org.opensaml.saml.saml2.binding.security.impl

Class SAML2HTTPRedirectDeflateSignatureSecurityHandler

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.messaging.handler.AbstractMessageHandler

org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler

org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, org.opensaml.messaging.handler.MessageHandler

public class SAML2HTTPRedirectDeflateSignatureSecurityHandler
extends BaseSAMLSimpleSignatureSecurityHandler

Message handler which evaluates simple "blob" signatures according to the SAML 2 HTTP-Redirect DEFLATE binding.

Field Summary

Fields

Modifier and Type	Field and Description
private org.slf4j.Logger	log Logger.

Constructor Summary

Constructors

Constructor and Description
SAML2HTTPRedirectDeflateSignatureSecurityHandler()

Method Summary

Modifier and Type	Method and Description
private boolean	appendParameter(StringBuilder builder, String queryString, String paramName) Find the raw query string parameter indicated and append it to the string builder.
private String	buildSignedContentString(String queryString) Extract the raw request parameters and build a string representation of the content that was signed.
protected byte[]	getSignedContent() Get the content over which to validate the signature, in the form suitable for input into SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential).
protected boolean	ruleHandles(org.opensaml.messaging.context.MessageContext messgaeContext) Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.

Methods inherited from class org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler

buildCriteriaSet, deriveSignerEntityID, doInitialize, doInvoke, doPreInvoke, getHttpServletRequest, getRequestCredentials, getSignature, getSignatureAlgorithm, getTrustEngine, setHttpServletRequest, validateSignature

Methods inherited from class org.opensaml.messaging.handler.AbstractMessageHandler

doPostInvoke, doPostInvoke, getActivationCondition, getLogPrefix, invoke, setActivationCondition

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Logger.

Constructor Detail

SAML2HTTPRedirectDeflateSignatureSecurityHandler

public SAML2HTTPRedirectDeflateSignatureSecurityHandler()

Method Detail

ruleHandles

protected boolean ruleHandles(@Nonnull
                              org.opensaml.messaging.context.MessageContext messgaeContext)
                       throws org.opensaml.messaging.handler.MessageHandlerException

Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.

Specified by:

ruleHandles in class BaseSAMLSimpleSignatureSecurityHandler

Parameters:

messgaeContext - the SAML message context being processed

Returns:

true if the rule should attempt to process the request, otherwise false

Throws:

org.opensaml.messaging.handler.MessageHandlerException - thrown if there is an error during request processing

getSignedContent

@Nullable
protected byte[] getSignedContent()
                                     throws org.opensaml.messaging.handler.MessageHandlerException

Get the content over which to validate the signature, in the form suitable for input into SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential).

Specified by:

getSignedContent in class BaseSAMLSimpleSignatureSecurityHandler

Returns:

the signed content extracted from the request, in the format suitable for input to the trust engine.

Throws:

org.opensaml.messaging.handler.MessageHandlerException - thrown if there is an error during request processing

buildSignedContentString

@Nonnull
 @NotEmpty
private String buildSignedContentString(String queryString)
                                                     throws org.opensaml.messaging.handler.MessageHandlerException

Extract the raw request parameters and build a string representation of the content that was signed.

Parameters:

queryString - the raw HTTP query string from the request

Returns:

a string representation of the signed content

Throws:

org.opensaml.messaging.handler.MessageHandlerException - thrown if there is an error during request processing

appendParameter

private boolean appendParameter(@Nonnull
                                StringBuilder builder,
                                @Nullable
                                String queryString,
                                @Nullable
                                String paramName)

Find the raw query string parameter indicated and append it to the string builder. The appended value will be in the form 'paramName=paramValue' (minus the quotes).

Parameters:

builder - string builder to which to append the parameter

queryString - the URL query string containing parameters

paramName - the name of the parameter to append

Returns:

true if parameter was found, false otherwise