org.opensaml.saml2.binding.encoding

Class HTTPPostSimpleSignEncoder

java.lang.Object

org.opensaml.ws.message.encoder.BaseMessageEncoder

org.opensaml.saml2.binding.encoding.BaseSAML2MessageEncoder

org.opensaml.saml2.binding.encoding.HTTPPostEncoder

org.opensaml.saml2.binding.encoding.HTTPPostSimpleSignEncoder

All Implemented Interfaces:

SAMLMessageEncoder, MessageEncoder

public class HTTPPostSimpleSignEncoder
extends HTTPPostEncoder

SAML 2.0 HTTP-POST-SimpleSign binding message encoder.

The spec does not preclude the SAML 2 protocol message from being signed using the XML Signature method, in addition to the SimpleSign method specified by this binding. Signing via XML Signature over the SAML request and response payload may be toggled by the signXMLProtocolMessage parameter to the constructor HTTPPostSimpleSignEncoder(VelocityEngine, String, boolean). If this constructor variant is not used, the flag defaults to false.

Constructor Summary

Constructors

Constructor and Description
HTTPPostSimpleSignEncoder(org.apache.velocity.app.VelocityEngine engine, String templateId) Constructor.
HTTPPostSimpleSignEncoder(org.apache.velocity.app.VelocityEngine engine, String templateId, boolean signXMLProtocolMessage) Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
protected String	buildFormDataToSign(org.apache.velocity.VelocityContext velocityContext, SAMLMessageContext messageContext, String sigAlgURI) Build the form control data string over which the signature is computed.
protected String	buildKeyInfo(Credential signingCredential, KeyInfoGenerator kiGenerator) Build the KeyInfo from the signing credential.
protected String	generateSignature(Credential signingCredential, String algorithmURI, String formData) Generates the signature over the string of concatenated form control data as indicated by the SimpleSign spec.
String	getBindingURI() Gets the SAML binding URI supported by this encoder.
protected String	getSignatureAlgorithmURI(Credential credential, SecurityConfiguration config) Gets the signature algorithm URI to use with the given signing credential.
protected void	populateVelocityContext(org.apache.velocity.VelocityContext velocityContext, SAMLMessageContext messageContext, String endpointURL) Populate the Velocity context instance which will be used to render the POST body.
protected void	signMessage(SAMLMessageContext messageContext) Signs the given SAML message if it a SignableSAMLObject and this encoder has signing credentials.

Methods inherited from class org.opensaml.saml2.binding.encoding.HTTPPostEncoder

doEncode, postEncode, providesMessageConfidentiality, providesMessageIntegrity

Methods inherited from class org.opensaml.saml2.binding.encoding.BaseSAML2MessageEncoder

checkRelayState, getAllowedURLSchemes, getEndpointURL, setAllowedURLSchemes, setResponseDestination

Methods inherited from class org.opensaml.ws.message.encoder.BaseMessageEncoder

encode, logEncodedMessage, marshallMessage

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.opensaml.ws.message.encoder.MessageEncoder

encode

Constructor Detail

HTTPPostSimpleSignEncoder

public HTTPPostSimpleSignEncoder(org.apache.velocity.app.VelocityEngine engine,
                         String templateId)

Constructor.

Parameters:

engine - Velocity engine instance used to create POST body

templateId - ID of the template used to create POST body

HTTPPostSimpleSignEncoder

public HTTPPostSimpleSignEncoder(org.apache.velocity.app.VelocityEngine engine,
                         String templateId,
                         boolean signXMLProtocolMessage)

Constructor.

Parameters:

engine - Velocity engine instance used to create POST body

templateId - ID of the template used to create POST body

signXMLProtocolMessage - if true, the protocol message will be signed according to the XML Signature specification, in addition to the HTTP-POST-SimpleSign binding specification

Method Detail

getBindingURI

public String getBindingURI()

Gets the SAML binding URI supported by this encoder.

Specified by:

getBindingURI in interface SAMLMessageEncoder

Overrides:

getBindingURI in class HTTPPostEncoder

Returns:

SAML binding URI supported by this encoder

signMessage

protected void signMessage(SAMLMessageContext messageContext)
                    throws MessageEncodingException

Signs the given SAML message if it a SignableSAMLObject and this encoder has signing credentials.

Overrides:

signMessage in class BaseSAML2MessageEncoder

Parameters:

messageContext - current message context

Throws:

MessageEncodingException - thrown if there is a problem marshalling or signing the outbound message

populateVelocityContext

protected void populateVelocityContext(org.apache.velocity.VelocityContext velocityContext,
                           SAMLMessageContext messageContext,
                           String endpointURL)
                                throws MessageEncodingException

Populate the Velocity context instance which will be used to render the POST body.

Overrides:

populateVelocityContext in class HTTPPostEncoder

Parameters:

velocityContext - the Velocity context instance to populate with data

messageContext - the SAML message context source of data

endpointURL - endpoint URL to which to encode message

Throws:

MessageEncodingException - thrown if there is a problem encoding the message

buildKeyInfo

protected String buildKeyInfo(Credential signingCredential,
                  KeyInfoGenerator kiGenerator)
                       throws MessageEncodingException

Build the KeyInfo from the signing credential.

Parameters:

signingCredential - the credential used for signing

kiGenerator - the generator for the KeyInfo

Returns:

the marshalled, serialized and base64-encoded KeyInfo, or null if none was generated

Throws:

MessageEncodingException - thrown if there is an error generating or marshalling the KeyInfo

buildFormDataToSign

protected String buildFormDataToSign(org.apache.velocity.VelocityContext velocityContext,
                         SAMLMessageContext messageContext,
                         String sigAlgURI)

Build the form control data string over which the signature is computed.

Parameters:

velocityContext - the Velocity context which is already populated with the values for SAML message and relay state

messageContext - the SAML message context being processed

sigAlgURI - the signature algorithm URI

Returns:

the form control data string for signature computation

getSignatureAlgorithmURI

protected String getSignatureAlgorithmURI(Credential credential,
                              SecurityConfiguration config)
                                   throws MessageEncodingException

Gets the signature algorithm URI to use with the given signing credential.

Parameters:

credential - the credential that will be used to sign the message

config - the SecurityConfiguration to use (may be null)

Returns:

signature algorithm to use with the given signing credential

Throws:

MessageEncodingException - thrown if the algorithm URI could not be derived from the supplied credential

generateSignature

protected String generateSignature(Credential signingCredential,
                       String algorithmURI,
                       String formData)
                            throws MessageEncodingException

Generates the signature over the string of concatenated form control data as indicated by the SimpleSign spec.

Parameters:

signingCredential - credential that will be used to sign

algorithmURI - algorithm URI of the signing credential

formData - form control data to be signed

Returns:

base64 encoded signature of form control data

Throws:

MessageEncodingException - there is an error computing the signature