public abstract class BaseSAMLSimpleSignatureSecurityPolicyRule extends Object implements org.opensaml.ws.security.SecurityPolicyRule
Modifier | Constructor and Description |
---|---|
protected |
BaseSAMLSimpleSignatureSecurityPolicyRule(org.opensaml.xml.signature.SignatureTrustEngine engine)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected org.opensaml.xml.security.CriteriaSet |
buildCriteriaSet(String entityID,
SAMLMessageContext samlContext)
Build a criteria set suitable for input to the trust engine.
|
protected String |
deriveSignerEntityID(SAMLMessageContext samlContext)
Derive the signer's entity ID from the message context.
|
void |
evaluate(org.opensaml.ws.message.MessageContext messageContext) |
protected List<org.opensaml.xml.security.credential.Credential> |
getRequestCredentials(javax.servlet.http.HttpServletRequest request,
SAMLMessageContext samlContext)
Extract any candidate validation credentials from the request and/or message context.
|
protected byte[] |
getSignature(javax.servlet.http.HttpServletRequest request)
Extract the signature value from the request, in the form suitable for input into
SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential) . |
protected String |
getSignatureAlgorithm(javax.servlet.http.HttpServletRequest request)
Extract the signature algorithm URI value from the request.
|
protected abstract byte[] |
getSignedContent(javax.servlet.http.HttpServletRequest request)
Get the content over which to validate the signature, in the form suitable for input into
SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential) . |
protected org.opensaml.xml.signature.SignatureTrustEngine |
getTrustEngine()
Gets the engine used to validate the signature.
|
protected abstract boolean |
ruleHandles(javax.servlet.http.HttpServletRequest request,
SAMLMessageContext samlMsgCtx)
Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message
context.
|
protected boolean |
validateSignature(byte[] signature,
byte[] signedContent,
String algorithmURI,
org.opensaml.xml.security.CriteriaSet criteriaSet,
List<org.opensaml.xml.security.credential.Credential> candidateCredentials)
Validate the simple signature.
|
protected BaseSAMLSimpleSignatureSecurityPolicyRule(org.opensaml.xml.signature.SignatureTrustEngine engine)
engine
- the signature trust engine to use for signature validataionpublic void evaluate(org.opensaml.ws.message.MessageContext messageContext) throws org.opensaml.ws.security.SecurityPolicyException
evaluate
in interface org.opensaml.ws.security.SecurityPolicyRule
org.opensaml.ws.security.SecurityPolicyException
protected boolean validateSignature(byte[] signature, byte[] signedContent, String algorithmURI, org.opensaml.xml.security.CriteriaSet criteriaSet, List<org.opensaml.xml.security.credential.Credential> candidateCredentials) throws org.opensaml.ws.security.SecurityPolicyException
signature
- the signature valuesignedContent
- the content that was signedalgorithmURI
- the signature algorithm URI which was used to sign the contentcriteriaSet
- criteria used to describe and/or resolve the information which serves as the basis for trust
evaluationcandidateCredentials
- the request-derived candidate credential(s) containing the validation key for the
signature (optional)org.opensaml.ws.security.SecurityPolicyException
- thrown if there are errors during the signature validation processprotected List<org.opensaml.xml.security.credential.Credential> getRequestCredentials(javax.servlet.http.HttpServletRequest request, SAMLMessageContext samlContext) throws org.opensaml.ws.security.SecurityPolicyException
request
- the HTTP servlet request being processedsamlContext
- the SAML message context being processedorg.opensaml.ws.security.SecurityPolicyException
- thrown if there is an error during request processingprotected org.opensaml.xml.signature.SignatureTrustEngine getTrustEngine()
protected byte[] getSignature(javax.servlet.http.HttpServletRequest request) throws org.opensaml.ws.security.SecurityPolicyException
SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential)
.
Defaults to the Base64-decoded value of the HTTP request parameter named Signature
.request
- the HTTP servlet requestorg.opensaml.ws.security.SecurityPolicyException
- thrown if there is an error during request processingprotected String getSignatureAlgorithm(javax.servlet.http.HttpServletRequest request) throws org.opensaml.ws.security.SecurityPolicyException
SigAlg
.request
- the HTTP servlet requestorg.opensaml.ws.security.SecurityPolicyException
- thrown if there is an error during request processingprotected String deriveSignerEntityID(SAMLMessageContext samlContext) throws org.opensaml.ws.security.SecurityPolicyException
samlContext
- the SAML message context being processedorg.opensaml.ws.security.SecurityPolicyException
- thrown if there is an error during request processingprotected org.opensaml.xml.security.CriteriaSet buildCriteriaSet(String entityID, SAMLMessageContext samlContext) throws org.opensaml.ws.security.SecurityPolicyException
entityID
- the candidate issuer entity ID which is being evaluatedsamlContext
- the message context which is being evaluatedorg.opensaml.ws.security.SecurityPolicyException
- thrown if criteria set can not be constructedprotected abstract byte[] getSignedContent(javax.servlet.http.HttpServletRequest request) throws org.opensaml.ws.security.SecurityPolicyException
SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential)
.request
- the HTTP servlet request being processedorg.opensaml.ws.security.SecurityPolicyException
- thrown if there is an error during request processingprotected abstract boolean ruleHandles(javax.servlet.http.HttpServletRequest request, SAMLMessageContext samlMsgCtx) throws org.opensaml.ws.security.SecurityPolicyException
request
- the HTTP servlet request being processedsamlMsgCtx
- the SAML message context being processedorg.opensaml.ws.security.SecurityPolicyException
- thrown if there is an error during request processingCopyright © 1999-2013. All Rights Reserved.