/** * {@inheritDoc} * * When a signature is added, a default content reference that uses the ID of this object will be * created and added to the signature at the time of signing. See {@link SAMLObjectContentReference} * for the default digest algorithm and transforms that will be used. These default values may be * changed prior to marshalling this object. */ public void setSignature(@Nullable final Signature newSignature) { if(newSignature != null && newSignature.getContentReferences().isEmpty()) { newSignature.getContentReferences().add(new SAMLObjectContentReference(this)); } super.setSignature(newSignature); }
/** * Method setSignature sets the signature of this SamlAssertionWrapper object. * * @param signature the signature of this SamlAssertionWrapper object. * @param signatureDigestAlgorithm the signature digest algorithm to use */ public void setSignature(Signature signature, String signatureDigestAlgorithm) { if (samlObject instanceof SignableSAMLObject) { SignableSAMLObject signableObject = (SignableSAMLObject) samlObject; signableObject.setSignature(signature); String digestAlg = signatureDigestAlgorithm; if (digestAlg == null) { digestAlg = defaultSignatureDigestAlgorithm; } SAMLObjectContentReference contentRef = (SAMLObjectContentReference)signature.getContentReferences().get(0); contentRef.setDigestAlgorithm(digestAlg); signableObject.releaseDOM(); signableObject.releaseChildrenDOM(true); } else { LOG.error("Attempt to sign an unsignable object " + samlObject.getClass().getName()); } }
public void resignAssertion(Assertion assertion) throws SignatureException { final Signature signature = assertion.getSignature(); if (signature == null) { signSamlObject(assertion); return; } final String digestAlgorithm = ((SAMLObjectContentReference) signature.getContentReferences().get(0)).getDigestAlgorithm(); signSamlObject( assertion, signature.getSignatureAlgorithm(), signature.getCanonicalizationAlgorithm(), digestAlgorithm); }
log.debug("Examining signed object for content references with exclusive canonicalization transform"); boolean sawExclusive = false; for (final ContentReference cr : signableObject.getSignature().getContentReferences()) { if (cr instanceof SAMLObjectContentReference) { final List<String> transforms = ((SAMLObjectContentReference)cr).getTransforms();
protected Signature getSignature(SignableSAMLObject target) { org.opensaml.xmlsec.signature.Signature signature = target.getSignature(); Signature result = null; if (signature != null && signature instanceof SignatureImpl) { SignatureImpl impl = (SignatureImpl) signature; try { result = new Signature() .setSignatureAlgorithm(AlgorithmMethod.fromUrn(impl.getSignatureAlgorithm())) .setCanonicalizationAlgorithm(CanonicalizationMethod.fromUrn(impl .getCanonicalizationAlgorithm())) .setSignatureValue(org.apache.xml.security.utils.Base64.encode(impl.getXMLSignature() .getSignatureValue())) ; //TODO extract the digest value for (ContentReference ref : ofNullable(signature.getContentReferences()).orElse(emptyList())) { if (ref instanceof SAMLObjectContentReference) { SAMLObjectContentReference sref = (SAMLObjectContentReference) ref; result.setDigestAlgorithm(DigestMethod.fromUrn(sref.getDigestAlgorithm())); } } } catch (XMLSignatureException e) { //TODO - ignore for now } } return result; }
((SAMLObjectContentReference) signature.getContentReferences().get(0)).setDigestAlgorithm(digestAlgorithm);
String digestAlg = SignatureConstants.ALGO_ID_DIGEST_SHA1; SAMLObjectContentReference contentRef = (SAMLObjectContentReference)signature.getContentReferences().get(0); contentRef.setDigestAlgorithm(digestAlg); signableObject.releaseDOM();
(SAMLObjectContentReference) signature.getContentReferences().get(0); contentRef.setDigestAlgorithm(digestAlgo);