SAMLMDClientCertAuthSecurityHandler (opensaml-project 3.1.1 API)

java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - org.opensaml.messaging.handler.AbstractMessageHandler
  - - org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler<X509Credential>
    - - org.opensaml.security.messaging.impl.BaseClientCertAuthSecurityHandler
      - org.opensaml.saml.common.binding.security.impl.SAMLMDClientCertAuthSecurityHandler

All Implemented Interfaces:

net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, MessageHandler
```
public class SAMLMDClientCertAuthSecurityHandler
extends BaseClientCertAuthSecurityHandler
```
SAML specialization of BaseClientCertAuthSecurityHandler which provides support for X509Credential trust engine validation based on SAML metadata.

Constructor Summary

Constructors
Constructor and Description

SAMLMDClientCertAuthSecurityHandler()

Constructors
Constructor and Description
`SAMLMDClientCertAuthSecurityHandler()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected net.shibboleth.utilities.java.support.resolver.CriteriaSet`	`buildCriteriaSet(String entityID, MessageContext messageContext)` Subclasses are required to implement this method to build a criteria set for the trust engine according to trust engine and application-specific needs.
`protected String`	`getCertificatePresenterEntityID(MessageContext messageContext)` Get the entity ID of the presenter of the client TLS certificate, as will be used for trust evaluation purposes.
`protected void`	`setAuthenticatedCertificatePresenterEntityID(MessageContext messageContext, String entityID)` Store the successfully authenticated derived entity ID of the certificate presenter in the message context.
`protected void`	`setAuthenticatedState(MessageContext messageContext, boolean authenticated)` Store the indicated message authentication state in the message context.

Methods inherited from class org.opensaml.security.messaging.impl.BaseClientCertAuthSecurityHandler
doEvaluate, doInitialize, doInvoke, doPreInvoke, evaluateCertificateNameDerivedPresenters, evaluateDerivedPresenters, evaluateSubjectAltNames, evaluateSubjectCommonName, evaluateSubjectDN, getAltNames, getCertificateNameOptions, getCommonName, getHttpServletRequest, getSubjectName, resolveTrustEngine, setHttpServletRequest

Methods inherited from class org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler
evaluate, evaluate, getTrustEngine

Methods inherited from class org.opensaml.messaging.handler.AbstractMessageHandler
doPostInvoke, doPostInvoke, getLogPrefix, invoke

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

- Constructor Detail
  - SAMLMDClientCertAuthSecurityHandler
```
public SAMLMDClientCertAuthSecurityHandler()
```
- Method Detail
  - buildCriteriaSet
```
@Nonnull
protected net.shibboleth.utilities.java.support.resolver.CriteriaSet buildCriteriaSet(@Nullable
                                                                                               String entityID,
                                                                                               @Nonnull
                                                                                               MessageContext messageContext)
                                                                                        throws MessageHandlerException
```
    Subclasses are required to implement this method to build a criteria set for the trust engine according to trust engine and application-specific needs.
    
    Overrides:
    
    buildCriteriaSet in class BaseClientCertAuthSecurityHandler
    
    Parameters:
    
    entityID - the candidate issuer entity ID which is being evaluated
    
    messageContext - the message context which is being evaluated
    
    Returns:
    
    a newly constructly set of criteria suitable for the configured trust engine
    
    Throws:
    
    MessageHandlerException - thrown if criteria set can not be constructed
  - getCertificatePresenterEntityID
```
@Nullable
protected String getCertificatePresenterEntityID(@Nonnull
                                                           MessageContext messageContext)
```
    Get the entity ID of the presenter of the client TLS certificate, as will be used for trust evaluation purposes.
    This tends to be performed in a protcol-specific manner, so it is therefore abstract and must be implemented in a concrete subclass.
    
    Specified by:
    
    getCertificatePresenterEntityID in class BaseClientCertAuthSecurityHandler
    
    Parameters:
    
    messageContext - the current message context
    
    Returns:
    
    the entity ID of the client TLS certificate presenter
  - setAuthenticatedCertificatePresenterEntityID
```
protected void setAuthenticatedCertificatePresenterEntityID(@Nonnull
                                                            MessageContext messageContext,
                                                            @Nullable
                                                            String entityID)
```
    Store the successfully authenticated derived entity ID of the certificate presenter in the message context.
    This tends to be performed in a protocol-specific manner, so it is therefore abstract and must be implemented in a concrete subclass.
    
    Specified by:
    
    setAuthenticatedCertificatePresenterEntityID in class BaseClientCertAuthSecurityHandler
    
    Parameters:
    
    messageContext - the current message context
    
    entityID - the successfully authenticated derived entity ID of the client TLS certificate presenter
  - setAuthenticatedState
```
protected void setAuthenticatedState(@Nonnull
                                     MessageContext messageContext,
                                     boolean authenticated)
```
    Store the indicated message authentication state in the message context.
    This tends to be performed in a protocol-specific manner, so it is therefore abstract and must be implemented in a concrete subclass.
    
    Specified by:
    
    setAuthenticatedState in class BaseClientCertAuthSecurityHandler
    
    Parameters:
    
    messageContext - the current message context
    
    authenticated - flag indicating what authentication state to store

Class SAMLMDClientCertAuthSecurityHandler

Constructor Summary

Method Summary

Methods inherited from class org.opensaml.security.messaging.impl.BaseClientCertAuthSecurityHandler

Methods inherited from class org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler

Methods inherited from class org.opensaml.messaging.handler.AbstractMessageHandler

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

Constructor Detail

SAMLMDClientCertAuthSecurityHandler

Method Detail

buildCriteriaSet

getCertificatePresenterEntityID

setAuthenticatedCertificatePresenterEntityID

setAuthenticatedState