Package org.opensaml.xmlsec.signature.support.impl

Class SignatureAlgorithmValidator

java.lang.Object

org.opensaml.xmlsec.signature.support.impl.SignatureAlgorithmValidator

public class SignatureAlgorithmValidator
extends Object

Component which validates a Signature's signature and digest algorithm URI's against a supplied algorithm include and exclude policy.

The evaluation is based on the Signature's underlying DOM structure, therefore the Signature must have a cached DOM before this validator is used.

Field Summary

Fields

Modifier and Type	Field	Description
private static String	ATTR_NAME_ALGORTHM	Local name of 'Algorithm' attribute.
private static QName	ELEMENT_NAME_DIGEST_METHOD	QName of 'ds:DigestMethod' element.
private static QName	ELEMENT_NAME_REFERENCE	QName of 'ds:Reference' element.
private static QName	ELEMENT_NAME_SIGNATURE_METHOD	QName of 'ds:SignatureMethod' element.
private static QName	ELEMENT_NAME_SIGNED_INFO	QName of 'ds:SignedInfo' element.
private Collection<String>	excludedAlgorithmURIs	The collection of algorithm URIs which are excluded.
private Collection<String>	includedAlgorithmURIs	The collection of algorithm URIs which are included.
private org.slf4j.Logger	log	Logger.

Constructor Summary

Constructors

Constructor	Description
SignatureAlgorithmValidator(Collection<String> includeAlgos, Collection<String> excludeAlgos)	Constructor.
SignatureAlgorithmValidator(SignatureValidationParameters params)	Constructor.

Method Summary

Modifier and Type	Method	Description
protected void	checkDOM(Signature signature)	Check that Signature XMLObject has a cached DOM Element.
protected List<String>	getDigestMethods(Signature signatureXMLObject)	Get the list of Signature Reference DigestMethod algorithm URIs.
protected String	getSignatureAlgorithm(Signature signatureXMLObject)	Get the signature algorithm.
void	validate(Signature signature)	Validate the algorithms in the signature.
protected void	validateAlgorithmURI(String algorithmURI)	Validate the supplied algorithm URI against the configured include and exclude lists.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ELEMENT_NAME_SIGNED_INFO

private static final QName ELEMENT_NAME_SIGNED_INFO

QName of 'ds:SignedInfo' element.

ELEMENT_NAME_SIGNATURE_METHOD

private static final QName ELEMENT_NAME_SIGNATURE_METHOD

QName of 'ds:SignatureMethod' element.

ELEMENT_NAME_REFERENCE

private static final QName ELEMENT_NAME_REFERENCE

QName of 'ds:Reference' element.

ELEMENT_NAME_DIGEST_METHOD

private static final QName ELEMENT_NAME_DIGEST_METHOD

QName of 'ds:DigestMethod' element.

ATTR_NAME_ALGORTHM

private static final String ATTR_NAME_ALGORTHM

Local name of 'Algorithm' attribute.

See Also:

Constant Field Values

log

private org.slf4j.Logger log

Logger.

includedAlgorithmURIs

private Collection<String> includedAlgorithmURIs

The collection of algorithm URIs which are included.

excludedAlgorithmURIs

private Collection<String> excludedAlgorithmURIs

The collection of algorithm URIs which are excluded.

Constructor Detail

SignatureAlgorithmValidator

public SignatureAlgorithmValidator(@Nonnull @ParameterName(name="params")
                                   SignatureValidationParameters params)

Constructor.

Parameters:

params - signature validation parameters containing the algorithm include and exclude lists

SignatureAlgorithmValidator

public SignatureAlgorithmValidator(@Nullable @ParameterName(name="includeAlgos")
                                   Collection<String> includeAlgos,
                                   @Nullable @ParameterName(name="excludeAlgos")
                                   Collection<String> excludeAlgos)

Constructor.

Parameters:

includeAlgos - the algorithm includes

excludeAlgos - the algorithm excludes

Method Detail

validate

public void validate(@Nonnull
                     Signature signature)
              throws SignatureException

Validate the algorithms in the signature.

Parameters:

signature - signature to validate

Throws:

SignatureException - if validation fails

checkDOM

protected void checkDOM(@Nonnull
                        Signature signature)
                 throws SignatureException

Check that Signature XMLObject has a cached DOM Element.

Parameters:

signature - the signature to evaluate

Throws:

SignatureException - if signature does not have a cached DOM Element

getSignatureAlgorithm

@Nonnull
protected String getSignatureAlgorithm(@Nonnull
                                       Signature signatureXMLObject)
                                throws SignatureException

Get the signature algorithm.

Parameters:

signatureXMLObject - the signature to evaluate

Returns:

the signature algorithm

Throws:

SignatureException - if signature algorithm can not be resolved

getDigestMethods

@Nonnull
protected List<String> getDigestMethods(@Nonnull
                                        Signature signatureXMLObject)
                                 throws SignatureException

Get the list of Signature Reference DigestMethod algorithm URIs.

Parameters:

signatureXMLObject - the signature to evaluate

Returns:

list of algorithm URIs

Throws:

SignatureException - if a DigestMethod is found to have a null or empty Algorithm attribute

validateAlgorithmURI

protected void validateAlgorithmURI(@Nonnull
                                    String algorithmURI)
                             throws SignatureException

Validate the supplied algorithm URI against the configured include and exclude lists.

Parameters:

algorithmURI - the algorithm URI to evaluate

Throws:

SignatureException - if the algorithm URI does not satisfy the include/exclude policy