Package org.opensaml.saml.saml2.binding.security.impl

Class SAML2HTTPPostSimpleSignSecurityHandler

  • All Implemented Interfaces:
    net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, org.opensaml.messaging.handler.MessageHandler
    public class SAML2HTTPPostSimpleSignSecurityHandler
extends BaseSAMLSimpleSignatureSecurityHandler
    Message handler which evaluates simple "blob" signatures according to the SAML 2 HTTP-POST-SimpleSign binding.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      private org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver keyInfoResolver
      KeyInfo resolver to use to process KeyInfo request parameter.
      private org.slf4j.Logger log
      Logger.
      private net.shibboleth.utilities.java.support.xml.ParserPool parserPool
      Parser pool to use to process KeyInfo request parameter.

    • Field Detail

      • log

        @Nonnull
private org.slf4j.Logger log
        Logger.

      • parserPool

        @NonnullAfterInit
private net.shibboleth.utilities.java.support.xml.ParserPool parserPool
        Parser pool to use to process KeyInfo request parameter.

      • keyInfoResolver

        @NonnullAfterInit
private org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver keyInfoResolver
        KeyInfo resolver to use to process KeyInfo request parameter.

    • Constructor Detail

      • SAML2HTTPPostSimpleSignSecurityHandler

        public SAML2HTTPPostSimpleSignSecurityHandler()

    • Method Detail

      • getParserPool

        @NonnullAfterInit
public net.shibboleth.utilities.java.support.xml.ParserPool getParserPool()
        Get the parser pool.
        Returns:
        Returns the parser pool.

      • setParser

        public void setParser​(@Nonnull
                      net.shibboleth.utilities.java.support.xml.ParserPool newParserPool)
        Set the parser pool.
        Parameters:
        newParserPool - The parser to set.

      • getKeyInfoResolver

        @NonnullAfterInit
public org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver getKeyInfoResolver()
        Get the KeyInfo credential resolver.
        Returns:
        Returns the keyInfoResolver.

      • setKeyInfoResolver

        public void setKeyInfoResolver​(@Nonnull
                               org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver newKeyInfoResolver)
        Set the KeyInfo credential resolver.
        Parameters:
        newKeyInfoResolver - The keyInfoResolver to set.

      • doInitialize

        protected void doInitialize()
                     throws net.shibboleth.utilities.java.support.component.ComponentInitializationException
        Overrides:
        doInitialize in class BaseSAMLSimpleSignatureSecurityHandler
        Throws:
        net.shibboleth.utilities.java.support.component.ComponentInitializationException

      • ruleHandles

        protected boolean ruleHandles​(@Nonnull
                              org.opensaml.messaging.context.MessageContext messageContext)
        Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.
        Specified by:
        ruleHandles in class BaseSAMLSimpleSignatureSecurityHandler
        Parameters:
        messageContext - the SAML message context being processed
        Returns:
        true if the rule should attempt to process the request, otherwise false

      • getSignedContent

        @Nullable
protected byte[] getSignedContent()
                           throws org.opensaml.messaging.handler.MessageHandlerException
        Get the content over which to validate the signature, in the form suitable for input into SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential).
        Specified by:
        getSignedContent in class BaseSAMLSimpleSignatureSecurityHandler
        Returns:
        the signed content extracted from the request, in the format suitable for input to the trust engine.
        Throws:
        org.opensaml.messaging.handler.MessageHandlerException - thrown if there is an error during request processing

      • getRequestCredentials

        @Nonnull
@NonnullElements
protected List<org.opensaml.security.credential.Credential> getRequestCredentials​(@Nonnull
                                                                                  org.opensaml.messaging.context.MessageContext samlContext)
                                                                           throws org.opensaml.messaging.handler.MessageHandlerException
        Extract any candidate validation credentials from the request and/or message context. Some bindings allow validataion keys for the simple signature to be supplied, and others do not.
        Overrides:
        getRequestCredentials in class BaseSAMLSimpleSignatureSecurityHandler
        Parameters:
        samlContext - the SAML message context being processed
        Returns:
        a list of candidate validation credentials in the request, or null if none were present
        Throws:
        org.opensaml.messaging.handler.MessageHandlerException - thrown if there is an error during request processing