Package org.opensaml.xmlsec.signature.support.impl

Class SignatureAlgorithmValidator

java.lang.Object
org.opensaml.xmlsec.signature.support.impl.SignatureAlgorithmValidator
public class SignatureAlgorithmValidator extends Object
Component which validates a Signature's signature and digest algorithm URI's against a supplied algorithm include and exclude policy.

The evaluation is based on the Signature's underlying DOM structure, therefore the Signature must have a cached DOM before this validator is used.

  • Field Details

    • ELEMENT_NAME_SIGNED_INFO

      private static final QName ELEMENT_NAME_SIGNED_INFO
      QName of 'ds:SignedInfo' element.

    • ELEMENT_NAME_SIGNATURE_METHOD

      private static final QName ELEMENT_NAME_SIGNATURE_METHOD
      QName of 'ds:SignatureMethod' element.

    • ELEMENT_NAME_REFERENCE

      private static final QName ELEMENT_NAME_REFERENCE
      QName of 'ds:Reference' element.

    • ELEMENT_NAME_DIGEST_METHOD

      private static final QName ELEMENT_NAME_DIGEST_METHOD
      QName of 'ds:DigestMethod' element.

    • ATTR_NAME_ALGORTHM

      private static final String ATTR_NAME_ALGORTHM
      Local name of 'Algorithm' attribute.
      See Also:

    • log

      private org.slf4j.Logger log
      Logger.

    • includedAlgorithmURIs

      private Collection<String> includedAlgorithmURIs
      The collection of algorithm URIs which are included.

    • excludedAlgorithmURIs

      private Collection<String> excludedAlgorithmURIs
      The collection of algorithm URIs which are excluded.

  • Constructor Details

    • SignatureAlgorithmValidator

      public SignatureAlgorithmValidator(@Nonnull @ParameterName(name="params") SignatureValidationParameters params)
      Constructor.
      Parameters:
      params - signature validation parameters containing the algorithm include and exclude lists

    • SignatureAlgorithmValidator

      public SignatureAlgorithmValidator(@Nullable @ParameterName(name="includeAlgos") Collection<String> includeAlgos, @Nullable @ParameterName(name="excludeAlgos") Collection<String> excludeAlgos)
      Constructor.
      Parameters:
      includeAlgos - the algorithm includes
      excludeAlgos - the algorithm excludes

  • Method Details

    • validate

      public void validate(@Nonnull Signature signature) throws SignatureException
      Validate the algorithms in the signature.
      Parameters:
      signature - signature to validate
      Throws:
      SignatureException - if validation fails

    • checkDOM

      protected void checkDOM(@Nonnull Signature signature) throws SignatureException
      Check that Signature XMLObject has a cached DOM Element.
      Parameters:
      signature - the signature to evaluate
      Throws:
      SignatureException - if signature does not have a cached DOM Element

    • getSignatureAlgorithm

      @Nonnull protected String getSignatureAlgorithm(@Nonnull Signature signatureXMLObject) throws SignatureException
      Get the signature algorithm.
      Parameters:
      signatureXMLObject - the signature to evaluate
      Returns:
      the signature algorithm
      Throws:
      SignatureException - if signature algorithm can not be resolved

    • getDigestMethods

      @Nonnull protected List<String> getDigestMethods(@Nonnull Signature signatureXMLObject) throws SignatureException
      Get the list of Signature Reference DigestMethod algorithm URIs.
      Parameters:
      signatureXMLObject - the signature to evaluate
      Returns:
      list of algorithm URIs
      Throws:
      SignatureException - if a DigestMethod is found to have a null or empty Algorithm attribute

    • validateAlgorithmURI

      protected void validateAlgorithmURI(@Nonnull String algorithmURI) throws SignatureException
      Validate the supplied algorithm URI against the configured include and exclude lists.
      Parameters:
      algorithmURI - the algorithm URI to evaluate
      Throws:
      SignatureException - if the algorithm URI does not satisfy the include/exclude policy