Package se.swedenconnect.opensaml.saml2.metadata

Class AbstractMetadataContainer<T extends org.opensaml.saml.saml2.common.TimeBoundSAMLObject & org.opensaml.saml.common.SignableSAMLObject & org.opensaml.saml.saml2.common.CacheableSAMLObject>

java.lang.Object
se.swedenconnect.opensaml.saml2.metadata.AbstractMetadataContainer<T>
Type Parameters:
T - the contained type
All Implemented Interfaces:
MetadataContainer<T>
Direct Known Subclasses:
EntitiesDescriptorContainer, EntityDescriptorContainer
public abstract class AbstractMetadataContainer<T extends org.opensaml.saml.saml2.common.TimeBoundSAMLObject & org.opensaml.saml.common.SignableSAMLObject & org.opensaml.saml.saml2.common.CacheableSAMLObject> extends Object implements MetadataContainer<T>
Abstract base class for the MetadataContainer interface.
Author:
Martin Lindström (martin@idsec.se)

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final int
    DEFAULT_DESCRIPTOR_ID_SIZE
    Default size for the ID attribute string.
    static final float
    DEFAULT_UPDATE_FACTOR
    The default update factor for the metadata - 0,75 (75%), i.e.
    static final Duration
    DEFAULT_VALIDITY
    The default validity for metadata - one week.
    protected T
    descriptor
    The encapsulated descriptor element.
    protected int
    idSize
    The size of the ID attribute string.
    protected org.opensaml.security.x509.X509Credential
    signatureCredentials
    The signature credentials for signing the metadata entry.
    protected org.opensaml.xmlsec.SignatureSigningConfiguration
    signingConfiguration
    Optional signing configuration.
    protected float
    updateFactor
    The update factor.
    protected Duration
    validity
    The validity time for created entries.

  • Constructor Summary

    Constructors
    Constructor
    Description
    AbstractMetadataContainer(T descriptor, org.opensaml.security.x509.X509Credential signatureCredentials)
    Constructor assigning the encapsulated descriptor element.

  • Method Summary

    Modifier and Type
    Method
    Description
    protected abstract void
    assignID(T descriptor, String id)
    Assigns the supplied id to the ID attribute of the descriptor.
    T
    cloneDescriptor()
    Returns a deep clone of the descriptor element that is encapsulated by this object.
    T
    getDescriptor()
    Returns the metadata element that is encapsulated by this object.
    protected abstract String
    getID(T descriptor)
    Returns the ID attribute of the supplied descriptor.
    int
    getIdSize()
    Returns the size of the ID attribute that is generated.
    protected abstract String
    getLogString(T descriptor)
    Returns a log string of the supplied descriptor.
    float
    getUpdateFactor()
    Returns the factor (between 0 and 1) that is used to compute whether it is time to update the contained descriptor.
    Duration
    getValidity()
    Returns the duration of the validity that the encapsulated descriptor has.
    Element
    marshall()
    Marshals the encapsulated descriptor into its XML representation.
    void
    setIdSize(int idSize)
    Assigns the size of the ID attribute that is generated.
    void
    setSigningConfiguration(org.opensaml.xmlsec.SignatureSigningConfiguration signingConfiguration)
    Assigns a custom SignatureSigningConfiguration.
    void
    setUpdateFactor(float updateFactor)
    Assigns the factor (between 0 and 1) that is used to compute whether it is time to update the contained descriptor.
    void
    setValidity(Duration validity)
    Assigns the duration of the validity that the encapsulated EntityDescriptor should have.
    T
    sign()
    Signs the encapsulated descriptor using the signature credentials configured for this object.
    T
    update(boolean sign)
    Updates the encapsulated descriptor with a newly generated ID, a validity time according to this object's configuration, and then optionally signs the record.
    boolean
    updateRequired(boolean signatureRequired)
    Predicate that returns true if the contained descriptor needs to be updated regarding its signature status and validity.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • DEFAULT_VALIDITY

      public static final Duration DEFAULT_VALIDITY
      The default validity for metadata - one week.

    • DEFAULT_UPDATE_FACTOR

      public static final float DEFAULT_UPDATE_FACTOR
      The default update factor for the metadata - 0,75 (75%), i.e. "update the metadata when less than 75% of its original validity time remains".
      See Also:

    • DEFAULT_DESCRIPTOR_ID_SIZE

      public static final int DEFAULT_DESCRIPTOR_ID_SIZE
      Default size for the ID attribute string.
      See Also:

    • descriptor

      protected T extends org.opensaml.saml.saml2.common.TimeBoundSAMLObject & org.opensaml.saml.common.SignableSAMLObject & org.opensaml.saml.saml2.common.CacheableSAMLObject descriptor
      The encapsulated descriptor element.

    • validity

      protected Duration validity
      The validity time for created entries.

    • updateFactor

      protected float updateFactor
      The update factor.

    • idSize

      protected int idSize
      The size of the ID attribute string.

    • signatureCredentials

      protected org.opensaml.security.x509.X509Credential signatureCredentials
      The signature credentials for signing the metadata entry.

    • signingConfiguration

      protected org.opensaml.xmlsec.SignatureSigningConfiguration signingConfiguration
      Optional signing configuration.

  • Constructor Details

    • AbstractMetadataContainer

      public AbstractMetadataContainer(T descriptor, org.opensaml.security.x509.X509Credential signatureCredentials)
      Constructor assigning the encapsulated descriptor element.
      Parameters:
      descriptor - the descriptor object
      signatureCredentials - the signature credentials for signing the descriptor. May be null, but then no signing will be possible

  • Method Details

    • getDescriptor

      public T getDescriptor()
      Returns the metadata element that is encapsulated by this object.
      Specified by:
      getDescriptor in interface MetadataContainer<T extends org.opensaml.saml.saml2.common.TimeBoundSAMLObject & org.opensaml.saml.common.SignableSAMLObject & org.opensaml.saml.saml2.common.CacheableSAMLObject>
      Returns:
      a descriptor object

    • cloneDescriptor

      public T cloneDescriptor() throws org.opensaml.core.xml.io.MarshallingException, org.opensaml.core.xml.io.UnmarshallingException
      Returns a deep clone of the descriptor element that is encapsulated by this object.
      Specified by:
      cloneDescriptor in interface MetadataContainer<T extends org.opensaml.saml.saml2.common.TimeBoundSAMLObject & org.opensaml.saml.common.SignableSAMLObject & org.opensaml.saml.saml2.common.CacheableSAMLObject>
      Returns:
      an copied descriptor object
      Throws:
      org.opensaml.core.xml.io.MarshallingException - for marshalling errors of the object
      org.opensaml.core.xml.io.UnmarshallingException - for unmarshalling errors of the object

    • updateRequired

      public boolean updateRequired(boolean signatureRequired)
      Predicate that returns true if the contained descriptor needs to be updated regarding its signature status and validity. The method will also take into account the update interval configured for this instance of the container.
      Specified by:
      updateRequired in interface MetadataContainer<T extends org.opensaml.saml.saml2.common.TimeBoundSAMLObject & org.opensaml.saml.common.SignableSAMLObject & org.opensaml.saml.saml2.common.CacheableSAMLObject>
      Parameters:
      signatureRequired - should be set if signatures are required for an entry to be regarded valid
      Returns:
      if the encapsulated descriptor needs to be updated true is returned, otherwise false

    • update

      public T update(boolean sign) throws org.opensaml.xmlsec.signature.support.SignatureException, org.opensaml.core.xml.io.MarshallingException
      Updates the encapsulated descriptor with a newly generated ID, a validity time according to this object's configuration, and then optionally signs the record.
      Specified by:
      update in interface MetadataContainer<T extends org.opensaml.saml.saml2.common.TimeBoundSAMLObject & org.opensaml.saml.common.SignableSAMLObject & org.opensaml.saml.saml2.common.CacheableSAMLObject>
      Parameters:
      sign - flag that should be set if the metadata is to be signed
      Returns:
      a reference to the resulting descriptor object
      Throws:
      org.opensaml.xmlsec.signature.support.SignatureException - for signature errors
      org.opensaml.core.xml.io.MarshallingException - for marshalling errors
      See Also:

    • sign

      public T sign() throws org.opensaml.xmlsec.signature.support.SignatureException, org.opensaml.core.xml.io.MarshallingException
      Signs the encapsulated descriptor using the signature credentials configured for this object.
      Specified by:
      sign in interface MetadataContainer<T extends org.opensaml.saml.saml2.common.TimeBoundSAMLObject & org.opensaml.saml.common.SignableSAMLObject & org.opensaml.saml.saml2.common.CacheableSAMLObject>
      Returns:
      a reference to the resulting descriptor object
      Throws:
      org.opensaml.xmlsec.signature.support.SignatureException - for signature errors
      org.opensaml.core.xml.io.MarshallingException - for marshalling errors
      See Also:

    • marshall

      public Element marshall() throws org.opensaml.core.xml.io.MarshallingException
      Marshals the encapsulated descriptor into its XML representation.
      Specified by:
      marshall in interface MetadataContainer<T extends org.opensaml.saml.saml2.common.TimeBoundSAMLObject & org.opensaml.saml.common.SignableSAMLObject & org.opensaml.saml.saml2.common.CacheableSAMLObject>
      Returns:
      an XML element
      Throws:
      org.opensaml.core.xml.io.MarshallingException - for marshalling errors

    • getValidity

      public Duration getValidity()
      Returns the duration of the validity that the encapsulated descriptor has.
      Specified by:
      getValidity in interface MetadataContainer<T extends org.opensaml.saml.saml2.common.TimeBoundSAMLObject & org.opensaml.saml.common.SignableSAMLObject & org.opensaml.saml.saml2.common.CacheableSAMLObject>
      Returns:
      the validity time for the metadata

    • setValidity

      public void setValidity(Duration validity)
      Assigns the duration of the validity that the encapsulated EntityDescriptor should have.

      The default value is DEFAULT_VALIDITY.

      Parameters:
      validity - the validity

    • getUpdateFactor

      public float getUpdateFactor()
      Returns the factor (between 0 and 1) that is used to compute whether it is time to update the contained descriptor. The higher the factor, the more often the metadata is updated. The "is update required" computation is calculated as follows: 
      
 if (expireInstant > now) {
   return <update-required>
 }
 else {
   return (updateFactor * getValidity()) > (expireInstant - now) ? <update-required> : <no-update-required>
 }
      The easiest way to get the meaning of the update factor is perhaps using words. Suppose the update factor is 0,5, then the meaning is: "update the metadata when less than 50% of its original validity time remains".
      Specified by:
      getUpdateFactor in interface MetadataContainer<T extends org.opensaml.saml.saml2.common.TimeBoundSAMLObject & org.opensaml.saml.common.SignableSAMLObject & org.opensaml.saml.saml2.common.CacheableSAMLObject>
      Returns:
      the update factor

    • setUpdateFactor

      public void setUpdateFactor(float updateFactor)
      Assigns the factor (between 0 and 1) that is used to compute whether it is time to update the contained descriptor.

      The default value is DEFAULT_UPDATE_FACTOR.

      Parameters:
      updateFactor - the update factor
      See Also:

    • getIdSize

      public int getIdSize()
      Returns the size of the ID attribute that is generated.
      Returns:
      the size

    • setIdSize

      public void setIdSize(int idSize)
      Assigns the size of the ID attribute that is generated.

      The default value is DEFAULT_DESCRIPTOR_ID_SIZE.

      Parameters:
      idSize - the size

    • setSigningConfiguration

      public void setSigningConfiguration(org.opensaml.xmlsec.SignatureSigningConfiguration signingConfiguration)
      Assigns a custom SignatureSigningConfiguration.
      Parameters:
      signingConfiguration - a SignatureSigningConfiguration

    • getID

      protected abstract String getID(T descriptor)
      Returns the ID attribute of the supplied descriptor.
      Parameters:
      descriptor - the descriptor
      Returns:
      the ID attribute

    • assignID

      protected abstract void assignID(T descriptor, String id)
      Assigns the supplied id to the ID attribute of the descriptor.
      Parameters:
      descriptor - the descriptor
      id - the ID attribute value

    • getLogString

      protected abstract String getLogString(T descriptor)
      Returns a log string of the supplied descriptor.
      Parameters:
      descriptor - the descriptor
      Returns:
      the log string