public class SAMLProtocolMessageXMLSignatureSecurityHandler extends BaseSAMLXMLSignatureSecurityHandler
SAMLObject
which represents
the SAML protocol message being processed.
If the message is not an instance of SignableSAMLObject
, then no processing is performed. If signature
validation is successful, and the SAML message context issuer was not previously authenticated, then the context's
authentication state will be set to true
.
If an optional SAMLSignatureProfileValidator
or subclass is supplied, this validator will be used to validate
the XML Signature element prior to the actual cryptographic validation of the signature. This might for example be
used to enforce certain signature profile requirements or to detect signatures upon which it would be unsafe to
attempt cryptographic processing. The validator will default to SAMLSignatureProfileValidator
.
Modifier and Type | Field and Description |
---|---|
private org.slf4j.Logger |
log
Logger.
|
private org.opensaml.xmlsec.signature.support.SignaturePrevalidator |
signaturePrevalidator
Validator for XML Signature instances.
|
Constructor and Description |
---|
SAMLProtocolMessageXMLSignatureSecurityHandler()
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected void |
doEvaluate(org.opensaml.xmlsec.signature.Signature signature,
SignableSAMLObject signableObject,
org.opensaml.messaging.context.MessageContext messageContext)
Perform cryptographic validation and trust evaluation on the Signature token using the configured Signature
trust engine.
|
void |
doInvoke(org.opensaml.messaging.context.MessageContext messageContext) |
org.opensaml.xmlsec.signature.support.SignaturePrevalidator |
getSignaturePrevalidator()
Get the prevalidator for XML Signature instances.
|
protected void |
performPrevalidation(org.opensaml.xmlsec.signature.Signature signature)
Perform pre-validation on the Signature token.
|
void |
setSignaturePrevalidator(org.opensaml.xmlsec.signature.support.SignaturePrevalidator validator)
Set the prevalidator for XML Signature instances.
|
buildCriteriaSet, doPreInvoke, getSAMLPeerEntityContext, getSAMLProtocolContext, resolveTrustEngine
evaluate, evaluate, getTrustEngine
doPostInvoke, doPostInvoke, getActivationCondition, getLogPrefix, invoke, setActivationCondition
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized
@Nonnull private final org.slf4j.Logger log
@Nullable private org.opensaml.xmlsec.signature.support.SignaturePrevalidator signaturePrevalidator
public SAMLProtocolMessageXMLSignatureSecurityHandler()
SAMLSignatureProfileValidator
.@Nullable public org.opensaml.xmlsec.signature.support.SignaturePrevalidator getSignaturePrevalidator()
public void setSignaturePrevalidator(@Nullable org.opensaml.xmlsec.signature.support.SignaturePrevalidator validator)
validator
- The prevalidator to set.public void doInvoke(@Nonnull org.opensaml.messaging.context.MessageContext messageContext) throws org.opensaml.messaging.handler.MessageHandlerException
doInvoke
in class org.opensaml.messaging.handler.AbstractMessageHandler
org.opensaml.messaging.handler.MessageHandlerException
protected void doEvaluate(@Nonnull org.opensaml.xmlsec.signature.Signature signature, @Nonnull SignableSAMLObject signableObject, @Nonnull org.opensaml.messaging.context.MessageContext messageContext) throws org.opensaml.messaging.handler.MessageHandlerException
signature
- the signature which is being evaluatedsignableObject
- the signable object which contained the signaturemessageContext
- the SAML message context being processedorg.opensaml.messaging.handler.MessageHandlerException
- thrown if the signature fails validationprotected void performPrevalidation(@Nonnull org.opensaml.xmlsec.signature.Signature signature) throws org.opensaml.messaging.handler.MessageHandlerException
signature
- the signature to evaluateorg.opensaml.messaging.handler.MessageHandlerException
- thrown if the signature element fails pre-validationCopyright © 1999–2020 Shibboleth Consortium. All rights reserved.