Package se.swedenconnect.opensaml.sweid.saml2.signservice

Class SADParser

java.lang.Object

se.swedenconnect.opensaml.sweid.saml2.signservice.SADParser

public class SADParser
extends Object

Class for parsing and validation of SAD JWT:s.

Author:

Martin Lindström (martin.lindstrom@litsec.se)

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	SADParser.SADValidator	A validator for verifying the SAD JWT.

Method Summary

Modifier and Type	Method	Description
static SADParser.SADValidator	getValidator(X509Certificate... validationCertificates)	Returns a SAD validator initialized with a set of certificates that are to be used for JWT signature validation.
static SADParser.SADValidator	getValidator(org.opensaml.saml.saml2.metadata.EntityDescriptor idpMetadata)	Returns a SAD validator initialized with the IdP EntityDescriptor (metadata) from which the IdP signing key/certificate will be read (needed for JWT signature validation).
static SADParser.SADValidator	getValidator(MetadataProvider metadataProvider)	Returns a SAD validator initialized with a MetadataProvider instance.
static SAD	parse(String sadJwt)	Parses the supplied (encoded) JWT and returns the contained JWT.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

parse

public static SAD parse(String sadJwt)
                 throws IOException

Parses the supplied (encoded) JWT and returns the contained JWT.

Note: The parse method does not peform any validation. Use the SADParser.SADValidator class for this purpose.

Parameters:

sadJwt - the signed JWT holding the SAD

Returns:

the SAD object

Throws:

IOException - for parsing errors

getValidator

public static SADParser.SADValidator getValidator(X509Certificate... validationCertificates)

Returns a SAD validator initialized with a set of certificates that are to be used for JWT signature validation. These certificates are the IdP signing certificates obtained from the IdP metadata entry.

Parameters:

validationCertificates - certificate(s) to be used when verifying the JWT signature

Returns:

a SADValidator instance

getValidator

public static SADParser.SADValidator getValidator(MetadataProvider metadataProvider)

Returns a SAD validator initialized with a MetadataProvider instance. During JWT signature validation the IdP signature certificate will be obtained from the IdP metadata entry held by the metadata provider.

Parameters:

metadataProvider - metadata provider

Returns:

a SADValidator instance

getValidator

public static SADParser.SADValidator getValidator(org.opensaml.saml.saml2.metadata.EntityDescriptor idpMetadata)

Returns a SAD validator initialized with the IdP EntityDescriptor (metadata) from which the IdP signing key/certificate will be read (needed for JWT signature validation).

Parameters:

idpMetadata - the IdP metadata

Returns:

a SADValidator instance