Package org.pac4j.saml.profile.impl
Class AbstractSAML2ResponseValidator
- java.lang.Object
-
- org.pac4j.saml.profile.impl.AbstractSAML2ResponseValidator
-
- All Implemented Interfaces:
SAML2ResponseValidator
- Direct Known Subclasses:
SAML2AuthnResponseValidator
,SAML2LogoutValidator
public abstract class AbstractSAML2ResponseValidator extends java.lang.Object implements SAML2ResponseValidator
The abstract class for all SAML response validators.- Since:
- 3.4.0
- Author:
- Jerome Leleu
-
-
Field Summary
Fields Modifier and Type Field Description protected long
acceptedSkew
protected org.opensaml.saml.saml2.encryption.Decrypter
decrypter
protected org.slf4j.Logger
logger
protected org.pac4j.core.logout.handler.LogoutHandler
logoutHandler
protected ReplayCacheProvider
replayCache
protected SAML2SignatureTrustEngineProvider
signatureTrustEngineProvider
protected net.shibboleth.utilities.java.support.net.URIComparator
uriComparator
-
Constructor Summary
Constructors Modifier Constructor Description protected
AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider, org.opensaml.saml.saml2.encryption.Decrypter decrypter, org.pac4j.core.logout.handler.LogoutHandler logoutHandler, ReplayCacheProvider replayCache, net.shibboleth.utilities.java.support.net.URIComparator uriComparator)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected boolean
compareEndpoints(java.lang.String destination, java.lang.String endpoint)
protected java.lang.String
computeSloKey(java.lang.String sessionIndex, SAML2Credentials.SAMLNameID nameId)
protected org.opensaml.saml.saml2.core.NameID
decryptEncryptedId(org.opensaml.saml.saml2.core.EncryptedID encryptedId, org.opensaml.saml.saml2.encryption.Decrypter decrypter)
Decrypts an EncryptedID, using a decrypter.protected boolean
isDateValid(java.time.Instant issueInstant, long interval)
protected boolean
isIssueInstantValid(java.time.Instant issueInstant)
void
setAcceptedSkew(long acceptedSkew)
protected void
validateIssueInstant(java.time.Instant issueInstant)
protected void
validateIssuer(org.opensaml.saml.saml2.core.Issuer issuer, SAML2MessageContext context)
Validate issuer format and value.protected void
validateIssuerIfItExists(org.opensaml.saml.saml2.core.Issuer isser, SAML2MessageContext context)
protected void
validateSignature(org.opensaml.xmlsec.signature.Signature signature, java.lang.String idpEntityId, org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine)
Validate the given digital signature by checking its profile and value.protected void
validateSignatureIfItExists(org.opensaml.xmlsec.signature.Signature signature, SAML2MessageContext context, org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine)
protected void
validateSuccess(org.opensaml.saml.saml2.core.Status status)
Validates that the response is a success.protected void
verifyEndpoint(java.util.List<java.lang.String> endpoints, java.lang.String destination, boolean isDestinationMandatory)
protected void
verifyMessageReplay(SAML2MessageContext context)
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.pac4j.saml.profile.api.SAML2ResponseValidator
validate
-
-
-
-
Field Detail
-
logger
protected final org.slf4j.Logger logger
-
signatureTrustEngineProvider
protected final SAML2SignatureTrustEngineProvider signatureTrustEngineProvider
-
uriComparator
protected final net.shibboleth.utilities.java.support.net.URIComparator uriComparator
-
decrypter
protected final org.opensaml.saml.saml2.encryption.Decrypter decrypter
-
logoutHandler
protected final org.pac4j.core.logout.handler.LogoutHandler logoutHandler
-
replayCache
protected final ReplayCacheProvider replayCache
-
acceptedSkew
protected long acceptedSkew
-
-
Constructor Detail
-
AbstractSAML2ResponseValidator
protected AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider, org.opensaml.saml.saml2.encryption.Decrypter decrypter, org.pac4j.core.logout.handler.LogoutHandler logoutHandler, ReplayCacheProvider replayCache, net.shibboleth.utilities.java.support.net.URIComparator uriComparator)
-
-
Method Detail
-
validateSuccess
protected void validateSuccess(org.opensaml.saml.saml2.core.Status status)
Validates that the response is a success.- Parameters:
status
- the response status.
-
validateSignatureIfItExists
protected void validateSignatureIfItExists(org.opensaml.xmlsec.signature.Signature signature, SAML2MessageContext context, org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine)
-
validateSignature
protected void validateSignature(org.opensaml.xmlsec.signature.Signature signature, java.lang.String idpEntityId, org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine)
Validate the given digital signature by checking its profile and value.- Parameters:
signature
- the signatureidpEntityId
- the idp entity idtrustEngine
- the trust engine
-
validateIssuerIfItExists
protected void validateIssuerIfItExists(org.opensaml.saml.saml2.core.Issuer isser, SAML2MessageContext context)
-
validateIssuer
protected void validateIssuer(org.opensaml.saml.saml2.core.Issuer issuer, SAML2MessageContext context)
Validate issuer format and value.- Parameters:
issuer
- the issuercontext
- the context
-
validateIssueInstant
protected void validateIssueInstant(java.time.Instant issueInstant)
-
isIssueInstantValid
protected boolean isIssueInstantValid(java.time.Instant issueInstant)
-
isDateValid
protected boolean isDateValid(java.time.Instant issueInstant, long interval)
-
verifyEndpoint
protected void verifyEndpoint(java.util.List<java.lang.String> endpoints, java.lang.String destination, boolean isDestinationMandatory)
-
compareEndpoints
protected boolean compareEndpoints(java.lang.String destination, java.lang.String endpoint)
-
verifyMessageReplay
protected void verifyMessageReplay(SAML2MessageContext context)
-
decryptEncryptedId
protected org.opensaml.saml.saml2.core.NameID decryptEncryptedId(org.opensaml.saml.saml2.core.EncryptedID encryptedId, org.opensaml.saml.saml2.encryption.Decrypter decrypter) throws SAMLException
Decrypts an EncryptedID, using a decrypter.- Parameters:
encryptedId
- The EncryptedID to be decrypted.decrypter
- The decrypter to use.- Returns:
- Decrypted ID or
null
if any input isnull
. - Throws:
SAMLException
- If the input ID cannot be decrypted.
-
computeSloKey
protected java.lang.String computeSloKey(java.lang.String sessionIndex, SAML2Credentials.SAMLNameID nameId)
-
setAcceptedSkew
public final void setAcceptedSkew(long acceptedSkew)
- Specified by:
setAcceptedSkew
in interfaceSAML2ResponseValidator
-
-