Package org.opensaml.saml.saml2.assertion.impl

Class AbstractSubjectConfirmationValidator

java.lang.Object

org.opensaml.saml.saml2.assertion.impl.AbstractSubjectConfirmationValidator

All Implemented Interfaces:

SubjectConfirmationValidator

Direct Known Subclasses:

BearerSubjectConfirmationValidator, HolderOfKeySubjectConfirmationValidator, SenderVouchersSubjectConfirmationValidator

@ThreadSafe
public abstract class AbstractSubjectConfirmationValidator
extends Object
implements SubjectConfirmationValidator

A base class for SubjectConfirmationValidator implementations.

This class takes care of processing the NotBefore, NotOnOrAfter, Recipient, and Address checks.

Supports the following ValidationContext static parameters:

• SAML2AssertionValidationParameters.SC_ADDRESS_REQUIRED: Optional.
• SAML2AssertionValidationParameters.SC_CHECK_ADDRESS: Optional.
• SAML2AssertionValidationParameters.SC_VALID_ADDRESSES: Required if SAML2AssertionValidationParameters.SC_CHECK_ADDRESS is true or omitted, otherwise optional.
• SAML2AssertionValidationParameters.SC_RECIPIENT_REQUIRED: Optional.
• SAML2AssertionValidationParameters.SC_VALID_RECIPIENTS: Required.
• SAML2AssertionValidationParameters.SC_IN_RESPONSE_TO_REQUIRED: Optional.
• SAML2AssertionValidationParameters.SC_VALID_IN_RESPONSE_TO: Required.
• SAML2AssertionValidationParameters.SC_NOT_BEFORE_REQUIRED: Optional.
• SAML2AssertionValidationParameters.SC_NOT_ON_OR_AFTER_REQUIRED: Optional.

Supports the following ValidationContext dynamic parameters:

• None.

Field Summary

Fields

Modifier and Type	Field	Description
private org.slf4j.Logger	log	Class logger.

Constructor Summary

Constructors

Constructor	Description
AbstractSubjectConfirmationValidator()	Constructor.

Method Summary

Modifier and Type	Method	Description
protected abstract ValidationResult	doValidate(SubjectConfirmation confirmation, Assertion assertion, ValidationContext context)	Performs any further validation required for the specific confirmation method implementation.
protected boolean	isAddressRequired(ValidationContext context)	Determine whether Address is required.
protected boolean	isInResponseToRequired(ValidationContext context)	Determine whether InResponseTo is required.
protected boolean	isNotBeforeRequired(ValidationContext context)	Determine whether NotBefore is required.
protected boolean	isNotOnOrAfterRequired(ValidationContext context)	Determine whether NotOnOrAfter is required.
protected boolean	isRecipientRequired(ValidationContext context)	Determine whether Recipient is required.
ValidationResult	validate(SubjectConfirmation confirmation, Assertion assertion, ValidationContext context)
protected ValidationResult	validateAddress(SubjectConfirmation confirmation, Assertion assertion, ValidationContext context, boolean required)	Validates the Address condition of the SubjectConfirmationData, if any is present.
protected ValidationResult	validateInResponseTo(SubjectConfirmation confirmation, Assertion assertion, ValidationContext context, boolean required)	Validates the InResponseTo condition of the SubjectConfirmationData, if any is present.
protected ValidationResult	validateNotBefore(SubjectConfirmation confirmation, Assertion assertion, ValidationContext context, boolean required)	Validates the NotBefore condition of the SubjectConfirmationData, if any is present.
protected ValidationResult	validateNotOnOrAfter(SubjectConfirmation confirmation, Assertion assertion, ValidationContext context, boolean required)	Validates the NotOnOrAfter condition of the SubjectConfirmationData, if any is present.
protected ValidationResult	validateRecipient(SubjectConfirmation confirmation, Assertion assertion, ValidationContext context, boolean required)	Validates the Recipient condition of the SubjectConfirmationData, if any is present.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.opensaml.saml.saml2.assertion.SubjectConfirmationValidator

getServicedMethod

Field Detail

log

private org.slf4j.Logger log

Class logger.

Constructor Detail

AbstractSubjectConfirmationValidator

public AbstractSubjectConfirmationValidator()

Constructor.

Method Detail

validate

@Nonnull
public ValidationResult validate(@Nonnull
                                 SubjectConfirmation confirmation,
                                 @Nonnull
                                 Assertion assertion,
                                 @Nonnull
                                 ValidationContext context)
                          throws AssertionValidationException

Specified by:

validate in interface SubjectConfirmationValidator

Throws:

AssertionValidationException

isAddressRequired

protected boolean isAddressRequired(ValidationContext context)

Determine whether Address is required.

Parameters:

context - current validation context

Returns:

true if required, false if not

isRecipientRequired

protected boolean isRecipientRequired(ValidationContext context)

Determine whether Recipient is required.

Parameters:

context - current validation context

Returns:

true if required, false if not

isNotBeforeRequired

protected boolean isNotBeforeRequired(ValidationContext context)

Determine whether NotBefore is required.

Parameters:

context - current validation context

Returns:

true if required, false if not

isNotOnOrAfterRequired

protected boolean isNotOnOrAfterRequired(ValidationContext context)

Determine whether NotOnOrAfter is required.

Parameters:

context - current validation context

Returns:

true if required, false if not

isInResponseToRequired

protected boolean isInResponseToRequired(ValidationContext context)

Determine whether InResponseTo is required.

Parameters:

context - current validation context

Returns:

true if required, false if not

validateInResponseTo

protected ValidationResult validateInResponseTo(@Nonnull
                                                SubjectConfirmation confirmation,
                                                @Nonnull
                                                Assertion assertion,
                                                @Nonnull
                                                ValidationContext context,
                                                boolean required)
                                         throws AssertionValidationException

Validates the InResponseTo condition of the SubjectConfirmationData, if any is present.

Parameters:

confirmation - confirmation method, with SubjectConfirmationData, being validated

assertion - assertion bearing the confirmation method

context - current validation context

required - whether the InResponseTo value is required

Returns:

the result of the validation evaluation

Throws:

AssertionValidationException - thrown if there is a problem determining the validity of the NotBefore

validateNotBefore

@Nonnull
protected ValidationResult validateNotBefore(@Nonnull
                                             SubjectConfirmation confirmation,
                                             @Nonnull
                                             Assertion assertion,
                                             @Nonnull
                                             ValidationContext context,
                                             boolean required)
                                      throws AssertionValidationException

Validates the NotBefore condition of the SubjectConfirmationData, if any is present.

Parameters:

confirmation - confirmation method, with SubjectConfirmationData, being validated

assertion - assertion bearing the confirmation method

context - current validation context

required - whether the NotBefore value is required

Returns:

the result of the validation evaluation

Throws:

AssertionValidationException - thrown if there is a problem determining the validity of the NotBefore

validateNotOnOrAfter

@Nonnull
protected ValidationResult validateNotOnOrAfter(@Nonnull
                                                SubjectConfirmation confirmation,
                                                @Nonnull
                                                Assertion assertion,
                                                @Nonnull
                                                ValidationContext context,
                                                boolean required)
                                         throws AssertionValidationException

Validates the NotOnOrAfter condition of the SubjectConfirmationData, if any is present.

Parameters:

confirmation - confirmation method, with SubjectConfirmationData, being validated

assertion - assertion bearing the confirmation method

context - current validation context

required - whether the NotOnOrAfter value is required

Returns:

the result of the validation evaluation

Throws:

AssertionValidationException - thrown if there is a problem determining the validity of the NotOnOrAFter

validateRecipient

@Nonnull
protected ValidationResult validateRecipient(@Nonnull
                                             SubjectConfirmation confirmation,
                                             @Nonnull
                                             Assertion assertion,
                                             @Nonnull
                                             ValidationContext context,
                                             boolean required)
                                      throws AssertionValidationException

Validates the Recipient condition of the SubjectConfirmationData, if any is present.

Parameters:

confirmation - confirmation method being validated

assertion - assertion bearing the confirmation method

context - current validation context

required - whether the Recipient value is required

Returns:

the result of the validation evaluation

Throws:

AssertionValidationException - thrown if there is a problem determining the validity of the recipient

validateAddress

@Nonnull
protected ValidationResult validateAddress(@Nonnull
                                           SubjectConfirmation confirmation,
                                           @Nonnull
                                           Assertion assertion,
                                           @Nonnull
                                           ValidationContext context,
                                           boolean required)
                                    throws AssertionValidationException

Validates the Address condition of the SubjectConfirmationData, if any is present.

Parameters:

confirmation - confirmation method being validated

assertion - assertion bearing the confirmation method

context - current validation context

required - whether the Address value is required

Returns:

the result of the validation evaluation

Throws:

AssertionValidationException - thrown if there is a problem determining the validity of the address

doValidate

@Nonnull
protected abstract ValidationResult doValidate(@Nonnull
                                               SubjectConfirmation confirmation,
                                               @Nonnull
                                               Assertion assertion,
                                               @Nonnull
                                               ValidationContext context)
                                        throws AssertionValidationException

Performs any further validation required for the specific confirmation method implementation.

Parameters:

confirmation - confirmation method being validated

assertion - assertion bearing the confirmation method

context - current validation context

Returns:

the result of the validation evaluation

Throws:

AssertionValidationException - thrown if further validation finds the confirmation method to be invalid