se.litsec.swedisheid.opensaml.saml2.validation

Class SwedishEidResponseValidator

java.lang.Object

se.litsec.opensaml.common.validation.AbstractObjectValidator<T>

se.litsec.opensaml.common.validation.AbstractSignableObjectValidator<Response>

se.litsec.opensaml.saml2.common.response.ResponseValidator

se.litsec.swedisheid.opensaml.saml2.validation.SwedishEidResponseValidator

All Implemented Interfaces:

se.litsec.opensaml.common.validation.ObjectValidator<Response>

public class SwedishEidResponseValidator
extends se.litsec.opensaml.saml2.common.response.ResponseValidator

Extends the default response validator with requirements for the Swedish eID Framework.

Supports the following ValidationContext static parameters as described in ResponseValidator.

Author:

Martin Lindström (martin.lindstrom@litsec.se)

Field Summary

Fields inherited from class se.litsec.opensaml.common.validation.AbstractSignableObjectValidator

signaturePrevalidator, trustEngine

Fields inherited from class se.litsec.opensaml.common.validation.AbstractObjectValidator

DEFAULT_ALLOWED_CLOCK_SKEW, DEFAULT_MAX_AGE_RECEIVED_MESSAGE

Constructor Summary

Constructors

Constructor and Description
SwedishEidResponseValidator(SignatureTrustEngine trustEngine, SignaturePrevalidator signaturePrevalidator) Constructor.

Method Summary

Modifier and Type	Method and Description
ValidationResult	validateAssertions(Response response, ValidationContext context) Checks according to ResponseValidator.validateAssertions(Response, ValidationContext) and extends the check to validate that assertion is encrypted.
protected ValidationResult	validateSignature(Response token, ValidationContext context) Overrides the default signature validation by enforcing signature validation because a Response message MUST be signed according to the Swedish eID Framework.

Methods inherited from class se.litsec.opensaml.saml2.common.response.ResponseValidator

getID, getIssuer, getObjectName, validate, validateConsent, validateDestination, validateExtensions, validateID, validateInResponseTo, validateIssueInstant, validateIssuer, validateStatus, validateVersion

Methods inherited from class se.litsec.opensaml.common.validation.AbstractSignableObjectValidator

getSignatureValidationCriteriaSet, performSignatureValidation

Methods inherited from class se.litsec.opensaml.common.validation.AbstractObjectValidator

getAllowedClockSkew, getMaxAgeReceivedMessage, getReceiveInstant, isStrictValidation

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SwedishEidResponseValidator

public SwedishEidResponseValidator(SignatureTrustEngine trustEngine,
                                   SignaturePrevalidator signaturePrevalidator)
                            throws IllegalArgumentException

Constructor.

Parameters:

trustEngine - the trust used to validate the object's signature

signaturePrevalidator - the signature pre-validator used to pre-validate the object's signature

Throws:

IllegalArgumentException - if null values are supplied

Method Detail

validateSignature

protected ValidationResult validateSignature(Response token,
                                             ValidationContext context)

Overrides the default signature validation by enforcing signature validation because a Response message MUST be signed according to the Swedish eID Framework.

Overrides:

validateSignature in class se.litsec.opensaml.common.validation.AbstractSignableObjectValidator<Response>

validateAssertions

public ValidationResult validateAssertions(Response response,
                                           ValidationContext context)

Checks according to ResponseValidator.validateAssertions(Response, ValidationContext) and extends the check to validate that assertion is encrypted.

Overrides:

validateAssertions in class se.litsec.opensaml.saml2.common.response.ResponseValidator