com.vmware.vapi.saml

Class DefaultTokenFactory

java.lang.Object

com.vmware.vapi.saml.DefaultTokenFactory

All Implemented Interfaces:

SamlTokenFactory

public final class DefaultTokenFactory
extends Object
implements SamlTokenFactory

Factory providing methods for token operations.

SamlToken instances produced by this factory are guaranteed to be syntactically and semantically valid.

In addition the factory methods which accept the token signing certificates trustedRootCertificates also guarantee that the token signature is valid and the token is within the lifetime range.

All the instance and static methods in this class are thread safe.

Constructor Summary

Constructors

Constructor and Description
DefaultTokenFactory()

Method Summary

Methods

Modifier and Type	Method and Description
static SamlToken	createToken(String tokenXml) Static factory method alternative of parseToken(String).
static SamlToken	createToken(String tokenXml, X509Certificate... trustedRootCertificates) Static factory method alternative of parseToken(String, X509Certificate...)
static SamlToken	createToken(String tokenXml, X509Certificate[] trustedRootCertificates, long clockToleranceSec) Static factory method alternative of parseToken(String, X509Certificate[], long)
static SamlToken	createTokenFromDom(Element tokenRoot) Static factory method alternative of parseToken(Element).
static SamlToken	createTokenFromDom(Element tokenRoot, X509Certificate... trustedRootCertificates) Static factory method alternative of parseToken(Element, X509Certificate...)
static SamlToken	createTokenFromDom(Element tokenRoot, X509Certificate[] trustedRootCertificates, long clockToleranceSec) Static factory method alternative of parseToken(Element, X509Certificate[], long)
SamlToken	parseToken(Element tokenRoot) Create a SamlToken object from DOM Element, performing syntactic and semantical validation of the XML tree.
SamlToken	parseToken(Element tokenRoot, X509Certificate... trustedRootCertificates) Create a SamlToken object from DOM Element.
SamlToken	parseToken(Element tokenRoot, X509Certificate[] trustedRootCertificates, long clockToleranceSec) Create a SamlToken object from DOM Element, performing syntactic and semantical validation of the XML tree.
SamlToken	parseToken(String tokenXml) Create a SamlToken object from string representation, performing syntactic and semantical validation of the XML tree.
SamlToken	parseToken(String tokenXml, X509Certificate... trustedRootCertificates) Create a SamlToken object from string representation.
SamlToken	parseToken(String tokenXml, X509Certificate[] trustedRootCertificates, long clockToleranceSec) Create a SamlToken object from string representation, performing syntactic and semantical validation of the XML tree.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultTokenFactory

public DefaultTokenFactory()

Method Detail

parseToken

public SamlToken parseToken(Element tokenRoot,
                   X509Certificate[] trustedRootCertificates,
                   long clockToleranceSec)
                     throws InvalidTokenException

Description copied from interface: SamlTokenFactory

Create a SamlToken object from DOM Element, performing syntactic and semantical validation of the XML tree.

The token will retain a copy of the original element (not the element itself).

Specified by:

parseToken in interface SamlTokenFactory

Parameters:

tokenRoot - The root element of the subtree containing the SAML token.

trustedRootCertificates - The public signing certificate(s) of the security token service, needed for token validation. Must not be null, there must be at least one certificate, and none of the supplied certificates may be null.

clockToleranceSec - Tolerate that many seconds of discrepancy between the token's sender clock and the local system clock when validating the token's start and expiration time. This effectively "expands" the token's validity period with the given number of seconds.

Returns:

The parsed and validated Token object

Throws:

InvalidTokenException - Indicates syntactic (e.g. contains invalid elements or missing required elements) or semantic (e.g. subject name in unknown format) error, expired or not yet valid token or failure to validate the signature against the trustedRootCertificates.

parseToken

public SamlToken parseToken(String tokenXml,
                   X509Certificate[] trustedRootCertificates,
                   long clockToleranceSec)
                     throws InvalidTokenException

Description copied from interface: SamlTokenFactory

Create a SamlToken object from string representation, performing syntactic and semantical validation of the XML tree.

Specified by:

parseToken in interface SamlTokenFactory

Parameters:

tokenXml - The xml representation of a SAML token. Not null.

trustedRootCertificates - The public signing certificate(s) of the security token service, needed for token validation. Must not be null, there must be at least one certificate, and none of the supplied certificates may be null.

clockToleranceSec - Tolerate that many seconds of discrepancy between the token's sender clock and the local system clock when validating the token's start and expiration time. This effectively "expands" the token's validity period with the given number of seconds.

Returns:

The parsed and validated Token object

Throws:

InvalidTokenException - Indicates syntactic (e.g. contains invalid elements or missing required elements) or semantic (e.g. subject name in unknown format) error, expired or not yet valid token or failure to validate the signature against the trustedRootCertificates.

parseToken

public SamlToken parseToken(String tokenXml,
                   X509Certificate... trustedRootCertificates)
                     throws InvalidTokenException

Description copied from interface: SamlTokenFactory

Create a SamlToken object from string representation.

This is a convenience overload of SamlTokenFactory.parseToken(String, X509Certificate[], long) with clockTolerance = 0.

Specified by:

parseToken in interface SamlTokenFactory

Throws:

InvalidTokenException

parseToken

public SamlToken parseToken(Element tokenRoot,
                   X509Certificate... trustedRootCertificates)
                     throws InvalidTokenException

Description copied from interface: SamlTokenFactory

Create a SamlToken object from DOM Element.

This is a convenience overload of SamlTokenFactory.parseToken(Element, X509Certificate[], long) with clockTolerance = 0.

Specified by:

parseToken in interface SamlTokenFactory

Throws:

InvalidTokenException

parseToken

public SamlToken parseToken(Element tokenRoot)
                     throws InvalidTokenException

Description copied from interface: SamlTokenFactory

Create a SamlToken object from DOM Element, performing syntactic and semantical validation of the XML tree.

The token signature and expiration status are not validated.

The token will retain a copy of the original element (not the element itself).

Specified by:

parseToken in interface SamlTokenFactory

Parameters:

tokenRoot - The root element of the subtree containing the SAML token.

Returns:

The parsed and validated Token object

Throws:

InvalidTokenException - Indicates syntactic (e.g. contains invalid elements or missing required elements) or semantic (e.g. subject name in unknown format) error.

parseToken

public SamlToken parseToken(String tokenXml)
                     throws InvalidTokenException

Description copied from interface: SamlTokenFactory

Create a SamlToken object from string representation, performing syntactic and semantical validation of the XML tree.

The token signature and expiration status are not validated.

Specified by:

parseToken in interface SamlTokenFactory

Parameters:

tokenXml - The xml representation of a SAML token. Not null.

Returns:

The parsed and validated Token object

Throws:

InvalidTokenException - Indicates syntactic (e.g. contains invalid elements or missing required elements) or semantic (e.g. subject name in unknown format) error.

createToken

public static SamlToken createToken(String tokenXml,
                    X509Certificate[] trustedRootCertificates,
                    long clockToleranceSec)
                             throws InvalidTokenException

Static factory method alternative of parseToken(String, X509Certificate[], long)

Throws:

InvalidTokenException

createToken

public static SamlToken createToken(String tokenXml,
                    X509Certificate... trustedRootCertificates)
                             throws InvalidTokenException

Static factory method alternative of parseToken(String, X509Certificate...)

Throws:

InvalidTokenException

createToken

public static SamlToken createToken(String tokenXml)
                             throws InvalidTokenException

Static factory method alternative of parseToken(String).

Throws:

InvalidTokenException

createTokenFromDom

public static SamlToken createTokenFromDom(Element tokenRoot,
                           X509Certificate[] trustedRootCertificates,
                           long clockToleranceSec)
                                    throws InvalidTokenException

Static factory method alternative of parseToken(Element, X509Certificate[], long)

Throws:

InvalidTokenException

createTokenFromDom

public static SamlToken createTokenFromDom(Element tokenRoot,
                           X509Certificate... trustedRootCertificates)
                                    throws InvalidTokenException

Static factory method alternative of parseToken(Element, X509Certificate...)

Throws:

InvalidTokenException

createTokenFromDom

public static SamlToken createTokenFromDom(Element tokenRoot)
                                    throws InvalidTokenException

Static factory method alternative of parseToken(Element).

Throws:

InvalidTokenException