DOMSAMLUtil (Apache WSS4J DOM WS-Security 2.0.2 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.wss4j.dom.saml
Class DOMSAMLUtil

java.lang.Object
  org.apache.wss4j.dom.saml.DOMSAMLUtil

public final class DOMSAMLUtil
extends Object
extends Object

Some SAML Utility methods only for use in the DOM code.

Method Summary
`static boolean`	`checkHolderOfKey(SamlAssertionWrapper assertionWrapper, List<WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)` Check the holder-of-key requirements against the received assertion.
`static boolean`	`checkSenderVouches(SamlAssertionWrapper assertionWrapper, Certificate[] tlsCerts, Element body, List<WSSecurityEngineResult> signed)` Check the sender-vouches requirements against the received assertion.
`static boolean`	`compareCredentials(SAMLKeyInfo subjectKeyInfo, List<WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)` Compare the credentials of the assertion to the credentials used in 2-way TLS or those used to verify signatures.
`static void`	`validateSAMLResults(List<WSSecurityEngineResult> results, Certificate[] tlsCerts, Element body)`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Method Detail

validateSAMLResults

public static void validateSAMLResults(List<WSSecurityEngineResult> results,
                                       Certificate[] tlsCerts,
                                       Element body)
                                throws WSSecurityException

Throws:: WSSecurityException

checkHolderOfKey

public static boolean checkHolderOfKey(SamlAssertionWrapper assertionWrapper,
                                       List<WSSecurityEngineResult> signedResults,
                                       Certificate[] tlsCerts)

Check the holder-of-key requirements against the received assertion. The subject credential of the SAML Assertion must have been used to sign some portion of the message, thus showing proof-of-possession of the private/secret key. Alternatively, the subject credential of the SAML Assertion must match a client certificate credential when 2-way TLS is used.

Parameters:: assertionWrapper - the SAML Assertion wrapper object; signedResults - a list of all of the signed results

compareCredentials

public static boolean compareCredentials(SAMLKeyInfo subjectKeyInfo,
                                         List<WSSecurityEngineResult> signedResults,
                                         Certificate[] tlsCerts)

Compare the credentials of the assertion to the credentials used in 2-way TLS or those used to verify signatures. Return true on a match

Parameters:: subjectKeyInfo - the SAMLKeyInfo object; signedResults - a list of all of the signed results
Returns:: true if the credentials of the assertion were used to verify a signature

checkSenderVouches

public static boolean checkSenderVouches(SamlAssertionWrapper assertionWrapper,
                                         Certificate[] tlsCerts,
                                         Element body,
                                         List<WSSecurityEngineResult> signed)

Check the sender-vouches requirements against the received assertion. The SAML Assertion and the SOAP Body must be signed by the same signature.