/**
* Gets the signature algorithm URI to use.
*
* @param signingParameters the signing parameters to use
* @return signature algorithm to use with the associated signing credential
* @throws MessageEncodingException thrown if the algorithm URI is not supplied explicitly and
* could not be derived from the supplied credential
*/
protected String getSignatureAlgorithmURI(SignatureSigningParameters signingParameters)
throws MessageEncodingException {
if (signingParameters.getSignatureAlgorithm() != null) {
return signingParameters.getSignatureAlgorithm();
}
throw new MessageEncodingException("The signing algorithm URI could not be determined");
}
/**
* Builds the URL to redirect the client to.
*
* @param messageContext current message context
* @param endpoint endpoint URL to send encoded message to
* @param message Deflated and Base64 encoded message
* @return URL to redirect client to
* @throws MessageEncodingException thrown if the SAML message is neither a RequestAbstractType or
* Response
*/
protected String buildRedirectURL(
MessageContext<SAMLObject> messageContext, String endpoint, String message)
throws MessageEncodingException {
log.debug("Building URL to redirect client to");
URLBuilder urlBuilder = null;
try {
urlBuilder = new URLBuilder(endpoint);
} catch (MalformedURLException e) {
throw new MessageEncodingException("Endpoint URL " + endpoint + " is not a valid URL", e);
}
List<Pair<String, String>> queryParams = urlBuilder.getQueryParams();
queryParams.clear();
SAMLObject outboundMessage = messageContext.getMessage();
if (outboundMessage instanceof RequestAbstractType) {
queryParams.add(new Pair<String, String>("SAMLRequest", message));
} else if (outboundMessage instanceof StatusResponseType) {
queryParams.add(new Pair<String, String>("SAMLResponse", message));
} else {
throw new MessageEncodingException(
"SAML message is neither a SAML RequestAbstractType or StatusResponseType");
}
String relayState = SAMLBindingSupport.getRelayState(messageContext);
if (SAMLBindingSupport.checkRelayState(relayState)) {
queryParams.add(new Pair<String, String>("RelayState", relayState));
}
SignatureSigningParameters signingParameters =
SAMLMessageSecuritySupport.getContextSigningParameters(messageContext);
if (signingParameters != null && signingParameters.getSigningCredential() != null) {
String sigAlgURI = getSignatureAlgorithmURI(signingParameters);
Pair<String, String> sigAlg = new Pair<String, String>("SigAlg", sigAlgURI);
queryParams.add(sigAlg);
String sigMaterial = urlBuilder.buildQueryString();
queryParams.add(
new Pair<String, String>(
"Signature",
generateSignature(signingParameters.getSigningCredential(), sigAlgURI, sigMaterial)));
} else {
log.debug("No signing credential was supplied, skipping HTTP-Redirect DEFLATE signing");
}
return urlBuilder.buildURL();
}