OpenSAML-J 2.4.1-redhat-3

org.opensaml.security
Class SAMLSignatureProfileValidator

java.lang.Object
  extended by org.opensaml.security.SAMLSignatureProfileValidator
All Implemented Interfaces:
org.opensaml.xml.validation.Validator<org.opensaml.xml.signature.Signature>

public class SAMLSignatureProfileValidator
extends Object
implements org.opensaml.xml.validation.Validator<org.opensaml.xml.signature.Signature>

A validator for instances of Signature, which validates that the signature meets security-related requirements indicated by the SAML profile of XML Signature.


Constructor Summary
SAMLSignatureProfileValidator()
           
 
Method Summary
 void validate(org.opensaml.xml.signature.Signature signature)
          
protected  org.apache.xml.security.signature.Reference validateReference(org.apache.xml.security.signature.XMLSignature apacheSig)
          Validate the Signature's SignedInfo Reference.
protected  void validateReferenceURI(String uri, String id)
          Validate the Reference URI and parent ID attribute values.
protected  void validateSignatureImpl(org.opensaml.xml.signature.impl.SignatureImpl sigImpl)
          Validate an instance of SignatureImpl, which is in turn based on underlying Apache XML Security XMLSignature instance.
protected  void validateTransforms(org.apache.xml.security.signature.Reference reference)
          Validate the transforms included in the Signature Reference.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SAMLSignatureProfileValidator

public SAMLSignatureProfileValidator()
Method Detail

validate

public void validate(org.opensaml.xml.signature.Signature signature)
              throws org.opensaml.xml.validation.ValidationException

Specified by:
validate in interface org.opensaml.xml.validation.Validator<org.opensaml.xml.signature.Signature>
Throws:
org.opensaml.xml.validation.ValidationException

validateSignatureImpl

protected void validateSignatureImpl(org.opensaml.xml.signature.impl.SignatureImpl sigImpl)
                              throws org.opensaml.xml.validation.ValidationException
Validate an instance of SignatureImpl, which is in turn based on underlying Apache XML Security XMLSignature instance.

Parameters:
sigImpl - the signature implementation object to validate
Throws:
org.opensaml.xml.validation.ValidationException - thrown if the signature is not valid with respect to the profile

validateReference

protected org.apache.xml.security.signature.Reference validateReference(org.apache.xml.security.signature.XMLSignature apacheSig)
                                                                 throws org.opensaml.xml.validation.ValidationException
Validate the Signature's SignedInfo Reference. The SignedInfo must contain exactly 1 Reference.

Parameters:
apacheSig - the Apache XML Signature instance
Returns:
the valid Reference contained within the SignedInfo
Throws:
org.opensaml.xml.validation.ValidationException - thrown if the Signature does not contain exactly 1 Reference, or if there is an error obtaining the Reference instance

validateReferenceURI

protected void validateReferenceURI(String uri,
                                    String id)
                             throws org.opensaml.xml.validation.ValidationException
Validate the Reference URI and parent ID attribute values. The URI must either be null or empty (indicating that the entire enclosing document was signed), or else it must be a local document fragment reference and point to the SAMLObject parent via the latter's ID attribute value.

Parameters:
uri - the Signature Reference URI attribute value
id - the Signature parents ID attribute value
Throws:
org.opensaml.xml.validation.ValidationException - thrown if the URI or ID attribute values are invalid

validateTransforms

protected void validateTransforms(org.apache.xml.security.signature.Reference reference)
                           throws org.opensaml.xml.validation.ValidationException
Validate the transforms included in the Signature Reference. The Reference may contain at most 2 transforms. One of them must be the Enveloped signature transform. An Exclusive Canonicalization transform (with or without comments) may also be present. No other transforms are allowed.

Parameters:
reference - the Signature reference containing the transforms to evaluate
Throws:
org.opensaml.xml.validation.ValidationException - thrown if the set of transforms is invalid

OpenSAML-J 2.4.1-redhat-3

Copyright © 2006-2012 Internet2. All Rights Reserved.