SwedishEidAssertionValidator (OpenSAML 3.X extension library for the Swedish eID Framework

java.lang.Object
- se.litsec.opensaml.common.validation.AbstractObjectValidator<T>
- - se.litsec.opensaml.common.validation.AbstractSignableObjectValidator<Assertion>
  - - se.litsec.opensaml.saml2.common.assertion.AssertionValidator
    - - se.litsec.swedisheid.opensaml.saml2.validation.SwedishEidAssertionValidator

All Implemented Interfaces:

se.litsec.opensaml.common.validation.ObjectValidator<Assertion>
```
public class SwedishEidAssertionValidator
extends se.litsec.opensaml.saml2.common.assertion.AssertionValidator
```
An assertion validator that makes checks based on what is required by the Swedish eID Framework.
Apart from the validation parameters documented for AssertionValidator, the following static parameters are handled:
- SAML2AssertionValidationParameters.SC_VALID_ADDRESSES: Optional. If the set of InetAddress objects are given, the Address-attribute found in the Subject confirmation will be compared against these.
- SAML2AssertionValidationParameters.SC_VALID_RECIPIENTS: Required. A set of valid recipient URL:s.
- SAML2AssertionValidationParameters.COND_VALID_AUDIENCES: Required. A set of valid audiences of the assertion.
Author:

Martin Lindström (martin.lindstrom@litsec.se)

Field Summary
- Fields inherited from class se.litsec.opensaml.saml2.common.assertion.AssertionValidator
  conditionValidators, RESPONSE_ISSUE_INSTANT, subjectConfirmationValidators
- Fields inherited from class se.litsec.opensaml.common.validation.AbstractSignableObjectValidator
  signaturePrevalidator, trustEngine
- Fields inherited from class se.litsec.opensaml.common.validation.AbstractObjectValidator
  DEFAULT_ALLOWED_CLOCK_SKEW, DEFAULT_MAX_AGE_RECEIVED_MESSAGE

Constructor Summary

Constructors
Constructor and Description
`SwedishEidAssertionValidator(SignatureTrustEngine trustEngine, SignaturePrevalidator signaturePrevalidator)` Constructor setting up the validator with the following validators: confirmationValidators: `SwedishEidSubjectConfirmationValidator` conditionValidators: `AudienceRestrictionConditionValidator` statementValidators: `SwedishEidAuthnStatementValidator`, `SwedishEidAttributeStatementValidator`.
`SwedishEidAssertionValidator(SignatureTrustEngine trustEngine, SignaturePrevalidator signaturePrevalidator, Collection<SubjectConfirmationValidator> confirmationValidators, Collection<ConditionValidator> conditionValidators, Collection<StatementValidator> statementValidators)` Constructor.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected ValidationResult`	`validateConditions(Assertion assertion, ValidationContext context)` Extends the base implementation with requirements from the Swedish eID Framework.
`protected ValidationResult`	`validateStatements(Assertion assertion, ValidationContext context)` Overrides the default implementation with checks to ensure the the `AuthnStatement` and `AttributeStatement` elements are in place.
`protected ValidationResult`	`validateSubject(Assertion assertion, ValidationContext context)` A `Subject` element in the Assertion is required by the Swedish eID Framework.

Methods inherited from class se.litsec.opensaml.saml2.common.assertion.AssertionValidator
getID, getIssuer, getObjectName, validate, validateConditionsTimeBounds, validateID, validateIssueInstant, validateIssuer, validateSubjectConfirmations, validateVersion

Methods inherited from class se.litsec.opensaml.common.validation.AbstractSignableObjectValidator
getSignatureValidationCriteriaSet, performSignatureValidation, validateSignature

Methods inherited from class se.litsec.opensaml.common.validation.AbstractObjectValidator
getAllowedClockSkew, getMaxAgeReceivedMessage, getReceiveInstant, isStrictValidation

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SwedishEidAssertionValidator
```
public SwedishEidAssertionValidator(SignatureTrustEngine trustEngine,
                                    SignaturePrevalidator signaturePrevalidator)
```
    Constructor setting up the validator with the following validators:
    - confirmationValidators: SwedishEidSubjectConfirmationValidator
    - conditionValidators: AudienceRestrictionConditionValidator
    - statementValidators: SwedishEidAuthnStatementValidator, SwedishEidAttributeStatementValidator.
    Parameters:
    
    trustEngine - the trust used to validate the object's signature
    
    signaturePrevalidator - the signature pre-validator used to pre-validate the object's signature
  - SwedishEidAssertionValidator
```
public SwedishEidAssertionValidator(SignatureTrustEngine trustEngine,
                                    SignaturePrevalidator signaturePrevalidator,
                                    Collection<SubjectConfirmationValidator> confirmationValidators,
                                    Collection<ConditionValidator> conditionValidators,
                                    Collection<StatementValidator> statementValidators)
```
    Constructor.
    
    Parameters:
    
    trustEngine - the trust used to validate the object's signature
    
    signaturePrevalidator - the signature pre-validator used to pre-validate the object's signature
    
    confirmationValidators - validators used to validate SubjectConfirmation methods within the assertion
    
    conditionValidators - validators used to validate the Condition elements within the assertion
    
    statementValidators - validators used to validate Statements within the assertion
- Method Detail
  - validateSubject
```
protected ValidationResult validateSubject(Assertion assertion,
                                           ValidationContext context)
```
    A Subject element in the Assertion is required by the Swedish eID Framework. We assert that and that it holds a NameID value of the correct format. We also check that there is a SubjectConfirmation element for the bearer method. After that, the base implementation may execute.
    
    Overrides:
    
    validateSubject in class se.litsec.opensaml.saml2.common.assertion.AssertionValidator
  - validateConditions
```
protected ValidationResult validateConditions(Assertion assertion,
                                              ValidationContext context)
```
    Extends the base implementation with requirements from the Swedish eID Framework.
    
    Overrides:
    
    validateConditions in class se.litsec.opensaml.saml2.common.assertion.AssertionValidator
  - validateStatements
```
protected ValidationResult validateStatements(Assertion assertion,
                                              ValidationContext context)
```
    Overrides the default implementation with checks to ensure the the AuthnStatement and AttributeStatement elements are in place.
    
    Overrides:
    
    validateStatements in class se.litsec.opensaml.saml2.common.assertion.AssertionValidator

Class SwedishEidAssertionValidator

Field Summary

Fields inherited from class se.litsec.opensaml.saml2.common.assertion.AssertionValidator

Fields inherited from class se.litsec.opensaml.common.validation.AbstractSignableObjectValidator

Fields inherited from class se.litsec.opensaml.common.validation.AbstractObjectValidator

Constructor Summary

Method Summary

Methods inherited from class se.litsec.opensaml.saml2.common.assertion.AssertionValidator

Methods inherited from class se.litsec.opensaml.common.validation.AbstractSignableObjectValidator

Methods inherited from class se.litsec.opensaml.common.validation.AbstractObjectValidator

Methods inherited from class java.lang.Object

Constructor Detail

SwedishEidAssertionValidator

SwedishEidAssertionValidator

Method Detail

validateSubject

validateConditions

validateStatements