org.opensaml.saml.saml2.binding.encoding.impl

Class HTTPPostSimpleSignEncoder

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.messaging.encoder.AbstractMessageEncoder<MessageType>

org.opensaml.messaging.encoder.servlet.AbstractHttpServletResponseMessageEncoder<MessageType>

org.opensaml.messaging.encoder.servlet.BaseHttpServletResponseXMLMessageEncoder<SAMLObject>

org.opensaml.saml.saml2.binding.encoding.impl.BaseSAML2MessageEncoder

org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder

org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostSimpleSignEncoder

All Implemented Interfaces:

net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, net.shibboleth.utilities.java.support.component.UnmodifiableComponent, org.opensaml.messaging.encoder.MessageEncoder<SAMLObject>, org.opensaml.messaging.encoder.servlet.HttpServletResponseMessageEncoder<SAMLObject>, SAMLMessageEncoder

public class HTTPPostSimpleSignEncoder
extends HTTPPostEncoder

SAML 2.0 HTTP-POST-SimpleSign binding message encoder.

The spec does not preclude the SAML 2 protocol message from being signed using the XML Signature method, in addition to the SimpleSign method specified by this binding. Signing via XML Signature over the SAML request and response payload may be toggled by the signXMLProtocolMessage parameter to the constructor HTTPPostSimpleSignEncoder#HTTPPostSimpleSignEncoder(VelocityEngine, String, boolean). If this constructor variant is not used, the flag defaults to false.

Field Summary

Fields

Modifier and Type	Field and Description
static String	DEFAULT_TEMPLATE_ID Default template ID.
private Logger	log Class logger.

Constructor Summary

Constructors

Constructor and Description
HTTPPostSimpleSignEncoder() Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
protected String	buildFormDataToSign(VelocityContext velocityContext, org.opensaml.messaging.context.MessageContext<SAMLObject> messageContext, String sigAlgURI) Build the form control data string over which the signature is computed.
protected String	buildKeyInfo(org.opensaml.security.credential.Credential signingCredential, org.opensaml.xmlsec.keyinfo.KeyInfoGenerator kiGenerator) Build the KeyInfo from the signing credential.
protected String	generateSignature(org.opensaml.security.credential.Credential signingCredential, String algorithmURI, String formData) Generates the signature over the string of concatenated form control data as indicated by the SimpleSign spec.
String	getBindingURI()
protected String	getSignatureAlgorithmURI(org.opensaml.xmlsec.SignatureSigningParameters signingParameters) Gets the signature algorithm URI to use.
protected void	populateVelocityContext(VelocityContext velocityContext, org.opensaml.messaging.context.MessageContext<SAMLObject> messageContext, String endpointURL) Populate the Velocity context instance which will be used to render the POST body.

Methods inherited from class org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder

doDestroy, doEncode, doInitialize, getVelocityEngine, getVelocityTemplateId, postEncode, providesMessageConfidentiality, providesMessageIntegrity, setVelocityEngine, setVelocityTemplateId

Methods inherited from class org.opensaml.saml.saml2.binding.encoding.impl.BaseSAML2MessageEncoder

getEndpointURL

Methods inherited from class org.opensaml.messaging.encoder.servlet.BaseHttpServletResponseXMLMessageEncoder

encode, getMessageToLog, logEncodedMessage, marshallMessage

Methods inherited from class org.opensaml.messaging.encoder.servlet.AbstractHttpServletResponseMessageEncoder

getHttpServletResponse, setHttpServletResponse

Methods inherited from class org.opensaml.messaging.encoder.AbstractMessageEncoder

getMessageContext, prepareContext, setMessageContext

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.opensaml.messaging.encoder.MessageEncoder

encode, prepareContext, setMessageContext

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Methods inherited from interface net.shibboleth.utilities.java.support.component.DestructableComponent

destroy, isDestroyed

Field Detail

DEFAULT_TEMPLATE_ID

public static final String DEFAULT_TEMPLATE_ID

Default template ID.

See Also:

Constant Field Values

log

private final Logger log

Class logger.

Constructor Detail

HTTPPostSimpleSignEncoder

public HTTPPostSimpleSignEncoder()

Constructor.

Method Detail

getBindingURI

public String getBindingURI()

Specified by:

getBindingURI in interface SAMLMessageEncoder

Overrides:

getBindingURI in class HTTPPostEncoder

populateVelocityContext

protected void populateVelocityContext(VelocityContext velocityContext,
                           org.opensaml.messaging.context.MessageContext<SAMLObject> messageContext,
                           String endpointURL)
                                throws org.opensaml.messaging.encoder.MessageEncodingException

Populate the Velocity context instance which will be used to render the POST body.

Overrides:

populateVelocityContext in class HTTPPostEncoder

Parameters:

velocityContext - the Velocity context instance to populate with data

messageContext - the SAML message context source of data

endpointURL - endpoint URL to which to encode message

Throws:

org.opensaml.messaging.encoder.MessageEncodingException - thrown if there is a problem encoding the message

buildKeyInfo

protected String buildKeyInfo(org.opensaml.security.credential.Credential signingCredential,
                  org.opensaml.xmlsec.keyinfo.KeyInfoGenerator kiGenerator)
                       throws org.opensaml.messaging.encoder.MessageEncodingException

Build the KeyInfo from the signing credential.

Parameters:

signingCredential - the credential used for signing

kiGenerator - the generator for the KeyInfo

Returns:

the marshalled, serialized and base64-encoded KeyInfo, or null if none was generated

Throws:

org.opensaml.messaging.encoder.MessageEncodingException - thrown if there is an error generating or marshalling the KeyInfo

buildFormDataToSign

protected String buildFormDataToSign(VelocityContext velocityContext,
                         org.opensaml.messaging.context.MessageContext<SAMLObject> messageContext,
                         String sigAlgURI)

Build the form control data string over which the signature is computed.

Parameters:

velocityContext - the Velocity context which is already populated with the values for SAML message and relay state

messageContext - the SAML message context being processed

sigAlgURI - the signature algorithm URI

Returns:

the form control data string for signature computation

getSignatureAlgorithmURI

protected String getSignatureAlgorithmURI(org.opensaml.xmlsec.SignatureSigningParameters signingParameters)
                                   throws org.opensaml.messaging.encoder.MessageEncodingException

Gets the signature algorithm URI to use.

Parameters:

signingParameters - the signing parameters to use

Returns:

signature algorithm to use with the associated signing credential

Throws:

org.opensaml.messaging.encoder.MessageEncodingException - thrown if the algorithm URI is not supplied explicitly and could not be derived from the supplied credential

generateSignature

protected String generateSignature(org.opensaml.security.credential.Credential signingCredential,
                       String algorithmURI,
                       String formData)
                            throws org.opensaml.messaging.encoder.MessageEncodingException

Generates the signature over the string of concatenated form control data as indicated by the SimpleSign spec.

Parameters:

signingCredential - credential that will be used to sign

algorithmURI - algorithm URI of the signing credential

formData - form control data to be signed

Returns:

base64 encoded signature of form control data

Throws:

org.opensaml.messaging.encoder.MessageEncodingException - there is an error computing the signature