/** * Gets the signature algorithm URI to use. * * @param signingParameters the signing parameters to use * @return signature algorithm to use with the associated signing credential * @throws MessageEncodingException thrown if the algorithm URI is not supplied explicitly and * could not be derived from the supplied credential */ protected String getSignatureAlgorithmURI(SignatureSigningParameters signingParameters) throws MessageEncodingException { if (signingParameters.getSignatureAlgorithm() != null) { return signingParameters.getSignatureAlgorithm(); } throw new MessageEncodingException("The signing algorithm URI could not be determined"); }
/** * Builds the URL to redirect the client to. * * @param messageContext current message context * @param endpoint endpoint URL to send encoded message to * @param message Deflated and Base64 encoded message * @return URL to redirect client to * @throws MessageEncodingException thrown if the SAML message is neither a RequestAbstractType or * Response */ protected String buildRedirectURL( MessageContext<SAMLObject> messageContext, String endpoint, String message) throws MessageEncodingException { log.debug("Building URL to redirect client to"); URLBuilder urlBuilder = null; try { urlBuilder = new URLBuilder(endpoint); } catch (MalformedURLException e) { throw new MessageEncodingException("Endpoint URL " + endpoint + " is not a valid URL", e); } List<Pair<String, String>> queryParams = urlBuilder.getQueryParams(); queryParams.clear(); SAMLObject outboundMessage = messageContext.getMessage(); if (outboundMessage instanceof RequestAbstractType) { queryParams.add(new Pair<String, String>("SAMLRequest", message)); } else if (outboundMessage instanceof StatusResponseType) { queryParams.add(new Pair<String, String>("SAMLResponse", message)); } else { throw new MessageEncodingException( "SAML message is neither a SAML RequestAbstractType or StatusResponseType"); } String relayState = SAMLBindingSupport.getRelayState(messageContext); if (SAMLBindingSupport.checkRelayState(relayState)) { queryParams.add(new Pair<String, String>("RelayState", relayState)); } SignatureSigningParameters signingParameters = SAMLMessageSecuritySupport.getContextSigningParameters(messageContext); if (signingParameters != null && signingParameters.getSigningCredential() != null) { String sigAlgURI = getSignatureAlgorithmURI(signingParameters); Pair<String, String> sigAlg = new Pair<String, String>("SigAlg", sigAlgURI); queryParams.add(sigAlg); String sigMaterial = urlBuilder.buildQueryString(); queryParams.add( new Pair<String, String>( "Signature", generateSignature(signingParameters.getSigningCredential(), sigAlgURI, sigMaterial))); } else { log.debug("No signing credential was supplied, skipping HTTP-Redirect DEFLATE signing"); } return urlBuilder.buildURL(); }