Class DefaultSAML20AssertionValidationContextBuilder
- java.lang.Object
-
- org.opensaml.saml.saml2.wssecurity.messaging.impl.DefaultSAML20AssertionValidationContextBuilder
-
- All Implemented Interfaces:
Function<SAML20AssertionTokenValidationInput,ValidationContext>
public class DefaultSAML20AssertionValidationContextBuilder extends Object implements Function<SAML20AssertionTokenValidationInput,ValidationContext>
Function which implements default behavior for building an instance ofValidationContext
from an instance ofSAML20AssertionTokenValidationInput
.
-
-
Field Summary
Fields Modifier and Type Field Description private org.slf4j.Logger
log
Logger.private Function<Pair<MessageContext,Assertion>,CriteriaSet>
signatureCriteriaSetFunction
A function for resolving the signature validation CriteriaSet for a particular function.private boolean
signatureRequired
Flag indicating whether an Assertion signature is required.
-
Constructor Summary
Constructors Constructor Description DefaultSAML20AssertionValidationContextBuilder()
Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description ValidationContext
apply(SAML20AssertionTokenValidationInput input)
protected Map<String,Object>
buildStaticParameters(SAML20AssertionTokenValidationInput input)
Build the static parameters map for input to theValidationContext
.protected X509Certificate
getAttesterCertificate(SAML20AssertionTokenValidationInput input)
Get the attesting entity'sX509Certificate
.protected String
getAttesterIPAddress(SAML20AssertionTokenValidationInput input)
Get the attester's IP address.protected PublicKey
getAttesterPublicKey(SAML20AssertionTokenValidationInput input)
Get the attesting entity'sPublicKey
.protected CriteriaSet
getSignatureCriteriaSet(SAML20AssertionTokenValidationInput input)
Get the signature validation criteria set.Function<Pair<MessageContext,Assertion>,CriteriaSet>
getSignatureCriteriaSetFunction()
Get the function for resolving the signature validation CriteriaSet for a particular function.protected Set<InetAddress>
getValidAddresses(SAML20AssertionTokenValidationInput input)
Get the set of addresses which are valid for subject confirmation.protected Set<String>
getValidAudiences(SAML20AssertionTokenValidationInput input)
Get the valid audiences for attestation.protected Set<String>
getValidRecipients(SAML20AssertionTokenValidationInput input)
Get the valid recipient endpoints for attestation.boolean
isSignatureRequired()
Get the flag indicating whether an Assertion signature is required.void
setSignatureCriteriaSetFunction(Function<Pair<MessageContext,Assertion>,CriteriaSet> function)
Set the function for resolving the signature validation CriteriaSet for a particular function.void
setSignatureRequired(boolean flag)
Set the flag indicating whether an Assertion signature is required.
-
-
-
Field Detail
-
log
@Nullable private org.slf4j.Logger log
Logger.
-
signatureCriteriaSetFunction
private Function<Pair<MessageContext,Assertion>,CriteriaSet> signatureCriteriaSetFunction
A function for resolving the signature validation CriteriaSet for a particular function.
-
signatureRequired
private boolean signatureRequired
Flag indicating whether an Assertion signature is required.
-
-
Method Detail
-
isSignatureRequired
public boolean isSignatureRequired()
Get the flag indicating whether an Assertion signature is required.Defaults to:
true
.- Returns:
- true if required, false if not
-
setSignatureRequired
public void setSignatureRequired(boolean flag)
Set the flag indicating whether an Assertion signature is required.Defaults to:
true
.- Parameters:
flag
- true if required, false if not
-
getSignatureCriteriaSetFunction
@Nullable public Function<Pair<MessageContext,Assertion>,CriteriaSet> getSignatureCriteriaSetFunction()
Get the function for resolving the signature validation CriteriaSet for a particular function.Defaults to:
null
.- Returns:
- a criteria set instance, or null
-
setSignatureCriteriaSetFunction
public void setSignatureCriteriaSetFunction(@Nullable Function<Pair<MessageContext,Assertion>,CriteriaSet> function)
Set the function for resolving the signature validation CriteriaSet for a particular function.Defaults to:
null
.- Parameters:
function
- the resolving function, may be null
-
apply
@Nullable public ValidationContext apply(@Nullable SAML20AssertionTokenValidationInput input)
- Specified by:
apply
in interfaceFunction<SAML20AssertionTokenValidationInput,ValidationContext>
-
buildStaticParameters
@Nonnull protected Map<String,Object> buildStaticParameters(@Nonnull SAML20AssertionTokenValidationInput input)
Build the static parameters map for input to theValidationContext
.- Parameters:
input
- the assertion validation input- Returns:
- the static parameters map
-
getSignatureCriteriaSet
@Nonnull protected CriteriaSet getSignatureCriteriaSet(@Nonnull SAML20AssertionTokenValidationInput input)
Get the signature validation criteria set.This implementation first evaluates the result of applying the function
getSignatureCriteriaSetFunction()
, if configured. If that evaluation did not produce anEntityIdCriterion
, one is added based on the issuer of theAssertion
. If that evaluation did not produce an instance ofUsageCriterion
, one is added with the value ofUsageType.SIGNING
.- Parameters:
input
- the assertion validation input- Returns:
- the criteria set based on the message context data
-
getAttesterCertificate
@Nullable protected X509Certificate getAttesterCertificate(@Nonnull SAML20AssertionTokenValidationInput input)
Get the attesting entity'sX509Certificate
.This implementation returns the client TLS certificate present in the
HttpServletRequest
, or null if one is not present.- Parameters:
input
- the assertion validation input- Returns:
- the entity certificate, or null
-
getAttesterPublicKey
@Nullable protected PublicKey getAttesterPublicKey(@Nonnull SAML20AssertionTokenValidationInput input)
Get the attesting entity'sPublicKey
.This implementation returns null. Subclasses should override to implement specific logic.
- Parameters:
input
- the assertion validation input- Returns:
- the entity public key, or null
-
getValidRecipients
@Nonnull protected Set<String> getValidRecipients(@Nonnull SAML20AssertionTokenValidationInput input)
Get the valid recipient endpoints for attestation.This implementation returns a set containing the 2 values;
-
HttpServletRequest.getRequestURL()
-
if present,
AbstractSAMLEntityContext.getEntityId()
- Parameters:
input
- the assertion validation input- Returns:
- set of recipient endpoint URI's
-
-
getValidAddresses
@Nonnull protected Set<InetAddress> getValidAddresses(@Nonnull SAML20AssertionTokenValidationInput input)
Get the set of addresses which are valid for subject confirmation.This implementation simply returns the set based on
getAttesterIPAddress(SAML20AssertionTokenValidationInput)
, if that produces a value. Otherwise an empty set is returned.- Parameters:
input
- the assertion validation input- Returns:
- the set of valid addresses
-
getAttesterIPAddress
@Nonnull protected String getAttesterIPAddress(@Nonnull SAML20AssertionTokenValidationInput input)
Get the attester's IP address.This implementation returns the value of
ServletRequest.getRemoteAddr()
.- Parameters:
input
- the assertion validation input- Returns:
- the IP address of the attester
-
getValidAudiences
@Nonnull protected Set<String> getValidAudiences(@Nonnull SAML20AssertionTokenValidationInput input)
Get the valid audiences for attestation.This implementation returns a set containing the single entityID held by the message context's
AbstractSAMLEntityContext.getEntityId()
, if present. Otherwise an empty set is returned.- Parameters:
input
- the assertion validation input- Returns:
- set of audience URI's
-
-