@ThreadSafe public class XMLSignatureValidationStage extends BaseIteratingStage<Element>
This stage requires the following properties be set prior to initialization:
verificationKeysignatureRequired, and an Element does not contain a signature than
an ErrorStatus object is set on the Element.
If Element signatures are required to be valid, per isValidSignatureRequired(), and an Element signature is
found to be invalid than an ErrorStatus object is set on the element. If signatures are not required to be
valid and an Element signature is found to be invalid than an WarningStatus is set on the Element.| Modifier and Type | Field and Description |
|---|---|
private Set<String> |
blacklistedDigests
Set of blacklisted digest URIs.
|
private Set<String> |
blacklistedSignatureMethods
Set of blacklisted signature method URIs.
|
private Logger |
log
Class logger.
|
private boolean |
permittingEmptyReferences
Option to determine whether empty references are to be permitted.
|
private boolean |
signatureRequired
Whether Elements are required to be signed.
|
private XMLSignatureValidator |
validator
Validator used for all signatures validated by this stage instance.
|
private boolean |
validSignatureRequired
Whether the signature on a Elements is required to be valid.
|
private Certificate |
verificationCertificate
Certificate whose public key is used to verify the Element signature.
|
private PublicKey |
verificationKey
Public key used to verify the Element signature.
|
| Constructor and Description |
|---|
XMLSignatureValidationStage() |
| Modifier and Type | Method and Description |
|---|---|
protected void |
doDestroy() |
protected boolean |
doExecute(Item<Element> item)
Processes a given Item.
|
protected void |
doInitialize() |
Set<String> |
getBlacklistedDigests()
Gets the set of blacklisted digest algorithm identifiers.
|
Set<String> |
getBlacklistedSignatureMethods()
Gets the set of blacklisted signature method identifiers.
|
Certificate |
getVerificationCertificate()
Gets the certificate whose public key is used to verify the signed Element.
|
PublicKey |
getVerificationKey()
Gets the key used to verify the signature.
|
boolean |
isPermittingEmptyReferences()
Gets whether empty references are permitted.
|
boolean |
isSignatureRequired()
Gets whether the Element is required to be signed.
|
boolean |
isValidSignatureRequired()
Gets whether the signature on a Element element is required to be valid.
|
void |
setBlacklistedDigests(Collection<String> identifiers)
Set the collection of identifiers to be blacklisted as digest algorithms.
|
void |
setBlacklistedSignatureMethods(Collection<String> identifiers)
Set the collection of identifiers to be blacklisted as signature methods.
|
void |
setPermittingEmptyReferences(boolean permit)
Sets whether empty references are permitted.
|
void |
setSignatureRequired(boolean required)
Sets whether the Element is required to be signed.
|
void |
setValidSignatureRequired(boolean isRequired)
Sets whether the signature on a Element element is required to be valid.
|
void |
setVerificationCertificate(Certificate certificate)
Set the key, included in a certificate, used to verify the signature.
|
void |
setVerificationKey(PublicKey key)
Sets the key used to verify the signature.
|
doExecuteexecute, getCollectionPredicate, setCollectionPredicatesetIdgetIddestroy, initialize, isDestroyed, isInitializedclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitdestroy, isDestroyedprivate final Logger log
private boolean signatureRequired
private boolean validSignatureRequired
trueprivate Certificate verificationCertificate
private PublicKey verificationKey
@Nonnull private Set<String> blacklistedDigests
@Nonnull private Set<String> blacklistedSignatureMethods
private boolean permittingEmptyReferences
true.private XMLSignatureValidator validator
public boolean isSignatureRequired()
public void setSignatureRequired(boolean required)
required - whether the Element is required to be signedpublic boolean isValidSignatureRequired()
public void setValidSignatureRequired(boolean isRequired)
isRequired - whether the signature on a Element element is required to be valid@Nullable public PublicKey getVerificationKey()
public void setVerificationKey(@Nonnull PublicKey key)
key - key used to verify the signature@Nullable public Certificate getVerificationCertificate()
public void setVerificationCertificate(@Nonnull Certificate certificate)
verificationKey with the public key of the certificate.certificate - certificate containing the key used to verify the signaturepublic void setBlacklistedDigests(@Nonnull@NonnullElements Collection<String> identifiers)
identifiers - collection of identifiers to be blacklisted@Nonnull @NonnullElements public Set<String> getBlacklistedDigests()
public void setBlacklistedSignatureMethods(@Nonnull@NonnullElements Collection<String> identifiers)
identifiers - collection of identifiers to be blacklisted@Nonnull @NonnullElements public Set<String> getBlacklistedSignatureMethods()
public boolean isPermittingEmptyReferences()
public void setPermittingEmptyReferences(boolean permit)
permit - whether empty references are permittedprotected boolean doExecute(@Nonnull Item<Element> item) throws StageProcessingException
doExecute in class BaseIteratingStage<Element>item - Item on which to operateStageProcessingException - thrown if there is a problem with the stage processingprotected void doDestroy()
doDestroy in class net.shibboleth.utilities.java.support.component.AbstractInitializableComponentprotected void doInitialize()
throws net.shibboleth.utilities.java.support.component.ComponentInitializationException
doInitialize in class net.shibboleth.utilities.java.support.component.AbstractIdentifiedInitializableComponentnet.shibboleth.utilities.java.support.component.ComponentInitializationExceptionCopyright © 1999–2016. All rights reserved.