Class ResponseProcessorImpl
- java.lang.Object
-
- se.litsec.opensaml.saml2.common.response.ResponseProcessorImpl
-
- All Implemented Interfaces:
ResponseProcessor
public class ResponseProcessorImpl extends Object implements ResponseProcessor
Response processor for SAML Response messages.Note that
initialize()must be invoked before the bean can be used.- Author:
- Martin Lindström (martin.lindstrom@litsec.se)
-
-
Field Summary
Fields Modifier and Type Field Description protected AssertionValidatorassertionValidatorThe assertion validator.protected SAMLObjectDecrypterdecrypterThe decrypter instance.protected MessageReplayCheckermessageReplayCheckerThe replay checker.protected MetadataCredentialResolvermetadataCredentialResolverUsed to locate certificates from the IdP metadata.protected booleanrequireEncryptedAssertionsDo we require assertions to be encrypted? The default istrue.protected ResponseValidationSettingsresponseValidationSettingsStatic response validation settings.protected ResponseValidatorresponseValidatorThe response validator.protected SignaturePrevalidatorsignatureProfileValidatorValidator for checking the a Signature is correct with respect to the standards.protected SignatureTrustEnginesignatureTrustEngineThe signature trust engine to be used when validating signatures.
-
Constructor Summary
Constructors Constructor Description ResponseProcessorImpl()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected AssertionValidatorcreateAssertionValidator(SignatureTrustEngine signatureTrustEngine, SignaturePrevalidator signatureProfileValidator)Sets up the assertion validator.protected ResponseValidatorcreateResponseValidator(SignatureTrustEngine signatureTrustEngine, SignaturePrevalidator signatureProfileValidator)Sets up the response validator.protected ResponsedecodeResponse(String samlResponse)Decodes the received SAML response message into aResponseobject.voidinitialize()Initializes the component.ResponseProcessingResultprocessSamlResponse(String samlResponse, String relayState, ResponseProcessingInput input, PeerMetadataResolver peerMetadataResolver, ValidationContext validationContext)Processes a SAML response including signature validation and assertion decryption.voidsetDecrypter(SAMLObjectDecrypter decrypter)Assigns the decrypter instance.voidsetMessageReplayChecker(MessageReplayChecker messageReplayChecker)Assigns the message replay checker to use.voidsetRequireEncryptedAssertions(boolean requireEncryptedAssertions)Assigns whether require assertions to be encrypted? The default istrue.voidsetResponseValidationSettings(ResponseValidationSettings responseValidationSettings)Assigns the response validation settings.protected voidvalidateAssertion(Assertion assertion, Response response, ResponseProcessingInput input, EntityDescriptor idpMetadata, ValidationContext validationContext)Validates the assertion.protected voidvalidateRelayState(Response response, String relayState, ResponseProcessingInput input)Validates the received relay state matches what we sent.protected voidvalidateResponse(Response response, String relayState, ResponseProcessingInput input, EntityDescriptor idpMetadata, ValidationContext validationContext)Validates the response including its signature.
-
-
-
Field Detail
-
decrypter
protected SAMLObjectDecrypter decrypter
The decrypter instance.
-
messageReplayChecker
protected MessageReplayChecker messageReplayChecker
The replay checker.
-
metadataCredentialResolver
protected MetadataCredentialResolver metadataCredentialResolver
Used to locate certificates from the IdP metadata.
-
signatureTrustEngine
protected SignatureTrustEngine signatureTrustEngine
The signature trust engine to be used when validating signatures.
-
signatureProfileValidator
protected SignaturePrevalidator signatureProfileValidator
Validator for checking the a Signature is correct with respect to the standards.
-
responseValidator
protected ResponseValidator responseValidator
The response validator.
-
assertionValidator
protected AssertionValidator assertionValidator
The assertion validator.
-
responseValidationSettings
protected ResponseValidationSettings responseValidationSettings
Static response validation settings.
-
requireEncryptedAssertions
protected boolean requireEncryptedAssertions
Do we require assertions to be encrypted? The default istrue.
-
-
Method Detail
-
processSamlResponse
public ResponseProcessingResult processSamlResponse(String samlResponse, String relayState, ResponseProcessingInput input, PeerMetadataResolver peerMetadataResolver, ValidationContext validationContext) throws ResponseStatusErrorException, ResponseProcessingException
Processes a SAML response including signature validation and assertion decryption.- Specified by:
processSamlResponsein interfaceResponseProcessor- Parameters:
samlResponse- the base64 encoded SAML responserelayState- the received relay stateinput- the processing inputpeerMetadataResolver- a resolver for finding the peer metadata entryvalidationContext- optional validation context for controlling the validation and assertion validation process- Returns:
- a result
- Throws:
ResponseStatusErrorException- if the response indicates a non-successfulStatusResponseProcessingException- for other processing errors
-
initialize
public void initialize() throws ExceptionInitializes the component.- Throws:
Exception- for initialization errors
-
createResponseValidator
protected ResponseValidator createResponseValidator(SignatureTrustEngine signatureTrustEngine, SignaturePrevalidator signatureProfileValidator)
Sets up the response validator.The default implementation creates a
ResponseValidatorinstance. For use within the Swedish eID framework subclasses should create aSwedishEidResponseValidatorinstance, see the swedish-eid-opensaml library (https://github.com/litsec/swedish-eid-opensaml).- Parameters:
signatureTrustEngine- the signature trust engine to be used when validating signaturessignatureProfileValidator- validator for checking the a Signature is correct with respect to the standards- Returns:
- the created response validator
-
createAssertionValidator
protected AssertionValidator createAssertionValidator(SignatureTrustEngine signatureTrustEngine, SignaturePrevalidator signatureProfileValidator)
Sets up the assertion validator.The default implementation creates a
AssertionValidatorinstance. For use within the Swedish eID framework subclasses should create aSwedishEidAssertionValidatorinstance, see the swedish-eid-opensaml library (https://github.com/litsec/swedish-eid-opensaml).- Parameters:
signatureTrustEngine- the signature trust engine to be used when validating signaturessignatureProfileValidator- validator for checking the a Signature is correct with respect to the standards- Returns:
- the created assertion validator
-
decodeResponse
protected Response decodeResponse(String samlResponse) throws ResponseProcessingException
Decodes the received SAML response message into aResponseobject.- Parameters:
samlResponse- the Base64 encoded SAML response- Returns:
- a
Responseobject - Throws:
ResponseProcessingException- for decoding errors
-
validateResponse
protected void validateResponse(Response response, String relayState, ResponseProcessingInput input, EntityDescriptor idpMetadata, ValidationContext validationContext) throws ResponseValidationException
Validates the response including its signature.- Parameters:
response- the response to verifyrelayState- the relay state that was receivedinput- the processing inputidpMetadata- the IdP metadatavalidationContext- optional validation context- Throws:
ResponseValidationException- for validation errors
-
validateRelayState
protected void validateRelayState(Response response, String relayState, ResponseProcessingInput input) throws ResponseValidationException
Validates the received relay state matches what we sent.- Parameters:
response- the responserelayState- the received relay stateinput- the response processing input- Throws:
ResponseValidationException- for validation errors
-
validateAssertion
protected void validateAssertion(Assertion assertion, Response response, ResponseProcessingInput input, EntityDescriptor idpMetadata, ValidationContext validationContext) throws ResponseValidationException
Validates the assertion.- Parameters:
assertion- the assertion to validateresponse- the response that contained the assertioninput- the processing inputidpMetadata- the IdP metadatvalidationContext- optional validation context- Throws:
ResponseValidationException- for validation errors
-
setDecrypter
public void setDecrypter(SAMLObjectDecrypter decrypter)
Assigns the decrypter instance.- Parameters:
decrypter- the decrypter
-
setMessageReplayChecker
public void setMessageReplayChecker(MessageReplayChecker messageReplayChecker)
Assigns the message replay checker to use.- Parameters:
messageReplayChecker- message replay checker
-
setResponseValidationSettings
public void setResponseValidationSettings(ResponseValidationSettings responseValidationSettings)
Assigns the response validation settings.- Parameters:
responseValidationSettings- validation settings
-
setRequireEncryptedAssertions
public void setRequireEncryptedAssertions(boolean requireEncryptedAssertions)
Assigns whether require assertions to be encrypted? The default istrue.- Parameters:
requireEncryptedAssertions- boolean
-
-