/** {@inheritDoc} */ @Override @Nullable protected TrustEngine<Signature> resolveTrustEngine(@Nonnull final MessageContext messageContext) { final SecurityParametersContext secParams = messageContext.getSubcontext(SecurityParametersContext.class); if (secParams == null || secParams.getSignatureValidationParameters() == null) { return null; } else { return secParams.getSignatureValidationParameters().getSignatureTrustEngine(); } }
/** * Get the signing parameters from the message context. * * @param messageContext the message context * * @return the signing parameters to use, may be null */ @Nullable public static SignatureSigningParameters getContextSigningParameters( @Nonnull final MessageContext<SAMLObject> messageContext) { Constraint.isNotNull(messageContext, "Message context cannot be null"); final SecurityParametersContext context = messageContext.getSubcontext(SecurityParametersContext.class); if (context != null) { return context.getSignatureSigningParameters(); } return null; }
/** * Prepare security parameters context. * * @param <T> the type parameter * @param adaptor the adaptor * @param outboundContext the outbound context * @param service the service */ protected <T extends SAMLObject> void prepareSecurityParametersContext(final SamlRegisteredServiceServiceProviderMetadataFacade adaptor, final MessageContext<T> outboundContext, final SamlRegisteredService service) { @NonNull val secParametersContext = outboundContext.getSubcontext(SecurityParametersContext.class, true); val roleDesc = adaptor.getSsoDescriptor(); val signingParameters = buildSignatureSigningParameters(roleDesc, service); secParametersContext.setSignatureSigningParameters(signingParameters); }
final SecurityParametersContext existingCtx = existingParametersContextLookupStrategy.apply(profileRequestContext); if (existingCtx != null && existingCtx.getSignatureSigningParameters() != null) { log.debug("{} Found existing SecurityParametersContext to copy from", getLogPrefix()); paramsCtx.setSignatureSigningParameters(existingCtx.getSignatureSigningParameters()); return; paramsCtx.setSignatureSigningParameters(params); log.debug("{} {} SignatureSigningParameters", getLogPrefix(), params != null ? "Resolved" : "Failed to resolve");
final SignatureValidationParameters params = resolver.resolveSingle( new CriteriaSet(new SignatureValidationConfigurationCriterion(configs))); paramsCtx.setSignatureValidationParameters(params); log.debug("{} {} SignatureValidationParameters", getLogPrefix(), params != null ? "Resolved" : "Failed to resolve");
/** {@inheritDoc} */ @Override protected boolean doPreExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final Object theMessage = messageLookupStrategy.apply(profileRequestContext); if (theMessage == null) { log.debug("{} No message was returned by lookup strategy", getLogPrefix()); ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX); return false; } else if (!(theMessage instanceof SAMLObject)) { log.debug("{} Message was not a SAML construct, nothing to do", getLogPrefix()); return false; } message = (SAMLObject) theMessage; final SecurityParametersContext paramsCtx = securityParamsLookupStrategy.apply(profileRequestContext); if (paramsCtx == null || paramsCtx.getDecryptionParameters() == null) { log.debug("{} No security parameter context or decryption parameters", getLogPrefix()); } else { final DecryptionParameters params = paramsCtx.getDecryptionParameters(); decrypter = new Decrypter(params.getDataKeyInfoCredentialResolver(), params.getKEKKeyInfoCredentialResolver(), params.getEncryptedKeyResolver()); } return super.doPreExecute(profileRequestContext); }
paramsCtx.setDecryptionParameters(params); log.debug("{} {} DecryptionParameters", getLogPrefix(), params != null ? "Resolved" : "Failed to resolve");
@Override protected void doEncode() throws MessageEncodingException { val messageContext = new MessageContext(); if (logoutRequest.isSigned()) { val signingContext = messageContext.getSubcontext(SecurityParametersContext.class, true); val signingParams = new SignatureSigningParameters(); val signature = logoutRequest.getSignature(); signingParams.setSigningCredential(signature.getSigningCredential()); signingParams.setSignatureAlgorithm(signature.getSignatureAlgorithm()); signingContext.setSignatureSigningParameters(signingParams); } removeSignature(logoutRequest); val encodedMessage = deflateAndBase64Encode(logoutRequest); messageContext.setMessage(logoutRequest); this.redirectUrl = buildRedirectURL(messageContext, endpointUrl, encodedMessage); }
signatureSigningParameters = secParamCtx.getSignatureSigningParameters(); if (signatureSigningParameters == null) { log.debug("{} Will not sign assertions because no signature signing parameters available", getLogPrefix());
val trustEngine = new ExplicitKeySignatureTrustEngine(resolver, keyResolver); validationParams.setSignatureTrustEngine(trustEngine); secCtx.setSignatureValidationParameters(validationParams);
/** {@inheritDoc} */ @Override protected boolean doPreInvoke(@Nonnull final MessageContext messageContext) throws MessageHandlerException { if (!super.doPreInvoke(messageContext)) { return false; } peerContext = messageContext.getSubcontext(SAMLPeerEntityContext.class); if (peerContext == null || peerContext.getRole() == null) { throw new MessageHandlerException("SAMLPeerEntityContext was missing or unpopulated"); } samlProtocolContext = messageContext.getSubcontext(SAMLProtocolContext.class); if (samlProtocolContext == null || samlProtocolContext.getProtocol() == null) { throw new MessageHandlerException("SAMLProtocolContext was missing or unpopulated"); } final SecurityParametersContext secParams = messageContext.getSubcontext(SecurityParametersContext.class); if (secParams == null || secParams.getSignatureValidationParameters() == null || secParams.getSignatureValidationParameters().getSignatureTrustEngine() == null) { throw new MessageHandlerException("No SignatureTrustEngine was available from the MessageContext"); } else { trustEngine = secParams.getSignatureValidationParameters().getSignatureTrustEngine(); } return true; }
outboundContext.getSAMLProtocolContext().setProtocol(context.getSAMLProtocolContext().getProtocol()); outboundContext.getSecurityParametersContext() .setSignatureSigningParameters(this.signatureSigningParametersProvider.build(spDescriptor));
/** {@inheritDoc} */ @Override @Nonnull protected CriteriaSet buildCriteriaSet(@Nullable final String entityID, @Nonnull final MessageContext messageContext) throws MessageHandlerException { final CriteriaSet criteriaSet = new CriteriaSet(); if (!Strings.isNullOrEmpty(entityID)) { criteriaSet.add(new EntityIdCriterion(entityID) ); } criteriaSet.add(new EntityRoleCriterion(peerContext.getRole())); criteriaSet.add(new ProtocolCriterion(samlProtocolContext.getProtocol())); criteriaSet.add( new UsageCriterion(UsageType.SIGNING) ); final SecurityParametersContext secParamsContext = messageContext.getSubcontext(SecurityParametersContext.class); if (secParamsContext != null && secParamsContext.getSignatureValidationParameters() != null) { criteriaSet.add( new SignatureValidationParametersCriterion(secParamsContext.getSignatureValidationParameters())); } return criteriaSet; }
/** * Build a criteria set suitable for input to the trust engine. * * @param entityID the candidate issuer entity ID which is being evaluated * @param messageContext the message context which is being evaluated * @return a newly constructly set of criteria suitable for the configured trust engine * @throws MessageHandlerException thrown if criteria set can not be constructed */ @Nonnull protected CriteriaSet buildCriteriaSet(@Nullable final String entityID, @Nonnull final MessageContext messageContext) throws MessageHandlerException { final CriteriaSet criteriaSet = new CriteriaSet(); if (!Strings.isNullOrEmpty(entityID)) { criteriaSet.add(new EntityIdCriterion(entityID)); } criteriaSet.add(new EntityRoleCriterion(peerContext.getRole())); criteriaSet.add(new ProtocolCriterion(samlProtocolContext.getProtocol())); criteriaSet.add(new UsageCriterion(UsageType.SIGNING)); final SecurityParametersContext secParamsContext = messageContext.getSubcontext(SecurityParametersContext.class); if (secParamsContext != null && secParamsContext.getSignatureValidationParameters() != null) { criteriaSet.add( new SignatureValidationParametersCriterion(secParamsContext.getSignatureValidationParameters())); } return criteriaSet; }