Package org.opensaml.saml.common.binding.security.impl

Class BaseSAMLSimpleSignatureSecurityHandler

    • Field Detail

      • log

        @Nonnull
private final org.slf4j.Logger log
        Logger.

      • httpServletRequest

        @NonnullAfterInit
private javax.servlet.http.HttpServletRequest httpServletRequest
        The HttpServletRequest being processed.

      • peerContext

        @Nullable
private SAMLPeerEntityContext peerContext
        The context representing the SAML peer entity.

      • samlProtocolContext

        @Nullable
private SAMLProtocolContext samlProtocolContext
        The SAML protocol context in operation.

      • trustEngine

        @Nullable
private SignatureTrustEngine trustEngine
        Signature trust engine used to validate raw signatures.

    • Constructor Detail

      • BaseSAMLSimpleSignatureSecurityHandler

        public BaseSAMLSimpleSignatureSecurityHandler()

    • Method Detail

      • getTrustEngine

        @Nullable
protected SignatureTrustEngine getTrustEngine()
        Gets the engine used to validate the signature.
        Returns:
        engine engine used to validate the signature

      • getHttpServletRequest

        @NonnullAfterInit
public javax.servlet.http.HttpServletRequest getHttpServletRequest()
        Get the HTTP servlet request being processed.
        Returns:
        Returns the request.

      • setHttpServletRequest

        public void setHttpServletRequest​(@Nonnull
                                  javax.servlet.http.HttpServletRequest request)
        Set the HTTP servlet request being processed.
        Parameters:
        request - The to set.

      • doEvaluate

        private void doEvaluate​(@Nonnull @NotEmpty
                        byte[] signature,
                        @Nonnull @NotEmpty
                        byte[] signedContent,
                        @Nonnull @NotEmpty
                        String algorithmURI,
                        @Nonnull
                        MessageContext messageContext)
                 throws MessageHandlerException
        Evaluate the simple signature based on information in the request and/or message context.
        Parameters:
        signature - the signature value
        signedContent - the content that was signed
        algorithmURI - the signature algorithm URI which was used to sign the content
        messageContext - the SAML message context being processed
        Throws:
        MessageHandlerException - thrown if there are errors during the signature validation process

      • validateSignature

        protected boolean validateSignature​(@Nonnull @NotEmpty
                                    byte[] signature,
                                    @Nonnull @NotEmpty
                                    byte[] signedContent,
                                    @Nonnull @NotEmpty
                                    String algorithmURI,
                                    @Nonnull
                                    CriteriaSet criteriaSet,
                                    @Nonnull @NonnullElements
                                    List<Credential> candidateCredentials)
                             throws MessageHandlerException
        Validate the simple signature.
        Parameters:
        signature - the signature value
        signedContent - the content that was signed
        algorithmURI - the signature algorithm URI which was used to sign the content
        criteriaSet - criteria used to describe and/or resolve the information which serves as the basis for trust evaluation
        candidateCredentials - the request-derived candidate credential(s) containing the validation key for the signature (optional)
        Returns:
        true if signature can be verified successfully, false otherwise
        Throws:
        MessageHandlerException - thrown if there are errors during the signature validation process

      • getRequestCredentials

        @Nonnull
@NonnullElements
protected List<Credential> getRequestCredentials​(@Nonnull
                                                 MessageContext messageContext)
                                          throws MessageHandlerException
        Extract any candidate validation credentials from the request and/or message context. Some bindings allow validataion keys for the simple signature to be supplied, and others do not.
        Parameters:
        messageContext - the SAML message context being processed
        Returns:
        a list of candidate validation credentials in the request, or null if none were present
        Throws:
        MessageHandlerException - thrown if there is an error during request processing

      • getSignatureAlgorithm

        @Nullable
protected String getSignatureAlgorithm()
                                throws MessageHandlerException
        Extract the signature algorithm URI value from the request. Defaults to the HTTP request parameter named SigAlg.
        Returns:
        the signature algorithm URI value
        Throws:
        MessageHandlerException - thrown if there is an error during request processing

      • deriveSignerEntityID

        @Nullable
protected String deriveSignerEntityID​(@Nonnull
                                      MessageContext messageContext)
                               throws MessageHandlerException
        Derive the signer's entity ID from the message context. This is implementation-specific and there is no default. This is primarily an extension point for subclasses.
        Parameters:
        messageContext - the SAML message context being processed
        Returns:
        the signer's derived entity ID
        Throws:
        MessageHandlerException - thrown if there is an error during request processing

      • buildCriteriaSet

        @Nonnull
protected CriteriaSet buildCriteriaSet​(@Nullable
                                       String entityID,
                                       @Nonnull
                                       MessageContext messageContext)
                                throws MessageHandlerException
        Build a criteria set suitable for input to the trust engine.
        Parameters:
        entityID - the candidate issuer entity ID which is being evaluated
        messageContext - the message context which is being evaluated
        Returns:
        a newly constructly set of criteria suitable for the configured trust engine
        Throws:
        MessageHandlerException - thrown if criteria set can not be constructed

      • ruleHandles

        protected abstract boolean ruleHandles​(@Nonnull
                                       MessageContext messageContext)
                                throws MessageHandlerException
        Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.
        Parameters:
        messageContext - the SAML message context being processed
        Returns:
        true if the rule should attempt to process the request, otherwise false
        Throws:
        MessageHandlerException - thrown if there is an error during request processing