/** * Check the Conditions of the Assertion. */ protected void checkConditions( SamlAssertionWrapper samlAssertion, List<String> audienceRestrictions ) throws WSSecurityException { checkConditions(samlAssertion); samlAssertion.checkAudienceRestrictions(audienceRestrictions); }
/** * Validate the credential argument. It must contain a non-null SamlAssertionWrapper. * A Crypto and a CallbackHandler implementation is also required to be set. * * @param credential the Credential to be validated * @param data the RequestData associated with the request * @throws WSSecurityException on a failed validation */ public Credential validate(Credential credential, RequestData data) throws WSSecurityException { if (credential == null || credential.getSamlAssertion() == null) { throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential"); } SamlAssertionWrapper samlAssertion = credential.getSamlAssertion(); // Check the Subject Confirmation requirements verifySubjectConfirmationMethod(samlAssertion); // Check conditions checkConditions(samlAssertion, data.getAudienceRestrictions()); // Check the AuthnStatements of the assertion (if any) checkAuthnStatements(samlAssertion); // Check OneTimeUse Condition checkOneTimeUse(samlAssertion, data); // Validate the assertion against schemas/profiles validateAssertion(samlAssertion); // Verify trust on the signature if (samlAssertion.isSigned()) { verifySignedAssertion(samlAssertion, data); } return credential; }