Package org.opensaml.saml.common.binding.security.impl

Class SAMLProtocolMessageXMLSignatureSecurityHandler

java.lang.Object
net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
org.opensaml.messaging.handler.AbstractMessageHandler
org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler<Signature>
org.opensaml.saml.common.binding.security.impl.BaseSAMLXMLSignatureSecurityHandler
org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler
All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, MessageHandler
public class SAMLProtocolMessageXMLSignatureSecurityHandler extends BaseSAMLXMLSignatureSecurityHandler
SAML security message handler which validates the signature (if present) on the SAMLObject which represents the SAML protocol message being processed.

If the message is not an instance of SignableSAMLObject, then no processing is performed. If signature validation is successful, and the SAML message context issuer was not previously authenticated, then the context's authentication state will be set to true.

If an optional SAMLSignatureProfileValidator or subclass is supplied, this validator will be used to validate the XML Signature element prior to the actual cryptographic validation of the signature. This might for example be used to enforce certain signature profile requirements or to detect signatures upon which it would be unsafe to attempt cryptographic processing. The validator will default to SAMLSignatureProfileValidator.

  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Logger.

    • signaturePrevalidator

      @Nullable private SignaturePrevalidator signaturePrevalidator
      Validator for XML Signature instances.

  • Constructor Details

    • SAMLProtocolMessageXMLSignatureSecurityHandler

      public SAMLProtocolMessageXMLSignatureSecurityHandler()
      Constructor. Signature prevalidator defaults to SAMLSignatureProfileValidator.

  • Method Details

    • getSignaturePrevalidator

      @Nullable public SignaturePrevalidator getSignaturePrevalidator()
      Get the prevalidator for XML Signature instances.
      Returns:
      Returns the prevalidator.

    • setSignaturePrevalidator

      public void setSignaturePrevalidator(@Nullable SignaturePrevalidator validator)
      Set the prevalidator for XML Signature instances.
      Parameters:
      validator - The prevalidator to set.

    • doInvoke

      public void doInvoke(@Nonnull MessageContext messageContext) throws MessageHandlerException
      Performs the handler logic.
      Specified by:
      doInvoke in class AbstractMessageHandler
      Parameters:
      messageContext - the message context on which to invoke the handler
      Throws:
      MessageHandlerException - if there is an error invoking the handler on the message context

    • doEvaluate

      protected void doEvaluate(@Nonnull Signature signature, @Nonnull SignableSAMLObject signableObject, @Nonnull MessageContext messageContext) throws MessageHandlerException
      Perform cryptographic validation and trust evaluation on the Signature token using the configured Signature trust engine.
      Parameters:
      signature - the signature which is being evaluated
      signableObject - the signable object which contained the signature
      messageContext - the SAML message context being processed
      Throws:
      MessageHandlerException - thrown if the signature fails validation

    • performPrevalidation

      protected void performPrevalidation(@Nonnull Signature signature) throws MessageHandlerException
      Perform pre-validation on the Signature token.
      Parameters:
      signature - the signature to evaluate
      Throws:
      MessageHandlerException - thrown if the signature element fails pre-validation