Class DefaultSAML20AssertionValidationContextBuilder
- java.lang.Object
-
- org.opensaml.saml.saml2.wssecurity.messaging.impl.DefaultSAML20AssertionValidationContextBuilder
-
- All Implemented Interfaces:
Function<SAML20AssertionTokenValidationInput,ValidationContext>
public class DefaultSAML20AssertionValidationContextBuilder extends Object implements Function<SAML20AssertionTokenValidationInput,ValidationContext>
Function which implements default behavior for building an instance ofValidationContextfrom an instance ofSAML20AssertionTokenValidationInput.
-
-
Field Summary
Fields Modifier and Type Field Description private org.slf4j.LoggerlogLogger.private Function<Pair<MessageContext,Assertion>,CriteriaSet>signatureCriteriaSetFunctionA function for resolving the signature validation CriteriaSet for a particular function.private booleansignatureRequiredFlag indicating whether an Assertion signature is required.
-
Constructor Summary
Constructors Constructor Description DefaultSAML20AssertionValidationContextBuilder()Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description ValidationContextapply(SAML20AssertionTokenValidationInput input)protected Map<String,Object>buildStaticParameters(SAML20AssertionTokenValidationInput input)Build the static parameters map for input to theValidationContext.protected X509CertificategetAttesterCertificate(SAML20AssertionTokenValidationInput input)Get the attesting entity'sX509Certificate.protected StringgetAttesterIPAddress(SAML20AssertionTokenValidationInput input)Get the attester's IP address.protected PublicKeygetAttesterPublicKey(SAML20AssertionTokenValidationInput input)Get the attesting entity'sPublicKey.protected CriteriaSetgetSignatureCriteriaSet(SAML20AssertionTokenValidationInput input)Get the signature validation criteria set.Function<Pair<MessageContext,Assertion>,CriteriaSet>getSignatureCriteriaSetFunction()Get the function for resolving the signature validation CriteriaSet for a particular function.protected Set<InetAddress>getValidAddresses(SAML20AssertionTokenValidationInput input)Get the set of addresses which are valid for subject confirmation.protected Set<String>getValidAudiences(SAML20AssertionTokenValidationInput input)Get the valid audiences for attestation.protected Set<String>getValidRecipients(SAML20AssertionTokenValidationInput input)Get the valid recipient endpoints for attestation.booleanisSignatureRequired()Get the flag indicating whether an Assertion signature is required.voidsetSignatureCriteriaSetFunction(Function<Pair<MessageContext,Assertion>,CriteriaSet> function)Set the function for resolving the signature validation CriteriaSet for a particular function.voidsetSignatureRequired(boolean flag)Set the flag indicating whether an Assertion signature is required.
-
-
-
Field Detail
-
log
@Nullable private org.slf4j.Logger log
Logger.
-
signatureCriteriaSetFunction
private Function<Pair<MessageContext,Assertion>,CriteriaSet> signatureCriteriaSetFunction
A function for resolving the signature validation CriteriaSet for a particular function.
-
signatureRequired
private boolean signatureRequired
Flag indicating whether an Assertion signature is required.
-
-
Method Detail
-
isSignatureRequired
public boolean isSignatureRequired()
Get the flag indicating whether an Assertion signature is required.Defaults to:
true.- Returns:
- true if required, false if not
-
setSignatureRequired
public void setSignatureRequired(boolean flag)
Set the flag indicating whether an Assertion signature is required.Defaults to:
true.- Parameters:
flag- true if required, false if not
-
getSignatureCriteriaSetFunction
@Nullable public Function<Pair<MessageContext,Assertion>,CriteriaSet> getSignatureCriteriaSetFunction()
Get the function for resolving the signature validation CriteriaSet for a particular function.Defaults to:
null.- Returns:
- a criteria set instance, or null
-
setSignatureCriteriaSetFunction
public void setSignatureCriteriaSetFunction(@Nullable Function<Pair<MessageContext,Assertion>,CriteriaSet> function)Set the function for resolving the signature validation CriteriaSet for a particular function.Defaults to:
null.- Parameters:
function- the resolving function, may be null
-
apply
@Nullable public ValidationContext apply(@Nullable SAML20AssertionTokenValidationInput input)
- Specified by:
applyin interfaceFunction<SAML20AssertionTokenValidationInput,ValidationContext>
-
buildStaticParameters
@Nonnull protected Map<String,Object> buildStaticParameters(@Nonnull SAML20AssertionTokenValidationInput input)
Build the static parameters map for input to theValidationContext.- Parameters:
input- the assertion validation input- Returns:
- the static parameters map
-
getSignatureCriteriaSet
@Nonnull protected CriteriaSet getSignatureCriteriaSet(@Nonnull SAML20AssertionTokenValidationInput input)
Get the signature validation criteria set.This implementation first evaluates the result of applying the function
getSignatureCriteriaSetFunction(), if configured. If that evaluation did not produce anEntityIdCriterion, one is added based on the issuer of theAssertion. If that evaluation did not produce an instance ofUsageCriterion, one is added with the value ofUsageType.SIGNING.- Parameters:
input- the assertion validation input- Returns:
- the criteria set based on the message context data
-
getAttesterCertificate
@Nullable protected X509Certificate getAttesterCertificate(@Nonnull SAML20AssertionTokenValidationInput input)
Get the attesting entity'sX509Certificate.This implementation returns the client TLS certificate present in the
HttpServletRequest, or null if one is not present.- Parameters:
input- the assertion validation input- Returns:
- the entity certificate, or null
-
getAttesterPublicKey
@Nullable protected PublicKey getAttesterPublicKey(@Nonnull SAML20AssertionTokenValidationInput input)
Get the attesting entity'sPublicKey.This implementation returns null. Subclasses should override to implement specific logic.
- Parameters:
input- the assertion validation input- Returns:
- the entity public key, or null
-
getValidRecipients
@Nonnull protected Set<String> getValidRecipients(@Nonnull SAML20AssertionTokenValidationInput input)
Get the valid recipient endpoints for attestation.This implementation returns a set containing the 2 values;
-
HttpServletRequest.getRequestURL() -
if present,
AbstractSAMLEntityContext.getEntityId()
- Parameters:
input- the assertion validation input- Returns:
- set of recipient endpoint URI's
-
-
getValidAddresses
@Nonnull protected Set<InetAddress> getValidAddresses(@Nonnull SAML20AssertionTokenValidationInput input)
Get the set of addresses which are valid for subject confirmation.This implementation simply returns the set based on
getAttesterIPAddress(SAML20AssertionTokenValidationInput), if that produces a value. Otherwise an empty set is returned.- Parameters:
input- the assertion validation input- Returns:
- the set of valid addresses
-
getAttesterIPAddress
@Nonnull protected String getAttesterIPAddress(@Nonnull SAML20AssertionTokenValidationInput input)
Get the attester's IP address.This implementation returns the value of
ServletRequest.getRemoteAddr().- Parameters:
input- the assertion validation input- Returns:
- the IP address of the attester
-
getValidAudiences
@Nonnull protected Set<String> getValidAudiences(@Nonnull SAML20AssertionTokenValidationInput input)
Get the valid audiences for attestation.This implementation returns a set containing the single entityID held by the message context's
AbstractSAMLEntityContext.getEntityId(), if present. Otherwise an empty set is returned.- Parameters:
input- the assertion validation input- Returns:
- set of audience URI's
-
-