Package org.forgerock.openig.filter.oauth2.cnf

Class CertificateThumbprintFilter

java.lang.Object

org.forgerock.openig.filter.oauth2.cnf.CertificateThumbprintFilter

All Implemented Interfaces:

Filter

public class CertificateThumbprintFilter
extends Object
implements Filter

A filter that evaluates a required EL expression to establish the client certificate from both context and request, then calculates the thumbprint for that certificate (sha-256 hash and base64 url encoding) before storing it in the attributes context for later retrieval in downstream components.

See Also:

•  {
      "type": "CertificateThumbprintFilter",
      "config": {
          "certificate" :    expression [REQUIRED - A runtime expression which will yield the certificate and
                                         is evaluated on EVERY request.]
          "failureHandler" : handler    [OPTIONAL - the failure handler - default is FORBIDDEN.]
      }
    }
   
   

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	CertificateThumbprintFilter.Heaplet	Creates and initializes a certificate thumbprint filter in a heap environment.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CERTIFICATE_THUMBPRINT_ATTRIBUTE	The certificate attribute name.

Constructor Summary

Constructors

Constructor	Description
CertificateThumbprintFilter(Expression<Certificate> certExpr, Handler failureHandler)	Build a CertificateThumbprintFilter that will compute a certificate thumbprint based on the given certExpr.

Method Summary

Modifier and Type	Method	Description
Promise<Response,NeverThrowsException>	filter(Context context, Request request, Handler next)	Filters the request and/or response of an exchange.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

CERTIFICATE_THUMBPRINT_ATTRIBUTE

public static final String CERTIFICATE_THUMBPRINT_ATTRIBUTE

The certificate attribute name.

See Also:

• Constant Field Values

Constructor Details

CertificateThumbprintFilter

public CertificateThumbprintFilter(Expression<Certificate> certExpr,
 Handler failureHandler)

Build a CertificateThumbprintFilter that will compute a certificate thumbprint based on the given certExpr.

Parameters:

certExpr - An EL expression which when evaluated will yield a certificate.

failureHandler - The failure handler.

Method Details

filter

public Promise<Response,NeverThrowsException> filter(Context context,
 Request request,
 Handler next)

Description copied from interface: Filter

Filters the request and/or response of an exchange. To pass the request to the next filter or handler in the chain, the filter calls next.handle(context, request).

This method may elect not to pass the request to the next filter or handler, and instead handle the request itself. It can achieve this by merely avoiding a call to next.handle(context, request) and creating its own response object. The filter is also at liberty to replace a response with another of its own by intercepting the response returned by the next handler.

Specified by:

filter in interface Filter

Parameters:

context - The request context.

request - The request.

next - The next filter or handler in the chain to handle the request.

Returns:

A Promise representing the response to be returned to the client.