Class AbstractSignableObjectValidator<T extends org.opensaml.xmlsec.signature.SignableXMLObject>
java.lang.Object
se.swedenconnect.opensaml.common.validation.AbstractObjectValidator<T>
se.swedenconnect.opensaml.common.validation.AbstractSignableObjectValidator<T>
- Type Parameters:
T- the type of the object that is to be validated
- All Implemented Interfaces:
ObjectValidator<T>
- Direct Known Subclasses:
AssertionValidator,ResponseValidator
public abstract class AbstractSignableObjectValidator<T extends org.opensaml.xmlsec.signature.SignableXMLObject>
extends AbstractObjectValidator<T>
Abstract object validator that supports validating signatures.
Supports the following ValidationContext static parameters:
- The static parameters defined in
AbstractObjectValidator. SAML2AssertionValidationParameters.SIGNATURE_REQUIRED: Optional. If not supplied, defaults to 'true'. If an object is signed, the signature is always evaluated and the result factored into the overall validation result, regardless of the value of this setting.SAML2AssertionValidationParameters.SIGNATURE_VALIDATION_CRITERIA_SET: Optional. If not supplied, a minimal criteria set will be constructed which contains anEntityIdCriterioncontaining the Issuer entityID, and aUsageCriterionofUsageType.SIGNING. If it is supplied, but either of those criteria are absent from the criteria set, they will be added with the above values.
- Author:
- Martin Lindström (martin@idsec.se)
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected org.opensaml.xmlsec.signature.support.SignaturePrevalidatorSAML signature profile validator.protected org.opensaml.xmlsec.signature.support.SignatureTrustEngineTrust engine for signature evaluation.Fields inherited from class se.swedenconnect.opensaml.common.validation.AbstractObjectValidator
DEFAULT_MAX_AGE_RECEIVED_MESSAGE -
Constructor Summary
ConstructorsConstructorDescriptionAbstractSignableObjectValidator(org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine, org.opensaml.xmlsec.signature.support.SignaturePrevalidator signaturePrevalidator) Constructor. -
Method Summary
Modifier and TypeMethodDescriptionprotected abstract StringReturns the ID of the signable object.protected abstract StringReturns the issuer of the signable object.protected abstract StringReturns the name of the object being validated, e.g.protected net.shibboleth.shared.resolver.CriteriaSetgetSignatureValidationCriteriaSet(T token, org.opensaml.saml.common.assertion.ValidationContext context) Get the criteria set that will be used in evaluating the Assertion signature via the supplied trust engine.protected org.opensaml.saml.common.assertion.ValidationResultperformSignatureValidation(T token, org.opensaml.saml.common.assertion.ValidationContext context) Handles the actual signature validation.protected org.opensaml.saml.common.assertion.ValidationResultvalidateSignature(T token, org.opensaml.saml.common.assertion.ValidationContext context) Validates the signature of the assertion, if it is signed.Methods inherited from class se.swedenconnect.opensaml.common.validation.AbstractObjectValidator
getAllowedClockSkew, getMaxAgeReceivedMessage, getReceiveInstant, isStrictValidationMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface se.swedenconnect.opensaml.common.validation.ObjectValidator
validate
-
Field Details
-
trustEngine
protected org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngineTrust engine for signature evaluation. -
signaturePrevalidator
protected org.opensaml.xmlsec.signature.support.SignaturePrevalidator signaturePrevalidatorSAML signature profile validator.
-
-
Constructor Details
-
AbstractSignableObjectValidator
public AbstractSignableObjectValidator(org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine, org.opensaml.xmlsec.signature.support.SignaturePrevalidator signaturePrevalidator) Constructor.- Parameters:
trustEngine- the trust used to validate the object's signaturesignaturePrevalidator- the signature pre-validator used to pre-validate the object's signature
-
-
Method Details
-
validateSignature
protected org.opensaml.saml.common.assertion.ValidationResult validateSignature(T token, org.opensaml.saml.common.assertion.ValidationContext context) Validates the signature of the assertion, if it is signed.- Parameters:
token- assertion whose signature will be validatedcontext- current validation context- Returns:
- the result of the signature validation
-
performSignatureValidation
protected org.opensaml.saml.common.assertion.ValidationResult performSignatureValidation(T token, org.opensaml.saml.common.assertion.ValidationContext context) Handles the actual signature validation.- Parameters:
token- object whose signature will be validatedcontext- current validation context- Returns:
- the validation result
-
getSignatureValidationCriteriaSet
protected net.shibboleth.shared.resolver.CriteriaSet getSignatureValidationCriteriaSet(T token, org.opensaml.saml.common.assertion.ValidationContext context) Get the criteria set that will be used in evaluating the Assertion signature via the supplied trust engine.- Parameters:
token- object whose signature will be validatedcontext- current validation context- Returns:
- the criteria set to use
-
getIssuer
Returns the issuer of the signable object.- Parameters:
signableObject- the object being verified- Returns:
- the issuer
-
getID
Returns the ID of the signable object.- Parameters:
signableObject- the object being verified- Returns:
- the ID
-
getObjectName
Returns the name of the object being validated, e.g. "Assertion". Used for logging.- Returns:
- the object name
-