Package org.pac4j.saml.profile.impl
Class AbstractSAML2ResponseValidator
java.lang.Object
org.pac4j.saml.profile.impl.AbstractSAML2ResponseValidator
- All Implemented Interfaces:
SAML2ResponseValidator
- Direct Known Subclasses:
SAML2AuthnResponseValidator
,SAML2LogoutValidator
public abstract class AbstractSAML2ResponseValidator
extends Object
implements SAML2ResponseValidator
The abstract class for all SAML response validators.
- Since:
- 3.4.0
- Author:
- Jerome Leleu
-
Field Summary
Modifier and TypeFieldDescriptionprotected long
protected final org.opensaml.saml.saml2.encryption.Decrypter
protected final org.slf4j.Logger
protected final org.pac4j.core.logout.handler.SessionLogoutHandler
protected final ReplayCacheProvider
protected final SAML2SignatureTrustEngineProvider
protected final net.shibboleth.shared.net.URIComparator
-
Constructor Summary
ModifierConstructorDescriptionprotected
AbstractSAML2ResponseValidator
(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider, org.opensaml.saml.saml2.encryption.Decrypter decrypter, org.pac4j.core.logout.handler.SessionLogoutHandler logoutHandler, ReplayCacheProvider replayCache, net.shibboleth.shared.net.URIComparator uriComparator) Constructor for AbstractSAML2ResponseValidator. -
Method Summary
Modifier and TypeMethodDescriptionprotected boolean
compareEndpoints
(String destination, String endpoint) compareEndpoints.protected String
computeSloKey
(String sessionIndex, SAML2AuthenticationCredentials.SAMLNameID nameId) computeSloKey.protected org.opensaml.saml.saml2.core.NameID
decryptEncryptedId
(org.opensaml.saml.saml2.core.EncryptedID encryptedId, org.opensaml.saml.saml2.encryption.Decrypter decrypter) Decrypts an EncryptedID, using a decrypter.protected boolean
isDateValid
(Instant issueInstant, long interval) isDateValid.protected boolean
isIssueInstantValid
(Instant issueInstant) isIssueInstantValid.final void
setAcceptedSkew
(long acceptedSkew) setAcceptedSkew.protected void
validateIssueInstant
(Instant issueInstant) validateIssueInstant.protected void
validateIssuer
(org.opensaml.saml.saml2.core.NameIDType issuer, SAML2MessageContext context) Validate issuer format and value.protected void
validateIssuerIfItExists
(org.opensaml.saml.saml2.core.Issuer isser, SAML2MessageContext context) validateIssuerIfItExists.protected void
validateSignature
(org.opensaml.xmlsec.signature.Signature signature, String idpEntityId, org.opensaml.security.trust.TrustEngine<org.opensaml.xmlsec.signature.Signature> trustEngine) Validate the given digital signature by checking its profile and value.protected void
validateSignatureIfItExists
(org.opensaml.xmlsec.signature.Signature signature, SAML2MessageContext context, org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine) validateSignatureIfItExists.protected void
validateSuccess
(org.opensaml.saml.saml2.core.Status status) Validates that the response is a success.protected void
verifyEndpoint
(Collection<String> endpoints, String destination, boolean isDestinationMandatory) verifyEndpoint.protected void
verifyMessageReplay
(SAML2MessageContext context) verifyMessageReplay.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.pac4j.saml.profile.api.SAML2ResponseValidator
validate
-
Field Details
-
logger
protected final org.slf4j.Logger logger -
signatureTrustEngineProvider
-
uriComparator
protected final net.shibboleth.shared.net.URIComparator uriComparator -
decrypter
protected final org.opensaml.saml.saml2.encryption.Decrypter decrypter -
logoutHandler
protected final org.pac4j.core.logout.handler.SessionLogoutHandler logoutHandler -
replayCache
-
acceptedSkew
protected long acceptedSkew
-
-
Constructor Details
-
Method Details
-
validateSuccess
protected void validateSuccess(org.opensaml.saml.saml2.core.Status status) Validates that the response is a success.- Parameters:
status
- the response status.
-
validateSignatureIfItExists
protected void validateSignatureIfItExists(org.opensaml.xmlsec.signature.Signature signature, SAML2MessageContext context, org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine) validateSignatureIfItExists.
- Parameters:
signature
- aSignature
objectcontext
- aSAML2MessageContext
objectengine
- aSignatureTrustEngine
object
-
validateSignature
protected void validateSignature(org.opensaml.xmlsec.signature.Signature signature, String idpEntityId, org.opensaml.security.trust.TrustEngine<org.opensaml.xmlsec.signature.Signature> trustEngine) Validate the given digital signature by checking its profile and value.- Parameters:
signature
- the signatureidpEntityId
- the idp entity idtrustEngine
- the trust engine
-
validateIssuerIfItExists
protected void validateIssuerIfItExists(org.opensaml.saml.saml2.core.Issuer isser, SAML2MessageContext context) validateIssuerIfItExists.
- Parameters:
isser
- aIssuer
objectcontext
- aSAML2MessageContext
object
-
validateIssuer
protected void validateIssuer(org.opensaml.saml.saml2.core.NameIDType issuer, SAML2MessageContext context) Validate issuer format and value.- Parameters:
issuer
- the issuercontext
- the context
-
validateIssueInstant
validateIssueInstant.
- Parameters:
issueInstant
- aInstant
object
-
isIssueInstantValid
isIssueInstantValid.
- Parameters:
issueInstant
- aInstant
object- Returns:
- a boolean
-
isDateValid
isDateValid.
- Parameters:
issueInstant
- aInstant
objectinterval
- a long- Returns:
- a boolean
-
verifyEndpoint
protected void verifyEndpoint(Collection<String> endpoints, String destination, boolean isDestinationMandatory) verifyEndpoint.
-
compareEndpoints
compareEndpoints.
-
verifyMessageReplay
verifyMessageReplay.
- Parameters:
context
- aSAML2MessageContext
object
-
decryptEncryptedId
protected org.opensaml.saml.saml2.core.NameID decryptEncryptedId(org.opensaml.saml.saml2.core.EncryptedID encryptedId, org.opensaml.saml.saml2.encryption.Decrypter decrypter) throws SAMLException Decrypts an EncryptedID, using a decrypter.- Parameters:
encryptedId
- The EncryptedID to be decrypted.decrypter
- The decrypter to use.- Returns:
- Decrypted ID or
null
if any input isnull
. - Throws:
SAMLException
- If the input ID cannot be decrypted.
-
computeSloKey
protected String computeSloKey(String sessionIndex, SAML2AuthenticationCredentials.SAMLNameID nameId) computeSloKey.
- Parameters:
sessionIndex
- aString
objectnameId
- aSAML2AuthenticationCredentials.SAMLNameID
object- Returns:
- a
String
object
-
setAcceptedSkew
public final void setAcceptedSkew(long acceptedSkew) setAcceptedSkew.
- Specified by:
setAcceptedSkew
in interfaceSAML2ResponseValidator
- Parameters:
acceptedSkew
- a long
-