Class SwedishEidResponseValidator
java.lang.Object
se.swedenconnect.opensaml.common.validation.AbstractObjectValidator<org.opensaml.saml.saml2.core.Response>
se.swedenconnect.opensaml.common.validation.AbstractSignableObjectValidator<org.opensaml.saml.saml2.core.Response>
se.swedenconnect.opensaml.saml2.response.validation.ResponseValidator
se.swedenconnect.opensaml.sweid.saml2.validation.SwedishEidResponseValidator
- All Implemented Interfaces:
ObjectValidator<org.opensaml.saml.saml2.core.Response>
Extends the default response validator with requirements for the Swedish eID Framework.
Supports the following ValidationContext static parameters as described in ResponseValidator.
- Author:
- Martin Lindström (martin@idsec.se)
-
Field Summary
Fields inherited from class se.swedenconnect.opensaml.common.validation.AbstractSignableObjectValidator
signaturePrevalidator, trustEngineFields inherited from class se.swedenconnect.opensaml.common.validation.AbstractObjectValidator
DEFAULT_MAX_AGE_RECEIVED_MESSAGE -
Constructor Summary
ConstructorsConstructorDescriptionSwedishEidResponseValidator(org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine, org.opensaml.xmlsec.signature.support.SignaturePrevalidator signaturePrevalidator) Constructor. -
Method Summary
Modifier and TypeMethodDescriptionorg.opensaml.saml.common.assertion.ValidationResultvalidateAssertions(org.opensaml.saml.saml2.core.Response response, org.opensaml.saml.common.assertion.ValidationContext context) Checks according toResponseValidator.validateAssertions(Response, ValidationContext)and extends the check to validate that assertion is encrypted.protected org.opensaml.saml.common.assertion.ValidationResultvalidateSignature(org.opensaml.saml.saml2.core.Response token, org.opensaml.saml.common.assertion.ValidationContext context) Overrides the default signature validation by enforcing signature validation because a Response message MUST be signed according to the Swedish eID Framework.Methods inherited from class se.swedenconnect.opensaml.saml2.response.validation.ResponseValidator
getID, getIssuer, getObjectName, setUriComparator, validate, validateConsent, validateDestination, validateExtensions, validateID, validateInResponseTo, validateIssueInstant, validateIssuer, validateStatus, validateVersionMethods inherited from class se.swedenconnect.opensaml.common.validation.AbstractSignableObjectValidator
getSignatureValidationCriteriaSet, performSignatureValidationMethods inherited from class se.swedenconnect.opensaml.common.validation.AbstractObjectValidator
getAllowedClockSkew, getMaxAgeReceivedMessage, getReceiveInstant, isStrictValidation
-
Constructor Details
-
SwedishEidResponseValidator
public SwedishEidResponseValidator(org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine, org.opensaml.xmlsec.signature.support.SignaturePrevalidator signaturePrevalidator) throws IllegalArgumentException Constructor.- Parameters:
trustEngine- the trust used to validate the object's signaturesignaturePrevalidator- the signature pre-validator used to pre-validate the object's signature- Throws:
IllegalArgumentException- ifnullvalues are supplied
-
-
Method Details
-
validateSignature
protected org.opensaml.saml.common.assertion.ValidationResult validateSignature(org.opensaml.saml.saml2.core.Response token, org.opensaml.saml.common.assertion.ValidationContext context) Overrides the default signature validation by enforcing signature validation because a Response message MUST be signed according to the Swedish eID Framework.- Overrides:
validateSignaturein classAbstractSignableObjectValidator<org.opensaml.saml.saml2.core.Response>
-
validateAssertions
public org.opensaml.saml.common.assertion.ValidationResult validateAssertions(org.opensaml.saml.saml2.core.Response response, org.opensaml.saml.common.assertion.ValidationContext context) Checks according toResponseValidator.validateAssertions(Response, ValidationContext)and extends the check to validate that assertion is encrypted.- Overrides:
validateAssertionsin classResponseValidator
-