SAML2AssertionValidator.java revision 4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1c
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: SAML2AssertionValidator.java,v 1.7 2010/01/15 18:54:34 mrudul_uchil Exp $
*
*/
/**
* This class validates SAML2 Assertions using local configuration.
*/
public class SAML2AssertionValidator {
// private Set trustedIssuers = null;
throw new SecurityException(
}
try {
if(!samlAssertion.isSigned()) {
throw new SecurityException(
}
throw new SecurityException(
}
boolean issuerTrusted = false;
if (index == -1) {
throw new SecurityException(
} else {
issuerTrusted = true;
break;
}
}
}
}
}
}
}
if(!issuerTrusted) {
throw new SecurityException(
}
//Verify signature on Assertion
try {
}
+ " Signature verification for the assertion failed");
}
throw new SecurityException(
} else {
+ "Signature verification successful for the Assertion");
}
}
" validation on Assertion failed", ex);
throw new SecurityException(
}
if(!samlAssertion.isTimeValid()) {
throw new SecurityException(
}
throw new SecurityException(
}
if(subjectName == null) {
throw new SecurityException(
}
}
}
}
} catch (SAML2Exception se) {
}
}
throws SecurityException {
/* TODO validate using valid IP Addresses
if(subjectLocality != null) {
String ipAddress = subjectLocality.getAddress();
if(ipAddress != null &&
!stsConfig.getTrustedIPAddresses().contains(ipAddress)) {
throw new SecurityException(
WSSUtils.bundle.getString("invalidIPAddress"));
}
}*/
// TODO we need to have valid auth context refs and the corresponding
// authmethod/authlevel mappings .
if(authnContext != null) {
}
}
private void validateAttributeStatement(
if(!attributes.isEmpty()) {
}
if (i != 0) {
}
}
}
}
}
public Map getAttributes() {
return attributeMap;
}
public String getSubjectName() {
return subjectName;
}
public X509Certificate getKeyInfoCert() {
return cert;
}
return null;
}
if(confirmationData == null) {
return null;
}
return null;
}
}
}