Package org.opensaml.saml.common

Class SAMLObjectContentReference

java.lang.Object

org.opensaml.saml.common.SAMLObjectContentReference

All Implemented Interfaces:

ConfigurableContentReference, ContentReference, TransformsConfigurableContentReference

public class SAMLObjectContentReference
extends Object
implements ConfigurableContentReference, TransformsConfigurableContentReference

A content reference for SAML objects that will be signed. The reference is created per the SAML specification.

The default digest algorithm used is SignatureConstants.ALGO_ID_DIGEST_SHA256.

The default set of transforms applied consists of SignatureConstants.TRANSFORM_ENVELOPED_SIGNATURE and SignatureConstants.TRANSFORM_C14N_EXCL_WITH_COMMENTS.

When generating an exclusive canonicalization transform, an inclusive namespace list is generated from the namespaces, retrieved from XMLObject.getNamespaces(), used by the SAML object to be signed and all of it's descendants.

Note that the SAML specification states that: 1) an exclusive canonicalization transform (either with or without comments) SHOULD be used. 2) transforms other than enveloped signature and one of the two exclusive canonicalizations SHOULD NOT be used. Careful consideration should be made before deviating from these recommendations.

Field Summary

Fields

Modifier and Type	Field	Description
private String	digestAlgorithm	Algorithm used to digest the content.
private final org.slf4j.Logger	log	Class logger.
private final SignableSAMLObject	signableObject	SAMLObject this reference refers to.
private List<String>	transforms	Transforms applied to the content.

Constructor Summary

Constructors

Constructor	Description
SAMLObjectContentReference(SignableSAMLObject newSignableObject)	Constructor.

Method Summary

Modifier and Type	Method	Description
void	createReference(org.apache.xml.security.signature.XMLSignature signature)	Called by the signature marshaller to allow references to be added to the signature.
String	getDigestAlgorithm()	Gets the algorithm used to digest the content.
List<String>	getTransforms()	Gets the transforms applied to the content prior to digest generation.
private void	populateNamespacePrefixes(Set<String> namespacePrefixes, XMLObject signatureContent)	Populates the given set with the non-visibly used namespace prefixes used by the given XMLObject and all of its descendants, as determined by the signature content object's namespace manager.
private void	processExclusiveTransform(org.apache.xml.security.signature.XMLSignature signature, org.apache.xml.security.transforms.Transform transform)	Populate the inclusive namspace prefixes on the specified Apache (exclusive) transform object.
void	setDigestAlgorithm(String newAlgorithm)	Sets the algorithm used to digest the content.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

signableObject

@Nonnull
private final SignableSAMLObject signableObject

SAMLObject this reference refers to.

digestAlgorithm

@Nullable
private String digestAlgorithm

Algorithm used to digest the content.

transforms

@Nonnull
private List<String> transforms

Transforms applied to the content.

Constructor Details

SAMLObjectContentReference

public SAMLObjectContentReference(@Nonnull
 SignableSAMLObject newSignableObject)

Constructor.

Parameters:

newSignableObject - the SAMLObject this reference refers to

Method Details

getTransforms

@Nonnull
@Live
public List<String> getTransforms()

Gets the transforms applied to the content prior to digest generation.

Specified by:

getTransforms in interface TransformsConfigurableContentReference

Returns:

the transforms applied to the content prior to digest generation

getDigestAlgorithm

@Nullable
public String getDigestAlgorithm()

Gets the algorithm used to digest the content..

Specified by:

getDigestAlgorithm in interface ConfigurableContentReference

Returns:

the algorithm used to digest the content

setDigestAlgorithm

public void setDigestAlgorithm(@Nullable
 String newAlgorithm)

Sets the algorithm used to digest the content..

Specified by:

setDigestAlgorithm in interface ConfigurableContentReference

Parameters:

newAlgorithm - the algorithm used to digest the content

createReference

public void createReference(@Nonnull
 org.apache.xml.security.signature.XMLSignature signature)

Called by the signature marshaller to allow references to be added to the signature.

Specified by:

createReference in interface ContentReference

Parameters:

signature - the signature object

processExclusiveTransform

private void processExclusiveTransform(@Nonnull
 org.apache.xml.security.signature.XMLSignature signature,
 @Nonnull
 org.apache.xml.security.transforms.Transform transform)

Populate the inclusive namspace prefixes on the specified Apache (exclusive) transform object.

Parameters:

signature - the Apache XMLSignature object

transform - the Apache Transform object representing an exclusive transform

populateNamespacePrefixes

private void populateNamespacePrefixes(@Nonnull @Live
 Set<String> namespacePrefixes,
 @Nonnull
 XMLObject signatureContent)

Populates the given set with the non-visibly used namespace prefixes used by the given XMLObject and all of its descendants, as determined by the signature content object's namespace manager.

Parameters:

namespacePrefixes - the namespace prefix set to be populated

signatureContent - the XMLObject whose namespace prefixes will be used to populate the set