|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.opensaml.saml2.metadata.provider.SignatureValidationFilter
public class SignatureValidationFilter
A metadata filter that validates XML signatures.
Field Summary | |
---|---|
private CriteriaSet |
defaultCriteria
Set of externally specified default criteria for input to the trust engine. |
private org.slf4j.Logger |
log
Class logger. |
private boolean |
requireSignature
Indicates whether signed metadata is required. |
private SignatureTrustEngine |
signatureTrustEngine
Trust engine used to validate a signature. |
private Validator<Signature> |
sigValidator
Pre-validator for XML Signature instances. |
Constructor Summary | |
---|---|
SignatureValidationFilter(SignatureTrustEngine engine)
Constructor. |
|
SignatureValidationFilter(SignatureTrustEngine engine,
Validator<Signature> signatureValidator)
Constructor. |
Method Summary | |
---|---|
protected CriteriaSet |
buildCriteriaSet(SignableXMLObject signedMetadata,
String metadataEntryName,
boolean isEntityGroup)
Build the criteria set which will be used as input to the configured trust engine. |
void |
doFilter(XMLObject metadata)
Filters the given metadata, perhaps to remove elements that are not wanted. |
CriteriaSet |
getDefaultCriteria()
Get the set of default criteria used as input to the trust engine. |
boolean |
getRequireSignature()
Gets whether incoming metadata's root element is required to be signed. |
protected String |
getRoleIDToken(String entityID,
RoleDescriptor role)
Get a string token for logging/debugging purposes that contains role information and containing entityID. |
Validator<Signature> |
getSignaturePrevalidator()
Get the validator used to perform pre-validation on Signature tokens. |
SignatureTrustEngine |
getSignatureTrustEngine()
Gets the trust engine used to validate signatures on incoming metadata. |
protected void |
performPreValidation(Signature signature,
String metadataEntryName)
Perform pre-validation on the Signature token. |
protected void |
processEntityDescriptor(EntityDescriptor entityDescriptor)
Process the signatures on the specified EntityDescriptor and any signed children. |
protected void |
processEntityGroup(EntitiesDescriptor entitiesDescriptor)
Process the signatures on the specified EntitiesDescriptor and any signed children. |
void |
setDefaultCriteria(CriteriaSet newCriteria)
Set the set of default criteria used as input to the trust engine. |
void |
setRequireSignature(boolean require)
Sets whether incoming metadata's root element is required to be signed. |
protected void |
verifySignature(SignableXMLObject signedMetadata,
String metadataEntryName,
boolean isEntityGroup)
Evaluate the signature on the signed metadata instance. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
private final org.slf4j.Logger log
private SignatureTrustEngine signatureTrustEngine
private boolean requireSignature
private CriteriaSet defaultCriteria
private Validator<Signature> sigValidator
Constructor Detail |
---|
public SignatureValidationFilter(SignatureTrustEngine engine)
engine
- the trust engine used to validate signatures on incoming metadata.public SignatureValidationFilter(SignatureTrustEngine engine, Validator<Signature> signatureValidator)
engine
- the trust engine used to validate signatures on incoming metadata.signatureValidator
- optional pre-validator used to validate Signature elements prior to the actual
cryptographic validation operationMethod Detail |
---|
public SignatureTrustEngine getSignatureTrustEngine()
public Validator<Signature> getSignaturePrevalidator()
public boolean getRequireSignature()
public void setRequireSignature(boolean require)
require
- whether incoming metadata is required to be signedpublic CriteriaSet getDefaultCriteria()
public void setDefaultCriteria(CriteriaSet newCriteria)
newCriteria
- the new criteria set to usepublic void doFilter(XMLObject metadata) throws FilterException
doFilter
in interface MetadataFilter
metadata
- the metadata to be filtered.
FilterException
- thrown if an error occurs during the filtering processprotected void processEntityDescriptor(EntityDescriptor entityDescriptor) throws FilterException
entityDescriptor
- the EntityDescriptor to be processed
FilterException
- thrown if an error occurs during the signature verification process
on the root EntityDescriptor specifiedprotected void processEntityGroup(EntitiesDescriptor entitiesDescriptor) throws FilterException
entitiesDescriptor
- the EntitiesDescriptor to be processed
FilterException
- thrown if an error occurs during the signature verification process
on the root EntitiesDescriptor specifiedprotected void verifySignature(SignableXMLObject signedMetadata, String metadataEntryName, boolean isEntityGroup) throws FilterException
signedMetadata
- the metadata object whose signature is to be verifiedmetadataEntryName
- the EntityDescriptor entityID, EntitiesDescriptor Name,
AffiliationDescriptor affiliationOwnerID,
or RoleDescriptor getRoleIDToken(String, RoleDescriptor)
corresponding to the element whose signature is being evaluated.
This is used exclusively for logging/debugging purposes and
should not be used operationally (e.g. for building a criteria set).isEntityGroup
- flag indicating whether the signed object is a metadata group (EntitiesDescriptor),
primarily useful for constructing a criteria set for the trust engine
FilterException
- thrown if the metadata entry's signature can not be established as trusted,
or if an error occurs during the signature verification processprotected void performPreValidation(Signature signature, String metadataEntryName) throws FilterException
signature
- the signature to evaluatemetadataEntryName
- the EntityDescriptor entityID, EntitiesDescriptor Name,
AffiliationDescriptor affiliationOwnerID,
or RoleDescriptor getRoleIDToken(String, RoleDescriptor)
corresponding to the element whose signature is being evaluated.
This is used exclusively for logging/debugging purposes and
should not be used operationally (e.g. for building a criteria set).
FilterException
- thrown if the signature element fails pre-validationprotected CriteriaSet buildCriteriaSet(SignableXMLObject signedMetadata, String metadataEntryName, boolean isEntityGroup)
signedMetadata
- the metadata element whose signature is being verifiedmetadataEntryName
- the EntityDescriptor entityID, EntitiesDescriptor Name,
AffiliationDescriptor affiliationOwnerID,
or RoleDescriptor getRoleIDToken(String, RoleDescriptor)
corresponding to the element whose signature is being evaluated.
This is used exclusively for logging/debugging purposes and
should not be used operationally (e.g. for building the criteria set).isEntityGroup
- flag indicating whether the signed object is a metadata group (EntitiesDescriptor)
protected String getRoleIDToken(String entityID, RoleDescriptor role)
entityID
- the containing entityIDrole
- the role descriptor
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |