Class SwedishEidAssertionValidator
- java.lang.Object
-
- se.litsec.opensaml.common.validation.AbstractObjectValidator<T>
-
- se.litsec.opensaml.common.validation.AbstractSignableObjectValidator<Assertion>
-
- se.litsec.opensaml.saml2.common.assertion.AssertionValidator
-
- se.litsec.swedisheid.opensaml.saml2.validation.SwedishEidAssertionValidator
-
- All Implemented Interfaces:
ObjectValidator<Assertion>
public class SwedishEidAssertionValidator extends AssertionValidator
An assertion validator that makes checks based on what is required by the Swedish eID Framework.Apart from the validation parameters documented for
AssertionValidator, the following static parameters are handled:-
SAML2AssertionValidationParameters.SC_VALID_ADDRESSES: Optional. If the set ofInetAddressobjects are given, the Address-attribute found in the Subject confirmation will be compared against these. -
SAML2AssertionValidationParameters.SC_VALID_RECIPIENTS: Required. A set of valid recipient URL:s. -
SAML2AssertionValidationParameters.COND_VALID_AUDIENCES: Required. A set of valid audiences of the assertion.
- Author:
- Martin Lindström (martin.lindstrom@litsec.se)
-
-
Field Summary
-
Fields inherited from class se.litsec.opensaml.saml2.common.assertion.AssertionValidator
conditionValidators, RESPONSE_ISSUE_INSTANT, subjectConfirmationValidators
-
Fields inherited from class se.litsec.opensaml.common.validation.AbstractSignableObjectValidator
signaturePrevalidator, trustEngine
-
Fields inherited from class se.litsec.opensaml.common.validation.AbstractObjectValidator
DEFAULT_MAX_AGE_RECEIVED_MESSAGE
-
-
Constructor Summary
Constructors Constructor Description SwedishEidAssertionValidator(SignatureTrustEngine trustEngine, SignaturePrevalidator signaturePrevalidator)Constructor setting up the validator with the following validators: confirmationValidators:SwedishEidSubjectConfirmationValidatorconditionValidators:AudienceRestrictionConditionValidatorstatementValidators:SwedishEidAuthnStatementValidator,SwedishEidAttributeStatementValidator.SwedishEidAssertionValidator(SignatureTrustEngine trustEngine, SignaturePrevalidator signaturePrevalidator, Collection<SubjectConfirmationValidator> confirmationValidators, Collection<ConditionValidator> conditionValidators, Collection<StatementValidator> statementValidators)Constructor.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected ValidationResultvalidateConditions(Assertion assertion, ValidationContext context)Extends the base implementation with requirements from the Swedish eID Framework.protected ValidationResultvalidateStatements(Assertion assertion, ValidationContext context)Overrides the default implementation with checks to ensure the theAuthnStatementandAttributeStatementelements are in place.protected ValidationResultvalidateSubject(Assertion assertion, ValidationContext context)ASubjectelement in the Assertion is required by the Swedish eID Framework.-
Methods inherited from class se.litsec.opensaml.saml2.common.assertion.AssertionValidator
getID, getIssuer, getObjectName, getResponseIssueInstant, validate, validateConditionsTimeBounds, validateID, validateIssueInstant, validateIssuer, validateSubjectConfirmations, validateVersion
-
Methods inherited from class se.litsec.opensaml.common.validation.AbstractSignableObjectValidator
getSignatureValidationCriteriaSet, performSignatureValidation, validateSignature
-
Methods inherited from class se.litsec.opensaml.common.validation.AbstractObjectValidator
getAllowedClockSkew, getMaxAgeReceivedMessage, getReceiveInstant, isStrictValidation
-
-
-
-
Constructor Detail
-
SwedishEidAssertionValidator
public SwedishEidAssertionValidator(SignatureTrustEngine trustEngine, SignaturePrevalidator signaturePrevalidator)
Constructor setting up the validator with the following validators:- confirmationValidators:
SwedishEidSubjectConfirmationValidator - conditionValidators:
AudienceRestrictionConditionValidator - statementValidators:
SwedishEidAuthnStatementValidator,SwedishEidAttributeStatementValidator.
- Parameters:
trustEngine- the trust used to validate the object's signaturesignaturePrevalidator- the signature pre-validator used to pre-validate the object's signature
- confirmationValidators:
-
SwedishEidAssertionValidator
public SwedishEidAssertionValidator(SignatureTrustEngine trustEngine, SignaturePrevalidator signaturePrevalidator, Collection<SubjectConfirmationValidator> confirmationValidators, Collection<ConditionValidator> conditionValidators, Collection<StatementValidator> statementValidators)
Constructor.- Parameters:
trustEngine- the trust used to validate the object's signaturesignaturePrevalidator- the signature pre-validator used to pre-validate the object's signatureconfirmationValidators- validators used to validateSubjectConfirmationmethods within the assertionconditionValidators- validators used to validate theConditionelements within the assertionstatementValidators- validators used to validateStatements within the assertion
-
-
Method Detail
-
validateSubject
protected ValidationResult validateSubject(Assertion assertion, ValidationContext context)
ASubjectelement in the Assertion is required by the Swedish eID Framework. We assert that and that it holds a NameID value of the correct format. We also check that there is aSubjectConfirmationelement for the bearer method. After that, the base implementation may execute.- Overrides:
validateSubjectin classAssertionValidator
-
validateConditions
protected ValidationResult validateConditions(Assertion assertion, ValidationContext context)
Extends the base implementation with requirements from the Swedish eID Framework.- Overrides:
validateConditionsin classAssertionValidator
-
validateStatements
protected ValidationResult validateStatements(Assertion assertion, ValidationContext context)
Overrides the default implementation with checks to ensure the theAuthnStatementandAttributeStatementelements are in place.- Overrides:
validateStatementsin classAssertionValidator
-
-