public class BasicEncryptionParametersResolver extends AbstractSecurityParametersResolver<EncryptionParameters> implements EncryptionParametersResolver
EncryptionParametersResolver
.
The following Criterion
inputs are supported:
EncryptionConfigurationCriterion
- requiredKeyInfoGenerationProfileCriterion
- optionalConstructor and Description |
---|
BasicEncryptionParametersResolver()
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected boolean |
credentialSupportsAlgorithm(Credential credential,
String algorithm)
Evaluate whether the specified credential is supported for use with the specified algorithm URI.
|
protected Credential |
generateDataEncryptionCredential(String dataEncryptionAlgorithm)
Generate a random data encryption symmetric key credential.
|
AlgorithmRegistry |
getAlgorithmRegistry()
Get the
AlgorithmRegistry instance used when resolving algorithm URIs. |
protected com.google.common.base.Predicate<String> |
getAlgorithmRuntimeSupportedPredicate()
Get a predicate which evaluates whether a cryptographic algorithm is supported
by the runtime environment.
|
protected List<String> |
getEffectiveDataEncryptionAlgorithms(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
Get the effective list of data encryption algorithm URIs to consider, including application of
whitelist/blacklist policy.
|
protected List<Credential> |
getEffectiveDataEncryptionCredentials(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
Get the effective list of data encryption credentials to consider.
|
protected List<String> |
getEffectiveKeyTransportAlgorithms(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
Get the effective list of key transport algorithm URIs to consider, including application of
whitelist/blacklist policy.
|
protected List<Credential> |
getEffectiveKeyTransportCredentials(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
Get the effective list of key transport credentials to consider.
|
protected com.google.common.base.Predicate<String> |
getWhitelistBlacklistPredicate(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
Get a predicate which implements the effective configured whitelist/blacklist policy.
|
boolean |
isAutoGenerateDataEncryptionCredential()
Get whether an this resolver should auto-generate data encryption credentials.
|
protected boolean |
isDataEncryptionAlgorithm(String algorithm)
Evaluate whether the specified algorithm is a data encryption algorithm.
|
protected boolean |
isKeyTransportAlgorithm(String algorithm)
Evaluate whether the specified algorithm is a key transport algorithm.
|
protected void |
logResult(EncryptionParameters params)
Log the resolved parameters.
|
protected void |
populateRSAOAEPParams(RSAOAEPParameters rsaParams,
net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
Populate an instance of
RSAOAEPParameters based on data from the supplied instances
of EncryptionConfiguration . |
protected void |
processDataEncryptionCredentialAutoGeneration(EncryptionParameters params)
Auto-generate and populate a data encryption credential, if configured and required conditions
are met.
|
Iterable<EncryptionParameters> |
resolve(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria) |
protected void |
resolveAndPopulateCredentialsAndAlgorithms(EncryptionParameters params,
net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
Resolve and populate the data encryption and key transport credentials and algorithm URIs.
|
protected void |
resolveAndPopulateRSAOAEPParams(EncryptionParameters params,
net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
Resolve and populate an instance of
RSAOAEPParameters , if appropriate for the selected
key transport encryption algorithm. |
protected String |
resolveDataEncryptionAlgorithm(Credential dataEncryptionCredential,
net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
Determine the data encryption algorithm URI to use with the specified data encryption credential.
|
protected String |
resolveDataEncryptionAlgorithm(Credential dataEncryptionCredential,
List<String> dataEncryptionAlgorithms)
Determine the data encryption algorithm URI, considering the optionally specified data encryption credential.
|
protected KeyInfoGenerator |
resolveDataKeyInfoGenerator(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
Credential dataEncryptionCredential)
Resolve and return the
KeyInfoGenerator instance to use with the specified data encryption credential. |
protected String |
resolveKeyTransportAlgorithm(Credential keyTransportCredential,
net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
com.google.common.base.Predicate<String> whitelistBlacklistPredicate,
String dataEncryptionAlgorithm)
Determine the key transport algorithm URI to use with the specified credential.
|
protected String |
resolveKeyTransportAlgorithm(Credential keyTransportCredential,
List<String> keyTransportAlgorithms,
String dataEncryptionAlgorithm,
KeyTransportAlgorithmPredicate keyTransportPredicate)
Determine the key transport encryption algorithm URI to use with the specified key transport credential
and optional data encryption algorithm URI.
|
protected KeyTransportAlgorithmPredicate |
resolveKeyTransportAlgorithmPredicate(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
Resolve the optional effectively configured instance of
KeyTransportAlgorithmPredicate to use. |
protected KeyInfoGenerator |
resolveKeyTransportKeyInfoGenerator(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria,
Credential keyTransportEncryptionCredential)
Resolve and return the
KeyInfoGenerator instance to use with the specified key transport credential. |
EncryptionParameters |
resolveSingle(net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria) |
void |
setAlgorithmRegistry(AlgorithmRegistry registry)
Set the
AlgorithmRegistry instance used when resolving algorithm URIs. |
void |
setAutoGenerateDataEncryptionCredential(boolean flag)
Set whether an this resolver should auto-generate data encryption credentials.
|
protected boolean |
validate(EncryptionParameters params)
Validate that the
EncryptionParameters instance has all the required properties populated. |
lookupKeyInfoGenerator, resolveAndPopulateWhiteAndBlacklists, resolveEffectiveBlacklist, resolveEffectiveWhitelist, resolveWhitelistBlacklistPrecedence, resolveWhitelistBlacklistPredicate
public BasicEncryptionParametersResolver()
public AlgorithmRegistry getAlgorithmRegistry()
AlgorithmRegistry
instance used when resolving algorithm URIs. Defaults to
the registry resolved via AlgorithmSupport.getGlobalAlgorithmRegistry()
.public void setAlgorithmRegistry(@Nonnull AlgorithmRegistry registry)
AlgorithmRegistry
instance used when resolving algorithm URIs. Defaults to
the registry resolved via AlgorithmSupport.getGlobalAlgorithmRegistry()
.registry
- the new algorithm registry instancepublic boolean isAutoGenerateDataEncryptionCredential()
public void setAutoGenerateDataEncryptionCredential(boolean flag)
flag
- true if should auto-generate, false otherwise@Nonnull public Iterable<EncryptionParameters> resolve(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria) throws net.shibboleth.utilities.java.support.resolver.ResolverException
resolve
in interface net.shibboleth.utilities.java.support.resolver.Resolver<EncryptionParameters,net.shibboleth.utilities.java.support.resolver.CriteriaSet>
net.shibboleth.utilities.java.support.resolver.ResolverException
@Nullable public EncryptionParameters resolveSingle(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria) throws net.shibboleth.utilities.java.support.resolver.ResolverException
resolveSingle
in interface net.shibboleth.utilities.java.support.resolver.Resolver<EncryptionParameters,net.shibboleth.utilities.java.support.resolver.CriteriaSet>
net.shibboleth.utilities.java.support.resolver.ResolverException
protected void logResult(@Nonnull EncryptionParameters params)
params
- the resolved paramprotected boolean validate(@Nonnull EncryptionParameters params)
EncryptionParameters
instance has all the required properties populated.params
- the parameters instance to evaluate@Nonnull protected com.google.common.base.Predicate<String> getWhitelistBlacklistPredicate(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
criteria
- the input criteria being evaluatedprotected void resolveAndPopulateCredentialsAndAlgorithms(@Nonnull EncryptionParameters params, @Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, @Nonnull com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
params
- the params instance being populatedcriteria
- the input criteria being evaluatedwhitelistBlacklistPredicate
- the whitelist/blacklist predicate with which to evaluate the
candidate data encryption and key transport algorithm URIsprotected void resolveAndPopulateRSAOAEPParams(@Nonnull EncryptionParameters params, @Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, @Nonnull com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
RSAOAEPParameters
, if appropriate for the selected
key transport encryption algorithm.params
- the params instance being populatedcriteria
- the input criteria being evaluatedwhitelistBlacklistPredicate
- the whitelist/blacklist predicate with which to evaluate the
candidate data encryption and key transport algorithm URIsprotected void populateRSAOAEPParams(@Nonnull RSAOAEPParameters rsaParams, @Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, @Nonnull com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
RSAOAEPParameters
based on data from the supplied instances
of EncryptionConfiguration
.rsaParams
- the existing RSAOAEPParameters instance being populatedcriteria
- the input criteria being evaluatedwhitelistBlacklistPredicate
- the whitelist/blacklist predicate with which to evaluate the
candidate data encryption and key transport algorithm URIs@Nullable protected KeyTransportAlgorithmPredicate resolveKeyTransportAlgorithmPredicate(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
KeyTransportAlgorithmPredicate
to use.criteria
- the input criteria being evaluated@Nullable protected String resolveKeyTransportAlgorithm(@Nonnull Credential keyTransportCredential, @Nonnull List<String> keyTransportAlgorithms, @Nullable String dataEncryptionAlgorithm, @Nullable KeyTransportAlgorithmPredicate keyTransportPredicate)
keyTransportCredential
- the key transport credential being evaluatedkeyTransportAlgorithms
- the list of effective key transport algorithms to evaluatedataEncryptionAlgorithm
- the optional data encryption algorithm URI to considerkeyTransportPredicate
- the optional key transport algorithm predicate to evaluate@Nullable protected String resolveKeyTransportAlgorithm(@Nonnull Credential keyTransportCredential, @Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, @Nonnull com.google.common.base.Predicate<String> whitelistBlacklistPredicate, @Nullable String dataEncryptionAlgorithm)
keyTransportCredential
- the key transport credential to evaluatecriteria
- the criteria instance being evaluatedwhitelistBlacklistPredicate
- the whitelist/blacklist predicate with which to evaluate the
candidate data encryption and key transport algorithm URIsdataEncryptionAlgorithm
- the optional data encryption algorithm URI to consider@Nullable protected String resolveDataEncryptionAlgorithm(@Nullable Credential dataEncryptionCredential, @Nonnull List<String> dataEncryptionAlgorithms)
dataEncryptionCredential
- the data encryption credential being evaluated, may be nulldataEncryptionAlgorithms
- the list of effective data encryption algorithms to evaluate@Nullable protected String resolveDataEncryptionAlgorithm(@Nonnull Credential dataEncryptionCredential, @Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, @Nonnull com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
dataEncryptionCredential
- the data encryption credential to evaluatecriteria
- the criteria instance being evaluatedwhitelistBlacklistPredicate
- the whitelist/blacklist predicate with which to evaluate the
candidate data encryption and key transport algorithm URIs@Nonnull protected List<Credential> getEffectiveDataEncryptionCredentials(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
criteria
- the input criteria being evaluated@Nonnull protected List<String> getEffectiveDataEncryptionAlgorithms(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, @Nonnull com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
criteria
- the input criteria being evaluatedwhitelistBlacklistPredicate
- the whitelist/blacklist predicate to use@Nonnull protected List<Credential> getEffectiveKeyTransportCredentials(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria)
criteria
- the input criteria being evaluated@Nonnull protected List<String> getEffectiveKeyTransportAlgorithms(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, @Nonnull com.google.common.base.Predicate<String> whitelistBlacklistPredicate)
criteria
- the input criteria being evaluatedwhitelistBlacklistPredicate
- the whitelist/blacklist predicate to use@Nullable protected KeyInfoGenerator resolveDataKeyInfoGenerator(@Nullable net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, @Nullable Credential dataEncryptionCredential)
KeyInfoGenerator
instance to use with the specified data encryption credential.criteria
- the input criteria being evaluateddataEncryptionCredential
- the credential being evaluated@Nullable protected KeyInfoGenerator resolveKeyTransportKeyInfoGenerator(@Nonnull net.shibboleth.utilities.java.support.resolver.CriteriaSet criteria, @Nullable Credential keyTransportEncryptionCredential)
KeyInfoGenerator
instance to use with the specified key transport credential.criteria
- the input criteria being evaluatedkeyTransportEncryptionCredential
- the credential being evaluated@Nonnull protected com.google.common.base.Predicate<String> getAlgorithmRuntimeSupportedPredicate()
protected boolean credentialSupportsAlgorithm(@Nonnull Credential credential, @Nonnull @NotEmpty String algorithm)
credential
- the credential to evaluatealgorithm
- the algorithm URI to evaluateprotected boolean isKeyTransportAlgorithm(@Nonnull String algorithm)
algorithm
- the algorithm URI to evaluateprotected boolean isDataEncryptionAlgorithm(String algorithm)
algorithm
- the algorithm URI to evaluate@Nullable protected Credential generateDataEncryptionCredential(@Nonnull String dataEncryptionAlgorithm)
dataEncryptionAlgorithm
- the data encryption algorithm URIprotected void processDataEncryptionCredentialAutoGeneration(@Nonnull EncryptionParameters params)
params
- the encryption parameters instance to processCopyright © 2018. All rights reserved.