org.opensaml.saml.common.binding.security.impl

Class SAMLProtocolMessageXMLSignatureSecurityHandler

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.messaging.handler.AbstractMessageHandler

org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler<Signature>

org.opensaml.saml.common.binding.security.impl.BaseSAMLXMLSignatureSecurityHandler

org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler

All Implemented Interfaces:

net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent, MessageHandler

public class SAMLProtocolMessageXMLSignatureSecurityHandler
extends BaseSAMLXMLSignatureSecurityHandler

SAML security message handler which validates the signature (if present) on the SAMLObject which represents the SAML protocol message being processed.

If the message is not an instance of SignableSAMLObject, then no processing is performed. If signature validation is successful, and the SAML message context issuer was not previously authenticated, then the context's authentication state will be set to true.

If an optional SAMLSignatureProfileValidator or subclass is supplied, this validator will be used to validate the XML Signature element prior to the actual cryptographic validation of the signature. This might for example be used to enforce certain signature profile requirements or to detect signatures upon which it would be unsafe to attempt cryptographic processing. The validator will default to SAMLSignatureProfileValidator.

Field Summary

Fields

Modifier and Type	Field and Description
private org.slf4j.Logger	log Logger.
private SignaturePrevalidator	signaturePrevalidator Validator for XML Signature instances.

Constructor Summary

Constructors

Constructor and Description
SAMLProtocolMessageXMLSignatureSecurityHandler() Constructor.

Method Summary

Modifier and Type	Method and Description
protected void	doEvaluate(Signature signature, SignableSAMLObject signableObject, MessageContext messageContext) Perform cryptographic validation and trust evaluation on the Signature token using the configured Signature trust engine.
void	doInvoke(MessageContext messageContext) Performs the handler logic.
SignaturePrevalidator	getSignaturePrevalidator() Get the prevalidator for XML Signature instances.
protected void	performPrevalidation(Signature signature) Perform pre-validation on the Signature token.
void	setSignaturePrevalidator(SignaturePrevalidator validator) Set the prevalidator for XML Signature instances.

Methods inherited from class org.opensaml.saml.common.binding.security.impl.BaseSAMLXMLSignatureSecurityHandler

buildCriteriaSet, doPreInvoke, getSAMLPeerEntityContext, getSAMLProtocolContext, resolveTrustEngine

Methods inherited from class org.opensaml.security.messaging.impl.BaseTrustEngineSecurityHandler

evaluate, evaluate, getTrustEngine

Methods inherited from class org.opensaml.messaging.handler.AbstractMessageHandler

doPostInvoke, doPostInvoke, getLogPrefix, invoke

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Detail

log

@Nonnull
private final org.slf4j.Logger log

Logger.

signaturePrevalidator

@Nullable
private SignaturePrevalidator signaturePrevalidator

Validator for XML Signature instances.

Constructor Detail

SAMLProtocolMessageXMLSignatureSecurityHandler

public SAMLProtocolMessageXMLSignatureSecurityHandler()

Constructor. Signature prevalidator defaults to SAMLSignatureProfileValidator.

Method Detail

getSignaturePrevalidator

@Nullable
public SignaturePrevalidator getSignaturePrevalidator()

Get the prevalidator for XML Signature instances.

Returns:

Returns the prevalidator.

setSignaturePrevalidator

public void setSignaturePrevalidator(@Nullable
                                     SignaturePrevalidator validator)

Set the prevalidator for XML Signature instances.

Parameters:

validator - The prevalidator to set.

doInvoke

public void doInvoke(@Nonnull
                     MessageContext messageContext)
              throws MessageHandlerException

Performs the handler logic.

Specified by:

doInvoke in class AbstractMessageHandler

Parameters:

messageContext - the message context on which to invoke the handler

Throws:

MessageHandlerException - if there is an error invoking the handler on the message context

doEvaluate

protected void doEvaluate(@Nonnull
                          Signature signature,
                          @Nonnull
                          SignableSAMLObject signableObject,
                          @Nonnull
                          MessageContext messageContext)
                   throws MessageHandlerException

Perform cryptographic validation and trust evaluation on the Signature token using the configured Signature trust engine.

Parameters:

signature - the signature which is being evaluated

signableObject - the signable object which contained the signature

messageContext - the SAML message context being processed

Throws:

MessageHandlerException - thrown if the signature fails validation

performPrevalidation

protected void performPrevalidation(@Nonnull
                                    Signature signature)
                             throws MessageHandlerException

Perform pre-validation on the Signature token.

Parameters:

signature - the signature to evaluate

Throws:

MessageHandlerException - thrown if the signature element fails pre-validation