public class DefaultSAML20AssertionValidationContextBuilder extends Object implements com.google.common.base.Function<SAML20AssertionTokenValidationInput,ValidationContext>
ValidationContext
from an instance of SAML20AssertionTokenValidationInput.| Modifier and Type | Field and Description |
|---|---|
private org.slf4j.Logger |
log
Logger.
|
private com.google.common.base.Function<Pair<org.opensaml.messaging.context.MessageContext,Assertion>,CriteriaSet> |
signatureCriteriaSetFunction
A function for resolving the signature validation CriteriaSet for a particular function.
|
private boolean |
signatureRequired
Flag indicating whether an Assertion signature is required.
|
| Constructor and Description |
|---|
DefaultSAML20AssertionValidationContextBuilder()
Constructor.
|
| Modifier and Type | Method and Description |
|---|---|
ValidationContext |
apply(SAML20AssertionTokenValidationInput input) |
protected Map<String,Object> |
buildStaticParameters(SAML20AssertionTokenValidationInput input)
Build the static parameters map for input to the
ValidationContext. |
protected X509Certificate |
getAttesterCertificate(SAML20AssertionTokenValidationInput input)
Get the attesting entity's
X509Certificate. |
protected String |
getAttesterIPAddress(SAML20AssertionTokenValidationInput input)
Get the attester's IP address.
|
protected PublicKey |
getAttesterPublicKey(SAML20AssertionTokenValidationInput input)
Get the attesting entity's
PublicKey. |
protected CriteriaSet |
getSignatureCriteriaSet(SAML20AssertionTokenValidationInput input)
Get the signature validation criteria set.
|
com.google.common.base.Function<Pair<org.opensaml.messaging.context.MessageContext,Assertion>,CriteriaSet> |
getSignatureCriteriaSetFunction()
Get the function for resolving the signature validation CriteriaSet for a particular function.
|
protected Set<InetAddress> |
getValidAddresses(SAML20AssertionTokenValidationInput input)
Get the set of addresses which are valid for subject confirmation.
|
protected Set<String> |
getValidAudiences(SAML20AssertionTokenValidationInput input)
Get the valid audiences for attestation.
|
protected Set<String> |
getValidRecipients(SAML20AssertionTokenValidationInput input)
Get the valid recipient endpoints for attestation.
|
boolean |
isSignatureRequired()
Get the flag indicating whether an Assertion signature is required.
|
void |
setSignatureCriteriaSetFunction(com.google.common.base.Function<Pair<org.opensaml.messaging.context.MessageContext,Assertion>,CriteriaSet> function)
Set the function for resolving the signature validation CriteriaSet for a particular function.
|
void |
setSignatureRequired(boolean flag)
Set the flag indicating whether an Assertion signature is required.
|
private org.slf4j.Logger log
private com.google.common.base.Function<Pair<org.opensaml.messaging.context.MessageContext,Assertion>,CriteriaSet> signatureCriteriaSetFunction
private boolean signatureRequired
public DefaultSAML20AssertionValidationContextBuilder()
public boolean isSignatureRequired()
Defaults to: true.
public void setSignatureRequired(boolean flag)
Defaults to: true.
flag - true if required, false if not@Nullable public com.google.common.base.Function<Pair<org.opensaml.messaging.context.MessageContext,Assertion>,CriteriaSet> getSignatureCriteriaSetFunction()
Defaults to: null.
public void setSignatureCriteriaSetFunction(@Nullable com.google.common.base.Function<Pair<org.opensaml.messaging.context.MessageContext,Assertion>,CriteriaSet> function)
Defaults to: null.
function - the resolving function, may be null@Nullable public ValidationContext apply(@Nullable SAML20AssertionTokenValidationInput input)
apply in interface com.google.common.base.Function<SAML20AssertionTokenValidationInput,ValidationContext>@Nonnull protected Map<String,Object> buildStaticParameters(@Nonnull SAML20AssertionTokenValidationInput input)
ValidationContext.input - the assertion validation input@Nonnull protected CriteriaSet getSignatureCriteriaSet(@Nonnull SAML20AssertionTokenValidationInput input)
This implementation first evaluates the result of applying the function
getSignatureCriteriaSetFunction(), if configured. If that evaluation did not
produce an EntityIdCriterion, one is added based on the issuer of the Assertion.
If that evaluation did not produce an instance of UsageCriterion, one is added with
the value of UsageType.SIGNING.
input - the assertion validation input@Nullable protected X509Certificate getAttesterCertificate(@Nonnull SAML20AssertionTokenValidationInput input)
X509Certificate.
This implementation returns the client TLS certificate present in the
HttpServletRequest, or null if one is not present.
input - the assertion validation input@Nullable protected PublicKey getAttesterPublicKey(@Nonnull SAML20AssertionTokenValidationInput input)
PublicKey.
This implementation returns null. Subclasses should override to implement specific logic.
input - the assertion validation input@Nonnull protected Set<String> getValidRecipients(@Nonnull SAML20AssertionTokenValidationInput input)
This implementation returns a set containing the 2 values;
HttpServletRequest.getRequestURL()
AbstractSAMLEntityContext.getEntityId()
input - the assertion validation input@Nonnull protected Set<InetAddress> getValidAddresses(@Nonnull SAML20AssertionTokenValidationInput input)
This implementation simply returns the set based on
getAttesterIPAddress(SAML20AssertionTokenValidationInput), if that produces a value.
Otherwise an empty set is returned.
input - the assertion validation input@Nonnull protected String getAttesterIPAddress(@Nonnull SAML20AssertionTokenValidationInput input)
This implementation returns the value of ServletRequest.getRemoteAddr().
input - the assertion validation input@Nonnull protected Set<String> getValidAudiences(@Nonnull SAML20AssertionTokenValidationInput input)
This implementation returns a set containing the single entityID held by the message context's
AbstractSAMLEntityContext.getEntityId(), if present. Otherwise an empty set is returned.
input - the assertion validation inputCopyright © 1999–2019 Shibboleth Consortium. All rights reserved.