Class SAMLObjectContentReference
- java.lang.Object
-
- org.opensaml.saml.common.SAMLObjectContentReference
-
- All Implemented Interfaces:
org.opensaml.xmlsec.signature.support.ConfigurableContentReference
,org.opensaml.xmlsec.signature.support.ContentReference
,org.opensaml.xmlsec.signature.support.TransformsConfigurableContentReference
public class SAMLObjectContentReference extends Object implements org.opensaml.xmlsec.signature.support.ConfigurableContentReference, org.opensaml.xmlsec.signature.support.TransformsConfigurableContentReference
A content reference for SAML objects that will be signed. The reference is created per the SAML specification.The default digest algorithm used is
SignatureConstants.ALGO_ID_DIGEST_SHA256
.The default set of transforms applied consists of
SignatureConstants.TRANSFORM_ENVELOPED_SIGNATURE
andSignatureConstants.TRANSFORM_C14N_EXCL_WITH_COMMENTS
.When generating an exclusive canonicalization transform, an inclusive namespace list is generated from the namespaces, retrieved from
XMLObject.getNamespaces()
, used by the SAML object to be signed and all of it's descendants.Note that the SAML specification states that: 1) an exclusive canonicalization transform (either with or without comments) SHOULD be used. 2) transforms other than enveloped signature and one of the two exclusive canonicalizations SHOULD NOT be used. Careful consideration should be made before deviating from these recommendations.
-
-
Field Summary
Fields Modifier and Type Field Description private String
digestAlgorithm
Algorithm used to digest the content.private org.slf4j.Logger
log
Class logger.private SignableSAMLObject
signableObject
SAMLObject this reference refers to.private List<String>
transforms
Transforms applied to the content.
-
Constructor Summary
Constructors Constructor Description SAMLObjectContentReference(SignableSAMLObject newSignableObject)
Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
createReference(org.apache.xml.security.signature.XMLSignature signature)
String
getDigestAlgorithm()
.List<String>
getTransforms()
Gets the transforms applied to the content prior to digest generation.private void
populateNamespacePrefixes(Set<String> namespacePrefixes, org.opensaml.core.xml.XMLObject signatureContent)
Populates the given set with the non-visibly used namespace prefixes used by the given XMLObject and all of its descendants, as determined by the signature content object's namespace manager.private void
processExclusiveTransform(org.apache.xml.security.signature.XMLSignature signature, org.apache.xml.security.transforms.Transform transform)
Populate the inclusive namspace prefixes on the specified Apache (exclusive) transform object.void
setDigestAlgorithm(String newAlgorithm)
.
-
-
-
Field Detail
-
log
@Nonnull private final org.slf4j.Logger log
Class logger.
-
signableObject
@Nonnull private final SignableSAMLObject signableObject
SAMLObject this reference refers to.
-
digestAlgorithm
@Nonnull @NotEmpty private String digestAlgorithm
Algorithm used to digest the content.
-
-
Constructor Detail
-
SAMLObjectContentReference
public SAMLObjectContentReference(@Nonnull SignableSAMLObject newSignableObject)
Constructor.- Parameters:
newSignableObject
- the SAMLObject this reference refers to
-
-
Method Detail
-
getTransforms
@Nonnull @NonnullElements @Live public List<String> getTransforms()
Gets the transforms applied to the content prior to digest generation.- Specified by:
getTransforms
in interfaceorg.opensaml.xmlsec.signature.support.TransformsConfigurableContentReference
- Returns:
- the transforms applied to the content prior to digest generation
-
getDigestAlgorithm
@Nonnull @NotEmpty public String getDigestAlgorithm()
.- Specified by:
getDigestAlgorithm
in interfaceorg.opensaml.xmlsec.signature.support.ConfigurableContentReference
-
setDigestAlgorithm
public void setDigestAlgorithm(@Nonnull @NotEmpty String newAlgorithm)
.- Specified by:
setDigestAlgorithm
in interfaceorg.opensaml.xmlsec.signature.support.ConfigurableContentReference
-
createReference
public void createReference(@Nonnull org.apache.xml.security.signature.XMLSignature signature)
- Specified by:
createReference
in interfaceorg.opensaml.xmlsec.signature.support.ContentReference
-
processExclusiveTransform
private void processExclusiveTransform(@Nonnull org.apache.xml.security.signature.XMLSignature signature, @Nonnull org.apache.xml.security.transforms.Transform transform)
Populate the inclusive namspace prefixes on the specified Apache (exclusive) transform object.- Parameters:
signature
- the Apache XMLSignature objecttransform
- the Apache Transform object representing an exclusive transform
-
populateNamespacePrefixes
private void populateNamespacePrefixes(@Nonnull @NonnullElements Set<String> namespacePrefixes, @Nonnull org.opensaml.core.xml.XMLObject signatureContent)
Populates the given set with the non-visibly used namespace prefixes used by the given XMLObject and all of its descendants, as determined by the signature content object's namespace manager.- Parameters:
namespacePrefixes
- the namespace prefix set to be populatedsignatureContent
- the XMLObject whose namespace prefixes will be used to populate the set
-
-