Package org.pac4j.saml.profile.impl
Class AbstractSAML2ResponseValidator
- java.lang.Object
-
- org.pac4j.saml.profile.impl.AbstractSAML2ResponseValidator
-
- All Implemented Interfaces:
SAML2ResponseValidator
- Direct Known Subclasses:
SAML2AuthnResponseValidator
,SAML2LogoutValidator
public abstract class AbstractSAML2ResponseValidator extends Object implements SAML2ResponseValidator
The abstract class for all SAML response validators.- Since:
- 3.4.0
- Author:
- Jerome Leleu
-
-
Field Summary
Fields Modifier and Type Field Description protected int
acceptedSkew
protected org.opensaml.saml.saml2.encryption.Decrypter
decrypter
protected org.slf4j.Logger
logger
protected LogoutHandler
logoutHandler
protected ReplayCacheProvider
replayCache
protected SAML2SignatureTrustEngineProvider
signatureTrustEngineProvider
protected net.shibboleth.utilities.java.support.net.URIComparator
uriComparator
-
Constructor Summary
Constructors Modifier Constructor Description protected
AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider, org.opensaml.saml.saml2.encryption.Decrypter decrypter, LogoutHandler logoutHandler, ReplayCacheProvider replayCache)
protected
AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider, org.opensaml.saml.saml2.encryption.Decrypter decrypter, LogoutHandler logoutHandler, ReplayCacheProvider replayCache, net.shibboleth.utilities.java.support.net.URIComparator uriComparator)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected String
computeSloKey(String sessionIndex, org.opensaml.saml.saml2.core.NameID nameId)
protected org.opensaml.saml.saml2.core.NameID
decryptEncryptedId(org.opensaml.saml.saml2.core.EncryptedID encryptedId, org.opensaml.saml.saml2.encryption.Decrypter decrypter)
Decrypts an EncryptedID, using a decrypter.protected boolean
isDateValid(Instant issueInstant, int interval)
protected boolean
isIssueInstantValid(Instant issueInstant)
void
setAcceptedSkew(int acceptedSkew)
protected void
validateIssueInstant(Instant issueInstant)
protected void
validateIssuer(org.opensaml.saml.saml2.core.Issuer issuer, SAML2MessageContext context)
Validate issuer format and value.protected void
validateIssuerIfItExists(org.opensaml.saml.saml2.core.Issuer isser, SAML2MessageContext context)
protected void
validateSignature(org.opensaml.xmlsec.signature.Signature signature, String idpEntityId, org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine)
Validate the given digital signature by checking its profile and value.protected void
validateSignatureIfItExists(org.opensaml.xmlsec.signature.Signature signature, SAML2MessageContext context, org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine)
protected void
validateSuccess(org.opensaml.saml.saml2.core.Status status)
Validates that the response is a success.protected void
verifyEndpoint(org.opensaml.saml.saml2.metadata.Endpoint endpoint, String destination)
protected void
verifyMessageReplay(SAML2MessageContext context)
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.pac4j.saml.profile.api.SAML2ResponseValidator
setMaximumAuthenticationLifetime, validate
-
-
-
-
Field Detail
-
logger
protected final org.slf4j.Logger logger
-
signatureTrustEngineProvider
protected final SAML2SignatureTrustEngineProvider signatureTrustEngineProvider
-
uriComparator
protected final net.shibboleth.utilities.java.support.net.URIComparator uriComparator
-
decrypter
protected final org.opensaml.saml.saml2.encryption.Decrypter decrypter
-
logoutHandler
protected final LogoutHandler logoutHandler
-
replayCache
protected final ReplayCacheProvider replayCache
-
acceptedSkew
protected int acceptedSkew
-
-
Constructor Detail
-
AbstractSAML2ResponseValidator
protected AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider, org.opensaml.saml.saml2.encryption.Decrypter decrypter, LogoutHandler logoutHandler, ReplayCacheProvider replayCache)
-
AbstractSAML2ResponseValidator
protected AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider, org.opensaml.saml.saml2.encryption.Decrypter decrypter, LogoutHandler logoutHandler, ReplayCacheProvider replayCache, net.shibboleth.utilities.java.support.net.URIComparator uriComparator)
-
-
Method Detail
-
validateSuccess
protected void validateSuccess(org.opensaml.saml.saml2.core.Status status)
Validates that the response is a success.- Parameters:
status
- the response status.
-
validateSignatureIfItExists
protected void validateSignatureIfItExists(org.opensaml.xmlsec.signature.Signature signature, SAML2MessageContext context, org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine)
-
validateSignature
protected void validateSignature(org.opensaml.xmlsec.signature.Signature signature, String idpEntityId, org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine)
Validate the given digital signature by checking its profile and value.- Parameters:
signature
- the signatureidpEntityId
- the idp entity idtrustEngine
- the trust engine
-
validateIssuerIfItExists
protected void validateIssuerIfItExists(org.opensaml.saml.saml2.core.Issuer isser, SAML2MessageContext context)
-
validateIssuer
protected void validateIssuer(org.opensaml.saml.saml2.core.Issuer issuer, SAML2MessageContext context)
Validate issuer format and value.- Parameters:
issuer
- the issuercontext
- the context
-
validateIssueInstant
protected void validateIssueInstant(Instant issueInstant)
-
isIssueInstantValid
protected boolean isIssueInstantValid(Instant issueInstant)
-
isDateValid
protected boolean isDateValid(Instant issueInstant, int interval)
-
verifyEndpoint
protected void verifyEndpoint(org.opensaml.saml.saml2.metadata.Endpoint endpoint, String destination)
-
verifyMessageReplay
protected void verifyMessageReplay(SAML2MessageContext context)
-
decryptEncryptedId
protected org.opensaml.saml.saml2.core.NameID decryptEncryptedId(org.opensaml.saml.saml2.core.EncryptedID encryptedId, org.opensaml.saml.saml2.encryption.Decrypter decrypter) throws SAMLException
Decrypts an EncryptedID, using a decrypter.- Parameters:
encryptedId
- The EncryptedID to be decrypted.decrypter
- The decrypter to use.- Returns:
- Decrypted ID or
null
if any input isnull
. - Throws:
SAMLException
- If the input ID cannot be decrypted.
-
computeSloKey
protected String computeSloKey(String sessionIndex, org.opensaml.saml.saml2.core.NameID nameId)
-
setAcceptedSkew
public final void setAcceptedSkew(int acceptedSkew)
- Specified by:
setAcceptedSkew
in interfaceSAML2ResponseValidator
-
-