protected void validateSubject(final Subject subject, final ExtendedSAMLMessageContext context,
final Decrypter decrypter) {
boolean samlIDFound = false;
// Read NameID/BaseID/EncryptedID from the subject. If not present directly in the subject, try to find it in subject confirmations.
NameID nameIdFromSubject = subject.getNameID();
final BaseID baseIdFromSubject = subject.getBaseID();
final EncryptedID encryptedIdFromSubject = subject.getEncryptedID();
// Encrypted ID can overwrite the non-encrypted one, if present
final NameID decryptedNameIdFromSubject = decryptEncryptedId(encryptedIdFromSubject, decrypter);
if (decryptedNameIdFromSubject != null) {
nameIdFromSubject = decryptedNameIdFromSubject;
}
// If we have a Name ID or a Base ID, we are fine :-)
// If we don't have anything, let's go through all subject confirmations and get the IDs from them. At least one should be present but we don't care at this point.
if (nameIdFromSubject != null || baseIdFromSubject != null) {
context.setSubjectNameIdentifier(nameIdFromSubject);
context.setBaseID(baseIdFromSubject);
samlIDFound = true;
}
for (SubjectConfirmation confirmation : subject.getSubjectConfirmations()) {
if (SubjectConfirmation.METHOD_BEARER.equals(confirmation.getMethod())) {
if (isValidBearerSubjectConfirmationData(confirmation.getSubjectConfirmationData(), context)) {
NameID nameIDFromConfirmation = confirmation.getNameID();
final BaseID baseIDFromConfirmation = confirmation.getBaseID();
final EncryptedID encryptedIDFromConfirmation = confirmation.getEncryptedID();
// Encrypted ID can overwrite the non-encrypted one, if present
final NameID decryptedNameIdFromConfirmation = decryptEncryptedId(encryptedIDFromConfirmation,
decrypter);
if (decryptedNameIdFromConfirmation != null) {
nameIDFromConfirmation = decryptedNameIdFromConfirmation;
}