Class SAML2HTTPPostSimpleSignSecurityHandler
- java.lang.Object
-
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
-
- org.opensaml.messaging.handler.AbstractMessageHandler
-
- org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler
-
- org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
-
- All Implemented Interfaces:
Component
,DestructableComponent
,InitializableComponent
,MessageHandler
public class SAML2HTTPPostSimpleSignSecurityHandler extends BaseSAMLSimpleSignatureSecurityHandler
Message handler which evaluates simple "blob" signatures according to the SAML 2 HTTP-POST-SimpleSign binding.
-
-
Field Summary
Fields Modifier and Type Field Description private KeyInfoCredentialResolver
keyInfoResolver
KeyInfo resolver to use to process KeyInfo request parameter.private org.slf4j.Logger
log
Logger.private ParserPool
parserPool
Parser pool to use to process KeyInfo request parameter.
-
Constructor Summary
Constructors Constructor Description SAML2HTTPPostSimpleSignSecurityHandler()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
doInitialize()
KeyInfoCredentialResolver
getKeyInfoResolver()
Get the KeyInfo credential resolver.ParserPool
getParserPool()
Get the parser pool.protected List<Credential>
getRequestCredentials(MessageContext samlContext)
Extract any candidate validation credentials from the request and/or message context.protected byte[]
getSignedContent()
Get the content over which to validate the signature, in the form suitable for input intoSignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential)
.protected boolean
ruleHandles(MessageContext messageContext)
Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.void
setKeyInfoResolver(KeyInfoCredentialResolver newKeyInfoResolver)
Set the KeyInfo credential resolver.void
setParser(ParserPool newParserPool)
Set the parser pool.-
Methods inherited from class org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler
buildCriteriaSet, deriveSignerEntityID, doInvoke, doPreInvoke, getHttpServletRequest, getSignature, getSignatureAlgorithm, getTrustEngine, setHttpServletRequest, validateSignature
-
Methods inherited from class org.opensaml.messaging.handler.AbstractMessageHandler
doPostInvoke, doPostInvoke, getActivationCondition, getLogPrefix, invoke, setActivationCondition
-
Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, initialize, isDestroyed, isInitialized
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized
-
-
-
-
Field Detail
-
log
@Nonnull private org.slf4j.Logger log
Logger.
-
parserPool
@NonnullAfterInit private ParserPool parserPool
Parser pool to use to process KeyInfo request parameter.
-
keyInfoResolver
@NonnullAfterInit private KeyInfoCredentialResolver keyInfoResolver
KeyInfo resolver to use to process KeyInfo request parameter.
-
-
Method Detail
-
getParserPool
@NonnullAfterInit public ParserPool getParserPool()
Get the parser pool.- Returns:
- Returns the parser pool.
-
setParser
public void setParser(@Nonnull ParserPool newParserPool)
Set the parser pool.- Parameters:
newParserPool
- The parser to set.
-
getKeyInfoResolver
@NonnullAfterInit public KeyInfoCredentialResolver getKeyInfoResolver()
Get the KeyInfo credential resolver.- Returns:
- Returns the keyInfoResolver.
-
setKeyInfoResolver
public void setKeyInfoResolver(@Nonnull KeyInfoCredentialResolver newKeyInfoResolver)
Set the KeyInfo credential resolver.- Parameters:
newKeyInfoResolver
- The keyInfoResolver to set.
-
doInitialize
protected void doInitialize() throws ComponentInitializationException
- Overrides:
doInitialize
in classBaseSAMLSimpleSignatureSecurityHandler
- Throws:
ComponentInitializationException
-
ruleHandles
protected boolean ruleHandles(@Nonnull MessageContext messageContext)
Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.- Specified by:
ruleHandles
in classBaseSAMLSimpleSignatureSecurityHandler
- Parameters:
messageContext
- the SAML message context being processed- Returns:
- true if the rule should attempt to process the request, otherwise false
-
getSignedContent
@Nullable protected byte[] getSignedContent() throws MessageHandlerException
Get the content over which to validate the signature, in the form suitable for input intoSignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential)
.- Specified by:
getSignedContent
in classBaseSAMLSimpleSignatureSecurityHandler
- Returns:
- the signed content extracted from the request, in the format suitable for input to the trust engine.
- Throws:
MessageHandlerException
- thrown if there is an error during request processing
-
getRequestCredentials
@Nonnull @NonnullElements protected List<Credential> getRequestCredentials(@Nonnull MessageContext samlContext) throws MessageHandlerException
Extract any candidate validation credentials from the request and/or message context. Some bindings allow validataion keys for the simple signature to be supplied, and others do not.- Overrides:
getRequestCredentials
in classBaseSAMLSimpleSignatureSecurityHandler
- Parameters:
samlContext
- the SAML message context being processed- Returns:
- a list of candidate validation credentials in the request, or null if none were present
- Throws:
MessageHandlerException
- thrown if there is an error during request processing
-
-