SecretKey generateSymmetricKey(byte[] clientSecret,
                                       com.nimbusds.jose.JWEAlgorithm keyTransportAlgorithm)
                                throws NoSuchAlgorithmException
```
Generate symmetric key from client secret.

Parameters:

clientSecret - client secret that is the basis of key

keyTransportAlgorithm - algorithm the key is generated for

Returns:

key derived from client secret.

Throws:

NoSuchAlgorithmException - if algorithm or digest method is unsupported

Class OIDCClientInformationEncryptionParametersResolver

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class org.opensaml.xmlsec.impl.BasicEncryptionParametersResolver

Methods inherited from class org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver

Methods inherited from class java.lang.Object

Field Detail

log

target

remoteJwkSetCache

keyFetchInterval

Constructor Detail

OIDCClientInformationEncryptionParametersResolver

Method Detail

setParameterType

setRemoteJwkSetCache

setKeyFetchInterval

resolveSingle

resolveAndPopulateCredentialsAndAlgorithms

generateSymmetricKey