org.opensaml.saml.saml2.binding.security.impl

Class SAML2HTTPPostSimpleSignSecurityHandler

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.messaging.handler.AbstractMessageHandler

org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler

org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler

All Implemented Interfaces:

net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, MessageHandler

public class SAML2HTTPPostSimpleSignSecurityHandler
extends BaseSAMLSimpleSignatureSecurityHandler

Message handler which evaluates simple "blob" signatures according to the SAML 2 HTTP-POST-SimpleSign binding.

Constructor Summary

Constructors

Constructor and Description
SAML2HTTPPostSimpleSignSecurityHandler()

Method Summary

Modifier and Type	Method and Description
protected void	doInitialize()
KeyInfoCredentialResolver	getKeyInfoResolver() Get the KeyInfo credential resolver.
net.shibboleth.utilities.java.support.xml.ParserPool	getParserPool() Get the parser pool.
protected List<Credential>	getRequestCredentials(MessageContext samlContext) Extract any candidate validation credentials from the request and/or message context.
protected byte[]	getSignedContent() Get the content over which to validate the signature, in the form suitable for input into SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential).
protected boolean	ruleHandles(MessageContext messageContext) Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.
void	setKeyInfoResolver(KeyInfoCredentialResolver newKeyInfoResolver) Set the KeyInfo credential resolver.
void	setParser(net.shibboleth.utilities.java.support.xml.ParserPool newParserPool) Set the parser pool.

Methods inherited from class org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler

buildCriteriaSet, deriveSignerEntityID, doInvoke, doPreInvoke, getHttpServletRequest, getSignature, getSignatureAlgorithm, getTrustEngine, setHttpServletRequest, validateSignature

Methods inherited from class org.opensaml.messaging.handler.AbstractMessageHandler

doPostInvoke, doPostInvoke, getLogPrefix, invoke

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Constructor Detail

SAML2HTTPPostSimpleSignSecurityHandler

public SAML2HTTPPostSimpleSignSecurityHandler()

Method Detail

getParserPool

@NonnullAfterInit
public net.shibboleth.utilities.java.support.xml.ParserPool getParserPool()

Get the parser pool.

Returns:

Returns the parser pool.

setParser

public void setParser(@Nonnull
                      net.shibboleth.utilities.java.support.xml.ParserPool newParserPool)

Set the parser pool.

Parameters:

newParserPool - The parser to set.

getKeyInfoResolver

@NonnullAfterInit
public KeyInfoCredentialResolver getKeyInfoResolver()

Get the KeyInfo credential resolver.

Returns:

Returns the keyInfoResolver.

setKeyInfoResolver

public void setKeyInfoResolver(@Nonnull
                               KeyInfoCredentialResolver newKeyInfoResolver)

Set the KeyInfo credential resolver.

Parameters:

newKeyInfoResolver - The keyInfoResolver to set.

doInitialize

protected void doInitialize()
                     throws net.shibboleth.utilities.java.support.component.ComponentInitializationException

Overrides:

doInitialize in class BaseSAMLSimpleSignatureSecurityHandler

Throws:

net.shibboleth.utilities.java.support.component.ComponentInitializationException

ruleHandles

protected boolean ruleHandles(@Nonnull
                              MessageContext messageContext)

Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.

Specified by:

ruleHandles in class BaseSAMLSimpleSignatureSecurityHandler

Parameters:

messageContext - the SAML message context being processed

Returns:

true if the rule should attempt to process the request, otherwise false

getSignedContent

@Nullable
protected byte[] getSignedContent()
                                     throws MessageHandlerException

Get the content over which to validate the signature, in the form suitable for input into SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential).

Specified by:

getSignedContent in class BaseSAMLSimpleSignatureSecurityHandler

Returns:

the signed content extracted from the request, in the format suitable for input to the trust engine.

Throws:

MessageHandlerException - thrown if there is an error during request processing

getRequestCredentials

@Nonnull
 @NonnullElements
protected List<Credential> getRequestCredentials(@Nonnull
                                                                            MessageContext samlContext)
                                                                     throws MessageHandlerException

Extract any candidate validation credentials from the request and/or message context. Some bindings allow validataion keys for the simple signature to be supplied, and others do not.

Overrides:

getRequestCredentials in class BaseSAMLSimpleSignatureSecurityHandler

Parameters:

samlContext - the SAML message context being processed

Returns:

a list of candidate validation credentials in the request, or null if none were present

Throws:

MessageHandlerException - thrown if there is an error during request processing