/** {@inheritDoc} */ public String apply(CriteriaSet input) { if (input == null) { return null; } EntityIdCriterion entityIDCrit = input.get(EntityIdCriterion.class); if (entityIDCrit == null) { return null; } return entityIDCrit.getEntityId(); }
/** * Get the effective {@link UsageType} input to use. * * @param criteriaSet the criteria set being processed * @return the effective usage value */ @Nonnull protected UsageType getEffectiveUsageInput(@Nonnull final CriteriaSet criteriaSet) { final UsageCriterion usageCriteria = criteriaSet.get(UsageCriterion.class); if (usageCriteria != null) { return usageCriteria.getUsage(); } else { return UsageType.UNSPECIFIED; } }
/** {@inheritDoc} */ @Override protected boolean doCheckEndpoint(@Nonnull final CriteriaSet criteria, @Nonnull final EndpointType endpoint) { // Make sure the candidate binding, if set, is one of the bindings specified. final BindingCriterion bindingCriterion = criteria.get(BindingCriterion.class); if (bindingCriterion != null && !checkBindingCriterion(bindingCriterion, endpoint)) { return false; } // Compare individual fields to a comparison template. final EndpointCriterion<EndpointType> epCriterion = criteria.get(EndpointCriterion.class); if (epCriterion != null && !checkEndpointCriterion(epCriterion, endpoint)) { return false; } return true; }
/** * Resolve the RoleDescriptor from the criteria. * * @param criteria the input criteria * @return the input role descriptor criterion or null if could not be resolved */ private RoleDescriptor resolveRoleDescriptor(@Nonnull final CriteriaSet criteria) { if (criteria.contains(RoleDescriptorCriterion.class)) { return criteria.get(RoleDescriptorCriterion.class).getRole(); } return null; }
/** {@inheritDoc} */ @Override @Nullable protected String buildRequestURL(@Nonnull final CriteriaSet criteria) { final String entityID = StringSupport.trimOrNull(criteria.get(EntityIdCriterion.class).getEntityId()); if (entityID == null) { return null; } final String url = getRequestURLBuilder().apply(entityID); log.debug("{} URL generated by request builder was: {}", getLogPrefix(), url); return url; }
/** * Verify that the required {@link EndpointCriterion} is present. * * @param criteria input criteria set * * @throws ResolverException if the input set is null or no {@link EndpointCriterion} is present */ private void validateCriteria(@Nullable final CriteriaSet criteria) throws ResolverException { if (criteria == null) { throw new ResolverException("CriteriaSet cannot be null"); } final EndpointCriterion epCriterion = criteria.get(EndpointCriterion.class); if (epCriterion == null) { throw new ResolverException("EndpointCriterion not supplied"); } }
/** {@inheritDoc} */ @Override @Nonnull public Set<String> resolveTrustedNames(final CriteriaSet criteriaSet) throws ResolverException { ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this); checkCriteriaRequirements(criteriaSet); final String entityID = criteriaSet.get(EntityIdCriterion.class).getEntityId(); final EntityRoleCriterion roleCriteria = criteriaSet.get(EntityRoleCriterion.class); final QName role = roleCriteria.getRole(); String protocol = null; final ProtocolCriterion protocolCriteria = criteriaSet.get(ProtocolCriterion.class); if (protocolCriteria != null) { protocol = protocolCriteria.getProtocol(); } final UsageCriterion usageCriteria = criteriaSet.get(UsageCriterion.class); UsageType usage = null; if (usageCriteria != null) { usage = usageCriteria.getUsage(); } else { usage = UsageType.UNSPECIFIED; } final Set<String> trustedNames = new HashSet<>(); trustedNames.addAll(retrieveTrustedNamesFromMetadata(criteriaSet, entityID, role, protocol, usage)); trustedNames.add(entityID); final TrustedNamesCriterion trustedNamesCriterion = criteriaSet.get(TrustedNamesCriterion.class); if (trustedNamesCriterion != null) { trustedNames.addAll(trustedNamesCriterion.getTrustedNames()); } return trustedNames; }
/** {@inheritDoc} */ @Override public Iterable<PKIXValidationInformation> resolve(final CriteriaSet criteriaSet) throws ResolverException { ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this); checkCriteriaRequirements(criteriaSet); final String entityID = criteriaSet.get(EntityIdCriterion.class).getEntityId(); final EntityRoleCriterion roleCriteria = criteriaSet.get(EntityRoleCriterion.class); final QName role = roleCriteria.getRole(); String protocol = null; final ProtocolCriterion protocolCriteria = criteriaSet.get(ProtocolCriterion.class); if (protocolCriteria != null) { protocol = protocolCriteria.getProtocol(); } return retrievePKIXInfoFromMetadata(criteriaSet, entityID, role, protocol); }
/** {@inheritDoc} */ @Nullable @NonnullElements @Unmodifiable @NotLive public Set<MetadataIndexKey> generateKeys(@Nonnull final CriteriaSet criteriaSet) { Constraint.isNotNull(criteriaSet, "CriteriaSet was null"); EntityRoleCriterion roleCrit = criteriaSet.get(EntityRoleCriterion.class); EndpointCriterion<Endpoint> endpointCrit = criteriaSet.get(EndpointCriterion.class); if (roleCrit != null && endpointCrit != null) { HashSet<MetadataIndexKey> result = new HashSet<>(); result.addAll(processCriteria(criteriaSet, roleCrit.getRole(), endpointCrit.getEndpoint())); return result; } else { return null; } }
/** {@inheritDoc} */ @Nullable @NonnullElements @Unmodifiable @NotLive public Set<MetadataIndexKey> generateKeys(@Nonnull CriteriaSet criteriaSet) { Constraint.isNotNull(criteriaSet, "CriteriaSet was null"); EntityRoleCriterion roleCrit = criteriaSet.get(EntityRoleCriterion.class); if (roleCrit != null) { HashSet<MetadataIndexKey> result = new HashSet<>(); result.add(new RoleMetadataIndexKey(roleCrit.getRole())); return result; } else { return null; } }
@Nonnull final Iterable<EntityDescriptor> entityDescriptors, @Nonnull final CriteriaSet criteria) { final EntityRoleCriterion roleCriterion = Constraint.isNotNull(criteria.get(EntityRoleCriterion.class), "EntityRoleCriterion was not supplied"); final ProtocolCriterion protocolCriterion = criteria.get(ProtocolCriterion.class);
/** {@inheritDoc} */ @Override @Nonnull @NonnullElements public Iterable<EndpointType> resolve(@Nullable final CriteriaSet criteria) throws ResolverException { validateCriteria(criteria); if (canUseRequestedEndpoint(criteria)) { final EndpointType endpoint = (EndpointType) criteria.get(EndpointCriterion.class).getEndpoint(); if (doCheckEndpoint(criteria, endpoint)) { return Collections.<EndpointType>singletonList(endpoint); } else { log.debug("{} Requested endpoint was rejected by extended validation process", getLogPrefix()); return Collections.emptyList(); } } final List<EndpointType> candidates = getCandidatesFromMetadata(criteria); final Iterator<EndpointType> i = candidates.iterator(); while (i.hasNext()) { if (!doCheckEndpoint(criteria, i.next())) { i.remove(); } } log.debug("{} {} endpoints remain after filtering process", getLogPrefix(), candidates.size()); return candidates; }
/** * Resolve the entityID from the criteria. * * @param criteria the input criteria * @return the input entityID criterion or null if could not be resolved */ private String resolveEntityID(@Nonnull final CriteriaSet criteria) { if (criteria.contains(EntityIdCriterion.class)) { return criteria.get(EntityIdCriterion.class).getEntityId(); } final EntityDescriptor ed = resolveEntityDescriptor(criteria); if (ed != null) { return ed.getEntityID(); } return null; }
/** * Check that all necessary criteria are available. * * @param criteriaSet the criteria set to evaluate */ protected void checkCriteriaRequirements(final CriteriaSet criteriaSet) { final EntityIdCriterion entityCriteria = Constraint.isNotNull(criteriaSet.get(EntityIdCriterion.class), "EntityIdCriterion must be supplied"); Constraint.isNotNull(StringSupport.trimOrNull(entityCriteria.getEntityId()), "Credential owner entity ID criteria value must be supplied"); final EntityRoleCriterion roleCriteria = Constraint .isNotNull(criteriaSet.get(EntityRoleCriterion.class), "EntityRoleCriterion must be supplied"); Constraint.isNotNull(roleCriteria.getRole(), "Credential entity role criteria value must be supplied"); }
ComponentSupport.ifNotInitializedThrowUninitializedComponentException(this); final EntityIdCriterion entityIdCriterion = criteria.get(EntityIdCriterion.class); final EntityRoleCriterion entityRoleCriterion = criteria.get(EntityRoleCriterion.class); final ProtocolCriterion protocolCriterion = criteria.get(ProtocolCriterion.class);
/** {@inheritDoc} */ @Override @Nullable public EndpointType resolveSingle(@Nullable final CriteriaSet criteria) throws ResolverException { validateCriteria(criteria); if (canUseRequestedEndpoint(criteria)) { final EndpointType endpoint = (EndpointType) criteria.get(EndpointCriterion.class).getEndpoint(); if (doCheckEndpoint(criteria, endpoint)) { return endpoint; } else { log.debug("{} Requested endpoint was rejected by extended validation process", getLogPrefix()); return null; } } for (final EndpointType candidate : getCandidatesFromMetadata(criteria)) { if (doCheckEndpoint(criteria, candidate)) { return candidate; } } log.debug("{} No candidate endpoints met criteria", getLogPrefix()); return null; }
/** * Optimize the case of resolving a single endpoint if a populated endpoint is supplied via * criteria, and validation is unnecessary due to a signed request. Note that this endpoint may * turn out to be unusable by the caller, but that's immaterial because the requester must have * dictated the binding and location, so we're not allowed to ignore that. * * @param criteria input criteria set * * @return true iff the supplied endpoint via {@link EndpointCriterion} should be returned */ private boolean canUseRequestedEndpoint(@Nonnull final CriteriaSet criteria) { final EndpointCriterion epc = criteria.get(EndpointCriterion.class); if (epc.isTrusted()) { final EndpointType requestedEndpoint = (EndpointType) epc.getEndpoint(); if (requestedEndpoint.getBinding() != null && (requestedEndpoint.getLocation() != null || requestedEndpoint.getResponseLocation() != null)) { return true; } } return false; }
final List<XMLObject> digestMethods = getExtensions(criteria.get(RoleDescriptorCriterion.class).getRole(), DigestMethod.DEFAULT_ELEMENT_NAME);
final RoleDescriptor roleDescriptor = criteriaSet.get(RoleDescriptorCriterion.class).getRole(); return resolveFromRoleDescriptor(criteriaSet, roleDescriptor, usage); } else if (criteriaSet.contains(EntityIdCriterion.class) && criteriaSet.contains(EntityRoleCriterion.class)) { final String entityID = criteriaSet.get(EntityIdCriterion.class).getEntityId(); final QName role = criteriaSet.get(EntityRoleCriterion.class).getRole(); final ProtocolCriterion protocolCriteria = criteriaSet.get(ProtocolCriterion.class); if (protocolCriteria != null) { protocol = protocolCriteria.getProtocol();
/** {@inheritDoc} */ @Nullable public Set<MetadataIndexKey> generateKeys(@Nonnull CriteriaSet criteriaSet) { Constraint.isNotNull(criteriaSet, "CriteriaSet was null"); ArtifactCriterion artifactCrit = criteriaSet.get(ArtifactCriterion.class); if (artifactCrit != null) { LazySet<MetadataIndexKey> results = new LazySet<>(); SAMLArtifact artifact = artifactCrit.getArtifact(); if (artifact instanceof SAMLSourceIDArtifact) { results.add(new ArtifactSourceIDMetadataIndexKey(((SAMLSourceIDArtifact)artifact).getSourceID())); } if (artifact instanceof SAMLSourceLocationArtifact) { results.add(new ArtifactSourceLocationMetadataIndexKey( ((SAMLSourceLocationArtifact)artifact).getSourceLocation())); } return results; } else { return null; } }