SamlIdPObjectSignatureValidator.java

package org.apereo.cas.support.saml.web.idp.profile.builders.enc;

import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.criterion.EntityRoleCriterion;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.metadata.resolver.RoleDescriptorResolver;
import org.opensaml.saml.metadata.resolver.impl.BasicRoleDescriptorResolver;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;

import java.util.List;

/**
 * This is {@link SamlIdPObjectSignatureValidator}.
 *
 * @author Misagh Moayyed
 * @since 5.1.0
 */
public class SamlIdPObjectSignatureValidator extends SamlObjectSignatureValidator {
    private final MetadataResolver casSamlIdPMetadataResolver;

    public SamlIdPObjectSignatureValidator(final List overrideSignatureReferenceDigestMethods, final List overrideSignatureAlgorithms,
                                           final List overrideBlackListedSignatureAlgorithms,
                                           final List overrideWhiteListedAlgorithms,
                                           final MetadataResolver casSamlIdPMetadataResolver) {
        super(overrideSignatureReferenceDigestMethods, overrideSignatureAlgorithms,
                overrideBlackListedSignatureAlgorithms, overrideWhiteListedAlgorithms);
        this.casSamlIdPMetadataResolver = casSamlIdPMetadataResolver;
    }

    @Override
    protected RoleDescriptorResolver getRoleDescriptorResolver(final MetadataResolver resolver, final MessageContext context,
                                                               final RequestAbstractType profileRequest) throws Exception {
        final BasicRoleDescriptorResolver roleDescriptorResolver = new BasicRoleDescriptorResolver(casSamlIdPMetadataResolver);
        roleDescriptorResolver.initialize();
        return roleDescriptorResolver;
    }

    @Override
    protected void buildEntityCriteriaForSigningCredential(final RequestAbstractType profileRequest, final CriteriaSet criteriaSet) {
        criteriaSet.add(new EntityIdCriterion(casSamlIdPMetadataResolver.getId()));
        criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
    }
}