/** * Method setSignature sets the signature of this SamlAssertionWrapper object. * * @param signature the signature of this SamlAssertionWrapper object. * @param signatureDigestAlgorithm the signature digest algorithm to use */ public void setSignature(Signature signature, String signatureDigestAlgorithm) { if (xmlObject instanceof SignableSAMLObject) { SignableSAMLObject signableObject = (SignableSAMLObject) xmlObject; signableObject.setSignature(signature); String digestAlg = signatureDigestAlgorithm; if (digestAlg == null) { digestAlg = defaultSignatureDigestAlgorithm; } SAMLObjectContentReference contentRef = (SAMLObjectContentReference)signature.getContentReferences().get(0); contentRef.setDigestAlgorithm(digestAlg); signableObject.releaseDOM(); signableObject.releaseChildrenDOM(true); } else { LOG.error("Attempt to sign an unsignable object " + xmlObject.getClass().getName()); } }
/** * {@inheritDoc} * * When a signature is added, a default content reference that uses the ID of this object will be * created and added to the signature at the time of signing. See {@link SAMLObjectContentReference} * for the default digest algorithm and transforms that will be used. These default values may be * changed prior to marshalling this object. */ public void setSignature(Signature newSignature) { if(newSignature != null){ newSignature.getContentReferences().add(new SAMLObjectContentReference(this)); } super.setSignature(newSignature); }
/** {@inheritDoc} */ public void createReference(XMLSignature signature) { try { Transforms dsigTransforms = new Transforms(signature.getDocument()); for (int i=0; i<transforms.size(); i++) { String transform = transforms.get(i); dsigTransforms.addTransform(transform); if (transform.equals(SignatureConstants.TRANSFORM_C14N_EXCL_WITH_COMMENTS) || transform.equals(SignatureConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS)) { processExclusiveTransform(signature, dsigTransforms.item(i)); } } if ( ! DatatypeHelper.isEmpty(signableObject.getSignatureReferenceID()) ) { signature.addDocument("#" + signableObject.getSignatureReferenceID(), dsigTransforms, digestAlgorithm); } else { log.debug("SignableSAMLObject had no reference ID, signing using whole document Reference URI"); signature.addDocument("" , dsigTransforms, digestAlgorithm); } } catch (TransformationException e) { log.error("Unsupported signature transformation", e); } catch (XMLSignatureException e) { log.error("Error adding content reference to signature", e); } }
/** * Populate the inclusive namspace prefixes on the specified Apache (exclusive) transform object. * * @param signature the Apache XMLSignature object * @param transform the Apache Transform object representing an exclusive transform */ private void processExclusiveTransform(XMLSignature signature, Transform transform) { // Namespaces that aren't visibly used, such as those used in QName attribute values, would // be stripped out by exclusive canonicalization. Need to make sure they aren't by explicitly // telling the transformer about them. log.debug("Adding list of inclusive namespaces for signature exclusive canonicalization transform"); LazySet<String> inclusiveNamespacePrefixes = new LazySet<String>(); populateNamespacePrefixes(inclusiveNamespacePrefixes, signableObject); if (inclusiveNamespacePrefixes != null && inclusiveNamespacePrefixes.size() > 0) { InclusiveNamespaces inclusiveNamespaces = new InclusiveNamespaces(signature.getDocument(), inclusiveNamespacePrefixes); transform.getElement().appendChild(inclusiveNamespaces.getElement()); } }
for (ContentReference cr : signableObject.getSignature().getContentReferences()) { if (cr instanceof SAMLObjectContentReference) { List<String> transforms = ((SAMLObjectContentReference)cr).getTransforms(); if (transforms.contains(SignatureConstants.TRANSFORM_C14N_EXCL_WITH_COMMENTS) || transforms.contains(SignatureConstants.TRANSFORM_C14N_EXCL_OMIT_COMMENTS)) {
/** * Method setSignature sets the signature of this SamlAssertionWrapper object. * * @param signature the signature of this SamlAssertionWrapper object. * @param signatureDigestAlgorithm the signature digest algorithm to use */ public void setSignature(Signature signature, String signatureDigestAlgorithm) { if (xmlObject instanceof SignableSAMLObject) { SignableSAMLObject signableObject = (SignableSAMLObject) xmlObject; signableObject.setSignature(signature); String digestAlg = signatureDigestAlgorithm; if (digestAlg == null) { digestAlg = defaultSignatureDigestAlgorithm; } SAMLObjectContentReference contentRef = (SAMLObjectContentReference)signature.getContentReferences().get(0); contentRef.setDigestAlgorithm(digestAlg); signableObject.releaseDOM(); signableObject.releaseChildrenDOM(true); } else { LOG.error("Attempt to sign an unsignable object " + xmlObject.getClass().getName()); } }
((SAMLObjectContentReference) signature.getContentReferences().get(0)).setDigestAlgorithm(digestAlgorithm);
((SAMLObjectContentReference) signature.getContentReferences().get(0)).setDigestAlgorithm(digestAlgorithm);