Package org.apache.wss4j.dom.saml
Class DOMSAMLUtil
- java.lang.Object
-
- org.apache.wss4j.dom.saml.DOMSAMLUtil
-
public final class DOMSAMLUtil extends Object
Some SAML Utility methods only for use in the DOM code.
-
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static boolean
checkHolderOfKey(SamlAssertionWrapper assertionWrapper, List<WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)
Check the holder-of-key requirements against the received assertion.static boolean
checkSenderVouches(SamlAssertionWrapper assertionWrapper, Certificate[] tlsCerts, Element body, List<WSSecurityEngineResult> signed)
Check the sender-vouches requirements against the received assertion.static boolean
compareCredentials(SAMLKeyInfo subjectKeyInfo, List<WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)
Compare the credentials of the assertion to the credentials used in 2-way TLS or those used to verify signatures.static void
validateSAMLResults(WSHandlerResult handlerResults, Certificate[] tlsCerts, Element body)
-
-
-
Method Detail
-
validateSAMLResults
public static void validateSAMLResults(WSHandlerResult handlerResults, Certificate[] tlsCerts, Element body) throws WSSecurityException
- Throws:
WSSecurityException
-
checkHolderOfKey
public static boolean checkHolderOfKey(SamlAssertionWrapper assertionWrapper, List<WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)
Check the holder-of-key requirements against the received assertion. The subject credential of the SAML Assertion must have been used to sign some portion of the message, thus showing proof-of-possession of the private/secret key. Alternatively, the subject credential of the SAML Assertion must match a client certificate credential when 2-way TLS is used.- Parameters:
assertionWrapper
- the SAML Assertion wrapper objectsignedResults
- a list of all of the signed results
-
compareCredentials
public static boolean compareCredentials(SAMLKeyInfo subjectKeyInfo, List<WSSecurityEngineResult> signedResults, Certificate[] tlsCerts)
Compare the credentials of the assertion to the credentials used in 2-way TLS or those used to verify signatures. Return true on a match- Parameters:
subjectKeyInfo
- the SAMLKeyInfo objectsignedResults
- a list of all of the signed results- Returns:
- true if the credentials of the assertion were used to verify a signature
-
checkSenderVouches
public static boolean checkSenderVouches(SamlAssertionWrapper assertionWrapper, Certificate[] tlsCerts, Element body, List<WSSecurityEngineResult> signed)
Check the sender-vouches requirements against the received assertion. The SAML Assertion and the SOAP Body must be signed by the same signature.
-
-