public abstract class BaseSAMLSimpleSignatureSecurityHandler
extends org.opensaml.messaging.handler.AbstractMessageHandler
Constructor and Description |
---|
BaseSAMLSimpleSignatureSecurityHandler() |
Modifier and Type | Method and Description |
---|---|
protected CriteriaSet |
buildCriteriaSet(String entityID,
org.opensaml.messaging.context.MessageContext messageContext)
Build a criteria set suitable for input to the trust engine.
|
protected String |
deriveSignerEntityID(org.opensaml.messaging.context.MessageContext messageContext)
Derive the signer's entity ID from the message context.
|
protected void |
doInitialize()
Performs the initialization of the component.
|
protected void |
doInvoke(org.opensaml.messaging.context.MessageContext messageContext) |
protected boolean |
doPreInvoke(org.opensaml.messaging.context.MessageContext messageContext) |
HttpServletRequest |
getHttpServletRequest()
Get the HTTP servlet request being processed.
|
protected List<Credential> |
getRequestCredentials(org.opensaml.messaging.context.MessageContext messageContext)
Extract any candidate validation credentials from the request and/or message context.
|
protected byte[] |
getSignature()
Extract the signature value from the request, in the form suitable for input into
SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential) . |
protected String |
getSignatureAlgorithm()
Extract the signature algorithm URI value from the request.
|
protected abstract byte[] |
getSignedContent()
Get the content over which to validate the signature, in the form suitable for input into
SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential) . |
protected SignatureTrustEngine |
getTrustEngine()
Gets the engine used to validate the signature.
|
protected abstract boolean |
ruleHandles(org.opensaml.messaging.context.MessageContext messageContext)
Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message
context.
|
void |
setHttpServletRequest(HttpServletRequest request)
Set the HTTP servlet request being processed.
|
protected boolean |
validateSignature(byte[] signature,
byte[] signedContent,
String algorithmURI,
CriteriaSet criteriaSet,
List<Credential> candidateCredentials)
Validate the simple signature.
|
doPostInvoke, doPostInvoke, getLogPrefix, invoke
destroy, doDestroy, initialize, isDestroyed, isInitialized
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
initialize, isInitialized
public BaseSAMLSimpleSignatureSecurityHandler()
@Nullable protected SignatureTrustEngine getTrustEngine()
@NonnullAfterInit public HttpServletRequest getHttpServletRequest()
public void setHttpServletRequest(@Nonnull HttpServletRequest request)
request
- The to set.protected void doInitialize() throws ComponentInitializationException
doInitialize
in class AbstractInitializableComponent
ComponentInitializationException
- thrown if there is a problem initializing the componentprotected boolean doPreInvoke(@Nonnull org.opensaml.messaging.context.MessageContext messageContext) throws org.opensaml.messaging.handler.MessageHandlerException
doPreInvoke
in class org.opensaml.messaging.handler.AbstractMessageHandler
org.opensaml.messaging.handler.MessageHandlerException
protected void doInvoke(@Nonnull org.opensaml.messaging.context.MessageContext messageContext) throws org.opensaml.messaging.handler.MessageHandlerException
doInvoke
in class org.opensaml.messaging.handler.AbstractMessageHandler
org.opensaml.messaging.handler.MessageHandlerException
protected boolean validateSignature(@Nonnull @NotEmpty byte[] signature, @Nonnull @NotEmpty byte[] signedContent, @Nonnull @NotEmpty String algorithmURI, @Nonnull CriteriaSet criteriaSet, @Nonnull @NonnullElements List<Credential> candidateCredentials) throws org.opensaml.messaging.handler.MessageHandlerException
signature
- the signature valuesignedContent
- the content that was signedalgorithmURI
- the signature algorithm URI which was used to sign the contentcriteriaSet
- criteria used to describe and/or resolve the information which serves as the basis for trust
evaluationcandidateCredentials
- the request-derived candidate credential(s) containing the validation key for the
signature (optional)org.opensaml.messaging.handler.MessageHandlerException
- thrown if there are errors during the signature validation process@Nonnull @NonnullElements protected List<Credential> getRequestCredentials(@Nonnull org.opensaml.messaging.context.MessageContext messageContext) throws org.opensaml.messaging.handler.MessageHandlerException
messageContext
- the SAML message context being processedorg.opensaml.messaging.handler.MessageHandlerException
- thrown if there is an error during request processing@Nullable protected byte[] getSignature() throws org.opensaml.messaging.handler.MessageHandlerException
SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential)
.
Defaults to the Base64-decoded value of the HTTP request parameter named Signature
.org.opensaml.messaging.handler.MessageHandlerException
- thrown if there is an error during request processing@Nullable protected String getSignatureAlgorithm() throws org.opensaml.messaging.handler.MessageHandlerException
SigAlg
.org.opensaml.messaging.handler.MessageHandlerException
- thrown if there is an error during request processing@Nullable protected String deriveSignerEntityID(@Nonnull org.opensaml.messaging.context.MessageContext messageContext) throws org.opensaml.messaging.handler.MessageHandlerException
messageContext
- the SAML message context being processedorg.opensaml.messaging.handler.MessageHandlerException
- thrown if there is an error during request processing@Nonnull protected CriteriaSet buildCriteriaSet(@Nullable String entityID, @Nonnull org.opensaml.messaging.context.MessageContext messageContext) throws org.opensaml.messaging.handler.MessageHandlerException
entityID
- the candidate issuer entity ID which is being evaluatedmessageContext
- the message context which is being evaluatedorg.opensaml.messaging.handler.MessageHandlerException
- thrown if criteria set can not be constructed@Nullable protected abstract byte[] getSignedContent() throws org.opensaml.messaging.handler.MessageHandlerException
SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential)
.org.opensaml.messaging.handler.MessageHandlerException
- thrown if there is an error during request processingprotected abstract boolean ruleHandles(@Nonnull org.opensaml.messaging.context.MessageContext messageContext) throws org.opensaml.messaging.handler.MessageHandlerException
messageContext
- the SAML message context being processedorg.opensaml.messaging.handler.MessageHandlerException
- thrown if there is an error during request processingCopyright © 2016 JBoss by Red Hat. All rights reserved.