com.vmware.vapi.saml

Interface SamlTokenFactory

All Known Implementing Classes:

DefaultTokenFactory

public interface SamlTokenFactory

Implementations of this interface will serve as a SAML token factories.

Method Summary

Methods

Modifier and Type	Method and Description
SamlToken	parseToken(Element tokenRoot) Create a SamlToken object from DOM Element, performing syntactic and semantical validation of the XML tree.
SamlToken	parseToken(Element tokenRoot, X509Certificate... trustedRootCertificates) Create a SamlToken object from DOM Element.
SamlToken	parseToken(Element tokenRoot, X509Certificate[] trustedRootCertificates, long clockToleranceSec) Create a SamlToken object from DOM Element, performing syntactic and semantical validation of the XML tree.
SamlToken	parseToken(String tokenXml) Create a SamlToken object from string representation, performing syntactic and semantical validation of the XML tree.
SamlToken	parseToken(String tokenXml, X509Certificate... trustedRootCertificates) Create a SamlToken object from string representation.
SamlToken	parseToken(String tokenXml, X509Certificate[] trustedRootCertificates, long clockToleranceSec) Create a SamlToken object from string representation, performing syntactic and semantical validation of the XML tree.

Method Detail

parseToken

SamlToken parseToken(Element tokenRoot,
                   X509Certificate[] trustedRootCertificates,
                   long clockToleranceSec)
                     throws InvalidTokenException

Create a SamlToken object from DOM Element, performing syntactic and semantical validation of the XML tree.

The token will retain a copy of the original element (not the element itself).

Parameters:

tokenRoot - The root element of the subtree containing the SAML token.

trustedRootCertificates - The public signing certificate(s) of the security token service, needed for token validation. Must not be null, there must be at least one certificate, and none of the supplied certificates may be null.

clockToleranceSec - Tolerate that many seconds of discrepancy between the token's sender clock and the local system clock when validating the token's start and expiration time. This effectively "expands" the token's validity period with the given number of seconds.

Returns:

The parsed and validated Token object

Throws:

InvalidTokenException - Indicates syntactic (e.g. contains invalid elements or missing required elements) or semantic (e.g. subject name in unknown format) error, expired or not yet valid token or failure to validate the signature against the trustedRootCertificates.

parseToken

SamlToken parseToken(Element tokenRoot,
                   X509Certificate... trustedRootCertificates)
                     throws InvalidTokenException

Create a SamlToken object from DOM Element.

This is a convenience overload of parseToken(Element, X509Certificate[], long) with clockTolerance = 0.

Throws:

InvalidTokenException

parseToken

SamlToken parseToken(Element tokenRoot)
                     throws InvalidTokenException

Create a SamlToken object from DOM Element, performing syntactic and semantical validation of the XML tree.

The token signature and expiration status are not validated.

The token will retain a copy of the original element (not the element itself).

Parameters:

tokenRoot - The root element of the subtree containing the SAML token.

Returns:

The parsed and validated Token object

Throws:

InvalidTokenException - Indicates syntactic (e.g. contains invalid elements or missing required elements) or semantic (e.g. subject name in unknown format) error.

parseToken

SamlToken parseToken(String tokenXml,
                   X509Certificate[] trustedRootCertificates,
                   long clockToleranceSec)
                     throws InvalidTokenException

Create a SamlToken object from string representation, performing syntactic and semantical validation of the XML tree.

Parameters:

tokenXml - The xml representation of a SAML token. Not null.

trustedRootCertificates - The public signing certificate(s) of the security token service, needed for token validation. Must not be null, there must be at least one certificate, and none of the supplied certificates may be null.

clockToleranceSec - Tolerate that many seconds of discrepancy between the token's sender clock and the local system clock when validating the token's start and expiration time. This effectively "expands" the token's validity period with the given number of seconds.

Returns:

The parsed and validated Token object

Throws:

InvalidTokenException - Indicates syntactic (e.g. contains invalid elements or missing required elements) or semantic (e.g. subject name in unknown format) error, expired or not yet valid token or failure to validate the signature against the trustedRootCertificates.

parseToken

SamlToken parseToken(String tokenXml,
                   X509Certificate... trustedRootCertificates)
                     throws InvalidTokenException

Create a SamlToken object from string representation.

This is a convenience overload of parseToken(String, X509Certificate[], long) with clockTolerance = 0.

Throws:

InvalidTokenException

parseToken

SamlToken parseToken(String tokenXml)
                     throws InvalidTokenException

Create a SamlToken object from string representation, performing syntactic and semantical validation of the XML tree.

The token signature and expiration status are not validated.

Parameters:

tokenXml - The xml representation of a SAML token. Not null.

Returns:

The parsed and validated Token object

Throws:

InvalidTokenException - Indicates syntactic (e.g. contains invalid elements or missing required elements) or semantic (e.g. subject name in unknown format) error.