Package org.opensaml.saml.saml2.binding.security.impl

Class SAML2HTTPRedirectDeflateSignatureSecurityHandler

java.lang.Object

net.shibboleth.shared.component.AbstractInitializableComponent

org.opensaml.messaging.handler.AbstractMessageHandler

org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler

org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, MessageHandler

public class SAML2HTTPRedirectDeflateSignatureSecurityHandler
extends BaseSAMLSimpleSignatureSecurityHandler

Message handler which evaluates simple "blob" signatures according to the SAML 2 HTTP-Redirect DEFLATE binding.

Field Summary

Fields

Modifier and Type	Field	Description
private final org.slf4j.Logger	log	Logger.

Constructor Summary

Constructors

Constructor	Description
SAML2HTTPRedirectDeflateSignatureSecurityHandler()

Method Summary

Modifier and Type	Method	Description
private boolean	appendParameter(StringBuilder builder, String queryString, String paramName)	Find the raw query string parameter indicated and append it to the string builder.
private String	buildSignedContentString(String queryString)	Extract the raw request parameters and build a string representation of the content that was signed.
protected byte[]	getSignedContent()	Get the content over which to validate the signature, in the form suitable for input into SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential).
protected boolean	ruleHandles(MessageContext messgaeContext)	Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.

Methods inherited from class org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler

buildCriteriaSet, deriveSignerEntityID, doInitialize, doInvoke, doPreInvoke, getHttpServletRequest, getHttpServletRequestSupplier, getRequestCredentials, getSignature, getSignatureAlgorithm, getTrustEngine, setHttpServletRequestSupplier, validateSignature

Methods inherited from class org.opensaml.messaging.handler.AbstractMessageHandler

doPostInvoke, doPostInvoke, getActivationCondition, getLogPrefix, invoke, isPreInvokeCalled, setActivationCondition

Methods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent

checkComponentActive, checkSetterPreconditions, destroy, doDestroy, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.shared.component.InitializableComponent

initialize, isInitialized

Field Details

log

@Nonnull
private final org.slf4j.Logger log

Logger.

Constructor Details

SAML2HTTPRedirectDeflateSignatureSecurityHandler

public SAML2HTTPRedirectDeflateSignatureSecurityHandler()

Method Details

ruleHandles

protected boolean ruleHandles(@Nonnull
 MessageContext messgaeContext)
                       throws MessageHandlerException

Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.

Specified by:

ruleHandles in class BaseSAMLSimpleSignatureSecurityHandler

Parameters:

messgaeContext - the SAML message context being processed

Returns:

true if the rule should attempt to process the request, otherwise false

Throws:

MessageHandlerException - thrown if there is an error during request processing

getSignedContent

@Nullable
protected byte[] getSignedContent()
                           throws MessageHandlerException

Get the content over which to validate the signature, in the form suitable for input into SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential).

Specified by:

getSignedContent in class BaseSAMLSimpleSignatureSecurityHandler

Returns:

the signed content extracted from the request, in the format suitable for input to the trust engine.

Throws:

MessageHandlerException - thrown if there is an error during request processing

buildSignedContentString

@Nonnull
@NotEmpty
private String buildSignedContentString(@Nullable
 String queryString)
                                 throws MessageHandlerException

Extract the raw request parameters and build a string representation of the content that was signed.

Parameters:

queryString - the raw HTTP query string from the request

Returns:

a string representation of the signed content

Throws:

MessageHandlerException - thrown if there is an error during request processing

appendParameter

private boolean appendParameter(@Nonnull
 StringBuilder builder,
 @Nullable
 String queryString,
 @Nullable
 String paramName)

Find the raw query string parameter indicated and append it to the string builder. The appended value will be in the form 'paramName=paramValue' (minus the quotes).

Parameters:

builder - string builder to which to append the parameter

queryString - the URL query string containing parameters

paramName - the name of the parameter to append

Returns:

true if parameter was found, false otherwise