org.opensaml.xml.validation.ValidationException Java Examples

The following examples show how to use org.opensaml.xml.validation.ValidationException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AssertionSpecValidator.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Checks that the Subject element is present when required.
 * 
 * @param assertion
 * @throws ValidationException
 */
protected void validateSubject(Assertion assertion) throws ValidationException {
    if ((assertion.getStatements() == null || assertion.getStatements().size() == 0)
            && (assertion.getAuthnStatements() == null || assertion.getAuthnStatements().size() == 0)
            && (assertion.getAttributeStatements() == null || assertion.getAttributeStatements().size() == 0)
            && (assertion.getAuthzDecisionStatements() == null || assertion.getAuthzDecisionStatements().size() == 0)
            && assertion.getSubject() == null) {
        throw new ValidationException("Subject is required when Statements are absent");
    }

    if (assertion.getAuthnStatements().size() > 0 && assertion.getSubject() == null) {
        throw new ValidationException("Assertions containing AuthnStatements require a Subject");
    }
    if (assertion.getAuthzDecisionStatements().size() > 0 && assertion.getSubject() == null) {
        throw new ValidationException("Assertions containing AuthzDecisionStatements require a Subject");
    }
    if (assertion.getAttributeStatements().size() > 0 && assertion.getSubject() == null) {
        throw new ValidationException("Assertions containing AttributeStatements require a Subject");
    }
}
 
Example #2
Source File: LogoutRequestSchemaValidator.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Validate the Identifier child types (BaseID, NameID, EncryptedID).
 * 
 * @param request the request being processed
 * @throws ValidationException thrown if the identifiers present are not valid
 */
protected void validateIdentifiers(LogoutRequest request) throws ValidationException {
    int idCount = 0;
    
    if (request.getBaseID() != null) {
        idCount++;
    }
    if (request.getNameID() != null) {
        idCount++;
    }
    if (request.getEncryptedID() != null) {
        idCount++;
    }
    
    if (idCount != 1) {
        throw new ValidationException("LogoutRequest must contain exactly one of: BaseID, NameID, EncryptedID");
    }
}
 
Example #3
Source File: CipherDataSchemaValidator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Validate that required children are present.
 * 
 * @param xmlObject the object to validate
 * @throws ValidationException  thrown if the object is invalid
 */
protected void validateChildrenPresence(CipherData xmlObject) throws ValidationException {
    if (xmlObject.getCipherValue() == null && xmlObject.getCipherReference() == null) {
        throw new ValidationException("CipherData did not contain either a CipherValue or CipherReference child");
    }
    if (xmlObject.getCipherValue() != null && xmlObject.getCipherReference() != null) {
        throw new ValidationException("CipherData contained both a CipherValue and a CipherReference child");
    }
}
 
Example #4
Source File: RequestAbstractTypeSchemaValidator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Validates the Version attribute.
 * 
 * @param request request to validate
 * @throws ValidationException if invalid
 */
protected void validateVersion(RequestAbstractType request) throws ValidationException {
    if (request.getVersion() == null) {
        throw new ValidationException("Version attribute must not be null");
    }
    if (request.getVersion().toString() != SAMLVersion.VERSION_20.toString()) {
        throw new ValidationException("Wrong SAML Version");
    }
}
 
Example #5
Source File: IDPSSODescriptorSpecValidator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
protected void validateSingleSign(IDPSSODescriptor idpssoDescriptor) throws ValidationException {
    if (idpssoDescriptor.getSingleSignOnServices() != null && idpssoDescriptor.getSingleSignOnServices().size() > 0) {
        for (int i = 0; i < idpssoDescriptor.getSingleSignOnServices().size(); i++) {
            if (!DatatypeHelper.isEmpty(idpssoDescriptor.getSingleSignOnServices().get(i).getResponseLocation())) {
                throw new ValidationException("ResponseLocation of all SingleSignOnServices must be null");
            }
        }
    }
}
 
Example #6
Source File: KeyValueSchemaValidator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Validate that the extension child, if present, is from another namespace.
 * 
 * @param xmlObject the object to validate
 * @throws ValidationException thrown if the object is invalid
 */
protected void validateExtensionChildNamespace(KeyValue xmlObject) throws ValidationException {
    // Validate that the unknown child is not from the dsig namespace
    // or are from another namespace.
    XMLObject unknownChild = xmlObject.getUnknownXMLObject();
    if (unknownChild == null) {
        return;
    }
    QName childName = unknownChild.getElementQName();
    if (XMLConstants.XMLSIG_NS.equals(childName.getNamespaceURI())) {
        throw new ValidationException("KeyValue contains an illegal child extension element: " + childName);
    }
}
 
Example #7
Source File: ActionSpecValidator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
public void validate(Action action) throws ValidationException {
     if (DatatypeHelper.isEmpty(action.getContents())) {
         throw new ValidationException("Action label must be specified");
     }

}
 
Example #8
Source File: ECKeyValueSchemaValidator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Validate that all children are present.
 * 
 * @param xmlObject the object to validate
 * @throws ValidationException  thrown if the object is invalid
 */
protected void validateChildrenPresence(ECKeyValue xmlObject) throws ValidationException {
    if (xmlObject.getPublicKey() == null) {
        throw new ValidationException("ECKeyValue did not contain a required PublicKey value");
    } else if (xmlObject.getNamedCurve() == null && xmlObject.getECParameters() == null) {
        throw new ValidationException("ECKeyValue did not contain a required NamedCurve or ECParameters value");
    }
}
 
Example #9
Source File: RequestAbstractTypeSchemaValidator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
public void validate(RequestType requestAbstractType) throws ValidationException {
    validateVersion(requestAbstractType);

    validateID(requestAbstractType);

    validateIssueInstant(requestAbstractType);
}
 
Example #10
Source File: AssertionSchemaValidator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Test that the provided assertion has some statements in 
 * @param assertion
 * @throws ValidationException
 */
protected void validateStatements(Assertion assertion) throws ValidationException {
    List <Statement> list = assertion.getStatements();
     if (list == null || list.size() == 0) {
         throw new ValidationException("No Statements present");
     }
}
 
Example #11
Source File: AuthorizationDecisionQuerySchemaValidator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
public void validate(AuthorizationDecisionQuery query) throws ValidationException {
    super.validate(query);
    validateActions(query);

    validateResourcePresent(query);

}
 
Example #12
Source File: AuthnAuthorityDescriptorSchemaValidator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Checks that at least one AuthnService is present.
 * 
 * @param authnAuthorityDescriptor
 * @throws ValidationException
 */
protected void validateAuthnQueryServices(AuthnAuthorityDescriptor authnAuthorityDescriptor)
        throws ValidationException {
    if (authnAuthorityDescriptor.getAuthnQueryServices() == null
            || authnAuthorityDescriptor.getAuthnQueryServices().size() == 0) {
        throw new ValidationException("Must have one or more AuthnQueryServices.");
    }
}
 
Example #13
Source File: SAMLSignatureProfileValidator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Validate the Signature's Reference URI.
 * 
 * First validate the Reference URI against the parent's ID itself.  Then validate that the 
 * URI (if non-empty) resolves to the same Element node as is cached by the SignableSAMLObject.
 * 
 * 
 * @param uri the Signature Reference URI attribute value
 * @param signableObject the SignableSAMLObject whose signature is being validated
 * @throws ValidationException  if the URI is invalid or doesn't resolve to the expected DOM node
 */
protected void validateReferenceURI(String uri, SignableSAMLObject signableObject) throws ValidationException {
    String id = signableObject.getSignatureReferenceID();
    validateReferenceURI(uri, id);
    
    if (DatatypeHelper.isEmpty(uri)) {
        return;
    }
    
    String uriID = uri.substring(1);
    
    Element expected = signableObject.getDOM();
    if (expected == null) {
        log.error("SignableSAMLObject does not have a cached DOM Element.");
        throw new ValidationException("SignableSAMLObject does not have a cached DOM Element.");
    }
    Document doc = expected.getOwnerDocument();
    
    Element resolved = IdResolver.getElementById(doc, uriID);
    if (resolved == null) {
        log.error("Apache xmlsec IdResolver could not resolve the Element for id reference: {}", uriID);
        throw new ValidationException("Apache xmlsec IdResolver could not resolve the Element for id reference: "
                +  uriID);
    }
    
    if (!expected.isSameNode(resolved)) {
        log.error("Signature Reference URI '{}' did not resolve to the expected parent Element", uri);
        throw new ValidationException("Signature Reference URI did not resolve to the expected parent Element");
    }
}
 
Example #14
Source File: EntitiesDescriptorSpecValidator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Checks that at least either Valid Until or Cache Duration is present when Entities Descriptor is root element.
 * 
 * @param entitiesDescriptor
 * @throws ValidationException
 */
protected void validateRoot(EntitiesDescriptor entitiesDescriptor) throws ValidationException {
    if (entitiesDescriptor.getParent() == null && entitiesDescriptor.getValidUntil() == null
            && entitiesDescriptor.getCacheDuration() == null) {
        throw new ValidationException("Must have either ValidUntil or CacheDuration when is root element.");
    }
}
 
Example #15
Source File: EntitiesDescriptorSchemaValidator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Checks that at least one EntitiesDescriptor or EntityDescriptor is present.
 * 
 * @param entitiesDescriptor
 * @throws ValidationException
 */
protected void validateEntityDescriptors(EntitiesDescriptor entitiesDescriptor) throws ValidationException {
    if ((entitiesDescriptor.getEntitiesDescriptors() == null || entitiesDescriptor.getEntitiesDescriptors().size() < 1)
            && (entitiesDescriptor.getEntityDescriptors() == null || entitiesDescriptor.getEntityDescriptors()
                    .size() < 1)) {
        throw new ValidationException("Must have one or more EntitiesDescriptor or EntityDescriptor.");
    }
}
 
Example #16
Source File: AffiliateMemberSchemaValidator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Checks that ID is valid and present.
 * 
 * @param affiliateMember
 * @throws ValidationException
 */
protected void validateID(AffiliateMember affiliateMember) throws ValidationException {
    if (DatatypeHelper.isEmpty(affiliateMember.getID())) {
        throw new ValidationException("ID required");
    } else if (affiliateMember.getID().length() > 1024) {
        throw new ValidationException("Max ID length is 1024");
    }
}
 
Example #17
Source File: RequestAbstractTypeSchemaValidator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
public void validate(RequestType request) throws ValidationException {
    validateID(request);
    validateVersion(request);
    validateIssueInstant(request);

}
 
Example #18
Source File: X509IssuerSerialSchemaValidator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Validate that exactly one child is present.
 * 
 * @param xmlObject the object to validate
 * @throws ValidationException  thrown if the object is invalid
 */
protected void validateChildrenPresence(X509IssuerSerial xmlObject) throws ValidationException {
    if (xmlObject.getX509IssuerName() == null) {
        throw new ValidationException("X509IssuerSerial does not contain an X509IssuerName");
    }
    if (xmlObject.getX509SerialNumber() == null) {
        throw new ValidationException("X509IssuerSerial does not contain an X509SerialNumber");
    }
}
 
Example #19
Source File: EntityDescriptorSchemaValidator.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Checks that an AffiliationDescriptor OR one or more RoleDescriptors are present.
 * 
 * @param entityDescriptor
 * @throws ValidationException
 */
protected void validateDescriptors(EntityDescriptor entityDescriptor) throws ValidationException {
    if ((entityDescriptor.getRoleDescriptors() == null || entityDescriptor.getRoleDescriptors().size() < 1)
            && entityDescriptor.getAffiliationDescriptor() == null) {
        throw new ValidationException("Must have an AffiliationDescriptor or one or more RoleDescriptors.");
    }

    if (entityDescriptor.getAffiliationDescriptor() != null && entityDescriptor.getRoleDescriptors() != null
            && entityDescriptor.getRoleDescriptors().size() > 0) {
        throw new ValidationException("Cannot have an AffiliationDescriptor AND RoleDescriptors");
    }
}
 
Example #20
Source File: AssertionSchemaValidator.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Test that the issuer is present
 * @param assertion
 * @throws ValidationException
 */
protected void validateIssuer(Assertion assertion) throws ValidationException {
    if (DatatypeHelper.isEmpty(assertion.getIssuer())) {
         throw new ValidationException("Issuer not present");
     }
}
 
Example #21
Source File: ConditionsSpecValidator.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public void validate(Conditions conditions) throws ValidationException {
    validateOneTimeUseCondition(conditions);
    validateProxyRestrictionCondition(conditions);
}
 
Example #22
Source File: TelephoneNumberSchemaValidator.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public void validate(TelephoneNumber telephoneNumber) throws ValidationException {
    validateNumber(telephoneNumber);
}
 
Example #23
Source File: SubjectConfirmationSchemaValidator.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public void validate(SubjectConfirmation subjectConfirmation) throws ValidationException {
    validateMethod(subjectConfirmation);
}
 
Example #24
Source File: EndpointSchemaValidator.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public void validate(EndpointType endpoint) throws ValidationException {
    validateBinding(endpoint);
    validateLocation(endpoint);
}
 
Example #25
Source File: StatusSchemaValidator.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public void validate(Status status) throws ValidationException {
    validateStatusCode(status);
}
 
Example #26
Source File: AuthzDecisionQuerySchemaValidator.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public void validate(AuthzDecisionQuery query) throws ValidationException {
    super.validate(query);
    validateActions(query);
    validateResource(query);
}
 
Example #27
Source File: TransformsSchemaValidator.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public void validate(Transforms xmlObject) throws ValidationException {
    validateTransforms(xmlObject);
}
 
Example #28
Source File: StatusSchemaValidator.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
protected void validateStatusCode(Status status) throws ValidationException {
    if (status.getStatusCode() == null) {
        throw new ValidationException("StatusCode is required");
    }
}
 
Example #29
Source File: RequesterIDSchemaValidator.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public void validate(RequesterID requesterID) throws ValidationException {
    validateRequesterID(requesterID);
}
 
Example #30
Source File: NameIDMappingResponseSchemaValidator.java    From lams with GNU General Public License v2.0 4 votes vote down vote up
/** {@inheritDoc} */
public void validate(NameIDMappingResponse response) throws ValidationException {
    super.validate(response);
    validateIdentifiers(response);
}