Package se.swedenconnect.opensaml.saml2.assertion.validation

Class AbstractAssertionValidationParametersBuilder<T extends AbstractAssertionValidationParametersBuilder<T>>

java.lang.Object
se.swedenconnect.opensaml.common.validation.AbstractValidationParametersBuilder<T>
se.swedenconnect.opensaml.saml2.response.validation.AbstractResponseValidationParametersBuilder<T>
se.swedenconnect.opensaml.saml2.assertion.validation.AbstractAssertionValidationParametersBuilder<T>
All Implemented Interfaces:
ValidationParametersBuilder
Direct Known Subclasses:
AssertionValidationParametersBuilder
public abstract class AbstractAssertionValidationParametersBuilder<T extends AbstractAssertionValidationParametersBuilder<T>> extends AbstractResponseValidationParametersBuilder<T>
Abstract builder class for building the ValidationContext object for use as validation input to the AssertionValidator.

The reason for all fiddling with generics is that we want to be able to subclass the builder classes.

Author:
Martin Lindström (martin@idsec.se)

  • Constructor Details

    • AbstractAssertionValidationParametersBuilder

      public AbstractAssertionValidationParametersBuilder()

  • Method Details

    • build

      public org.opensaml.saml.common.assertion.ValidationContext build()
      Adds default settings before invoking the super implementation.
      Specified by:
      build in interface ValidationParametersBuilder
      Overrides:
      build in class AbstractValidationParametersBuilder<T extends AbstractAssertionValidationParametersBuilder<T>>
      Returns:
      the ValidationContext object

    • responseIssueInstant

      public T responseIssueInstant(Instant instant)
      Assigns the issue instant from the Response message that contained the assertion being validated.
      Parameters:
      instant - the response issue instant
      Returns:
      the builder

    • responseIssueInstant

      public T responseIssueInstant(long instant)
      Assigns the issue instant from the Response message that contained the assertion being validated.
      Parameters:
      instant - the response issue instant
      Returns:
      the builder

    • validRecipients

      public T validRecipients(String... recipients)
      Assigns the valid URLs for the intended recipients.
      Parameters:
      recipients - one or more URLs
      Returns:
      the builder

    • validAddresses

      public T validAddresses(InetAddress... addresses)
      Assigns the valid addresses that we allow the user agent to have.

      See also subjectConfirmationCheckAddess(boolean) and subjectLocalityCheckAddress(boolean).

      Parameters:
      addresses - one or more IP addresses
      Returns:
      the builder

    • validAddresses

      public T validAddresses(String... addresses)
      Assigns the valid addresses that we allow the user agent to have.
      Parameters:
      addresses - one or more IP addresses (in string format)
      Returns:
      the builder

    • subjectConfirmationCheckAddess

      public T subjectConfirmationCheckAddess(boolean flag)

    • subjectLocalityCheckAddress

      public T subjectLocalityCheckAddress(boolean flag)

    • validAudiences

      public T validAudiences(String... audiences)
      Assigns the entityID:s of the valid audiences.
      Parameters:
      audiences - the audiences
      Returns:
      the builder

    • authnRequestForceAuthn

      public T authnRequestForceAuthn(Boolean forceAuthn)
      Assigns the ForceAuthn flag from the corresponding AuthnRequest.
      Parameters:
      forceAuthn - true/false
      Returns:
      the builder

    • authnRequestIssueInstant

      public T authnRequestIssueInstant(Instant issueInstant)
      Assigns the issuance time for the corresponding AuthnRequest when validating an assertion.
      Parameters:
      issueInstant - issue time
      Returns:
      the builder

    • authnRequestIssueInstant

      public T authnRequestIssueInstant(long issueInstant)
      Assigns the issuance time for the corresponding AuthnRequest when validating an assertion.
      Parameters:
      issueInstant - issue time (in milliseconds since epoch)
      Returns:
      the builder

    • maxAcceptedSsoSessionTime

      public T maxAcceptedSsoSessionTime(long duration)
      Assigns the maximum session time that we, as a SP, can accept when receiving assertions based on older authentications (SSO).
      Parameters:
      duration - milliseconds
      Returns:
      the builder

    • maxAcceptedSsoSessionTime

      public T maxAcceptedSsoSessionTime(Duration duration)
      Assigns the maximum session time that we, as a SP, can accept when receiving assertions based on older authentications (SSO).
      Parameters:
      duration - max session time
      Returns:
      the builder

    • inResponseTo

      public T inResponseTo(String id)

    • clientCertificate

      public T clientCertificate(X509Certificate clientCertificate)
      Assigns the client certificate to be used for HoK validation.
      Parameters:
      clientCertificate - the client certificate
      Returns:
      the builder

    • spMetadata

      public T spMetadata(org.opensaml.saml.saml2.metadata.EntityDescriptor metadata)
      Assigns the SP metadata.
      Parameters:
      metadata - the SP metadata
      Returns:
      the builder

    • idpMetadata

      public T idpMetadata(org.opensaml.saml.saml2.metadata.EntityDescriptor metadata)
      Assigns the SP metadata.
      Parameters:
      metadata - the SP metadata
      Returns:
      the builder