Package org.opensaml.saml.saml2.binding.security.impl

Class SAML2HTTPPostSimpleSignSecurityHandler

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.messaging.handler.AbstractMessageHandler

org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler

org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, MessageHandler

public class SAML2HTTPPostSimpleSignSecurityHandler
extends BaseSAMLSimpleSignatureSecurityHandler

Message handler which evaluates simple "blob" signatures according to the SAML 2 HTTP-POST-SimpleSign binding.

Field Summary

Fields

Modifier and Type	Field	Description
private KeyInfoCredentialResolver	keyInfoResolver	KeyInfo resolver to use to process KeyInfo request parameter.
private org.slf4j.Logger	log	Logger.
private ParserPool	parserPool	Parser pool to use to process KeyInfo request parameter.

Constructor Summary

Constructors

Constructor	Description
SAML2HTTPPostSimpleSignSecurityHandler()

Method Summary

Modifier and Type	Method	Description
protected void	doInitialize()
KeyInfoCredentialResolver	getKeyInfoResolver()	Get the KeyInfo credential resolver.
ParserPool	getParserPool()	Get the parser pool.
protected List<Credential>	getRequestCredentials(MessageContext samlContext)	Extract any candidate validation credentials from the request and/or message context.
protected byte[]	getSignedContent()	Get the content over which to validate the signature, in the form suitable for input into SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential).
protected boolean	ruleHandles(MessageContext messageContext)	Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.
void	setKeyInfoResolver(KeyInfoCredentialResolver newKeyInfoResolver)	Set the KeyInfo credential resolver.
void	setParser(ParserPool newParserPool)	Set the parser pool.

Methods inherited from class org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler

buildCriteriaSet, deriveSignerEntityID, doInvoke, doPreInvoke, getHttpServletRequest, getSignature, getSignatureAlgorithm, getTrustEngine, setHttpServletRequest, validateSignature

Methods inherited from class org.opensaml.messaging.handler.AbstractMessageHandler

doPostInvoke, doPostInvoke, getActivationCondition, getLogPrefix, invoke, setActivationCondition

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Details

log

@Nonnull
private org.slf4j.Logger log

Logger.

parserPool

@NonnullAfterInit
private ParserPool parserPool

Parser pool to use to process KeyInfo request parameter.

keyInfoResolver

@NonnullAfterInit
private KeyInfoCredentialResolver keyInfoResolver

KeyInfo resolver to use to process KeyInfo request parameter.

Constructor Details

SAML2HTTPPostSimpleSignSecurityHandler

public SAML2HTTPPostSimpleSignSecurityHandler()

Method Details

getParserPool

@NonnullAfterInit
public ParserPool getParserPool()

Get the parser pool.

Returns:

Returns the parser pool.

setParser

public void setParser(@Nonnull
 ParserPool newParserPool)

Set the parser pool.

Parameters:

newParserPool - The parser to set.

getKeyInfoResolver

@NonnullAfterInit
public KeyInfoCredentialResolver getKeyInfoResolver()

Get the KeyInfo credential resolver.

Returns:

Returns the keyInfoResolver.

setKeyInfoResolver

public void setKeyInfoResolver(@Nonnull
 KeyInfoCredentialResolver newKeyInfoResolver)

Set the KeyInfo credential resolver.

Parameters:

newKeyInfoResolver - The keyInfoResolver to set.

doInitialize

protected void doInitialize()
                     throws ComponentInitializationException

Overrides:

doInitialize in class BaseSAMLSimpleSignatureSecurityHandler

Throws:

ComponentInitializationException

ruleHandles

protected boolean ruleHandles(@Nonnull
 MessageContext messageContext)

Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.

Specified by:

ruleHandles in class BaseSAMLSimpleSignatureSecurityHandler

Parameters:

messageContext - the SAML message context being processed

Returns:

true if the rule should attempt to process the request, otherwise false

getSignedContent

@Nullable
protected byte[] getSignedContent()
                           throws MessageHandlerException

Get the content over which to validate the signature, in the form suitable for input into SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential).

Specified by:

getSignedContent in class BaseSAMLSimpleSignatureSecurityHandler

Returns:

the signed content extracted from the request, in the format suitable for input to the trust engine.

Throws:

MessageHandlerException - thrown if there is an error during request processing

getRequestCredentials

@Nonnull
@NonnullElements
protected List<Credential> getRequestCredentials(@Nonnull
 MessageContext samlContext)
                                          throws MessageHandlerException

Extract any candidate validation credentials from the request and/or message context. Some bindings allow validataion keys for the simple signature to be supplied, and others do not.

Overrides:

getRequestCredentials in class BaseSAMLSimpleSignatureSecurityHandler

Parameters:

samlContext - the SAML message context being processed

Returns:

a list of candidate validation credentials in the request, or null if none were present

Throws:

MessageHandlerException - thrown if there is an error during request processing