Package se.swedenconnect.opensaml.common.validation

Class AbstractObjectValidator<T extends org.opensaml.core.xml.XMLObject>

java.lang.Object

se.swedenconnect.opensaml.common.validation.AbstractObjectValidator<T>

All Implemented Interfaces:

ObjectValidator<T>

Direct Known Subclasses:

AbstractSignableObjectValidator

public abstract class AbstractObjectValidator<T extends org.opensaml.core.xml.XMLObject>
extends Object
implements ObjectValidator<T>

Abstract base class for ObjectValidator.

Supports the following ValidationContext static parameters:

• CoreValidatorParameters.STRICT_VALIDATION: Optional. If not supplied, defaults to 'false'. Tells whether strict validation should be performed.
• SAML2AssertionValidationParameters.CLOCK_SKEW: Optional. Gives the duration that is the maximum allowed clock skew. If not given SAML20AssertionValidator.DEFAULT_CLOCK_SKEW is used.
• CoreValidatorParameters.MAX_AGE_MESSAGE: Optional. Duration that gives the maximum age (difference between issuance time and the validation time). If not given, the DEFAULT_MAX_AGE_RECEIVED_MESSAGE is used.
• CoreValidatorParameters.RECEIVE_INSTANT: Optional. Instant giving the time when the message was received. If not set, the current time is used.

Author:

Martin Lindström (martin@idsec.se)

Field Summary

Fields

Modifier and Type	Field	Description
static final Duration	DEFAULT_MAX_AGE_RECEIVED_MESSAGE	The default value for how old a received message is allowed to be.

Constructor Summary

Constructors

Constructor	Description
AbstractObjectValidator()

Method Summary

Modifier and Type	Method	Description
static Duration	getAllowedClockSkew(org.opensaml.saml.common.assertion.ValidationContext context)	Returns the duration that is the maximum allowed clock skew that we accept when comparing time stamps.
static Duration	getMaxAgeReceivedMessage(org.opensaml.saml.common.assertion.ValidationContext context)	Returns the duration that a received message (or element) is allowed to less than the current time.
static Instant	getReceiveInstant(org.opensaml.saml.common.assertion.ValidationContext context)	Returns the timestamp for when the message being validated was received.
static boolean	isStrictValidation(org.opensaml.saml.common.assertion.ValidationContext context)	Tells whether this validator runs in "strict" mode.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface se.swedenconnect.opensaml.common.validation.ObjectValidator

validate

Field Details

DEFAULT_MAX_AGE_RECEIVED_MESSAGE

public static final Duration DEFAULT_MAX_AGE_RECEIVED_MESSAGE

The default value for how old a received message is allowed to be.

Constructor Details

AbstractObjectValidator

public AbstractObjectValidator()

Method Details

isStrictValidation

public static boolean isStrictValidation(org.opensaml.saml.common.assertion.ValidationContext context)

Tells whether this validator runs in "strict" mode. This value is read from the static validation context parameter CoreValidatorParameters.STRICT_VALIDATION. If this parameter is not available false is returned.

Parameters:

context - the validation context

Returns:

true for strict mode, and false otherwise

getAllowedClockSkew

public static Duration getAllowedClockSkew(org.opensaml.saml.common.assertion.ValidationContext context)

Returns the duration that is the maximum allowed clock skew that we accept when comparing time stamps. The value is read from the static validation context parameter SAML2AssertionValidationParameters.CLOCK_SKEW. If this parameter is not available SAML20AssertionValidator.DEFAULT_CLOCK_SKEW is used.

Parameters:

context - the validation context

Returns:

the duration that is the maximum allowed clock skew

getMaxAgeReceivedMessage

public static Duration getMaxAgeReceivedMessage(org.opensaml.saml.common.assertion.ValidationContext context)

Returns the duration that a received message (or element) is allowed to less than the current time. The value is read from the static validation context parameter CoreValidatorParameters.MAX_AGE_MESSAGE. If this parameter is not available, DEFAULT_MAX_AGE_RECEIVED_MESSAGE is used.

Parameters:

context - the validation context

Returns:

the duration that may have elapsed since the issuance of a message and validation of it

getReceiveInstant

public static Instant getReceiveInstant(org.opensaml.saml.common.assertion.ValidationContext context)

Returns the timestamp for when the message being validated was received. The value is read from CoreValidatorParameters.RECEIVE_INSTANT. If the parameter is not available the current time is returned.

Parameters:

context - the validation context.

Returns:

the timestamp for when the message being validated was received