Package org.pac4j.saml.profile.impl

Class AbstractSAML2ResponseValidator

    • Field Detail

      • logger

        protected final org.slf4j.Logger logger

      • uriComparator

        protected final net.shibboleth.utilities.java.support.net.URIComparator uriComparator

      • decrypter

        protected final org.opensaml.saml.saml2.encryption.Decrypter decrypter

      • logoutHandler

        protected final org.pac4j.core.logout.handler.LogoutHandler logoutHandler

      • acceptedSkew

        protected long acceptedSkew

    • Constructor Detail

      • AbstractSAML2ResponseValidator

        protected AbstractSAML2ResponseValidator​(SAML2SignatureTrustEngineProvider signatureTrustEngineProvider,
                                         org.opensaml.saml.saml2.encryption.Decrypter decrypter,
                                         org.pac4j.core.logout.handler.LogoutHandler logoutHandler,
                                         ReplayCacheProvider replayCache,
                                         net.shibboleth.utilities.java.support.net.URIComparator uriComparator)

    • Method Detail

      • validateSuccess

        protected void validateSuccess​(org.opensaml.saml.saml2.core.Status status)
        Validates that the response is a success.
        Parameters:
        status - the response status.

      • validateSignatureIfItExists

        protected void validateSignatureIfItExists​(org.opensaml.xmlsec.signature.Signature signature,
                                           SAML2MessageContext context,
                                           org.opensaml.xmlsec.signature.support.SignatureTrustEngine engine)

      • validateSignature

        protected void validateSignature​(org.opensaml.xmlsec.signature.Signature signature,
                                 java.lang.String idpEntityId,
                                 org.opensaml.xmlsec.signature.support.SignatureTrustEngine trustEngine)
        Validate the given digital signature by checking its profile and value.
        Parameters:
        signature - the signature
        idpEntityId - the idp entity id
        trustEngine - the trust engine

      • validateIssuerIfItExists

        protected void validateIssuerIfItExists​(org.opensaml.saml.saml2.core.Issuer isser,
                                        SAML2MessageContext context)

      • validateIssuer

        protected void validateIssuer​(org.opensaml.saml.saml2.core.Issuer issuer,
                              SAML2MessageContext context)
        Validate issuer format and value.
        Parameters:
        issuer - the issuer
        context - the context

      • validateIssueInstant

        protected void validateIssueInstant​(java.time.Instant issueInstant)

      • isIssueInstantValid

        protected boolean isIssueInstantValid​(java.time.Instant issueInstant)

      • isDateValid

        protected boolean isDateValid​(java.time.Instant issueInstant,
                              long interval)

      • verifyEndpoint

        protected void verifyEndpoint​(java.util.List<java.lang.String> endpoints,
                              java.lang.String destination,
                              boolean isDestinationMandatory)

      • compareEndpoints

        protected boolean compareEndpoints​(java.lang.String destination,
                                   java.lang.String endpoint)

      • decryptEncryptedId

        protected org.opensaml.saml.saml2.core.NameID decryptEncryptedId​(org.opensaml.saml.saml2.core.EncryptedID encryptedId,
                                                                 org.opensaml.saml.saml2.encryption.Decrypter decrypter)
                                                          throws SAMLException
        Decrypts an EncryptedID, using a decrypter.
        Parameters:
        encryptedId - The EncryptedID to be decrypted.
        decrypter - The decrypter to use.
        Returns:
        Decrypted ID or null if any input is null.
        Throws:
        SAMLException - If the input ID cannot be decrypted.