org.opensaml
Class SAMLSignedObject

java.lang.Object
  org.opensaml.SAMLObject
      org.opensaml.SAMLSignedObject

All Implemented Interfaces:

Cloneable

Direct Known Subclasses:

SAMLAssertion, SAMLRequest, SAMLResponse

public abstract class SAMLSignedObject
extends SAMLObject
implements Cloneable

Abstract base class for all SAML objects that can be signed

Author:

Scott Cantor

Field Summary

Fields inherited from class org.opensaml.SAMLObject

config, dirty, log, parentObject, root

Constructor Summary

SAMLSignedObject()

Method Summary

protected Object	clone() Copies a SAML object such that no dependencies exist between the original and the copy.
void	fromDOM(Element e) Initialization of an object from a DOM element
String	getDigestAlgorithm() Returns the digest algorithm identifier from the signature
abstract String	getId() Gets the ID of the signed object
Object	getNativeSignature() Debugging aid to access the internal XML Signature implementation
String	getSignatureAlgorithm() Returns the signing algorithm identifier from the signature
protected Element	getSignatureElement() Get the DOM element containing the signature
Iterator	getX509Certificates() Returns an iterator over the X.509 certificates included in the signature, if any
protected abstract void	insertSignature() Places the signature into the object's DOM to prepare for signing
boolean	isSigned() Returns true iff the object contains a signature
protected void	setDirty(boolean flag) Sets or clears the object's dirty bit.
void	sign(String sigalg, Key k, Collection certs) Sign the SAML object according to the input parameters, using a default digest algorithm.
void	sign(String sigalg, String digalg, Key k, Collection certs) Sign the SAML object according to the input parameters
Node	toDOM(boolean xmlns) Transforms the object into a DOM tree without an existing document context
void	unsign() Remove the signature and turn this into an unsigned object.
void	verify() Verifies the signature using only the keying material included within it
void	verify(Certificate cert) Verifies the signature using the keying material provided
void	verify(Key k) Verifies the signature using the keying material provided

Methods inherited from class org.opensaml.SAMLObject

buildRoot, checkValidity, fromStream, fromStream, getParent, plantRoot, setParent, toBase64, toDOM, toDOM, toDOM, toStream, toString

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

SAMLSignedObject

public SAMLSignedObject()

Method Detail

getNativeSignature

public Object getNativeSignature()

Debugging aid to access the internal XML Signature implementation

Returns:

Returns a Java object corresponding to the native class used by the underlying XML Signature implementation to represent a signature. Be careful using this method, unless you're debugging or know what you're doing.

getId

public abstract String getId()

Gets the ID of the signed object

Returns:

The XML ID

fromDOM

public void fromDOM(Element e)
             throws SAMLException

Description copied from class: SAMLObject

Initialization of an object from a DOM element

Overrides:

fromDOM in class SAMLObject

Parameters:

e - Root element of a DOM tree

Throws:

SAMLException - Raised if an exception occurs while constructing the object

See Also:

SAMLObject.fromDOM(Element e)

toDOM

public Node toDOM(boolean xmlns)
           throws SAMLException

Description copied from class: SAMLObject

Transforms the object into a DOM tree without an existing document context

Overrides:

toDOM in class SAMLObject

Parameters:

xmlns - Include namespace(s) on root element?

Returns:

Root element node of the DOM tree capturing the object

Throws:

SAMLException - Raised if the object is incompletely defined

See Also:

SAMLObject.toDOM(boolean xmlns)

insertSignature

protected abstract void insertSignature()
                                 throws SAMLException

Places the signature into the object's DOM to prepare for signing

Must be overridden by subclass that knows where to place it

Throws:

SAMLException - Thrown if an error occurs while placing the signature

getSignatureElement

protected Element getSignatureElement()

Get the DOM element containing the signature

Returns:

The ds:Signature element of a signature

setDirty

protected void setDirty(boolean flag)

Description copied from class: SAMLObject

Sets or clears the object's dirty bit. When set, serialization will flush an existing DOM. All parent objects will also be flagged.

Overrides:

setDirty in class SAMLObject

Parameters:

flag - The new value of the dirty bit

See Also:

org.opensaml.SAMLObject#setDirty()

unsign

public void unsign()

Remove the signature and turn this into an unsigned object. Modifying an object after signing will automatically unsign it.

sign

public void sign(String sigalg,
                 Key k,
                 Collection certs)
          throws SAMLException

Sign the SAML object according to the input parameters, using a default digest algorithm.

Parameters:

sigalg - The XML signature algorithm to apply

k - The secret or private key to sign the resulting digest

certs - The public key certificate(s) to embed in the object, if any

Throws:

SAMLException - Thrown if an error occurs while constructing the signature

sign

public void sign(String sigalg,
                 String digalg,
                 Key k,
                 Collection certs)
          throws SAMLException

Sign the SAML object according to the input parameters

Parameters:

sigalg - The XML signature algorithm to apply

digalg - The digest algorithm to apply

k - The secret or private key to sign the resulting digest

certs - The public key certificate(s) to embed in the object, if any

Throws:

SAMLException - Thrown if an error occurs while constructing the signature

verify

public void verify()
            throws SAMLException

Verifies the signature using only the keying material included within it

Throws:

SAMLException - Thrown if the signature is invalid or if an error occurs

verify

public void verify(Certificate cert)
            throws SAMLException

Verifies the signature using the keying material provided

Parameters:

cert - A public key certificate to use in verifying the signature

Throws:

SAMLException - Thrown if the signature is invalid or if an error occurs

verify

public void verify(Key k)
            throws SAMLException

Verifies the signature using the keying material provided

Parameters:

k - A secret or public key to use in verifying the signature

Throws:

SAMLException - Thrown if the signature is invalid or if an error occurs

getX509Certificates

public Iterator getX509Certificates()
                             throws SAMLException

Returns an iterator over the X.509 certificates included in the signature, if any

Returns:

Provides access to the certificates

Throws:

SAMLException - Thrown if the signature is missing

getSignatureAlgorithm

public String getSignatureAlgorithm()
                             throws SAMLException

Returns the signing algorithm identifier from the signature

Returns:

The algorithm identifier

Throws:

SAMLException - Thrown if the signature is missing

getDigestAlgorithm

public String getDigestAlgorithm()
                          throws SAMLException

Returns the digest algorithm identifier from the signature

Returns:

The algorithm identifier

Throws:

SAMLException - Thrown if the signature is missing

isSigned

public boolean isSigned()

Returns true iff the object contains a signature

Returns:

true iff the object contains a signature

clone

protected Object clone()
                throws CloneNotSupportedException

Copies a SAML object such that no dependencies exist between the original and the copy.

Overrides:

clone in class SAMLObject

Returns:

The new object

Throws:

CloneNotSupportedException

See Also:

Object.clone()