/** {@inheritDoc} */
  public void validate(PositiveAssertion response) throws ValidationException {
    super.validate(response);

    if (!PositiveAssertion.MODE.equals(response.getMode())) {
      throw new ValidationException(
          "Positive Assertion must have a mode value of '"
              + PositiveAssertion.MODE
              + "' (value was '"
              + response.getMode()
              + "'");
    }

    if (DatatypeHelper.isEmpty(response.getEndpoint())) {
      throw new ValidationException("Positive Assertion must define the OP endpoint");
    }

    if (DatatypeHelper.isEmpty(response.getClaimedId())
        ^ DatatypeHelper.isEmpty(response.getIdentity())) {
      throw new ValidationException(
          "Positive Assertion must have the claimed_id and identity "
              + "parameters either both present, or both absent.");
    }

    if (DatatypeHelper.isEmpty(response.getReturnTo())) {
      throw new ValidationException("Positive Assertion must define return-to URL");
    }

    if (DatatypeHelper.isEmpty(response.getResponseNonce())) {
      throw new ValidationException("Positive Assertion must define a nonce");
    }

    ValidationUtils.validateNonce(response.getResponseNonce());

    if (response.getAssociationHandle() == null) {
      throw new ValidationException("Positive Assertion must define an association handle");
    }

    ValidationUtils.validateAssociationHandle(response.getAssociationHandle());

    validateSignature(response);
  }
  /**
   * Validate the signature related parameters. The signed fields and signature parameters must be
   * present, and the signed fields list must contain the requisite parameters.
   *
   * @param response response to validate
   * @throws ValidationException if the signature related parameters are not valid
   */
  public void validateSignature(PositiveAssertion response) throws ValidationException {
    Set<QName> requiredSignedFields = new HashSet();
    requiredSignedFields.addAll(Arrays.asList(ValidationUtils.REQUIRED_SIGNED_FIELDS));

    if (!DatatypeHelper.isEmpty(response.getClaimedId())) {
      requiredSignedFields.add(Parameter.claimed_id.QNAME);
    }

    if (!DatatypeHelper.isEmpty(response.getIdentity())) {
      requiredSignedFields.add(Parameter.identity.QNAME);
    }

    ValidationUtils.validateSignature(response, requiredSignedFields);
  }