Class DefaultAssertionValidationContextBuilder
- java.lang.Object
-
- org.opensaml.saml.saml2.profile.impl.DefaultAssertionValidationContextBuilder
-
- All Implemented Interfaces:
Function<ValidateAssertions.AssertionValidationInput,ValidationContext>
public class DefaultAssertionValidationContextBuilder extends Object implements Function<ValidateAssertions.AssertionValidationInput,ValidationContext>
Function which implements default behavior for building an instance ofValidationContext
from an instance ofValidateAssertions.AssertionValidationInput
.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
DefaultAssertionValidationContextBuilder.DefaultValidInResponseToLookupFunction
Default strategy for resolving the valid InResponseTo value.static class
DefaultAssertionValidationContextBuilder.DefaultValidIssuersLookupFunction
Default strategy for resolving the valid Issuers.
-
Field Summary
Fields Modifier and Type Field Description private Function<ProfileRequestContext,Set<String>>
additionalAudiences
Function for determining additional valid audience values.private Predicate<ProfileRequestContext>
addressRequired
Predicate for determining whether an Assertion SubjectConfirmationData Address is required.private Predicate<ProfileRequestContext>
checkAddress
Predicate for determining whether an Assertion's network address(es) should be checked.private Predicate<ProfileRequestContext>
includeSelfEntityIDAsRecipient
Predicate for determining whether to include the self entityID as a valid Recipient.private Function<ProfileRequestContext,String>
inResponseTo
Function for determining the valid InResponseTo value.private Predicate<ProfileRequestContext>
inResponseToRequired
Predicate for determining whether an Assertion SubjectConfirmationData InResponseTo is required.private org.slf4j.Logger
log
Logger.private Function<ProfileRequestContext,Duration>
maximumTimeSinceAuthn
Function for determining the max allowed time since authentication.private Predicate<ProfileRequestContext>
notBeforeRequired
Predicate for determining whether an Assertion SubjectConfirmationData NotBefore is required.private Predicate<ProfileRequestContext>
notOnOrAfterRequired
Predicate for determining whether an Assertion SubjectConfirmationData NotOnOrAfter is required.private Predicate<ProfileRequestContext>
recipientRequired
Predicate for determining whether an Assertion SubjectConfirmationData Recipient is required.private Set<QName>
requiredConditions
The set of required Conditions.private Function<ProfileRequestContext,SecurityParametersContext>
securityParametersLookupStrategy
Resolver for security parameters context.private Function<Pair<ProfileRequestContext,Assertion>,CriteriaSet>
signatureCriteriaSetFunction
A function for resolving the signature validation CriteriaSet for a particular function.private Predicate<ProfileRequestContext>
signatureRequired
Predicate for determining whether an Assertion signature is required.private Function<ProfileRequestContext,Set<String>>
validIssuers
Function for determining additional valid Issuer values.
-
Constructor Summary
Constructors Constructor Description DefaultAssertionValidationContextBuilder()
Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description ValidationContext
apply(ValidateAssertions.AssertionValidationInput input)
protected Map<String,Object>
buildStaticParameters(ValidateAssertions.AssertionValidationInput input)
Build the static parameters map for input to theValidationContext
.Function<ProfileRequestContext,Set<String>>
getAdditionalAudiences()
Get the function for determining additional audience values.Predicate<ProfileRequestContext>
getAddressRequired()
Get the predicate which determines whether an Assertion SubjectConfirmationData Address is required.protected X509Certificate
getAttesterCertificate(ValidateAssertions.AssertionValidationInput input)
Get the attesting entity'sX509Certificate
.protected String
getAttesterIPAddress(ValidateAssertions.AssertionValidationInput input)
Get the attester's IP address.protected PublicKey
getAttesterPublicKey(ValidateAssertions.AssertionValidationInput input)
Get the attesting entity'sPublicKey
.Predicate<ProfileRequestContext>
getCheckAddress()
Get the predicate which determines whether an Assertion's network address(es) should be checked.Predicate<ProfileRequestContext>
getIncludeSelfEntityIDAsRecipient()
Get the predicate which determines whether to include the self entityID as a valid Recipient.Function<ProfileRequestContext,String>
getInResponseTo()
Get the function for determining the valid InResponseTo.Predicate<ProfileRequestContext>
getInResponseToRequired()
Get the predicate which determines whether an Assertion SubjectConfirmationData InResponseTo is required.Function<ProfileRequestContext,Duration>
getMaximumTimeSinceAuthn()
Get the function for determining the max allowed time since authentication.Predicate<ProfileRequestContext>
getNotBeforeRequired()
Get the predicate which determines whether an Assertion SubjectConfirmationData NotBefore is required.Predicate<ProfileRequestContext>
getNotOnOrAfterRequired()
Get the predicate which determines whether an Assertion SubjectConfirmationData NotOnOrAfter is required.Predicate<ProfileRequestContext>
getRecipientRequired()
Get the predicate which determines whether an Assertion SubjectConfirmationData Recipient is required.Set<QName>
getRequiredConditions()
Get the set of required Conditions.protected Set<QName>
getRequiredConditions(ValidateAssertions.AssertionValidationInput input)
Get the set of required Conditions.Function<ProfileRequestContext,SecurityParametersContext>
getSecurityParametersLookupStrategy()
Get the strategy by which to resolve aSecurityParametersContext
.protected String
getSelfEntityID(ValidateAssertions.AssertionValidationInput input)
Get the self entityID.protected CriteriaSet
getSignatureCriteriaSet(ValidateAssertions.AssertionValidationInput input)
Get the signature validation criteria set.Function<Pair<ProfileRequestContext,Assertion>,CriteriaSet>
getSignatureCriteriaSetFunction()
Get the function for resolving the signature validation CriteriaSet for a particular function.Predicate<ProfileRequestContext>
getSignatureRequired()
Get the predicate which determines whether an Assertion signature is required.protected Set<InetAddress>
getValidAddresses(ValidateAssertions.AssertionValidationInput input)
Get the set of addresses which are valid for subject confirmation.protected Set<String>
getValidAudiences(ValidateAssertions.AssertionValidationInput input)
Get the valid audiences for attestation.Function<ProfileRequestContext,Set<String>>
getValidIssuers()
Get the function for determining the valid Issuer valuesprotected Set<String>
getValidRecipients(ValidateAssertions.AssertionValidationInput input)
Get the valid recipient endpoints for attestation.private void
populateConditionsParameters(Map<String,Object> staticParams, ValidateAssertions.AssertionValidationInput input)
Populate the static Conditions parameters.protected void
populateSignatureCriteriaFromInboundContext(CriteriaSet criteriaSet, MessageContext inboundContext)
Populate signature criteria from the specifiedMessageContext
.private void
populateSignatureParameters(Map<String,Object> staticParams, ValidateAssertions.AssertionValidationInput input)
Populate the static signature parameters.private void
populateStatementParams(Map<String,Object> staticParams, ValidateAssertions.AssertionValidationInput input, Set<InetAddress> validAddresses, Boolean checkAddressEnabled)
Populate the static Statement params.private void
populateSubjectConfirmationParameters(Map<String,Object> staticParams, ValidateAssertions.AssertionValidationInput input, Set<InetAddress> validAddresses, Boolean checkAddressEnabled)
Populate the static SubjectConfirmation parameters.void
setAdditionalAudiences(Function<ProfileRequestContext,Set<String>> function)
Set the function for determining additional audience values.void
setAddressRequired(Predicate<ProfileRequestContext> predicate)
Set the predicate which determines whether an Assertion SubjectConfirmationData Address is required.void
setCheckAddress(Predicate<ProfileRequestContext> predicate)
Set the predicate which determines whether an Assertion's network address(es) should be checked.void
setIncludeSelfEntityIDAsRecipient(Predicate<ProfileRequestContext> predicate)
Set the predicate which determines whether to include the self entityID as a valid Recipient.void
setInResponseTo(Function<ProfileRequestContext,String> function)
Set the function for determining the valid InResponseTo.void
setInResponseToRequired(Predicate<ProfileRequestContext> predicate)
Set the predicate which determines whether an Assertion SubjectConfirmationData InResponseTo is required.void
setMaximumTimeSinceAuthn(Function<ProfileRequestContext,Duration> function)
Set the function for determining the max allowed time since authentication.void
setNotBeforeRequired(Predicate<ProfileRequestContext> predicate)
Set the predicate which determines whether an Assertion SubjectConfirmationData NotBefore is required.void
setNotOnOrAfterRequired(Predicate<ProfileRequestContext> predicate)
Set the predicate which determines whether an Assertion SubjectConfirmationData NotOnOrAfter is required.void
setRecipientRequired(Predicate<ProfileRequestContext> predicate)
Set the predicate which determines whether an Assertion SubjectConfirmationData Recipient is required.void
setRequiredConditions(Set<QName> conditions)
Set the set of required Conditions.void
setSecurityParametersLookupStrategy(Function<ProfileRequestContext,SecurityParametersContext> strategy)
Set the strategy by which to resolve aSecurityParametersContext
.void
setSignatureCriteriaSetFunction(Function<Pair<ProfileRequestContext,Assertion>,CriteriaSet> function)
Set the function for resolving the signature validation CriteriaSet for a particular function.void
setSignatureRequired(Predicate<ProfileRequestContext> predicate)
Set the predicate which determines whether an Assertion signature is required.void
setValidIssuers(Function<ProfileRequestContext,Set<String>> function)
Set the function for determining the valid Issuer values
-
-
-
Field Detail
-
log
@Nullable private org.slf4j.Logger log
Logger.
-
signatureCriteriaSetFunction
private Function<Pair<ProfileRequestContext,Assertion>,CriteriaSet> signatureCriteriaSetFunction
A function for resolving the signature validation CriteriaSet for a particular function.
-
signatureRequired
private Predicate<ProfileRequestContext> signatureRequired
Predicate for determining whether an Assertion signature is required.
-
checkAddress
private Predicate<ProfileRequestContext> checkAddress
Predicate for determining whether an Assertion's network address(es) should be checked.
-
maximumTimeSinceAuthn
private Function<ProfileRequestContext,Duration> maximumTimeSinceAuthn
Function for determining the max allowed time since authentication.
-
includeSelfEntityIDAsRecipient
private Predicate<ProfileRequestContext> includeSelfEntityIDAsRecipient
Predicate for determining whether to include the self entityID as a valid Recipient.
-
additionalAudiences
private Function<ProfileRequestContext,Set<String>> additionalAudiences
Function for determining additional valid audience values.
-
validIssuers
private Function<ProfileRequestContext,Set<String>> validIssuers
Function for determining additional valid Issuer values.
-
inResponseTo
private Function<ProfileRequestContext,String> inResponseTo
Function for determining the valid InResponseTo value.
-
inResponseToRequired
private Predicate<ProfileRequestContext> inResponseToRequired
Predicate for determining whether an Assertion SubjectConfirmationData InResponseTo is required.
-
recipientRequired
private Predicate<ProfileRequestContext> recipientRequired
Predicate for determining whether an Assertion SubjectConfirmationData Recipient is required.
-
notBeforeRequired
private Predicate<ProfileRequestContext> notBeforeRequired
Predicate for determining whether an Assertion SubjectConfirmationData NotBefore is required.
-
notOnOrAfterRequired
private Predicate<ProfileRequestContext> notOnOrAfterRequired
Predicate for determining whether an Assertion SubjectConfirmationData NotOnOrAfter is required.
-
addressRequired
private Predicate<ProfileRequestContext> addressRequired
Predicate for determining whether an Assertion SubjectConfirmationData Address is required.
-
securityParametersLookupStrategy
private Function<ProfileRequestContext,SecurityParametersContext> securityParametersLookupStrategy
Resolver for security parameters context.
-
-
Method Detail
-
getSecurityParametersLookupStrategy
@Nonnull public Function<ProfileRequestContext,SecurityParametersContext> getSecurityParametersLookupStrategy()
Get the strategy by which to resolve aSecurityParametersContext
.- Returns:
- the lookup strategy
-
setSecurityParametersLookupStrategy
public void setSecurityParametersLookupStrategy(@Nonnull Function<ProfileRequestContext,SecurityParametersContext> strategy)
Set the strategy by which to resolve aSecurityParametersContext
.- Parameters:
strategy
- the strategy function
-
getRequiredConditions
@Nonnull public Set<QName> getRequiredConditions()
Get the set of required Conditions.- Returns:
- the required conditions, may be null
-
setRequiredConditions
public void setRequiredConditions(@Nullable Set<QName> conditions)
Set the set of required Conditions.- Parameters:
conditions
- the required conditions
-
getIncludeSelfEntityIDAsRecipient
public Predicate<ProfileRequestContext> getIncludeSelfEntityIDAsRecipient()
Get the predicate which determines whether to include the self entityID as a valid Recipient.Defaults to an always false predicate;
- Returns:
- the predicate
-
setIncludeSelfEntityIDAsRecipient
public void setIncludeSelfEntityIDAsRecipient(@Nonnull Predicate<ProfileRequestContext> predicate)
Set the predicate which determines whether to include the self entityID as a valid Recipient.Defaults to an always false predicate.
- Parameters:
predicate
- the predicate, must be non-null
-
getSignatureRequired
public Predicate<ProfileRequestContext> getSignatureRequired()
Get the predicate which determines whether an Assertion signature is required.Defaults to an always true predicate;
- Returns:
- the predicate
-
setSignatureRequired
public void setSignatureRequired(@Nonnull Predicate<ProfileRequestContext> predicate)
Set the predicate which determines whether an Assertion signature is required.Defaults to an always true predicate.
- Parameters:
predicate
- the predicate, must be non-null
-
setInResponseTo
public void setInResponseTo(@Nonnull Function<ProfileRequestContext,String> function)
Set the function for determining the valid InResponseTo.Defaults to null.
- Parameters:
function
- the function, may be null
-
getInResponseTo
public Function<ProfileRequestContext,String> getInResponseTo()
Get the function for determining the valid InResponseTo.Defaults to null.
- Returns:
- the function
-
getInResponseToRequired
public Predicate<ProfileRequestContext> getInResponseToRequired()
Get the predicate which determines whether an Assertion SubjectConfirmationData InResponseTo is required.Defaults to an always false predicate;
- Returns:
- the predicate
-
setInResponseToRequired
public void setInResponseToRequired(@Nonnull Predicate<ProfileRequestContext> predicate)
Set the predicate which determines whether an Assertion SubjectConfirmationData InResponseTo is required.Defaults to an always false predicate.
- Parameters:
predicate
- the predicate, must be non-null
-
getRecipientRequired
public Predicate<ProfileRequestContext> getRecipientRequired()
Get the predicate which determines whether an Assertion SubjectConfirmationData Recipient is required.Defaults to an always false predicate;
- Returns:
- the predicate
-
setRecipientRequired
public void setRecipientRequired(@Nonnull Predicate<ProfileRequestContext> predicate)
Set the predicate which determines whether an Assertion SubjectConfirmationData Recipient is required.Defaults to an always false predicate.
- Parameters:
predicate
- the predicate, must be non-null
-
getNotBeforeRequired
public Predicate<ProfileRequestContext> getNotBeforeRequired()
Get the predicate which determines whether an Assertion SubjectConfirmationData NotBefore is required.Defaults to an always false predicate;
- Returns:
- the predicate
-
setNotBeforeRequired
public void setNotBeforeRequired(@Nonnull Predicate<ProfileRequestContext> predicate)
Set the predicate which determines whether an Assertion SubjectConfirmationData NotBefore is required.Defaults to an always false predicate.
- Parameters:
predicate
- the predicate, must be non-null
-
getNotOnOrAfterRequired
public Predicate<ProfileRequestContext> getNotOnOrAfterRequired()
Get the predicate which determines whether an Assertion SubjectConfirmationData NotOnOrAfter is required.Defaults to an always false predicate;
- Returns:
- the predicate
-
setNotOnOrAfterRequired
public void setNotOnOrAfterRequired(@Nonnull Predicate<ProfileRequestContext> predicate)
Set the predicate which determines whether an Assertion SubjectConfirmationData NotOnOrAfter is required.Defaults to an always false predicate.
- Parameters:
predicate
- the predicate, must be non-null
-
getAddressRequired
public Predicate<ProfileRequestContext> getAddressRequired()
Get the predicate which determines whether an Assertion SubjectConfirmationData Address is required.Defaults to an always false predicate;
- Returns:
- the predicate
-
setAddressRequired
public void setAddressRequired(@Nonnull Predicate<ProfileRequestContext> predicate)
Set the predicate which determines whether an Assertion SubjectConfirmationData Address is required.Defaults to an always false predicate.
- Parameters:
predicate
- the predicate, must be non-null
-
getCheckAddress
public Predicate<ProfileRequestContext> getCheckAddress()
Get the predicate which determines whether an Assertion's network address(es) should be checked.Defaults to an always true predicate;
- Returns:
- the predicate
-
setCheckAddress
public void setCheckAddress(@Nonnull Predicate<ProfileRequestContext> predicate)
Set the predicate which determines whether an Assertion's network address(es) should be checked.Defaults to an always true predicate.
- Parameters:
predicate
- the predicate, must be non-null
-
getAdditionalAudiences
public Function<ProfileRequestContext,Set<String>> getAdditionalAudiences()
Get the function for determining additional audience values.Defaults to null.
- Returns:
- the function
-
setAdditionalAudiences
public void setAdditionalAudiences(@Nonnull Function<ProfileRequestContext,Set<String>> function)
Set the function for determining additional audience values.Defaults to null.
- Parameters:
function
- the function, may be null
-
getValidIssuers
public Function<ProfileRequestContext,Set<String>> getValidIssuers()
Get the function for determining the valid Issuer valuesDefaults to an implementation which resolves the outbound SAML peer entityID.
- Returns:
- the function
-
setValidIssuers
public void setValidIssuers(@Nonnull Function<ProfileRequestContext,Set<String>> function)
Set the function for determining the valid Issuer valuesDefaults to an implementation which resolves the outbound SAML peer entityID.
- Parameters:
function
- the function, may be null
-
getMaximumTimeSinceAuthn
public Function<ProfileRequestContext,Duration> getMaximumTimeSinceAuthn()
Get the function for determining the max allowed time since authentication.Defaults to null.
- Returns:
- the function
-
setMaximumTimeSinceAuthn
public void setMaximumTimeSinceAuthn(@Nonnull Function<ProfileRequestContext,Duration> function)
Set the function for determining the max allowed time since authentication.Defaults to null.
- Parameters:
function
- the function, may be null
-
getSignatureCriteriaSetFunction
@Nullable public Function<Pair<ProfileRequestContext,Assertion>,CriteriaSet> getSignatureCriteriaSetFunction()
Get the function for resolving the signature validation CriteriaSet for a particular function.Defaults to:
null
.- Returns:
- a criteria set instance, or null
-
setSignatureCriteriaSetFunction
public void setSignatureCriteriaSetFunction(@Nullable Function<Pair<ProfileRequestContext,Assertion>,CriteriaSet> function)
Set the function for resolving the signature validation CriteriaSet for a particular function.Defaults to:
null
.- Parameters:
function
- the resolving function, may be null
-
apply
@Nullable public ValidationContext apply(@Nullable ValidateAssertions.AssertionValidationInput input)
- Specified by:
apply
in interfaceFunction<ValidateAssertions.AssertionValidationInput,ValidationContext>
-
buildStaticParameters
@Nonnull protected Map<String,Object> buildStaticParameters(@Nonnull ValidateAssertions.AssertionValidationInput input)
Build the static parameters map for input to theValidationContext
.- Parameters:
input
- the assertion validation input- Returns:
- the static parameters map
-
populateSignatureParameters
private void populateSignatureParameters(@Nonnull Map<String,Object> staticParams, @Nonnull ValidateAssertions.AssertionValidationInput input)
Populate the static signature parameters.- Parameters:
staticParams
- the parameters being populatedinput
- validation input
-
populateConditionsParameters
private void populateConditionsParameters(@Nonnull Map<String,Object> staticParams, @Nonnull ValidateAssertions.AssertionValidationInput input)
Populate the static Conditions parameters.- Parameters:
staticParams
- the parameters being populatedinput
- validation input
-
populateSubjectConfirmationParameters
private void populateSubjectConfirmationParameters(@Nonnull Map<String,Object> staticParams, @Nonnull ValidateAssertions.AssertionValidationInput input, @Nonnull Set<InetAddress> validAddresses, @Nonnull Boolean checkAddressEnabled)
Populate the static SubjectConfirmation parameters.- Parameters:
staticParams
- the parameters being populatedinput
- validation inputvalidAddresses
- the valid addressescheckAddressEnabled
- whether address checking is enabled
-
populateStatementParams
private void populateStatementParams(@Nonnull Map<String,Object> staticParams, @Nonnull ValidateAssertions.AssertionValidationInput input, @Nonnull Set<InetAddress> validAddresses, @Nonnull Boolean checkAddressEnabled)
Populate the static Statement params.- Parameters:
staticParams
- the parameters being populatedinput
- validation inputvalidAddresses
- the valid addressescheckAddressEnabled
- whether address checking is enabled
-
getRequiredConditions
@Nonnull protected Set<QName> getRequiredConditions(@Nonnull ValidateAssertions.AssertionValidationInput input)
Get the set of required Conditions.The default behavior is to return the locally-configured data via
getRequiredConditions()
.- Parameters:
input
- the assertion validation input- Returns:
- the set of required Condition names, may be null
-
getSignatureCriteriaSet
@Nonnull protected CriteriaSet getSignatureCriteriaSet(@Nonnull ValidateAssertions.AssertionValidationInput input)
Get the signature validation criteria set.This implementation first evaluates the result of applying the function
getSignatureCriteriaSetFunction()
, if configured. If that evaluation did not produce anEntityIdCriterion
, one is added based on the issuer of theAssertion
. If that evaluation did not produce an instance ofUsageCriterion
, one is added with the value ofUsageType.SIGNING
.Finally the following criteria are added if not already present and if the corresponding data is available in the inbound
MessageContext
:- Parameters:
input
- the assertion validation input- Returns:
- the criteria set based on the message context data
-
populateSignatureCriteriaFromInboundContext
protected void populateSignatureCriteriaFromInboundContext(@Nonnull CriteriaSet criteriaSet, @Nonnull MessageContext inboundContext)
Populate signature criteria from the specifiedMessageContext
.- Parameters:
criteriaSet
- the criteria set to populateinboundContext
- the inbound message context
-
getAttesterCertificate
@Nullable protected X509Certificate getAttesterCertificate(@Nonnull ValidateAssertions.AssertionValidationInput input)
Get the attesting entity'sX509Certificate
.This implementation returns the client TLS certificate present in the
HttpServletRequest
, or null if one is not present.- Parameters:
input
- the assertion validation input- Returns:
- the entity certificate, or null
-
getAttesterPublicKey
@Nullable protected PublicKey getAttesterPublicKey(@Nonnull ValidateAssertions.AssertionValidationInput input)
Get the attesting entity'sPublicKey
.This implementation returns null. Subclasses should override to implement specific logic.
- Parameters:
input
- the assertion validation input- Returns:
- the entity public key, or null
-
getValidRecipients
@Nonnull protected Set<String> getValidRecipients(@Nonnull ValidateAssertions.AssertionValidationInput input)
Get the valid recipient endpoints for attestation.This implementation returns a set containing the 2 values;
-
the result of evaluating
SAMLBindingSupport.getActualReceiverEndpointURI(MessageContext, javax.servlet.http.HttpServletRequest)
-
if enabled via the eval of
getIncludeSelfEntityIDAsRecipient()
, the value from evaluatinggetSelfEntityID(AssertionValidationInput)
if non-null
- Parameters:
input
- the assertion validation input- Returns:
- set of recipient endpoint URI's
-
the result of evaluating
-
getValidAddresses
@Nonnull protected Set<InetAddress> getValidAddresses(@Nonnull ValidateAssertions.AssertionValidationInput input)
Get the set of addresses which are valid for subject confirmation.This implementation simply returns the set based on
getAttesterIPAddress(AssertionValidationInput)
, if that produces a value. Otherwise an empty set is returned.- Parameters:
input
- the assertion validation input- Returns:
- the set of valid addresses
-
getAttesterIPAddress
@Nonnull protected String getAttesterIPAddress(@Nonnull ValidateAssertions.AssertionValidationInput input)
Get the attester's IP address.This implementation returns the value of
ServletRequest.getRemoteAddr()
.- Parameters:
input
- the assertion validation input- Returns:
- the IP address of the attester
-
getValidAudiences
@Nonnull protected Set<String> getValidAudiences(@Nonnull ValidateAssertions.AssertionValidationInput input)
Get the valid audiences for attestation.This implementation returns a set containing the union of:
- the result of
getSelfEntityID(AssertionValidationInput)
, if non-null - the result of evaluating
getAdditionalAudiences()
, if non-null
- Parameters:
input
- the assertion validation input- Returns:
- set of audience URI's
- the result of
-
getSelfEntityID
@Nullable protected String getSelfEntityID(@Nonnull ValidateAssertions.AssertionValidationInput input)
Get the self entityID.- Parameters:
input
- the assertion validation input- Returns:
- the self entityID, or null if could not be resolved
-
-