Package org.pac4j.saml.profile.impl

Class AbstractSAML2ResponseValidator

java.lang.Object

org.pac4j.saml.profile.impl.AbstractSAML2ResponseValidator

All Implemented Interfaces:

SAML2ResponseValidator

Direct Known Subclasses:

SAML2AuthnResponseValidator, SAML2LogoutValidator

public abstract class AbstractSAML2ResponseValidator
extends Object
implements SAML2ResponseValidator

The abstract class for all SAML response validators.

Since:

3.4.0

Author:

Jerome Leleu

Field Summary

Fields

Modifier and Type	Field	Description
protected int	acceptedSkew
protected org.opensaml.saml.saml2.encryption.Decrypter	decrypter
protected org.slf4j.Logger	logger
protected LogoutHandler	logoutHandler
protected ReplayCacheProvider	replayCache
protected SAML2SignatureTrustEngineProvider	signatureTrustEngineProvider
protected net.shibboleth.utilities.java.support.net.URIComparator	uriComparator

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider, org.opensaml.saml.saml2.encryption.Decrypter decrypter, LogoutHandler logoutHandler, ReplayCacheProvider replayCache)
protected	AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider, org.opensaml.saml.saml2.encryption.Decrypter decrypter, LogoutHandler logoutHandler, ReplayCacheProvider replayCache, net.shibboleth.utilities.java.support.net.URIComparator uriComparator)

Method Summary

Modifier and Type	Method	Description
protected String	computeSloKey(String sessionIndex, org.opensaml.saml.saml2.core.NameID nameId)
protected org.opensaml.saml.saml2.core.NameID	decryptEncryptedId(org.opensaml.saml.saml2.core.EncryptedID encryptedId, org.opensaml.saml.saml2.encryption.Decrypter decrypter)	Decrypts an EncryptedID, using a decrypter.
protected boolean	isDateValid(org.joda.time.DateTime issueInstant, int interval)
protected boolean	isIssueInstantValid(org.joda.time.DateTime issueInstant)
void	setAcceptedSkew(int acceptedSkew)
protected void	validateIssueInstant(org.joda.time.DateTime issueInstant)
protected void	validateIssuer(org.opensaml.saml.saml2.core.Issuer issuer, SAML2MessageContext context)	Validate issuer format and value.
protected void	validateIssuerIfItExists(org.opensaml.saml.saml2.core.Issuer isser, SAML2MessageContext context)
protected void	validateSignature(org.opensaml.xmlsec.signature.Signature signature, String idpEntityId, org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine)	Validate the given digital signature by checking its profile and value.
protected void	validateSignatureIfItExists(org.opensaml.xmlsec.signature.Signature signature, SAML2MessageContext context, org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine)
protected void	validateSuccess(org.opensaml.saml.saml2.core.Status status)	Validates that the response is a success.
protected void	verifyEndpoint(org.opensaml.saml.saml2.metadata.Endpoint endpoint, String destination)
protected void	verifyMessageReplay(SAML2MessageContext context)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.pac4j.saml.profile.api.SAML2ResponseValidator

setMaximumAuthenticationLifetime, validate

Field Detail

logger

protected final org.slf4j.Logger logger

acceptedSkew

protected int acceptedSkew

signatureTrustEngineProvider

protected final SAML2SignatureTrustEngineProvider signatureTrustEngineProvider

uriComparator

protected final net.shibboleth.utilities.java.support.net.URIComparator uriComparator

decrypter

protected final org.opensaml.saml.saml2.encryption.Decrypter decrypter

logoutHandler

protected final LogoutHandler logoutHandler

replayCache

protected final ReplayCacheProvider replayCache

Constructor Detail

AbstractSAML2ResponseValidator

protected AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider,
                                         org.opensaml.saml.saml2.encryption.Decrypter decrypter,
                                         LogoutHandler logoutHandler,
                                         ReplayCacheProvider replayCache)

AbstractSAML2ResponseValidator

protected AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider,
                                         org.opensaml.saml.saml2.encryption.Decrypter decrypter,
                                         LogoutHandler logoutHandler,
                                         ReplayCacheProvider replayCache,
                                         net.shibboleth.utilities.java.support.net.URIComparator uriComparator)

Method Detail

validateSuccess

protected void validateSuccess(org.opensaml.saml.saml2.core.Status status)

Validates that the response is a success.

Parameters:

status - the response status.

validateSignatureIfItExists

protected void validateSignatureIfItExists(org.opensaml.xmlsec.signature.Signature signature,
                                           SAML2MessageContext context,
                                           org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine)

validateSignature

protected void validateSignature(org.opensaml.xmlsec.signature.Signature signature,
                                 String idpEntityId,
                                 org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine)

Validate the given digital signature by checking its profile and value.

Parameters:

signature - the signature

idpEntityId - the idp entity id

trustEngine - the trust engine

validateIssuerIfItExists

protected void validateIssuerIfItExists(org.opensaml.saml.saml2.core.Issuer isser,
                                        SAML2MessageContext context)

validateIssuer

protected void validateIssuer(org.opensaml.saml.saml2.core.Issuer issuer,
                              SAML2MessageContext context)

Validate issuer format and value.

Parameters:

issuer - the issuer

context - the context

validateIssueInstant

protected void validateIssueInstant(org.joda.time.DateTime issueInstant)

isIssueInstantValid

protected boolean isIssueInstantValid(org.joda.time.DateTime issueInstant)

isDateValid

protected boolean isDateValid(org.joda.time.DateTime issueInstant,
                              int interval)

verifyEndpoint

protected void verifyEndpoint(org.opensaml.saml.saml2.metadata.Endpoint endpoint,
                              String destination)

verifyMessageReplay

protected void verifyMessageReplay(SAML2MessageContext context)

decryptEncryptedId

protected org.opensaml.saml.saml2.core.NameID decryptEncryptedId(org.opensaml.saml.saml2.core.EncryptedID encryptedId,
                                                                 org.opensaml.saml.saml2.encryption.Decrypter decrypter)
                                                          throws SAMLException

Decrypts an EncryptedID, using a decrypter.

Parameters:

encryptedId - The EncryptedID to be decrypted.

decrypter - The decrypter to use.

Returns:

Decrypted ID or null if any input is null.

Throws:

SAMLException - If the input ID cannot be decrypted.

computeSloKey

protected String computeSloKey(String sessionIndex,
                               org.opensaml.saml.saml2.core.NameID nameId)

setAcceptedSkew

public final void setAcceptedSkew(int acceptedSkew)

Specified by:

setAcceptedSkew in interface SAML2ResponseValidator