SAMLProtocolMessageXMLSignatureSecurityHandler (OpenSAML :: SAML Provider Implementations 3.4.6 API)

java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - org.opensaml.messaging.handler.AbstractMessageHandler
  - - org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler<org.opensaml.xmlsec.signature.Signature>
    - - org.opensaml.saml.common.binding.security.impl.BaseSAMLXMLSignatureSecurityHandler
      - org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler

All Implemented Interfaces:

net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, org.opensaml.messaging.handler.MessageHandler
```
public class SAMLProtocolMessageXMLSignatureSecurityHandler
extends BaseSAMLXMLSignatureSecurityHandler
```
SAML security message handler which validates the signature (if present) on the SAMLObject which represents the SAML protocol message being processed.
If the message is not an instance of SignableSAMLObject, then no processing is performed. If signature validation is successful, and the SAML message context issuer was not previously authenticated, then the context's authentication state will be set to true.

If an optional SAMLSignatureProfileValidator or subclass is supplied, this validator will be used to validate the XML Signature element prior to the actual cryptographic validation of the signature. This might for example be used to enforce certain signature profile requirements or to detect signatures upon which it would be unsafe to attempt cryptographic processing. The validator will default to SAMLSignatureProfileValidator.

Field Summary

Fields
Modifier and Type	Field and Description
`private Logger`	`log` Logger.
`private org.opensaml.xmlsec.signature.support.SignaturePrevalidator`	`signaturePrevalidator` Validator for XML Signature instances.

Constructor Summary

Constructors
Constructor and Description

SAMLProtocolMessageXMLSignatureSecurityHandler()
Constructor.

Constructors
Constructor and Description
`SAMLProtocolMessageXMLSignatureSecurityHandler()` Constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`protected void`	`doEvaluate(org.opensaml.xmlsec.signature.Signature signature, SignableSAMLObject signableObject, org.opensaml.messaging.context.MessageContext messageContext)` Perform cryptographic validation and trust evaluation on the Signature token using the configured Signature trust engine.
`void`	`doInvoke(org.opensaml.messaging.context.MessageContext messageContext)`
`org.opensaml.xmlsec.signature.support.SignaturePrevalidator`	`getSignaturePrevalidator()` Get the prevalidator for XML Signature instances.
`protected void`	`performPrevalidation(org.opensaml.xmlsec.signature.Signature signature)` Perform pre-validation on the Signature token.
`void`	`setSignaturePrevalidator(org.opensaml.xmlsec.signature.support.SignaturePrevalidator validator)` Set the prevalidator for XML Signature instances.

Methods inherited from class org.opensaml.saml.common.binding.security.impl.BaseSAMLXMLSignatureSecurityHandler
buildCriteriaSet, doPreInvoke, getSAMLPeerEntityContext, getSAMLProtocolContext, resolveTrustEngine

Methods inherited from class org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler
evaluate, evaluate, getTrustEngine

Methods inherited from class org.opensaml.messaging.handler.AbstractMessageHandler
doPostInvoke, doPostInvoke, getActivationCondition, getLogPrefix, invoke, setActivationCondition

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

Field Detail

log
```
@Nonnull
private final Logger log
```
Logger.

signaturePrevalidator

@Nullable
private org.opensaml.xmlsec.signature.support.SignaturePrevalidator signaturePrevalidator

Validator for XML Signature instances.

Constructor Detail
- SAMLProtocolMessageXMLSignatureSecurityHandler
```
public SAMLProtocolMessageXMLSignatureSecurityHandler()
```
  Constructor. Signature prevalidator defaults to SAMLSignatureProfileValidator.

Method Detail

getSignaturePrevalidator

@Nullable
public org.opensaml.xmlsec.signature.support.SignaturePrevalidator getSignaturePrevalidator()

Get the prevalidator for XML Signature instances.

Returns:: Returns the prevalidator.

setSignaturePrevalidator

public void setSignaturePrevalidator(@Nullable
                            org.opensaml.xmlsec.signature.support.SignaturePrevalidator validator)

Set the prevalidator for XML Signature instances.

Parameters:: validator - The prevalidator to set.

doInvoke

public void doInvoke(@Nonnull
            org.opensaml.messaging.context.MessageContext messageContext)
              throws org.opensaml.messaging.handler.MessageHandlerException

Specified by:: doInvoke in class org.opensaml.messaging.handler.AbstractMessageHandler
Throws:: org.opensaml.messaging.handler.MessageHandlerException

doEvaluate

protected void doEvaluate(@Nonnull
              org.opensaml.xmlsec.signature.Signature signature,
              @Nonnull
              SignableSAMLObject signableObject,
              @Nonnull
              org.opensaml.messaging.context.MessageContext messageContext)
                   throws org.opensaml.messaging.handler.MessageHandlerException

Perform cryptographic validation and trust evaluation on the Signature token using the configured Signature trust engine.

Parameters:: signature - the signature which is being evaluated; signableObject - the signable object which contained the signature; messageContext - the SAML message context being processed
Throws:: org.opensaml.messaging.handler.MessageHandlerException - thrown if the signature fails validation

performPrevalidation

protected void performPrevalidation(@Nonnull
                        org.opensaml.xmlsec.signature.Signature signature)
                             throws org.opensaml.messaging.handler.MessageHandlerException

Perform pre-validation on the Signature token.

Parameters:: signature - the signature to evaluate
Throws:: org.opensaml.messaging.handler.MessageHandlerException - thrown if the signature element fails pre-validation

Class SAMLProtocolMessageXMLSignatureSecurityHandler

Field Summary

Constructor Summary

Method Summary

Methods inherited from class org.opensaml.saml.common.binding.security.impl.BaseSAMLXMLSignatureSecurityHandler

Methods inherited from class org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler

Methods inherited from class org.opensaml.messaging.handler.AbstractMessageHandler

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent