Package org.opensaml.saml.common

Class SAMLObjectContentReference

java.lang.Object

org.opensaml.saml.common.SAMLObjectContentReference

All Implemented Interfaces:

org.opensaml.xmlsec.signature.support.ConfigurableContentReference, org.opensaml.xmlsec.signature.support.ContentReference, org.opensaml.xmlsec.signature.support.TransformsConfigurableContentReference

public class SAMLObjectContentReference
extends Object
implements org.opensaml.xmlsec.signature.support.ConfigurableContentReference, org.opensaml.xmlsec.signature.support.TransformsConfigurableContentReference

A content reference for SAML objects that will be signed. The reference is created per the SAML specification.

The default digest algorithm used is SignatureConstants.ALGO_ID_DIGEST_SHA256.

The default set of transforms applied consists of SignatureConstants.TRANSFORM_ENVELOPED_SIGNATURE and SignatureConstants.TRANSFORM_C14N_EXCL_WITH_COMMENTS.

When generating an exclusive canonicalization transform, an inclusive namespace list is generated from the namespaces, retrieved from XMLObject.getNamespaces(), used by the SAML object to be signed and all of it's descendants.

Note that the SAML specification states that: 1) an exclusive canonicalization transform (either with or without comments) SHOULD be used. 2) transforms other than enveloped signature and one of the two exclusive canonicalizations SHOULD NOT be used. Careful consideration should be made before deviating from these recommendations.

Field Summary

Fields

Modifier and Type	Field	Description
private String	digestAlgorithm	Algorithm used to digest the content.
private org.slf4j.Logger	log	Class logger.
private SignableSAMLObject	signableObject	SAMLObject this reference refers to.
private List<String>	transforms	Transforms applied to the content.

Constructor Summary

Constructors

Constructor	Description
SAMLObjectContentReference(SignableSAMLObject newSignableObject)	Constructor.

Method Summary

Modifier and Type	Method	Description
void	createReference(org.apache.xml.security.signature.XMLSignature signature)
String	getDigestAlgorithm()	.
List<String>	getTransforms()	Gets the transforms applied to the content prior to digest generation.
private void	populateNamespacePrefixes(Set<String> namespacePrefixes, org.opensaml.core.xml.XMLObject signatureContent)	Populates the given set with the non-visibly used namespace prefixes used by the given XMLObject and all of its descendants, as determined by the signature content object's namespace manager.
private void	processExclusiveTransform(org.apache.xml.security.signature.XMLSignature signature, org.apache.xml.security.transforms.Transform transform)	Populate the inclusive namspace prefixes on the specified Apache (exclusive) transform object.
void	setDigestAlgorithm(String newAlgorithm)	.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

signableObject

@Nonnull
private final SignableSAMLObject signableObject

SAMLObject this reference refers to.

digestAlgorithm

@Nonnull
@NotEmpty
private String digestAlgorithm

Algorithm used to digest the content.

transforms

@Nonnull
@NonnullElements
private List<String> transforms

Transforms applied to the content.

Constructor Detail

SAMLObjectContentReference

public SAMLObjectContentReference(@Nonnull
                                  SignableSAMLObject newSignableObject)

Constructor.

Parameters:

newSignableObject - the SAMLObject this reference refers to

Method Detail

getTransforms

@Nonnull
@NonnullElements
@Live
public List<String> getTransforms()

Gets the transforms applied to the content prior to digest generation.

Specified by:

getTransforms in interface org.opensaml.xmlsec.signature.support.TransformsConfigurableContentReference

Returns:

the transforms applied to the content prior to digest generation

getDigestAlgorithm

@Nonnull
@NotEmpty
public String getDigestAlgorithm()

.

Specified by:

getDigestAlgorithm in interface org.opensaml.xmlsec.signature.support.ConfigurableContentReference

setDigestAlgorithm

public void setDigestAlgorithm(@Nonnull @NotEmpty
                               String newAlgorithm)

.

Specified by:

setDigestAlgorithm in interface org.opensaml.xmlsec.signature.support.ConfigurableContentReference

createReference

public void createReference(@Nonnull
                            org.apache.xml.security.signature.XMLSignature signature)

Specified by:

createReference in interface org.opensaml.xmlsec.signature.support.ContentReference

processExclusiveTransform

private void processExclusiveTransform(@Nonnull
                                       org.apache.xml.security.signature.XMLSignature signature,
                                       @Nonnull
                                       org.apache.xml.security.transforms.Transform transform)

Populate the inclusive namspace prefixes on the specified Apache (exclusive) transform object.

Parameters:

signature - the Apache XMLSignature object

transform - the Apache Transform object representing an exclusive transform

populateNamespacePrefixes

private void populateNamespacePrefixes(@Nonnull @NonnullElements
                                       Set<String> namespacePrefixes,
                                       @Nonnull
                                       org.opensaml.core.xml.XMLObject signatureContent)

Populates the given set with the non-visibly used namespace prefixes used by the given XMLObject and all of its descendants, as determined by the signature content object's namespace manager.

Parameters:

namespacePrefixes - the namespace prefix set to be populated

signatureContent - the XMLObject whose namespace prefixes will be used to populate the set