Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.opensaml.saml2.binding.encoding
Class HTTPPostSimpleSignEncoder

java.lang.Object
  extended by org.opensaml.ws.message.encoder.BaseMessageEncoder
      extended by org.opensaml.saml2.binding.encoding.BaseSAML2MessageEncoder
          extended by org.opensaml.saml2.binding.encoding.HTTPPostEncoder
              extended by org.opensaml.saml2.binding.encoding.HTTPPostSimpleSignEncoder
All Implemented Interfaces:
SAMLMessageEncoder, MessageEncoder
public class HTTPPostSimpleSignEncoder
extends HTTPPostEncoder

SAML 2.0 HTTP-POST-SimpleSign binding message encoder.

The spec does not preclude the SAML 2 protocol message from being signed using the XML Signature method, in addition to the SimpleSign method specified by this binding. Signing via XML Signature over the SAML request and response payload may be toggled by the signXMLProtocolMessage parameter to the constructor HTTPPostSimpleSignEncoder(VelocityEngine, String, boolean). If this constructor variant is not used, the flag defaults to false.

Field Summary
private  org.slf4j.Logger log
          Class logger.
private  boolean signProtocolMessageWithXMLDSIG
          Flag to indicate whether the SAML 2 protocol message should additionally be signed using the XML Signature, in addition to SimpleSign.
 
Constructor Summary
HTTPPostSimpleSignEncoder(org.apache.velocity.app.VelocityEngine engine, String templateId)
          Constructor.
HTTPPostSimpleSignEncoder(org.apache.velocity.app.VelocityEngine engine, String templateId, boolean signXMLProtocolMessage)
          Constructor.
 
Method Summary
protected  String buildFormDataToSign(org.apache.velocity.VelocityContext velocityContext, SAMLMessageContext messageContext, String sigAlgURI)
          Build the form control data string over which the signature is computed.
protected  String buildKeyInfo(Credential signingCredential, KeyInfoGenerator kiGenerator)
          Build the KeyInfo from the signing credential.
protected  String generateSignature(Credential signingCredential, String algorithmURI, String formData)
          Generates the signature over the string of concatenated form control data as indicated by the SimpleSign spec.
 String getBindingURI()
          Gets the SAML binding URI supported by this encoder.
protected  String getSignatureAlgorithmURI(Credential credential, SecurityConfiguration config)
          Gets the signature algorithm URI to use with the given signing credential.
protected  void populateVelocityContext(org.apache.velocity.VelocityContext velocityContext, SAMLMessageContext messageContext, String endpointURL)
          Populate the Velocity context instance which will be used to render the POST body.
protected  void signMessage(SAMLMessageContext messageContext)
          Signs the given SAML message if it a SignableSAMLObject and this encoder has signing credentials.
 
Methods inherited from class org.opensaml.saml2.binding.encoding.HTTPPostEncoder
doEncode, postEncode, providesMessageConfidentiality, providesMessageIntegrity
 
Methods inherited from class org.opensaml.saml2.binding.encoding.BaseSAML2MessageEncoder
checkRelayState, getAllowedURLSchemes, getEndpointURL, setAllowedURLSchemes, setResponseDestination
 
Methods inherited from class org.opensaml.ws.message.encoder.BaseMessageEncoder
encode, logEncodedMessage, marshallMessage
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.opensaml.ws.message.encoder.MessageEncoder
encode
 

Field Detail

log

private final org.slf4j.Logger log
Class logger.

signProtocolMessageWithXMLDSIG

private boolean signProtocolMessageWithXMLDSIG
Flag to indicate whether the SAML 2 protocol message should additionally be signed using the XML Signature, in addition to SimpleSign.

Constructor Detail

HTTPPostSimpleSignEncoder

public HTTPPostSimpleSignEncoder(org.apache.velocity.app.VelocityEngine engine,
                                 String templateId)
Constructor.

Parameters:
engine - Velocity engine instance used to create POST body
templateId - ID of the template used to create POST body

HTTPPostSimpleSignEncoder

public HTTPPostSimpleSignEncoder(org.apache.velocity.app.VelocityEngine engine,
                                 String templateId,
                                 boolean signXMLProtocolMessage)
Constructor.

Parameters:
engine - Velocity engine instance used to create POST body
templateId - ID of the template used to create POST body
signXMLProtocolMessage - if true, the protocol message will be signed according to the XML Signature specification, in addition to the HTTP-POST-SimpleSign binding specification
Method Detail

getBindingURI

public String getBindingURI()
Gets the SAML binding URI supported by this encoder.

Specified by:
getBindingURI in interface SAMLMessageEncoder
Overrides:
getBindingURI in class HTTPPostEncoder
Returns:
SAML binding URI supported by this encoder

signMessage

protected void signMessage(SAMLMessageContext messageContext)
                    throws MessageEncodingException
Signs the given SAML message if it a SignableSAMLObject and this encoder has signing credentials.

Overrides:
signMessage in class BaseSAML2MessageEncoder
Parameters:
messageContext - current message context
Throws:
MessageEncodingException - thrown if there is a problem marshalling or signing the outbound message

populateVelocityContext

protected void populateVelocityContext(org.apache.velocity.VelocityContext velocityContext,
                                       SAMLMessageContext messageContext,
                                       String endpointURL)
                                throws MessageEncodingException
Populate the Velocity context instance which will be used to render the POST body.

Overrides:
populateVelocityContext in class HTTPPostEncoder
Parameters:
velocityContext - the Velocity context instance to populate with data
messageContext - the SAML message context source of data
endpointURL - endpoint URL to which to encode message
Throws:
MessageEncodingException - thrown if there is a problem encoding the message

buildKeyInfo

protected String buildKeyInfo(Credential signingCredential,
                              KeyInfoGenerator kiGenerator)
                       throws MessageEncodingException
Build the KeyInfo from the signing credential.

Parameters:
signingCredential - the credential used for signing
kiGenerator - the generator for the KeyInfo
Returns:
the marshalled, serialized and base64-encoded KeyInfo, or null if none was generated
Throws:
MessageEncodingException - thrown if there is an error generating or marshalling the KeyInfo

buildFormDataToSign

protected String buildFormDataToSign(org.apache.velocity.VelocityContext velocityContext,
                                     SAMLMessageContext messageContext,
                                     String sigAlgURI)
Build the form control data string over which the signature is computed.

Parameters:
velocityContext - the Velocity context which is already populated with the values for SAML message and relay state
messageContext - the SAML message context being processed
sigAlgURI - the signature algorithm URI
Returns:
the form control data string for signature computation

getSignatureAlgorithmURI

protected String getSignatureAlgorithmURI(Credential credential,
                                          SecurityConfiguration config)
                                   throws MessageEncodingException
Gets the signature algorithm URI to use with the given signing credential.

Parameters:
credential - the credential that will be used to sign the message
config - the SecurityConfiguration to use (may be null)
Returns:
signature algorithm to use with the given signing credential
Throws:
MessageEncodingException - thrown if the algorithm URI could not be derived from the supplied credential

generateSignature

protected String generateSignature(Credential signingCredential,
                                   String algorithmURI,
                                   String formData)
                            throws MessageEncodingException
Generates the signature over the string of concatenated form control data as indicated by the SimpleSign spec.

Parameters:
signingCredential - credential that will be used to sign
algorithmURI - algorithm URI of the signing credential
formData - form control data to be signed
Returns:
base64 encoded signature of form control data
Throws:
MessageEncodingException - there is an error computing the signature
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 1999-2012. All Rights Reserved.