Class AbstractSignableObjectValidator<T extends org.opensaml.xmlsec.signature.SignableXMLObject>
java.lang.Object
se.swedenconnect.opensaml.common.validation.AbstractObjectValidator<T>
se.swedenconnect.opensaml.common.validation.AbstractSignableObjectValidator<T>
- Type Parameters:
T
- the type of the object that is to be validated
- All Implemented Interfaces:
ObjectValidator<T>
- Direct Known Subclasses:
AssertionValidator
,ResponseValidator
public abstract class AbstractSignableObjectValidator<T extends org.opensaml.xmlsec.signature.SignableXMLObject>
extends AbstractObjectValidator<T>
Abstract object validator that supports validating signatures.
Supports the following ValidationContext
static parameters:
- The static parameters defined in
AbstractObjectValidator
. SAML2AssertionValidationParameters.SIGNATURE_REQUIRED
: Optional. If not supplied, defaults to 'true'. If an object is signed, the signature is always evaluated and the result factored into the overall validation result, regardless of the value of this setting.SAML2AssertionValidationParameters.SIGNATURE_VALIDATION_CRITERIA_SET
: Optional. If not supplied, a minimal criteria set will be constructed which contains anEntityIdCriterion
containing the Issuer entityID, and aUsageCriterion
ofUsageType.SIGNING
. If it is supplied, but either of those criteria are absent from the criteria set, they will be added with the above values.
- Author:
- Martin Lindström (martin@idsec.se)
-
Field Summary
Modifier and TypeFieldDescriptionprotected org.opensaml.xmlsec.signature.support.SignaturePrevalidator
SAML signature profile validator.protected org.opensaml.xmlsec.signature.support.SignatureTrustEngine
Trust engine for signature evaluation.Fields inherited from class se.swedenconnect.opensaml.common.validation.AbstractObjectValidator
DEFAULT_MAX_AGE_RECEIVED_MESSAGE
-
Constructor Summary
ConstructorDescriptionAbstractSignableObjectValidator
(org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine, org.opensaml.xmlsec.signature.support.SignaturePrevalidator signaturePrevalidator) Constructor. -
Method Summary
Modifier and TypeMethodDescriptionprotected abstract String
Returns the ID of the signable object.protected abstract String
Returns the issuer of the signable object.protected abstract String
Returns the name of the object being validated, e.g.protected net.shibboleth.shared.resolver.CriteriaSet
getSignatureValidationCriteriaSet
(T token, org.opensaml.saml.common.assertion.ValidationContext context) Get the criteria set that will be used in evaluating the Assertion signature via the supplied trust engine.protected org.opensaml.saml.common.assertion.ValidationResult
performSignatureValidation
(T token, org.opensaml.saml.common.assertion.ValidationContext context) Handles the actual signature validation.protected org.opensaml.saml.common.assertion.ValidationResult
validateSignature
(T token, org.opensaml.saml.common.assertion.ValidationContext context) Validates the signature of the assertion, if it is signed.Methods inherited from class se.swedenconnect.opensaml.common.validation.AbstractObjectValidator
getAllowedClockSkew, getMaxAgeReceivedMessage, getReceiveInstant, isStrictValidation
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface se.swedenconnect.opensaml.common.validation.ObjectValidator
validate
-
Field Details
-
trustEngine
protected org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngineTrust engine for signature evaluation. -
signaturePrevalidator
protected org.opensaml.xmlsec.signature.support.SignaturePrevalidator signaturePrevalidatorSAML signature profile validator.
-
-
Constructor Details
-
AbstractSignableObjectValidator
public AbstractSignableObjectValidator(org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine, org.opensaml.xmlsec.signature.support.SignaturePrevalidator signaturePrevalidator) Constructor.- Parameters:
trustEngine
- the trust used to validate the object's signaturesignaturePrevalidator
- the signature pre-validator used to pre-validate the object's signature
-
-
Method Details
-
validateSignature
protected org.opensaml.saml.common.assertion.ValidationResult validateSignature(T token, org.opensaml.saml.common.assertion.ValidationContext context) Validates the signature of the assertion, if it is signed.- Parameters:
token
- assertion whose signature will be validatedcontext
- current validation context- Returns:
- the result of the signature validation
-
performSignatureValidation
protected org.opensaml.saml.common.assertion.ValidationResult performSignatureValidation(T token, org.opensaml.saml.common.assertion.ValidationContext context) Handles the actual signature validation.- Parameters:
token
- object whose signature will be validatedcontext
- current validation context- Returns:
- the validation result
-
getSignatureValidationCriteriaSet
protected net.shibboleth.shared.resolver.CriteriaSet getSignatureValidationCriteriaSet(T token, org.opensaml.saml.common.assertion.ValidationContext context) Get the criteria set that will be used in evaluating the Assertion signature via the supplied trust engine.- Parameters:
token
- object whose signature will be validatedcontext
- current validation context- Returns:
- the criteria set to use
-
getIssuer
Returns the issuer of the signable object.- Parameters:
signableObject
- the object being verified- Returns:
- the issuer
-
getID
Returns the ID of the signable object.- Parameters:
signableObject
- the object being verified- Returns:
- the ID
-
getObjectName
Returns the name of the object being validated, e.g. "Assertion". Used for logging.- Returns:
- the object name
-