public abstract class AbstractSAML2ResponseValidator extends Object implements SAML2ResponseValidator
Modifier and Type | Field and Description |
---|---|
protected int |
acceptedSkew |
protected org.opensaml.saml.saml2.encryption.Decrypter |
decrypter |
protected org.slf4j.Logger |
logger |
protected LogoutHandler |
logoutHandler |
protected ReplayCacheProvider |
replayCache |
protected SAML2SignatureTrustEngineProvider |
signatureTrustEngineProvider |
protected net.shibboleth.utilities.java.support.net.URIComparator |
uriComparator |
Modifier | Constructor and Description |
---|---|
protected |
AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider,
org.opensaml.saml.saml2.encryption.Decrypter decrypter,
LogoutHandler logoutHandler)
Deprecated.
this constructor does not accept a replay cache, replay protection will be disabled
|
protected |
AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider,
org.opensaml.saml.saml2.encryption.Decrypter decrypter,
LogoutHandler logoutHandler,
ReplayCacheProvider replayCache) |
protected |
AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider,
org.opensaml.saml.saml2.encryption.Decrypter decrypter,
LogoutHandler logoutHandler,
ReplayCacheProvider replayCache,
net.shibboleth.utilities.java.support.net.URIComparator uriComparator) |
protected |
AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider,
org.opensaml.saml.saml2.encryption.Decrypter decrypter,
LogoutHandler logoutHandler,
net.shibboleth.utilities.java.support.net.URIComparator uriComparator)
Deprecated.
this constructor does not accept a replay cache, replay protection will be disabled
|
Modifier and Type | Method and Description |
---|---|
protected String |
computeSloKey(String sessionIndex,
org.opensaml.saml.saml2.core.NameID nameId) |
protected org.opensaml.saml.saml2.core.NameID |
decryptEncryptedId(org.opensaml.saml.saml2.core.EncryptedID encryptedId,
org.opensaml.saml.saml2.encryption.Decrypter decrypter)
Decrypts an EncryptedID, using a decrypter.
|
protected boolean |
isDateValid(org.joda.time.DateTime issueInstant,
int interval) |
protected boolean |
isIssueInstantValid(org.joda.time.DateTime issueInstant) |
void |
setAcceptedSkew(int acceptedSkew) |
protected void |
validateIssueInstant(org.joda.time.DateTime issueInstant) |
protected void |
validateIssuer(org.opensaml.saml.saml2.core.Issuer issuer,
SAML2MessageContext context)
Validate issuer format and value.
|
protected void |
validateIssuerIfItExists(org.opensaml.saml.saml2.core.Issuer isser,
SAML2MessageContext context) |
protected void |
validateSignature(org.opensaml.xmlsec.signature.Signature signature,
String idpEntityId,
org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine)
Validate the given digital signature by checking its profile and value.
|
protected void |
validateSignatureIfItExists(org.opensaml.xmlsec.signature.Signature signature,
SAML2MessageContext context,
org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine) |
protected void |
validateSuccess(org.opensaml.saml.saml2.core.Status status)
Validates that the response is a success.
|
protected void |
verifyEndpoint(org.opensaml.saml.saml2.metadata.Endpoint endpoint,
String destination) |
protected void |
verifyMessageReplay(SAML2MessageContext context) |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
setMaximumAuthenticationLifetime, validate
protected final org.slf4j.Logger logger
protected int acceptedSkew
protected final SAML2SignatureTrustEngineProvider signatureTrustEngineProvider
protected final net.shibboleth.utilities.java.support.net.URIComparator uriComparator
protected final org.opensaml.saml.saml2.encryption.Decrypter decrypter
protected final LogoutHandler logoutHandler
protected final ReplayCacheProvider replayCache
@Deprecated protected AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider, org.opensaml.saml.saml2.encryption.Decrypter decrypter, LogoutHandler logoutHandler)
@Deprecated protected AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider, org.opensaml.saml.saml2.encryption.Decrypter decrypter, LogoutHandler logoutHandler, net.shibboleth.utilities.java.support.net.URIComparator uriComparator)
protected AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider, org.opensaml.saml.saml2.encryption.Decrypter decrypter, LogoutHandler logoutHandler, ReplayCacheProvider replayCache)
protected AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider, org.opensaml.saml.saml2.encryption.Decrypter decrypter, LogoutHandler logoutHandler, ReplayCacheProvider replayCache, net.shibboleth.utilities.java.support.net.URIComparator uriComparator)
protected void validateSuccess(org.opensaml.saml.saml2.core.Status status)
status
- the response status.protected void validateSignatureIfItExists(org.opensaml.xmlsec.signature.Signature signature, SAML2MessageContext context, org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine)
protected void validateSignature(org.opensaml.xmlsec.signature.Signature signature, String idpEntityId, org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine)
signature
- the signatureidpEntityId
- the idp entity idtrustEngine
- the trust engineprotected void validateIssuerIfItExists(org.opensaml.saml.saml2.core.Issuer isser, SAML2MessageContext context)
protected void validateIssuer(org.opensaml.saml.saml2.core.Issuer issuer, SAML2MessageContext context)
issuer
- the issuercontext
- the contextprotected void validateIssueInstant(org.joda.time.DateTime issueInstant)
protected boolean isIssueInstantValid(org.joda.time.DateTime issueInstant)
protected boolean isDateValid(org.joda.time.DateTime issueInstant, int interval)
protected void verifyEndpoint(org.opensaml.saml.saml2.metadata.Endpoint endpoint, String destination)
protected void verifyMessageReplay(SAML2MessageContext context)
protected org.opensaml.saml.saml2.core.NameID decryptEncryptedId(org.opensaml.saml.saml2.core.EncryptedID encryptedId, org.opensaml.saml.saml2.encryption.Decrypter decrypter) throws SAMLException
encryptedId
- The EncryptedID to be decrypted.decrypter
- The decrypter to use.null
if any input is null
.SAMLException
- If the input ID cannot be decrypted.protected String computeSloKey(String sessionIndex, org.opensaml.saml.saml2.core.NameID nameId)
public final void setAcceptedSkew(int acceptedSkew)
setAcceptedSkew
in interface SAML2ResponseValidator
Copyright © 2019. All rights reserved.