BaseSAMLSimpleSignatureSecurityPolicyRule (Shibboleth Identity Provider 2.3.0 API)

java.lang.Object
- org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule

すべての実装されたインタフェース:

SecurityPolicyRule

直系の既知のサブクラス:

SAML2HTTPPostSimpleSignRule, SAML2HTTPRedirectDeflateSignatureRule
```
public abstract class BaseSAMLSimpleSignatureSecurityPolicyRule
extends Object
implements SecurityPolicyRule
```
Base class for security rules which verify simple "blob" signatures computed over some components of a request.

コンストラクタの概要

コンストラクタ
修飾子コンストラクタと説明

protected BaseSAMLSimpleSignatureSecurityPolicyRule(SignatureTrustEngine engine)
Constructor.

コンストラクタ
修飾子	コンストラクタと説明
`protected`	`BaseSAMLSimpleSignatureSecurityPolicyRule(SignatureTrustEngine engine)` Constructor.

メソッドの概要

メソッド
修飾子とタイプ	メソッドと説明
`protected CriteriaSet`	`buildCriteriaSet(String entityID, SAMLMessageContext samlContext)` Build a criteria set suitable for input to the trust engine.
`protected String`	`deriveSignerEntityID(SAMLMessageContext samlContext)` Derive the signer's entity ID from the message context.
`void`	`evaluate(MessageContext messageContext)` Evaluates the message context against the rule.
`protected List<Credential>`	`getRequestCredentials(javax.servlet.http.HttpServletRequest request, SAMLMessageContext samlContext)` Extract any candidate validation credentials from the request and/or message context.
`protected byte[]`	`getSignature(javax.servlet.http.HttpServletRequest request)` Extract the signature value from the request, in the form suitable for input into `SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential)`.
`protected String`	`getSignatureAlgorithm(javax.servlet.http.HttpServletRequest request)` Extract the signature algorithm URI value from the request.
`protected abstract byte[]`	`getSignedContent(javax.servlet.http.HttpServletRequest request)` Get the content over which to validate the signature, in the form suitable for input into `SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential)`.
`protected SignatureTrustEngine`	`getTrustEngine()` Gets the engine used to validate the signature.
`protected abstract boolean`	`ruleHandles(javax.servlet.http.HttpServletRequest request, SAMLMessageContext samlMsgCtx)` Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.
`protected boolean`	`validateSignature(byte[] signature, byte[] signedContent, String algorithmURI, CriteriaSet criteriaSet, List<Credential> candidateCredentials)` Validate the simple signature.

クラスから継承されたメソッド java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- コンストラクタの詳細
  - BaseSAMLSimpleSignatureSecurityPolicyRule
```
protected BaseSAMLSimpleSignatureSecurityPolicyRule(SignatureTrustEngine engine)
```
    Constructor.
    
    パラメータ:
    engine - the signature trust engine to use for signature validataion
- メソッドの詳細
  - evaluate
```
public void evaluate(MessageContext messageContext)
              throws SecurityPolicyException
```
    Evaluates the message context against the rule.
    
    定義:
    
    evaluate インタフェース内 SecurityPolicyRule
    
    パラメータ:
    messageContext - the message context being evaluated
    
    例外:
    
    SecurityPolicyException - thrown if the message context does not meet the requirements of the rule, or if there is a non-recoverable error during evaluation
  - validateSignature
```
protected boolean validateSignature(byte[] signature,
                        byte[] signedContent,
                        String algorithmURI,
                        CriteriaSet criteriaSet,
                        List<Credential> candidateCredentials)
                             throws SecurityPolicyException
```
    Validate the simple signature.
    
    パラメータ:
    signature - the signature value
    signedContent - the content that was signed
    algorithmURI - the signature algorithm URI which was used to sign the content
    criteriaSet - criteria used to describe and/or resolve the information which serves as the basis for trust evaluation
    candidateCredentials - the request-derived candidate credential(s) containing the validation key for the signature (optional)
    
    戻り値:
    true if signature can be verified successfully, false otherwise
    
    例外:
    
    SecurityPolicyException - thrown if there are errors during the signature validation process
  - getRequestCredentials
```
protected List<Credential> getRequestCredentials(javax.servlet.http.HttpServletRequest request,
                                     SAMLMessageContext samlContext)
                                          throws SecurityPolicyException
```
    Extract any candidate validation credentials from the request and/or message context. Some bindings allow validataion keys for the simple signature to be supplied, and others do not.
    
    パラメータ:
    request - the HTTP servlet request being processed
    samlContext - the SAML message context being processed
    
    戻り値:
    a list of candidate validation credentials in the request, or null if none were present
    
    例外:
    
    SecurityPolicyException - thrown if there is an error during request processing
  - getTrustEngine
```
protected SignatureTrustEngine getTrustEngine()
```
    Gets the engine used to validate the signature.
    
    戻り値:
    engine engine used to validate the signature
  - getSignature
```
protected byte[] getSignature(javax.servlet.http.HttpServletRequest request)
                       throws SecurityPolicyException
```
    Extract the signature value from the request, in the form suitable for input into SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential). Defaults to the Base64-decoded value of the HTTP request parameter named Signature.
    
    パラメータ:
    request - the HTTP servlet request
    
    戻り値:
    the signature value
    
    例外:
    
    SecurityPolicyException - thrown if there is an error during request processing
  - getSignatureAlgorithm
```
protected String getSignatureAlgorithm(javax.servlet.http.HttpServletRequest request)
                                throws SecurityPolicyException
```
    Extract the signature algorithm URI value from the request. Defaults to the HTTP request parameter named SigAlg.
    
    パラメータ:
    request - the HTTP servlet request
    
    戻り値:
    the signature algorithm URI value
    
    例外:
    
    SecurityPolicyException - thrown if there is an error during request processing
  - deriveSignerEntityID
```
protected String deriveSignerEntityID(SAMLMessageContext samlContext)
                               throws SecurityPolicyException
```
    Derive the signer's entity ID from the message context. This is implementation-specific and there is no default. This is primarily an extension point for subclasses.
    
    パラメータ:
    samlContext - the SAML message context being processed
    
    戻り値:
    the signer's derived entity ID
    
    例外:
    
    SecurityPolicyException - thrown if there is an error during request processing
  - buildCriteriaSet
```
protected CriteriaSet buildCriteriaSet(String entityID,
                           SAMLMessageContext samlContext)
                                throws SecurityPolicyException
```
    Build a criteria set suitable for input to the trust engine.
    
    パラメータ:
    entityID - the candidate issuer entity ID which is being evaluated
    samlContext - the message context which is being evaluated
    
    戻り値:
    a newly constructly set of criteria suitable for the configured trust engine
    
    例外:
    
    SecurityPolicyException - thrown if criteria set can not be constructed
  - getSignedContent
```
protected abstract byte[] getSignedContent(javax.servlet.http.HttpServletRequest request)
                                    throws SecurityPolicyException
```
    Get the content over which to validate the signature, in the form suitable for input into SignatureTrustEngine.validate(byte[], byte[], String, CriteriaSet, Credential).
    
    パラメータ:
    request - the HTTP servlet request being processed
    
    戻り値:
    the signed content extracted from the request, in the format suitable for input to the trust engine.
    
    例外:
    
    SecurityPolicyException - thrown if there is an error during request processing
  - ruleHandles
```
protected abstract boolean ruleHandles(javax.servlet.http.HttpServletRequest request,
                  SAMLMessageContext samlMsgCtx)
                                throws SecurityPolicyException
```
    Determine whether the rule should handle the request, based on the unwrapped HTTP servlet request and/or message context.
    
    パラメータ:
    request - the HTTP servlet request being processed
    samlMsgCtx - the SAML message context being processed
    
    戻り値:
    true if the rule should attempt to process the request, otherwise false
    
    例外:
    
    SecurityPolicyException - thrown if there is an error during request processing

クラス BaseSAMLSimpleSignatureSecurityPolicyRule

コンストラクタの概要

メソッドの概要

クラスから継承されたメソッド java.lang.Object

コンストラクタの詳細

BaseSAMLSimpleSignatureSecurityPolicyRule

メソッドの詳細

evaluate

validateSignature

getRequestCredentials

getTrustEngine

getSignature

getSignatureAlgorithm

deriveSignerEntityID

buildCriteriaSet

getSignedContent

ruleHandles