|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule
public abstract class BaseSAMLSimpleSignatureSecurityPolicyRule
Base class for security rules which verify simple "blob" signatures computed over some components of a request.
Field Summary | |
---|---|
private org.slf4j.Logger |
log
Logger. |
private SignatureTrustEngine |
trustEngine
Signature trust engine used to validate raw signatures. |
Constructor Summary | |
---|---|
protected |
BaseSAMLSimpleSignatureSecurityPolicyRule(SignatureTrustEngine engine)
Constructor. |
Method Summary | |
---|---|
protected CriteriaSet |
buildCriteriaSet(String entityID,
SAMLMessageContext samlContext)
Build a criteria set suitable for input to the trust engine. |
protected String |
deriveSignerEntityID(SAMLMessageContext samlContext)
Derive the signer's entity ID from the message context. |
private void |
doEvaluate(byte[] signature,
byte[] signedContent,
String algorithmURI,
javax.servlet.http.HttpServletRequest request,
SAMLMessageContext samlMsgCtx)
Evaluate the simple signature based on information in the request and/or message context. |
void |
evaluate(MessageContext messageContext)
|
protected List<Credential> |
getRequestCredentials(javax.servlet.http.HttpServletRequest request,
SAMLMessageContext samlContext)
Extract any candidate validation credentials from the request and/or message context. |
protected byte[] |
getSignature(javax.servlet.http.HttpServletRequest request)
Extract the signature value from the request, in the form suitable for input into SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential) . |
protected String |
getSignatureAlgorithm(javax.servlet.http.HttpServletRequest request)
Extract the signature algorithm URI value from the request. |
protected abstract byte[] |
getSignedContent(javax.servlet.http.HttpServletRequest request)
Get the content over which to validate the signature, in the form suitable for input into SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential) . |
protected SignatureTrustEngine |
getTrustEngine()
Gets the engine used to validate the signature. |
protected abstract boolean |
ruleHandles(javax.servlet.http.HttpServletRequest request,
SAMLMessageContext samlMsgCtx)
Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context. |
protected boolean |
validateSignature(byte[] signature,
byte[] signedContent,
String algorithmURI,
CriteriaSet criteriaSet,
List<Credential> candidateCredentials)
Validate the simple signature. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
private final org.slf4j.Logger log
private SignatureTrustEngine trustEngine
Constructor Detail |
---|
protected BaseSAMLSimpleSignatureSecurityPolicyRule(SignatureTrustEngine engine)
engine
- the signature trust engine to use for signature validataionMethod Detail |
---|
public void evaluate(MessageContext messageContext) throws SecurityPolicyException
evaluate
in interface SecurityPolicyRule
SecurityPolicyException
private void doEvaluate(byte[] signature, byte[] signedContent, String algorithmURI, javax.servlet.http.HttpServletRequest request, SAMLMessageContext samlMsgCtx) throws SecurityPolicyException
signature
- the signature valuesignedContent
- the content that was signedalgorithmURI
- the signature algorithm URI which was used to sign the contentrequest
- the HTTP servlet request being processedsamlMsgCtx
- the SAML message context being processed
SecurityPolicyException
- thrown if there are errors during the signature validation processprotected boolean validateSignature(byte[] signature, byte[] signedContent, String algorithmURI, CriteriaSet criteriaSet, List<Credential> candidateCredentials) throws SecurityPolicyException
signature
- the signature valuesignedContent
- the content that was signedalgorithmURI
- the signature algorithm URI which was used to sign the contentcriteriaSet
- criteria used to describe and/or resolve the information which serves as the basis for trust
evaluationcandidateCredentials
- the request-derived candidate credential(s) containing the validation key for the
signature (optional)
SecurityPolicyException
- thrown if there are errors during the signature validation processprotected List<Credential> getRequestCredentials(javax.servlet.http.HttpServletRequest request, SAMLMessageContext samlContext) throws SecurityPolicyException
request
- the HTTP servlet request being processedsamlContext
- the SAML message context being processed
SecurityPolicyException
- thrown if there is an error during request processingprotected SignatureTrustEngine getTrustEngine()
protected byte[] getSignature(javax.servlet.http.HttpServletRequest request) throws SecurityPolicyException
SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential)
.
Defaults to the Base64-decoded value of the HTTP request parameter named Signature
.
request
- the HTTP servlet request
SecurityPolicyException
- thrown if there is an error during request processingprotected String getSignatureAlgorithm(javax.servlet.http.HttpServletRequest request) throws SecurityPolicyException
SigAlg
.
request
- the HTTP servlet request
SecurityPolicyException
- thrown if there is an error during request processingprotected String deriveSignerEntityID(SAMLMessageContext samlContext) throws SecurityPolicyException
samlContext
- the SAML message context being processed
SecurityPolicyException
- thrown if there is an error during request processingprotected CriteriaSet buildCriteriaSet(String entityID, SAMLMessageContext samlContext) throws SecurityPolicyException
entityID
- the candidate issuer entity ID which is being evaluatedsamlContext
- the message context which is being evaluated
SecurityPolicyException
- thrown if criteria set can not be constructedprotected abstract byte[] getSignedContent(javax.servlet.http.HttpServletRequest request) throws SecurityPolicyException
SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential)
.
request
- the HTTP servlet request being processed
SecurityPolicyException
- thrown if there is an error during request processingprotected abstract boolean ruleHandles(javax.servlet.http.HttpServletRequest request, SAMLMessageContext samlMsgCtx) throws SecurityPolicyException
request
- the HTTP servlet request being processedsamlMsgCtx
- the SAML message context being processed
SecurityPolicyException
- thrown if there is an error during request processing
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |