XMLSignatureValidationStage (Shibboleth Metadata Aggregator

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

net.shibboleth.metadata.dom
Class XMLSignatureValidationStage

java.lang.Object
  net.shibboleth.utilities.java.support.component.AbstractDestructableInitializableComponent
      net.shibboleth.utilities.java.support.component.AbstractDestructableIdentifiableInitializableComponent
          net.shibboleth.metadata.pipeline.BaseStage<ItemType>
              net.shibboleth.metadata.pipeline.BaseIteratingStage<DomElementItem>
                  net.shibboleth.metadata.dom.XMLSignatureValidationStage

All Implemented Interfaces:: Stage<DomElementItem>, net.shibboleth.utilities.java.support.component.Component, net.shibboleth.utilities.java.support.component.DestructableComponent, net.shibboleth.utilities.java.support.component.IdentifiableComponent, net.shibboleth.utilities.java.support.component.InitializableComponent

@ThreadSafe public class XMLSignatureValidationStage
extends BaseIteratingStage<DomElementItem>
extends BaseIteratingStage<DomElementItem>

A pipeline stage which validates the XML digital signature found on DOM Elements.

This stage requires the following properties be set prior to initialization:

verificationKey

If Element signatures are required, per signatureRequired, and an Element does not contain a signature than an ErrorStatus object is set on the Element. If Element signatures are required to be valid, per isValidSignatureRequired(), and an Element signature is found to be invalid than an ErrorStatus object is set on the element. If signatures are not required to be valid and an Element signature is found to be invalid than an WarningStatus is set on the Element.

Field Summary
`private Logger`	`log` Class logger.
`private boolean`	`signatureRequired` Whether Elements are required to be signed.
`private boolean`	`validSignatureRequired` Whether the signature on a Elements is required to be valid.
`private Certificate`	`verificationCertificate` Certificate whose public key is used to verify the Element signature.
`private PublicKey`	`verificationKey` Public key used to verify the Element signature.

Constructor Summary
`XMLSignatureValidationStage()`

Method Summary
`protected void`	`doDestroy()`
`protected boolean`	`doExecute(DomElementItem item)` Processes a given Item.
`protected void`	`doInitialize()`
`protected Element`	`getSignatureElement(Element root)` Gets the signature element from the document.
`Certificate`	`getVerificationCertificate()` Gets the certificate whose public key is used to verify the signed Element.
`PublicKey`	`getVerificationKey()` Gets the key used to verify the signature.
`boolean`	`isSignatureRequired()` Gets whether the Element is required to be signed.
`boolean`	`isValidSignatureRequired()` Gets whether the signature on a Element element is required to be valid.
`void`	`setSignatureRequired(boolean required)` Sets whether the Element is required to be signed.
`void`	`setValidSignatureRequired(boolean isRequired)` Sets whether the signature on a Element element is required to be valid.
`void`	`setVerificationCertificate(Certificate certificate)` Set the key, included in a certificate, used to verify the signature.
`void`	`setVerificationKey(PublicKey key)` Sets the key used to verify the signature.
`protected boolean`	`signatureVerified(Element signatureElement)` Verifies the enclosed signature on the root of the Element.

Methods inherited from class net.shibboleth.metadata.pipeline.BaseIteratingStage
`doExecute`

Methods inherited from class net.shibboleth.metadata.pipeline.BaseStage
`execute, setId`

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractDestructableIdentifiableInitializableComponent
`getId`

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractDestructableInitializableComponent
`destroy, initialize, isDestroyed, isInitialized`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Methods inherited from interface net.shibboleth.utilities.java.support.component.DestructableComponent
`destroy, isDestroyed`

Methods inherited from interface net.shibboleth.utilities.java.support.component.IdentifiableComponent
`getId`

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
`initialize, isInitialized`

Field Detail

log

private final Logger log

Class logger.

signatureRequired

private boolean signatureRequired

Whether Elements are required to be signed.

validSignatureRequired

private boolean validSignatureRequired

Whether the signature on a Elements is required to be valid. Default value: true

verificationCertificate

private Certificate verificationCertificate

Certificate whose public key is used to verify the Element signature.

verificationKey

private PublicKey verificationKey

Public key used to verify the Element signature.

Constructor Detail

XMLSignatureValidationStage

public XMLSignatureValidationStage()

Method Detail

isSignatureRequired

public boolean isSignatureRequired()

Gets whether the Element is required to be signed.

Returns:: whether the Element is required to be signed

setSignatureRequired

public void setSignatureRequired(boolean required)

Sets whether the Element is required to be signed.

Parameters:: required - whether the Element is required to be signed

isValidSignatureRequired

public boolean isValidSignatureRequired()

Gets whether the signature on a Element element is required to be valid.

Returns:: whether the signature on a Element element is required to be valid

setValidSignatureRequired

public void setValidSignatureRequired(boolean isRequired)

Sets whether the signature on a Element element is required to be valid.

Parameters:: isRequired - whether the signature on a Element element is required to be valid

getVerificationKey

@Nullable
public PublicKey getVerificationKey()

Gets the key used to verify the signature.

Returns:: key used to verify the signature

setVerificationKey

public void setVerificationKey(@Nonnull
                               PublicKey key)

Sets the key used to verify the signature.

Parameters:: key - key used to verify the signature

getVerificationCertificate

@Nullable
public Certificate getVerificationCertificate()

Gets the certificate whose public key is used to verify the signed Element.

Returns:: certificate whose public key is used to verify the signed Element

setVerificationCertificate

public void setVerificationCertificate(@Nonnull
                                       Certificate certificate)

Set the key, included in a certificate, used to verify the signature. This method will also set verificationKey with the public key of the certificate.

Parameters:: certificate - certificate containing the key used to verify the signature

doExecute

protected boolean doExecute(@Nonnull
                            DomElementItem item)
                     throws StageProcessingException

Processes a given Item.

Specified by:: doExecute in class BaseIteratingStage<DomElementItem>

Parameters:: item - Item on which to operate
Returns:: true if the Item should be retained in the collection, false if not
Throws:: StageProcessingException - thrown if there is a problem with the stage processing

signatureVerified

protected boolean signatureVerified(@Nonnull
                                    Element signatureElement)
                             throws StageProcessingException

Verifies the enclosed signature on the root of the Element.

Parameters:: signatureElement - the Signature element
Returns:: true if the signature is verified successfully, false otherwise
Throws:: StageProcessingException - thrown if the given root element contains more than on signature

getSignatureElement

protected Element getSignatureElement(@Nonnull
                                      Element root)
                               throws StageProcessingException

Gets the signature element from the document. The signature must be a child of the document root.

Parameters:: root - root from which to start searching for the signature
Returns:: the signature element, or null
Throws:: StageProcessingException - thrown if there is more than one signature present

doDestroy

protected void doDestroy()

Overrides:: doDestroy in class net.shibboleth.utilities.java.support.component.AbstractDestructableInitializableComponent

doInitialize

protected void doInitialize()
                     throws net.shibboleth.utilities.java.support.component.ComponentInitializationException

Overrides:: doInitialize in class net.shibboleth.utilities.java.support.component.AbstractDestructableIdentifiableInitializableComponent

Throws:: net.shibboleth.utilities.java.support.component.ComponentInitializationException