Package org.opensaml.saml.saml2.binding.security.impl

Class SAML2HTTPRedirectDeflateSignatureSecurityHandler

  • All Implemented Interfaces:
    net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, org.opensaml.messaging.handler.MessageHandler
    public class SAML2HTTPRedirectDeflateSignatureSecurityHandler
extends BaseSAMLSimpleSignatureSecurityHandler
    Message handler which evaluates simple "blob" signatures according to the SAML 2 HTTP-Redirect DEFLATE binding.

    • Field Detail

      • log

        @Nonnull
private final org.slf4j.Logger log
        Logger.

    • Constructor Detail

      • SAML2HTTPRedirectDeflateSignatureSecurityHandler

        public SAML2HTTPRedirectDeflateSignatureSecurityHandler()

    • Method Detail

      • ruleHandles

        protected boolean ruleHandles​(@Nonnull
                              org.opensaml.messaging.context.MessageContext messgaeContext)
                       throws org.opensaml.messaging.handler.MessageHandlerException
        Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.
        Specified by:
        ruleHandles in class BaseSAMLSimpleSignatureSecurityHandler
        Parameters:
        messgaeContext - the SAML message context being processed
        Returns:
        true if the rule should attempt to process the request, otherwise false
        Throws:
        org.opensaml.messaging.handler.MessageHandlerException - thrown if there is an error during request processing

      • getSignedContent

        @Nullable
protected byte[] getSignedContent()
                           throws org.opensaml.messaging.handler.MessageHandlerException
        Get the content over which to validate the signature, in the form suitable for input into SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential).
        Specified by:
        getSignedContent in class BaseSAMLSimpleSignatureSecurityHandler
        Returns:
        the signed content extracted from the request, in the format suitable for input to the trust engine.
        Throws:
        org.opensaml.messaging.handler.MessageHandlerException - thrown if there is an error during request processing

      • buildSignedContentString

        @Nonnull
@NotEmpty
private String buildSignedContentString​(String queryString)
                                 throws org.opensaml.messaging.handler.MessageHandlerException
        Extract the raw request parameters and build a string representation of the content that was signed.
        Parameters:
        queryString - the raw HTTP query string from the request
        Returns:
        a string representation of the signed content
        Throws:
        org.opensaml.messaging.handler.MessageHandlerException - thrown if there is an error during request processing

      • appendParameter

        private boolean appendParameter​(@Nonnull
                                StringBuilder builder,
                                @Nullable
                                String queryString,
                                @Nullable
                                String paramName)
        Find the raw query string parameter indicated and append it to the string builder. The appended value will be in the form 'paramName=paramValue' (minus the quotes).
        Parameters:
        builder - string builder to which to append the parameter
        queryString - the URL query string containing parameters
        paramName - the name of the parameter to append
        Returns:
        true if parameter was found, false otherwise