Package net.shibboleth.idp.plugin.oidc.op.security.impl

Class OIDCClientInformationSignatureSigningParametersResolver

java.lang.Object

org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver<SignatureSigningParameters>

org.opensaml.xmlsec.impl.BasicSignatureSigningParametersResolver

net.shibboleth.idp.plugin.oidc.op.security.impl.OIDCClientInformationSignatureSigningParametersResolver

All Implemented Interfaces:

Resolver<SignatureSigningParameters,CriteriaSet>, SignatureSigningParametersResolver

public class OIDCClientInformationSignatureSigningParametersResolver
extends BasicSignatureSigningParametersResolver

A specialization of BasicSignatureSigningParametersResolver which supports selecting signing credentials based on client registration data and instantiating HS credentials when needed. If the resolver fails to resolve credentials it leaves the job to the hands of the super class method.

In addition to the Criterion inputs documented in BasicSignatureSigningParametersResolver, the following inputs are also supported:

• ClientInformationCriterion - optional

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	OIDCClientInformationSignatureSigningParametersResolver.ParameterType	Whether to create parameters for id token signing or userinfo response signing.

Field Summary

Fields

Modifier and Type	Field	Description
private org.slf4j.Logger	log	Logger.
private OIDCClientInformationSignatureSigningParametersResolver.ParameterType	target	The type of signing: id_token or userinfo response.

Constructor Summary

Constructors

Constructor	Description
OIDCClientInformationSignatureSigningParametersResolver()

Method Summary

Modifier and Type	Method	Description
private boolean	curveMatchesESAlgorithm(com.nimbusds.jose.jwk.Curve curve, com.nimbusds.jose.JWSAlgorithm algorithm)	Helper to match ECKey curve to JWS algorithm ES256, ES384 and ES512.
protected void	resolveAndPopulateCredentialAndSignatureAlgorithm(SignatureSigningParameters params, CriteriaSet criteria, Predicate<String> whitelistBlacklistPredicate)
SignatureSigningParameters	resolveSingle(CriteriaSet criteria)
void	setParameterType(OIDCClientInformationSignatureSigningParametersResolver.ParameterType value)	Whether to create parameters for id token signing or userinfo response signing.
protected boolean	validate(SignatureSigningParameters params)

Methods inherited from class org.opensaml.xmlsec.impl.BasicSignatureSigningParametersResolver

credentialSupportsAlgorithm, getAlgorithmRegistry, getAlgorithmRuntimeSupportedPredicate, getEffectiveSignatureAlgorithms, getEffectiveSigningCredentials, getIncludeExcludePredicate, getWhitelistBlacklistPredicate, logResult, resolve, resolveCanonicalizationAlgorithm, resolveHMACOutputLength, resolveKeyInfoGenerator, resolveReferenceCanonicalizationAlgorithm, resolveReferenceDigestMethod, setAlgorithmRegistry

Methods inherited from class org.opensaml.xmlsec.impl.AbstractSecurityParametersResolver

lookupKeyInfoGenerator, resolveAndPopulateIncludesExcludes, resolveEffectiveExcludes, resolveEffectiveIncludes, resolveIncludeExcludePrecedence, resolveIncludeExcludePredicate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

@Nonnull
private org.slf4j.Logger log

Logger.

target

private OIDCClientInformationSignatureSigningParametersResolver.ParameterType target

The type of signing: id_token or userinfo response.

Constructor Detail

OIDCClientInformationSignatureSigningParametersResolver

public OIDCClientInformationSignatureSigningParametersResolver()

Method Detail

setParameterType

public void setParameterType(OIDCClientInformationSignatureSigningParametersResolver.ParameterType value)

Whether to create parameters for id token signing or userinfo response signing.

Parameters:

value - Whether to create parameters for request object signature validation, id token signing or userinfo response signing.

resolveSingle

@Nullable
public SignatureSigningParameters resolveSingle(@Nonnull
                                                CriteriaSet criteria)
                                         throws ResolverException

Specified by:

resolveSingle in interface Resolver<SignatureSigningParameters,CriteriaSet>

Overrides:

resolveSingle in class BasicSignatureSigningParametersResolver

Throws:

ResolverException

curveMatchesESAlgorithm

private boolean curveMatchesESAlgorithm(com.nimbusds.jose.jwk.Curve curve,
                                        com.nimbusds.jose.JWSAlgorithm algorithm)

Helper to match ECKey curve to JWS algorithm ES256, ES384 and ES512.

Parameters:

curve - curve to match.

algorithm - algorithm to match.

Returns:

true if key curve matches algorithm, otherwise false.

resolveAndPopulateCredentialAndSignatureAlgorithm

protected void resolveAndPopulateCredentialAndSignatureAlgorithm(@Nonnull
                                                                 SignatureSigningParameters params,
                                                                 @Nonnull
                                                                 CriteriaSet criteria,
                                                                 @Nonnull
                                                                 Predicate<String> whitelistBlacklistPredicate)

Overrides:

resolveAndPopulateCredentialAndSignatureAlgorithm in class BasicSignatureSigningParametersResolver

validate

protected boolean validate(@Nonnull
                           SignatureSigningParameters params)

Overrides:

validate in class BasicSignatureSigningParametersResolver