org.opensaml.xmlsec.signature.support.impl

Class SignatureAlgorithmValidator

java.lang.Object

org.opensaml.xmlsec.signature.support.impl.SignatureAlgorithmValidator

public class SignatureAlgorithmValidator
extends Object

Component which validates a Signature's signature and digest algorithm URI's against a supplied algorithm whitelist and blacklist.

The evaluation is based on the Signature's underlying DOM structure, therefore the Signature must have a cached DOM before this validator is used.

Constructor Summary

Constructors

Constructor and Description
SignatureAlgorithmValidator(Collection<String> whitelistAlgos, Collection<String> blacklistAlgos) Constructor.
SignatureAlgorithmValidator(SignatureValidationParameters params) Constructor.

Method Summary

Modifier and Type	Method and Description
protected void	checkDOM(Signature signature) Check that Signature XMLObject has a cached DOM Element.
protected List<String>	getDigestMethods(Signature signatureXMLObject) Get the list of Signature Reference DigestMethod algorithm URIs.
protected String	getSignatureAlgorithm(Signature signatureXMLObject) Get the signature algorithm.
void	validate(Signature signature) Validate the algorithms in the signature.
protected void	validateAlgorithmURI(String algorithmURI) Validate the supplied algorithm URI against the configured whitelist and blacklist.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SignatureAlgorithmValidator

public SignatureAlgorithmValidator(@Nonnull
                                   SignatureValidationParameters params)

Constructor.

Parameters:

params - signature validation parameters containing the whitelist and blacklist

SignatureAlgorithmValidator

public SignatureAlgorithmValidator(@Nullable
                                   Collection<String> whitelistAlgos,
                                   @Nullable
                                   Collection<String> blacklistAlgos)

Constructor.

Parameters:

whitelistAlgos - the algorithm whitelist

blacklistAlgos - the algorithm blacklist

Method Detail

validate

public void validate(@Nonnull
                     Signature signature)
              throws SignatureException

Validate the algorithms in the signature.

Parameters:

signature - signature to validate

Throws:

SignatureException - if validation fails

checkDOM

protected void checkDOM(@Nonnull
                        Signature signature)
                 throws SignatureException

Check that Signature XMLObject has a cached DOM Element.

Parameters:

signature - the signature to evaluate

Throws:

SignatureException - if signature does not have a cached DOM Element

getSignatureAlgorithm

@Nonnull
protected String getSignatureAlgorithm(@Nonnull
                                                Signature signatureXMLObject)
                                         throws SignatureException

Get the signature algorithm.

Parameters:

signatureXMLObject - the signature to evaluate

Returns:

the signature algorithm

Throws:

SignatureException - if signature algorithm can not be resolved

getDigestMethods

@Nonnull
protected List<String> getDigestMethods(@Nonnull
                                                 Signature signatureXMLObject)
                                          throws SignatureException

Get the list of Signature Reference DigestMethod algorithm URIs.

Parameters:

signatureXMLObject - the signature to evaluate

Returns:

list of algorithm URIs

Throws:

SignatureException - if a DigestMethod is found to have a null or empty Algorithm attribute

validateAlgorithmURI

protected void validateAlgorithmURI(@Nonnull
                                    String algorithmURI)
                             throws SignatureException

Validate the supplied algorithm URI against the configured whitelist and blacklist.

Parameters:

algorithmURI - the algorithm URI to evaluate

Throws:

SignatureException - if the algorithm URI does not satisfy the whitelist/blacklist policy