com.vmware.vapi.cis.authn.json

Class RetryJsonSignatureVerificationProcessor

java.lang.Object

com.vmware.vapi.cis.authn.json.RetryJsonSignatureVerificationProcessor

All Implemented Interfaces:

com.vmware.vapi.protocol.RequestProcessor

public class RetryJsonSignatureVerificationProcessor
extends Object
implements com.vmware.vapi.protocol.RequestProcessor

This is a decorator of JsonSignatureVerificationProcessor that will retry the processing of the request in case an InvalidTokenException is received during the SAML token validation
New certificates are obtained either by calling the StsTrustChain.getStsTrustChain() method when an StsTrustChain is provided in the constructor or by calling the RefreshableCache.refresh() when a RefreshableCache is provided directly

See Also:

JsonSignatureVerificationProcessor}

Nested Class Summary

Nested classes/interfaces inherited from interface com.vmware.vapi.protocol.RequestProcessor

com.vmware.vapi.protocol.RequestProcessor.Request

Field Summary

Fields inherited from interface com.vmware.vapi.protocol.RequestProcessor

SECURITY_CONTEXT_KEY, SECURITY_PROC_METADATA_KEY, UTF8_CHARSET

Constructor Summary

Constructors

Constructor and Description
RetryJsonSignatureVerificationProcessor(RefreshableCache<X509Certificate[]> trustChainCache)
RetryJsonSignatureVerificationProcessor(com.vmware.vapi.dsig.json.StsTrustChain trustChain, long retryDelayMs)
RetryJsonSignatureVerificationProcessor(com.vmware.vapi.dsig.json.StsTrustChain trustChain, long retryDelayMs, long clockToleranceSec)

Method Summary

Modifier and Type	Method and Description
byte[]	process(byte[] requestBytes, Map<String,Object> metadata, com.vmware.vapi.protocol.RequestProcessor.Request request)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RetryJsonSignatureVerificationProcessor

public RetryJsonSignatureVerificationProcessor(com.vmware.vapi.dsig.json.StsTrustChain trustChain,
                                               long retryDelayMs)

Parameters:

trustChain - The STS trusted certificates. The method StsTrustChain.getStsTrustChain() will be called once during initialization and subsequently whenever the certificates need to be refreshed

retryDelayMs - Minimum period of time in milliseconds between refreshes of the STS trust chain

RetryJsonSignatureVerificationProcessor

public RetryJsonSignatureVerificationProcessor(com.vmware.vapi.dsig.json.StsTrustChain trustChain,
                                               long retryDelayMs,
                                               long clockToleranceSec)

Parameters:

trustChain - The STS trusted certificates. The method StsTrustChain.getStsTrustChain() will be called once during initialization and subsequently whenever the certificates need to be refreshed

retryDelayMs - Minimum period of time in milliseconds between refreshes of the STS trust chain

clockToleranceSec - The allowed time discrepancy between the client and the server. Must not be negative

RetryJsonSignatureVerificationProcessor

public RetryJsonSignatureVerificationProcessor(RefreshableCache<X509Certificate[]> trustChainCache)

Parameters:

trustChainCache - A refreshable cache that provides the trusted root certificates. Whenever a new trust chain is needed, the refresh method will be called

Method Detail

process

public byte[] process(byte[] requestBytes,
                      Map<String,Object> metadata,
                      com.vmware.vapi.protocol.RequestProcessor.Request request)

Specified by:

process in interface com.vmware.vapi.protocol.RequestProcessor