public class SAMLObjectContentReference extends Object implements ConfigurableContentReference
The default digest algorithm used is SignatureConstants.ALGO_ID_DIGEST_SHA256
.
The default set of transforms applied consists of SignatureConstants.TRANSFORM_ENVELOPED_SIGNATURE
and SignatureConstants.TRANSFORM_C14N_EXCL_WITH_COMMENTS
.
When generating an exclusive canonicalization transform, an inclusive namespace list is
generated from the namespaces, retrieved from XMLObject.getNamespaces()
,
used by the SAML object to be signed and all of it's descendants.
Note that the SAML specification states that: 1) an exclusive canonicalization transform (either with or without comments) SHOULD be used. 2) transforms other than enveloped signature and one of the two exclusive canonicalizations SHOULD NOT be used. Careful consideration should be made before deviating from these recommendations.
Modifier and Type | Field and Description |
---|---|
private String |
digestAlgorithm
Algorithm used to digest the content.
|
private org.slf4j.Logger |
log
Class logger.
|
private SignableSAMLObject |
signableObject
SAMLObject this reference refers to.
|
private List<String> |
transforms
Transforms applied to the content.
|
Constructor and Description |
---|
SAMLObjectContentReference(SignableSAMLObject newSignableObject)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
void |
createReference(org.apache.xml.security.signature.XMLSignature signature) |
String |
getDigestAlgorithm()
.
|
List<String> |
getTransforms()
Gets the transforms applied to the content prior to digest generation.
|
private void |
populateNamespacePrefixes(Set<String> namespacePrefixes,
org.opensaml.core.xml.XMLObject signatureContent)
Populates the given set with the non-visibly used namespace prefixes used by the given XMLObject
and all of its descendants, as determined by the signature content object's namespace manager.
|
private void |
processExclusiveTransform(org.apache.xml.security.signature.XMLSignature signature,
org.apache.xml.security.transforms.Transform transform)
Populate the inclusive namspace prefixes on the specified Apache (exclusive) transform object.
|
void |
setDigestAlgorithm(String newAlgorithm)
.
|
@Nonnull private final org.slf4j.Logger log
@Nonnull private final SignableSAMLObject signableObject
@Nonnull @NotEmpty private String digestAlgorithm
public SAMLObjectContentReference(@Nonnull SignableSAMLObject newSignableObject)
newSignableObject
- the SAMLObject this reference refers to@Nonnull @NonnullElements @Live public List<String> getTransforms()
@Nonnull @NotEmpty public String getDigestAlgorithm()
getDigestAlgorithm
in interface ConfigurableContentReference
public void setDigestAlgorithm(@Nonnull @NotEmpty String newAlgorithm)
setDigestAlgorithm
in interface ConfigurableContentReference
public void createReference(@Nonnull org.apache.xml.security.signature.XMLSignature signature)
createReference
in interface ContentReference
private void processExclusiveTransform(@Nonnull org.apache.xml.security.signature.XMLSignature signature, @Nonnull org.apache.xml.security.transforms.Transform transform)
signature
- the Apache XMLSignature objecttransform
- the Apache Transform object representing an exclusive transformprivate void populateNamespacePrefixes(@Nonnull @NonnullElements Set<String> namespacePrefixes, @Nonnull org.opensaml.core.xml.XMLObject signatureContent)
namespacePrefixes
- the namespace prefix set to be populatedsignatureContent
- the XMLObject whose namespace prefixes will be used to populate the setCopyright © 1999–2020 Shibboleth Consortium. All rights reserved.