public class ExtendedSAMLMetadataEncryptionParametersResolver extends SAMLMetadataEncryptionParametersResolver
SAMLMetadataEncryptionParametersResolver that also lets us resolve encryption parameters for
key agreement algorithms.| Constructor and Description |
|---|
ExtendedSAMLMetadataEncryptionParametersResolver(MetadataCredentialResolver resolver)
Constructor.
|
| Modifier and Type | Method and Description |
|---|---|
protected void |
resolveAndPopulateCredentialsAndAlgorithms(EncryptionParameters params,
CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
A copy of SAMLMetadataEncryptionParametersResolver's implementation with some changes for key agreement.
|
protected Pair<String,KeyDerivationMethod> |
resolveKeyAgreementAlgorithm(Credential keyTransportCredential,
CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate,
SAMLMDCredentialContext metadataCredContext)
Resolves the key agreement algorithm to use.
|
protected se.swedenconnect.opensaml.xmlsec.ExtendedSAMLMetadataEncryptionParametersResolver.ResolvedKeyTransport |
resolveKeyTransport(Credential keyTransportCredential,
CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate,
String dataEncryptionAlgorithm,
SAMLMDCredentialContext metadataCredContext)
Resolver that handles both key transport algorithm and key agreement.
|
protected KeyInfoGenerator |
resolveKeyTransportKeyInfoGenerator(CriteriaSet criteria,
Credential keyTransportEncryptionCredential) |
protected String |
resolveKeyWrappingAlgorithm(Credential keyTransportCredential,
CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate,
SAMLMDCredentialContext metadataCredContext)
Resolves the key wrapping algorithm to use.
|
void |
setAlgorithmRegistry(AlgorithmRegistry registry) |
void |
setAutoGenerateDataEncryptionCredential(boolean flag) |
void |
setUseKeyAgreementDefaults(boolean flag)
Tells whether we should rely on that we received an
ExtendedEncryptionConfiguration object among the
criteria. |
credentialSupportsEncryptionMethod, evaluateEncryptionMethodChildren, evaluateRSAOAEPChildren, getMetadataCredentialResolver, isMergeMetadataRSAOAEPParametersWithConfig, populateRSAOAEPParamsFromEncryptionMethod, resolveAndPopulateRSAOAEPParams, resolveDataEncryptionAlgorithm, resolveKeyTransportAlgorithm, setMergeMetadataRSAOAEPParametersWithConfigcredentialSupportsAlgorithm, generateDataEncryptionCredential, getAlgorithmRegistry, getAlgorithmRuntimeSupportedPredicate, getEffectiveDataEncryptionAlgorithms, getEffectiveDataEncryptionCredentials, getEffectiveKeyTransportAlgorithms, getEffectiveKeyTransportCredentials, getWhitelistBlacklistPredicate, isAutoGenerateDataEncryptionCredential, isDataEncryptionAlgorithm, isKeyTransportAlgorithm, logResult, populateRSAOAEPParams, processDataEncryptionCredentialAutoGeneration, resolve, resolveAndPopulateRSAOAEPParams, resolveDataEncryptionAlgorithm, resolveDataEncryptionAlgorithm, resolveDataKeyInfoGenerator, resolveKeyTransportAlgorithm, resolveKeyTransportAlgorithm, resolveKeyTransportAlgorithmPredicate, resolveSingle, validate, validatelookupKeyInfoGenerator, resolveAndPopulateWhiteAndBlacklists, resolveEffectiveBlacklist, resolveEffectiveWhitelist, resolveWhitelistBlacklistPrecedence, resolveWhitelistBlacklistPredicatepublic ExtendedSAMLMetadataEncryptionParametersResolver(MetadataCredentialResolver resolver)
resolver - the metadata credential resolver instance to use to resolve encryption credentialsprotected void resolveAndPopulateCredentialsAndAlgorithms(@Nonnull EncryptionParameters params, @Nonnull CriteriaSet criteria, @Nonnull com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
resolveAndPopulateCredentialsAndAlgorithms in class SAMLMetadataEncryptionParametersResolverprotected se.swedenconnect.opensaml.xmlsec.ExtendedSAMLMetadataEncryptionParametersResolver.ResolvedKeyTransport resolveKeyTransport(@Nonnull Credential keyTransportCredential, @Nonnull CriteriaSet criteria, @Nonnull com.google.common.base.Predicate<String> whitelistBlacklistPredicate, @Nullable String dataEncryptionAlgorithm, @Nullable SAMLMDCredentialContext metadataCredContext)
keyTransportCredential - the peer credentialcriteria - the criteriawhitelistBlacklistPredicate - the whitelist/blacklist predicate to usedataEncryptionAlgorithm - the data encryption algorithm to usemetadataCredContext - the metadata credential context (EncryptionMethod elements)protected String resolveKeyWrappingAlgorithm(@Nonnull Credential keyTransportCredential, @Nonnull CriteriaSet criteria, @Nonnull com.google.common.base.Predicate<String> whitelistBlacklistPredicate, @Nullable SAMLMDCredentialContext metadataCredContext)
keyTransportCredential - the credential we are resolving forcriteria - the criteriawhitelistBlacklistPredicate - the whitelist/blacklist predicate to usemetadataCredContext - the metadata credential contextnull if none is found)protected Pair<String,KeyDerivationMethod> resolveKeyAgreementAlgorithm(@Nonnull Credential keyTransportCredential, @Nonnull CriteriaSet criteria, @Nonnull com.google.common.base.Predicate<String> whitelistBlacklistPredicate, @Nullable SAMLMDCredentialContext metadataCredContext)
keyTransportCredential - the credential we are resolving forcriteria - the criteriawhitelistBlacklistPredicate - the whitelist/blacklist predicate to usemetadataCredContext - the metadata credential contextnull if none is found)@Nullable protected KeyInfoGenerator resolveKeyTransportKeyInfoGenerator(@Nonnull CriteriaSet criteria, @Nullable Credential keyTransportEncryptionCredential)
resolveKeyTransportKeyInfoGenerator in class BasicEncryptionParametersResolverpublic void setAlgorithmRegistry(AlgorithmRegistry registry)
setAlgorithmRegistry in class BasicEncryptionParametersResolverpublic void setAutoGenerateDataEncryptionCredential(boolean flag)
setAutoGenerateDataEncryptionCredential in class BasicEncryptionParametersResolverpublic void setUseKeyAgreementDefaults(boolean flag)
ExtendedEncryptionConfiguration object among the
criteria. If we want to function in an environment where the caller doesn't know anything about
ExtendedEncryptionConfiguration we can set this property to true. In that case, our resolving will
assume that default key agreement methods are available if no ExtendedEncryptionConfiguration is passed
among the criteria.flag - whether we should assume a set of key agreement methods (if no ExtendedEncryptionConfiguration is
passed)Copyright © 2020 Sweden Connect. All rights reserved.