Package se.swedenconnect.opensaml.xmlsec.signature.support

Class SAMLObjectSigner

java.lang.Object

se.swedenconnect.opensaml.xmlsec.signature.support.SAMLObjectSigner

public class SAMLObjectSigner
extends Object

Utility methods for signatures.

Author:

Martin Lindström (martin@idsec.se)

Method Summary

Modifier and Type	Method	Description
static org.opensaml.xmlsec.SignatureSigningConfiguration	getSignaturePreferences(org.opensaml.saml.saml2.metadata.EntityDescriptor metadata)	A recipient of a signed message may specify the signature algorithm it prefers by including the <alg:SigningMethod> element in its metadata.
static <T extends org.opensaml.saml.common.SignableSAMLObject> void	sign(T object, org.opensaml.security.credential.Credential signingCredentials, org.opensaml.xmlsec.SignatureSigningConfiguration... configs)	Signs the supplied SAML object using the supplied credentials and signature configuration(s).
static <T extends org.opensaml.saml.common.SignableSAMLObject> void	sign(T object, org.opensaml.security.credential.Credential signingCredentials, org.opensaml.xmlsec.SignatureSigningConfiguration config, org.opensaml.saml.saml2.metadata.EntityDescriptor recipientMetadata)	Signs the supplied SAML object using the supplied credentials and signature configuration and also handles the peer signature requirements.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

sign

public static <T extends org.opensaml.saml.common.SignableSAMLObject>
void sign(T object,
 org.opensaml.security.credential.Credential signingCredentials,
 org.opensaml.xmlsec.SignatureSigningConfiguration... configs)
   throws org.opensaml.xmlsec.signature.support.SignatureException

Signs the supplied SAML object using the supplied credentials and signature configuration(s).

Note: If you have obtained the peer's prefered signature credentials, this configuration should be supplied first ...

Type Parameters:

T - the object type

Parameters:

object - object to sign

signingCredentials - signature credentials

configs - signature configuration

Throws:

org.opensaml.xmlsec.signature.support.SignatureException - for signature creation errors

sign

public static <T extends org.opensaml.saml.common.SignableSAMLObject>
void sign(T object,
 org.opensaml.security.credential.Credential signingCredentials,
 org.opensaml.xmlsec.SignatureSigningConfiguration config,
 org.opensaml.saml.saml2.metadata.EntityDescriptor recipientMetadata)
   throws org.opensaml.xmlsec.signature.support.SignatureException

Signs the supplied SAML object using the supplied credentials and signature configuration and also handles the peer signature requirements.

This method corresponds to: SignatureSigningConfiguration peerConfig = getSignaturePreferences(recipientMetadata); followed by sign(object, signingCredentials, config, peerConfig);. If no peer config is found, this is not passed.

Type Parameters:

T - the object type

Parameters:

object - object to sign

signingCredentials - signature credentials

config - signature configuration

recipientMetadata - recipient's metadata

Throws:

org.opensaml.xmlsec.signature.support.SignatureException - for signature errors

getSignaturePreferences

public static org.opensaml.xmlsec.SignatureSigningConfiguration getSignaturePreferences(org.opensaml.saml.saml2.metadata.EntityDescriptor metadata)

A recipient of a signed message may specify the signature algorithm it prefers by including the <alg:SigningMethod> element in its metadata. This method locates these elements, and if present, creates a SignatureSigningConfiguration object that should be supplied to sign(SignableSAMLObject, Credential, SignatureSigningConfiguration...).

Parameters:

metadata - the recipient's metadata

Returns:

a SignatureSigningConfiguration element, or null if no preferred signing algorithms were specified