Package se.swedenconnect.opensaml.sweid.saml2.signservice

Class SADFactory

java.lang.Object
se.swedenconnect.opensaml.sweid.saml2.signservice.SADFactory
public class SADFactory extends Object
A bean for building a SAD object and a signed JWT holding the SAD.
Author:
Martin Lindström (martin@idsec.se)

  • Field Details

    • DEFAULT_VALIDITY_TIME

      public static final int DEFAULT_VALIDITY_TIME
      The default validity time for a SAD (five minutes).
      See Also:

    • DEFAULT_USER_ID_ATTRIBUTE_NAME

      public static final String DEFAULT_USER_ID_ATTRIBUTE_NAME
      The default attribute name for the user ID ("urn:oid:1.2.752.29.4.13").
      See Also:

    • DEFAULT_JWT_ID_SIZE

      public static final int DEFAULT_JWT_ID_SIZE
      The default size for generated JWT identifiers (24)
      See Also:

    • DEFAULT_JWT_SIGNING_ALGORITHM

      public static final String DEFAULT_JWT_SIGNING_ALGORITHM
      The name of the default JWT signature algorithm to be used (RS256).

  • Constructor Details

    • SADFactory

      public SADFactory(String idpEntityID, org.opensaml.security.x509.X509Credential signingCredential)
      Constructor.
      Parameters:
      idpEntityID - the entityID of the issuing IdP
      signingCredential - the IdP signature credential

  • Method Details

    • getBuilder

      public SADFactory.SADBuilder getBuilder()
      Returns a builder that allows building a SAD using a cascading builder pattern.
      Returns:
      a SAD builder

    • getBuilder

      public SADFactory.SADBuilder getBuilder(String userIdAttributeName)
      Returns a builder that allows building a SAD using a cascading builder pattern. The builder returned has been configured with the supplied userIdAttributeName instead of the attribute name that was configured for the factory (setUserIdAttributeName(String)).
      Parameters:
      userIdAttributeName - the user id attribute name
      Returns:
      a SAD builder

    • createJwt

      public String createJwt(SAD sad) throws IOException, SignatureException
      Given a SAD, the method builds a JWT and signs it using the configured key.

      Note: Only RSA keys are supported.

      Parameters:
      sad - the SAD to include in the JWT
      Returns:
      a signed JWT (encoded)
      Throws:
      IOException - for JSON processing errors
      SignatureException - for JWT signature errors
      See Also:

    • setValidityTime

      public void setValidityTime(int seconds)
      Assigns the validity time for a SAD object (in seconds). The default is DEFAULT_VALIDITY_TIME.
      Parameters:
      seconds - validity time in seconds

    • setUserIdAttributeName

      public void setUserIdAttributeName(String userIdAttributeName)
      Assigns the attribute name for the attribute holding the user ID. Defaults to DEFAULT_USER_ID_ATTRIBUTE_NAME.
      Parameters:
      userIdAttributeName - attribute name (URI)

    • setJwtIdSize

      public void setJwtIdSize(int jwtIdSize)
      Assigns the size of generated JWT identifiers. The default is DEFAULT_JWT_ID_SIZE.
      Parameters:
      jwtIdSize - the size

    • setJwtSigningAlgorithm

      public void setJwtSigningAlgorithm(String jwtSigningAlgorithm)
      Assigns the JWT signature algorithm. The default is DEFAULT_JWT_SIGNING_ALGORITHM.
      Parameters:
      jwtSigningAlgorithm - JWT algorithm name