Class SAMLObjectContentReference

  • All Implemented Interfaces:
    org.opensaml.xmlsec.signature.support.ConfigurableContentReference, org.opensaml.xmlsec.signature.support.ContentReference, org.opensaml.xmlsec.signature.support.TransformsConfigurableContentReference

    public class SAMLObjectContentReference
    extends Object
    implements org.opensaml.xmlsec.signature.support.ConfigurableContentReference, org.opensaml.xmlsec.signature.support.TransformsConfigurableContentReference
    A content reference for SAML objects that will be signed. The reference is created per the SAML specification.

    The default digest algorithm used is SignatureConstants.ALGO_ID_DIGEST_SHA256.

    The default set of transforms applied consists of SignatureConstants.TRANSFORM_ENVELOPED_SIGNATURE and SignatureConstants.TRANSFORM_C14N_EXCL_WITH_COMMENTS.

    When generating an exclusive canonicalization transform, an inclusive namespace list is generated from the namespaces, retrieved from XMLObject.getNamespaces(), used by the SAML object to be signed and all of it's descendants.

    Note that the SAML specification states that: 1) an exclusive canonicalization transform (either with or without comments) SHOULD be used. 2) transforms other than enveloped signature and one of the two exclusive canonicalizations SHOULD NOT be used. Careful consideration should be made before deviating from these recommendations.

    • Field Detail

      • log

        @Nonnull
        private final org.slf4j.Logger log
        Class logger.
      • signableObject

        @Nonnull
        private final SignableSAMLObject signableObject
        SAMLObject this reference refers to.
      • digestAlgorithm

        @Nonnull
        @NotEmpty
        private String digestAlgorithm
        Algorithm used to digest the content.
      • transforms

        @Nonnull
        @NonnullElements
        private List<String> transforms
        Transforms applied to the content.
    • Constructor Detail

      • SAMLObjectContentReference

        public SAMLObjectContentReference​(@Nonnull
                                          SignableSAMLObject newSignableObject)
        Constructor.
        Parameters:
        newSignableObject - the SAMLObject this reference refers to
    • Method Detail

      • getTransforms

        @Nonnull
        @NonnullElements
        @Live
        public List<String> getTransforms()
        Gets the transforms applied to the content prior to digest generation.
        Specified by:
        getTransforms in interface org.opensaml.xmlsec.signature.support.TransformsConfigurableContentReference
        Returns:
        the transforms applied to the content prior to digest generation
      • getDigestAlgorithm

        @Nonnull
        @NotEmpty
        public String getDigestAlgorithm()
        .
        Specified by:
        getDigestAlgorithm in interface org.opensaml.xmlsec.signature.support.ConfigurableContentReference
      • setDigestAlgorithm

        public void setDigestAlgorithm​(@Nonnull @NotEmpty
                                       String newAlgorithm)
        .
        Specified by:
        setDigestAlgorithm in interface org.opensaml.xmlsec.signature.support.ConfigurableContentReference
      • createReference

        public void createReference​(@Nonnull
                                    org.apache.xml.security.signature.XMLSignature signature)
        Specified by:
        createReference in interface org.opensaml.xmlsec.signature.support.ContentReference
      • processExclusiveTransform

        private void processExclusiveTransform​(@Nonnull
                                               org.apache.xml.security.signature.XMLSignature signature,
                                               @Nonnull
                                               org.apache.xml.security.transforms.Transform transform)
        Populate the inclusive namspace prefixes on the specified Apache (exclusive) transform object.
        Parameters:
        signature - the Apache XMLSignature object
        transform - the Apache Transform object representing an exclusive transform
      • populateNamespacePrefixes

        private void populateNamespacePrefixes​(@Nonnull @NonnullElements
                                               Set<String> namespacePrefixes,
                                               @Nonnull
                                               org.opensaml.core.xml.XMLObject signatureContent)
        Populates the given set with the non-visibly used namespace prefixes used by the given XMLObject and all of its descendants, as determined by the signature content object's namespace manager.
        Parameters:
        namespacePrefixes - the namespace prefix set to be populated
        signatureContent - the XMLObject whose namespace prefixes will be used to populate the set