Package se.litsec.opensaml.common.validation

Class AbstractSignableObjectValidator<T extends SignableXMLObject>

java.lang.Object

se.litsec.opensaml.common.validation.AbstractObjectValidator<T>

se.litsec.opensaml.common.validation.AbstractSignableObjectValidator<T>

Type Parameters:

T - the type of the object that is to be validated

All Implemented Interfaces:

ObjectValidator<T>

Direct Known Subclasses:

AssertionValidator, ResponseValidator

public abstract class AbstractSignableObjectValidator<T extends SignableXMLObject>
extends AbstractObjectValidator<T>

Abstract object validator that supports validating signatures.

Supports the following ValidationContext static parameters:

• The static parameters defined in AbstractObjectValidator.
• SAML2AssertionValidationParameters.SIGNATURE_REQUIRED: Optional. If not supplied, defaults to 'true'. If an object is signed, the signature is always evaluated and the result factored into the overall validation result, regardless of the value of this setting.
• SAML2AssertionValidationParameters.SIGNATURE_VALIDATION_CRITERIA_SET: Optional. If not supplied, a minimal criteria set will be constructed which contains an EntityIdCriterion containing the Issuer entityID, and a UsageCriterion of UsageType.SIGNING. If it is supplied, but either of those criteria are absent from the criteria set, they will be added with the above values.

Author:

Martin Lindström (martin.lindstrom@litsec.se)

Field Summary

Fields

Modifier and Type	Field	Description
protected SignaturePrevalidator	signaturePrevalidator	SAML signature profile validator.
protected SignatureTrustEngine	trustEngine	Trust engine for signature evaluation.

Fields inherited from class se.litsec.opensaml.common.validation.AbstractObjectValidator

DEFAULT_MAX_AGE_RECEIVED_MESSAGE

Constructor Summary

Constructors

Constructor	Description
AbstractSignableObjectValidator(SignatureTrustEngine trustEngine, SignaturePrevalidator signaturePrevalidator)	Constructor.

Method Summary

Modifier and Type	Method	Description
protected abstract String	getID(T signableObject)	Returns the ID of the signable object.
protected abstract String	getIssuer(T signableObject)	Returns the issuer of the signable object.
protected abstract String	getObjectName()	Returns the name of the object being validated, e.g.
protected CriteriaSet	getSignatureValidationCriteriaSet(T token, ValidationContext context)	Get the criteria set that will be used in evaluating the Assertion signature via the supplied trust engine.
protected ValidationResult	performSignatureValidation(T token, ValidationContext context)	Handles the actual signature validation.
protected ValidationResult	validateSignature(T token, ValidationContext context)	Validates the signature of the assertion, if it is signed.

Methods inherited from class se.litsec.opensaml.common.validation.AbstractObjectValidator

getAllowedClockSkew, getMaxAgeReceivedMessage, getReceiveInstant, isStrictValidation

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface se.litsec.opensaml.common.validation.ObjectValidator

validate

Field Detail

trustEngine

protected SignatureTrustEngine trustEngine

Trust engine for signature evaluation.

signaturePrevalidator

protected SignaturePrevalidator signaturePrevalidator

SAML signature profile validator.

Constructor Detail

AbstractSignableObjectValidator

public AbstractSignableObjectValidator(SignatureTrustEngine trustEngine,
                                       SignaturePrevalidator signaturePrevalidator)

Constructor.

Parameters:

trustEngine - the trust used to validate the object's signature

signaturePrevalidator - the signature pre-validator used to pre-validate the object's signature

Method Detail

validateSignature

protected ValidationResult validateSignature(T token,
                                             ValidationContext context)

Validates the signature of the assertion, if it is signed.

Parameters:

token - assertion whose signature will be validated

context - current validation context

Returns:

the result of the signature validation

performSignatureValidation

protected ValidationResult performSignatureValidation(T token,
                                                      ValidationContext context)

Handles the actual signature validation.

Parameters:

token - object whose signature will be validated

context - current validation context

Returns:

the validation result

getSignatureValidationCriteriaSet

protected CriteriaSet getSignatureValidationCriteriaSet(T token,
                                                        ValidationContext context)

Get the criteria set that will be used in evaluating the Assertion signature via the supplied trust engine.

Parameters:

token - object whose signature will be validated

context - current validation context

Returns:

the criteria set to use

getIssuer

protected abstract String getIssuer(T signableObject)

Returns the issuer of the signable object.

Parameters:

signableObject - the object being verified

Returns:

the issuer

getID

protected abstract String getID(T signableObject)

Returns the ID of the signable object.

Parameters:

signableObject - the object being verified

Returns:

the ID

getObjectName

protected abstract String getObjectName()

Returns the name of the object being validated, e.g. "Assertion". Used for logging.

Returns:

the object name