Package org.pac4j.saml.profile.impl

Class AbstractSAML2ResponseValidator

java.lang.Object
org.pac4j.saml.profile.impl.AbstractSAML2ResponseValidator
All Implemented Interfaces:
SAML2ResponseValidator
Direct Known Subclasses:
SAML2AuthnResponseValidator, SAML2LogoutValidator
public abstract class AbstractSAML2ResponseValidator extends Object implements SAML2ResponseValidator
The abstract class for all SAML response validators.
Since:
3.4.0
Author:
Jerome Leleu

  • Field Details

    • logger

      protected final org.slf4j.Logger logger

    • signatureTrustEngineProvider

      protected final SAML2SignatureTrustEngineProvider signatureTrustEngineProvider

    • uriComparator

      protected final net.shibboleth.shared.net.URIComparator uriComparator

    • decrypter

      protected final org.opensaml.saml.saml2.encryption.Decrypter decrypter

    • logoutHandler

      protected final org.pac4j.core.logout.handler.SessionLogoutHandler logoutHandler

    • replayCache

      protected final ReplayCacheProvider replayCache

    • acceptedSkew

      protected long acceptedSkew

  • Constructor Details

    • AbstractSAML2ResponseValidator

      protected AbstractSAML2ResponseValidator(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider, org.opensaml.saml.saml2.encryption.Decrypter decrypter, org.pac4j.core.logout.handler.SessionLogoutHandler logoutHandler, ReplayCacheProvider replayCache, net.shibboleth.shared.net.URIComparator uriComparator)

      Constructor for AbstractSAML2ResponseValidator.

      Parameters:
      signatureTrustEngineProvider - a SAML2SignatureTrustEngineProvider object
      decrypter - a Decrypter object
      logoutHandler - a SessionLogoutHandler object
      replayCache - a ReplayCacheProvider object
      uriComparator - a URIComparator object

  • Method Details

    • validateSuccess

      protected void validateSuccess(org.opensaml.saml.saml2.core.Status status)
      Validates that the response is a success.
      Parameters:
      status - the response status.

    • validateSignatureIfItExists

      protected void validateSignatureIfItExists(org.opensaml.xmlsec.signature.Signature signature, SAML2MessageContext context, org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine)

      validateSignatureIfItExists.

      Parameters:
      signature - a Signature object
      context - a SAML2MessageContext object
      engine - a SignatureTrustEngine object

    • validateSignature

      protected void validateSignature(org.opensaml.xmlsec.signature.Signature signature, String idpEntityId, org.opensaml.security.trust.TrustEngine<org.opensaml.xmlsec.signature.Signature> trustEngine)
      Validate the given digital signature by checking its profile and value.
      Parameters:
      signature - the signature
      idpEntityId - the idp entity id
      trustEngine - the trust engine

    • validateIssuerIfItExists

      protected void validateIssuerIfItExists(org.opensaml.saml.saml2.core.Issuer isser, SAML2MessageContext context)

      validateIssuerIfItExists.

      Parameters:
      isser - a Issuer object
      context - a SAML2MessageContext object

    • validateIssuer

      protected void validateIssuer(org.opensaml.saml.saml2.core.NameIDType issuer, SAML2MessageContext context)
      Validate issuer format and value.
      Parameters:
      issuer - the issuer
      context - the context

    • validateIssueInstant

      protected void validateIssueInstant(Instant issueInstant)

      validateIssueInstant.

      Parameters:
      issueInstant - a Instant object

    • isIssueInstantValid

      protected boolean isIssueInstantValid(Instant issueInstant)

      isIssueInstantValid.

      Parameters:
      issueInstant - a Instant object
      Returns:
      a boolean

    • isDateValid

      protected boolean isDateValid(Instant issueInstant, long interval)

      isDateValid.

      Parameters:
      issueInstant - a Instant object
      interval - a long
      Returns:
      a boolean

    • verifyEndpoint

      protected void verifyEndpoint(Collection<String> endpoints, String destination, boolean isDestinationMandatory)

      verifyEndpoint.

      Parameters:
      endpoints - a List object
      destination - a String object
      isDestinationMandatory - a boolean

    • compareEndpoints

      protected boolean compareEndpoints(String destination, String endpoint)

      compareEndpoints.

      Parameters:
      destination - a String object
      endpoint - a String object
      Returns:
      a boolean

    • verifyMessageReplay

      protected void verifyMessageReplay(SAML2MessageContext context)

      verifyMessageReplay.

      Parameters:
      context - a SAML2MessageContext object

    • decryptEncryptedId

      protected org.opensaml.saml.saml2.core.NameID decryptEncryptedId(org.opensaml.saml.saml2.core.EncryptedID encryptedId, org.opensaml.saml.saml2.encryption.Decrypter decrypter) throws SAMLException
      Decrypts an EncryptedID, using a decrypter.
      Parameters:
      encryptedId - The EncryptedID to be decrypted.
      decrypter - The decrypter to use.
      Returns:
      Decrypted ID or null if any input is null.
      Throws:
      SAMLException - If the input ID cannot be decrypted.

    • computeSloKey

      protected String computeSloKey(String sessionIndex, SAML2AuthenticationCredentials.SAMLNameID nameId)

      computeSloKey.

      Parameters:
      sessionIndex - a String object
      nameId - a SAML2AuthenticationCredentials.SAMLNameID object
      Returns:
      a String object

    • setAcceptedSkew

      public final void setAcceptedSkew(long acceptedSkew)

      setAcceptedSkew.

      Specified by:
      setAcceptedSkew in interface SAML2ResponseValidator
      Parameters:
      acceptedSkew - a long