Package org.pac4j.saml.profile.impl
Class AbstractSAML2ResponseValidator
java.lang.Object
org.pac4j.saml.profile.impl.AbstractSAML2ResponseValidator
- All Implemented Interfaces:
SAML2ResponseValidator
- Direct Known Subclasses:
SAML2AuthnResponseValidator
,SAML2LogoutValidator
public abstract class AbstractSAML2ResponseValidator
extends Object
implements SAML2ResponseValidator
The abstract class for all SAML response validators.
- Since:
- 3.4.0
- Author:
- Jerome Leleu
-
Field Summary
Modifier and TypeFieldDescriptionprotected long
protected final org.opensaml.saml.saml2.encryption.Decrypter
protected final org.slf4j.Logger
protected final org.pac4j.core.logout.handler.LogoutHandler
protected final ReplayCacheProvider
protected final SAML2SignatureTrustEngineProvider
protected final net.shibboleth.utilities.java.support.net.URIComparator
-
Constructor Summary
ModifierConstructorDescriptionprotected
AbstractSAML2ResponseValidator
(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider, org.opensaml.saml.saml2.encryption.Decrypter decrypter, org.pac4j.core.logout.handler.LogoutHandler logoutHandler, ReplayCacheProvider replayCache, net.shibboleth.utilities.java.support.net.URIComparator uriComparator) -
Method Summary
Modifier and TypeMethodDescriptionprotected boolean
compareEndpoints
(String destination, String endpoint) protected String
computeSloKey
(String sessionIndex, SAML2Credentials.SAMLNameID nameId) protected org.opensaml.saml.saml2.core.NameID
decryptEncryptedId
(org.opensaml.saml.saml2.core.EncryptedID encryptedId, org.opensaml.saml.saml2.encryption.Decrypter decrypter) Decrypts an EncryptedID, using a decrypter.protected boolean
isDateValid
(Instant issueInstant, long interval) protected boolean
isIssueInstantValid
(Instant issueInstant) final void
setAcceptedSkew
(long acceptedSkew) protected void
validateIssueInstant
(Instant issueInstant) protected void
validateIssuer
(org.opensaml.saml.saml2.core.Issuer issuer, SAML2MessageContext context) Validate issuer format and value.protected void
validateIssuerIfItExists
(org.opensaml.saml.saml2.core.Issuer isser, SAML2MessageContext context) protected void
validateSignature
(org.opensaml.xmlsec.signature.Signature signature, String idpEntityId, org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine) Validate the given digital signature by checking its profile and value.protected void
validateSignatureIfItExists
(org.opensaml.xmlsec.signature.Signature signature, SAML2MessageContext context, org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine) protected void
validateSuccess
(org.opensaml.saml.saml2.core.Status status) Validates that the response is a success.protected void
verifyEndpoint
(List<String> endpoints, String destination, boolean isDestinationMandatory) protected void
verifyMessageReplay
(SAML2MessageContext context) Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.pac4j.saml.profile.api.SAML2ResponseValidator
validate
-
Field Details
-
logger
protected final org.slf4j.Logger logger -
signatureTrustEngineProvider
-
uriComparator
protected final net.shibboleth.utilities.java.support.net.URIComparator uriComparator -
decrypter
protected final org.opensaml.saml.saml2.encryption.Decrypter decrypter -
logoutHandler
protected final org.pac4j.core.logout.handler.LogoutHandler logoutHandler -
replayCache
-
acceptedSkew
protected long acceptedSkew
-
-
Constructor Details
-
AbstractSAML2ResponseValidator
protected AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider, org.opensaml.saml.saml2.encryption.Decrypter decrypter, org.pac4j.core.logout.handler.LogoutHandler logoutHandler, ReplayCacheProvider replayCache, net.shibboleth.utilities.java.support.net.URIComparator uriComparator)
-
-
Method Details
-
validateSuccess
protected void validateSuccess(org.opensaml.saml.saml2.core.Status status) Validates that the response is a success.- Parameters:
status
- the response status.
-
validateSignatureIfItExists
protected void validateSignatureIfItExists(org.opensaml.xmlsec.signature.Signature signature, SAML2MessageContext context, org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine) -
validateSignature
protected void validateSignature(org.opensaml.xmlsec.signature.Signature signature, String idpEntityId, org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine) Validate the given digital signature by checking its profile and value.- Parameters:
signature
- the signatureidpEntityId
- the idp entity idtrustEngine
- the trust engine
-
validateIssuerIfItExists
protected void validateIssuerIfItExists(org.opensaml.saml.saml2.core.Issuer isser, SAML2MessageContext context) -
validateIssuer
protected void validateIssuer(org.opensaml.saml.saml2.core.Issuer issuer, SAML2MessageContext context) Validate issuer format and value.- Parameters:
issuer
- the issuercontext
- the context
-
validateIssueInstant
-
isIssueInstantValid
-
isDateValid
-
verifyEndpoint
-
compareEndpoints
-
verifyMessageReplay
-
decryptEncryptedId
protected org.opensaml.saml.saml2.core.NameID decryptEncryptedId(org.opensaml.saml.saml2.core.EncryptedID encryptedId, org.opensaml.saml.saml2.encryption.Decrypter decrypter) throws SAMLException Decrypts an EncryptedID, using a decrypter.- Parameters:
encryptedId
- The EncryptedID to be decrypted.decrypter
- The decrypter to use.- Returns:
- Decrypted ID or
null
if any input isnull
. - Throws:
SAMLException
- If the input ID cannot be decrypted.
-
computeSloKey
-
setAcceptedSkew
public final void setAcceptedSkew(long acceptedSkew) - Specified by:
setAcceptedSkew
in interfaceSAML2ResponseValidator
-