Package org.pac4j.saml.profile.impl

Class AbstractSAML2ResponseValidator

    • Field Detail

      • logger

        protected final org.slf4j.Logger logger

      • acceptedSkew

        protected int acceptedSkew

      • uriComparator

        protected final net.shibboleth.utilities.java.support.net.URIComparator uriComparator

      • decrypter

        protected final org.opensaml.saml.saml2.encryption.Decrypter decrypter

    • Constructor Detail

      • AbstractSAML2ResponseValidator

        @Deprecated
protected AbstractSAML2ResponseValidator​(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider,
                                         org.opensaml.saml.saml2.encryption.Decrypter decrypter,
                                         LogoutHandler logoutHandler)
        Deprecated.
        this constructor does not accept a replay cache, replay protection will be disabled

      • AbstractSAML2ResponseValidator

        @Deprecated
protected AbstractSAML2ResponseValidator​(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider,
                                         org.opensaml.saml.saml2.encryption.Decrypter decrypter,
                                         LogoutHandler logoutHandler,
                                         net.shibboleth.utilities.java.support.net.URIComparator uriComparator)
        Deprecated.
        this constructor does not accept a replay cache, replay protection will be disabled

      • AbstractSAML2ResponseValidator

        protected AbstractSAML2ResponseValidator​(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider,
                                         org.opensaml.saml.saml2.encryption.Decrypter decrypter,
                                         LogoutHandler logoutHandler,
                                         ReplayCacheProvider replayCache,
                                         net.shibboleth.utilities.java.support.net.URIComparator uriComparator)

    • Method Detail

      • validateSuccess

        protected void validateSuccess​(org.opensaml.saml.saml2.core.Status status)
        Validates that the response is a success.
        Parameters:
        status - the response status.

      • validateSignatureIfItExists

        protected void validateSignatureIfItExists​(org.opensaml.xmlsec.signature.Signature signature,
                                           SAML2MessageContext context,
                                           org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine)

      • validateSignature

        protected void validateSignature​(org.opensaml.xmlsec.signature.Signature signature,
                                 String idpEntityId,
                                 org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine)
        Validate the given digital signature by checking its profile and value.
        Parameters:
        signature - the signature
        idpEntityId - the idp entity id
        trustEngine - the trust engine

      • validateIssuerIfItExists

        protected void validateIssuerIfItExists​(org.opensaml.saml.saml2.core.Issuer isser,
                                        SAML2MessageContext context)

      • validateIssuer

        protected void validateIssuer​(org.opensaml.saml.saml2.core.Issuer issuer,
                              SAML2MessageContext context)
        Validate issuer format and value.
        Parameters:
        issuer - the issuer
        context - the context

      • validateIssueInstant

        protected void validateIssueInstant​(org.joda.time.DateTime issueInstant)

      • isIssueInstantValid

        protected boolean isIssueInstantValid​(org.joda.time.DateTime issueInstant)

      • isDateValid

        protected boolean isDateValid​(org.joda.time.DateTime issueInstant,
                              int interval)

      • verifyEndpoint

        protected void verifyEndpoint​(org.opensaml.saml.saml2.metadata.Endpoint endpoint,
                              String destination)

      • decryptEncryptedId

        protected org.opensaml.saml.saml2.core.NameID decryptEncryptedId​(org.opensaml.saml.saml2.core.EncryptedID encryptedId,
                                                                 org.opensaml.saml.saml2.encryption.Decrypter decrypter)
                                                          throws SAMLException
        Decrypts an EncryptedID, using a decrypter.
        Parameters:
        encryptedId - The EncryptedID to be decrypted.
        decrypter - The decrypter to use.
        Returns:
        Decrypted ID or null if any input is null.
        Throws:
        SAMLException - If the input ID cannot be decrypted.

      • computeSloKey

        protected String computeSloKey​(String sessionIndex,
                               org.opensaml.saml.saml2.core.NameID nameId)