Package org.opensaml.saml.common.binding.security.impl

Class SAMLProtocolMessageXMLSignatureSecurityHandler

  • All Implemented Interfaces:
    Component, DestructableComponent, InitializableComponent, MessageHandler
    public class SAMLProtocolMessageXMLSignatureSecurityHandler
extends BaseSAMLXMLSignatureSecurityHandler
    SAML security message handler which validates the signature (if present) on the SAMLObject which represents the SAML protocol message being processed.

    If the message is not an instance of SignableSAMLObject, then no processing is performed. If signature validation is successful, and the SAML message context issuer was not previously authenticated, then the context's authentication state will be set to true.

    If an optional SAMLSignatureProfileValidator or subclass is supplied, this validator will be used to validate the XML Signature element prior to the actual cryptographic validation of the signature. This might for example be used to enforce certain signature profile requirements or to detect signatures upon which it would be unsafe to attempt cryptographic processing. The validator will default to SAMLSignatureProfileValidator.

    • Field Detail

      • log

        @Nonnull
private final org.slf4j.Logger log
        Logger.

      • signaturePrevalidator

        @Nullable
private SignaturePrevalidator signaturePrevalidator
        Validator for XML Signature instances.

    • Constructor Detail

      • SAMLProtocolMessageXMLSignatureSecurityHandler

        public SAMLProtocolMessageXMLSignatureSecurityHandler()
        Constructor. Signature prevalidator defaults to SAMLSignatureProfileValidator.

    • Method Detail

      • getSignaturePrevalidator

        @Nullable
public SignaturePrevalidator getSignaturePrevalidator()
        Get the prevalidator for XML Signature instances.
        Returns:
        Returns the prevalidator.

      • setSignaturePrevalidator

        public void setSignaturePrevalidator​(@Nullable
                                     SignaturePrevalidator validator)
        Set the prevalidator for XML Signature instances.
        Parameters:
        validator - The prevalidator to set.

      • doEvaluate

        protected void doEvaluate​(@Nonnull
                          Signature signature,
                          @Nonnull
                          SignableSAMLObject signableObject,
                          @Nonnull
                          MessageContext messageContext)
                   throws MessageHandlerException
        Perform cryptographic validation and trust evaluation on the Signature token using the configured Signature trust engine.
        Parameters:
        signature - the signature which is being evaluated
        signableObject - the signable object which contained the signature
        messageContext - the SAML message context being processed
        Throws:
        MessageHandlerException - thrown if the signature fails validation

      • performPrevalidation

        protected void performPrevalidation​(@Nonnull
                                    Signature signature)
                             throws MessageHandlerException
        Perform pre-validation on the Signature token.
        Parameters:
        signature - the signature to evaluate
        Throws:
        MessageHandlerException - thrown if the signature element fails pre-validation