org.opensaml.saml.common

Class SAMLObjectContentReference

java.lang.Object

org.opensaml.saml.common.SAMLObjectContentReference

All Implemented Interfaces:

ConfigurableContentReference, ContentReference

public class SAMLObjectContentReference
extends java.lang.Object
implements ConfigurableContentReference

A content reference for SAML objects that will be signed. The reference is created per the SAML specification.

The default digest algorithm used is SignatureConstants.ALGO_ID_DIGEST_SHA256.

The default set of transforms applied consists of SignatureConstants.TRANSFORM_ENVELOPED_SIGNATURE and SignatureConstants.TRANSFORM_C14N_EXCL_WITH_COMMENTS.

When generating an exclusive canonicalization transform, an inclusive namespace list is generated from the namespaces, retrieved from XMLObject.getNamespaces(), used by the SAML object to be signed and all of it's descendants.

Note that the SAML specification states that: 1) an exclusive canonicalization transform (either with or without comments) SHOULD be used. 2) transforms other than enveloped signature and one of the two exclusive canonicalizations SHOULD NOT be used. Careful consideration should be made before deviating from these recommendations.

Field Summary

Fields

Modifier and Type	Field and Description
private java.lang.String	digestAlgorithm Algorithm used to digest the content.
private org.slf4j.Logger	log Class logger.
private SignableSAMLObject	signableObject SAMLObject this reference refers to.
private java.util.List<java.lang.String>	transforms Transforms applied to the content.

Constructor Summary

Constructors

Constructor and Description
SAMLObjectContentReference(SignableSAMLObject newSignableObject) Constructor.

Method Summary

Modifier and Type	Method and Description
void	createReference(org.apache.xml.security.signature.XMLSignature signature) Called by the signature marshaller to allow references to be added to the signature.
java.lang.String	getDigestAlgorithm() Gets the algorithm used to digest the content.
java.util.List<java.lang.String>	getTransforms() Gets the transforms applied to the content prior to digest generation.
private void	populateNamespacePrefixes(java.util.Set<java.lang.String> namespacePrefixes, XMLObject signatureContent) Populates the given set with the non-visibly used namespace prefixes used by the given XMLObject and all of its descendants, as determined by the signature content object's namespace manager.
private void	processExclusiveTransform(org.apache.xml.security.signature.XMLSignature signature, org.apache.xml.security.transforms.Transform transform) Populate the inclusive namspace prefixes on the specified Apache (exclusive) transform object.
void	setDigestAlgorithm(java.lang.String newAlgorithm) Sets the algorithm used to digest the content.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

signableObject

@Nonnull
private final SignableSAMLObject signableObject

SAMLObject this reference refers to.

digestAlgorithm

@Nonnull
 @NotEmpty
private java.lang.String digestAlgorithm

Algorithm used to digest the content.

transforms

@Nonnull
 @NonnullElements
private java.util.List<java.lang.String> transforms

Transforms applied to the content.

Constructor Detail

SAMLObjectContentReference

public SAMLObjectContentReference(@Nonnull
                                  SignableSAMLObject newSignableObject)

Constructor.

Parameters:

newSignableObject - the SAMLObject this reference refers to

Method Detail

getTransforms

@Nonnull
 @NonnullElements
 @Live
public java.util.List<java.lang.String> getTransforms()

Gets the transforms applied to the content prior to digest generation.

Returns:

the transforms applied to the content prior to digest generation

getDigestAlgorithm

@Nonnull
 @NotEmpty
public java.lang.String getDigestAlgorithm()

Gets the algorithm used to digest the content..

Specified by:

getDigestAlgorithm in interface ConfigurableContentReference

Returns:

the algorithm used to digest the content

setDigestAlgorithm

public void setDigestAlgorithm(@Nonnull @NotEmpty
                               java.lang.String newAlgorithm)

Sets the algorithm used to digest the content..

Specified by:

setDigestAlgorithm in interface ConfigurableContentReference

Parameters:

newAlgorithm - the algorithm used to digest the content

createReference

public void createReference(@Nonnull
                            org.apache.xml.security.signature.XMLSignature signature)

Called by the signature marshaller to allow references to be added to the signature.

Specified by:

createReference in interface ContentReference

Parameters:

signature - the signature object

processExclusiveTransform

private void processExclusiveTransform(@Nonnull
                                       org.apache.xml.security.signature.XMLSignature signature,
                                       @Nonnull
                                       org.apache.xml.security.transforms.Transform transform)

Populate the inclusive namspace prefixes on the specified Apache (exclusive) transform object.

Parameters:

signature - the Apache XMLSignature object

transform - the Apache Transform object representing an exclusive transform

populateNamespacePrefixes

private void populateNamespacePrefixes(@Nonnull @NonnullElements
                                       java.util.Set<java.lang.String> namespacePrefixes,
                                       @Nonnull
                                       XMLObject signatureContent)

Populates the given set with the non-visibly used namespace prefixes used by the given XMLObject and all of its descendants, as determined by the signature content object's namespace manager.

Parameters:

namespacePrefixes - the namespace prefix set to be populated

signatureContent - the XMLObject whose namespace prefixes will be used to populate the set