Examples of SAML11ConditionsType

Examples of org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType

88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
        String issuer = assertion.getIssuer();
        if (issuer != null) {
            StaxUtil.writeAttribute(writer, SAML11Constants.ISSUER, issuer);
        }

        SAML11ConditionsType conditions = assertion.getConditions();
        if (conditions != null) {
            StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.CONDITIONS.get(), ns);

            StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString());
            StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter().toString());

            List<SAML11ConditionAbstractType> typeOfConditions = conditions.get();
            if (typeOfConditions != null) {
                for (SAML11ConditionAbstractType typeCondition : typeOfConditions) {
                    if (typeCondition instanceof SAML11AudienceRestrictionCondition) {
                        SAML11AudienceRestrictionCondition art = (SAML11AudienceRestrictionCondition) typeCondition;
                        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.AUDIENCE_RESTRICTION_CONDITION, ns);
View Full Code Here

Examples of org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType

234
235
236
237
238
239
240
241
242
243
244
245
246
        XMLGregorianCalendar issueInstant = assertion.getIssueInstant();
        if (issueInstant == null)
            throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT);
        XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew);

        SAML11ConditionsType conditionsType = new SAML11ConditionsType();

        XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew);

        conditionsType.setNotBefore(beforeInstant);
        conditionsType.setNotOnOrAfter(assertionValidityLength);
        assertion.setConditions(conditionsType);
    }
View Full Code Here

Examples of org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType

336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
     */
    public static boolean hasExpired(SAML11AssertionType assertion) throws ConfigurationException {
        boolean expiry = false;

        // Check for validity of assertion
        SAML11ConditionsType conditionsType = assertion.getConditions();
        if (conditionsType != null) {
            XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
            XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
            XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
           
            logger.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter);
           
            expiry = !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter);
            if (expiry) {
View Full Code Here

Examples of org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType

367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
     */
    public static boolean hasExpired(SAML11AssertionType assertion, long clockSkewInMilis) throws ConfigurationException {
        boolean expiry = false;

        // Check for validity of assertion
        SAML11ConditionsType conditionsType = assertion.getConditions();
        if (conditionsType != null) {
            XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
            XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
            XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis);
            XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
            XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis);

            logger.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter);
           
            expiry = !XMLTimeUtil.isValid(now, updatedNotBefore, updatedOnOrAfter);
View Full Code Here

Examples of org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType

127
128
129
130
131
132
133
134
135
136
137
                SAML11SubjectStatementType subStat = new SAML11SubjectStatementType();
                subStat.setSubject(subject);
            } else if (JBossSAMLConstants.CONDITIONS.get().equalsIgnoreCase(tag)) {
                startElement = (StartElement) xmlEvent;

                SAML11ConditionsType conditions = SAML11ParserUtil.parseSAML11Conditions(xmlEventReader);
                assertion.setConditions(conditions);
            } else if (SAML11Constants.AUTHENTICATION_STATEMENT.equals(tag)) {
                startElement = (StartElement) xmlEvent;
                SAML11AuthenticationStatementType authStat = SAML11ParserUtil.parseAuthenticationStatement(xmlEventReader);
                assertion.add(authStat);
View Full Code Here

Examples of org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType

86
87
88
89
90
91
92
93
94
95
96
97
98
99
        AppliesTo appliesTo = wstContext.getRequestSecurityToken().getAppliesTo();
        if (appliesTo != null) {
            restriction = new SAML11AudienceRestrictionCondition();
            restriction.add(URI.create(WSTrustUtil.parseAppliesTo(appliesTo)));
        }
        SAML11ConditionsType conditions = new SAML11ConditionsType();
        conditions.setNotBefore(lifetime.getCreated());
        conditions.setNotOnOrAfter(lifetime.getExpires());
        conditions.add(restriction);

        // the assertion principal (default is caller principal)
        Principal principal = wstContext.getCallerPrincipal();

        String confirmationMethod = null;
View Full Code Here

Examples of org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType

189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
        // canceled assertions cannot be renewed.
        if (this.revocationRegistry.isRevoked(SAMLUtil.SAML11_TOKEN_TYPE, oldAssertion.getID()))
            throw logger.samlAssertionRevokedCouldNotRenew(oldAssertion.getID());

        // adjust the lifetime for the renewed assertion.
        SAML11ConditionsType conditions = oldAssertion.getConditions();
        conditions.setNotBefore(wstContext.getRequestSecurityToken().getLifetime().getCreated());
        conditions.setNotOnOrAfter(wstContext.getRequestSecurityToken().getLifetime().getExpires());

        // create a new unique ID for the renewed assertion.
        String assertionID = IDGenerator.create("ID_");

        // get the list of all assertion statements - should include the auth statement that contains the subject.
        List<SAML11StatementAbstractType> statements = new ArrayList<SAML11StatementAbstractType>();
        statements.addAll(oldAssertion.getStatements());

        // create the new assertion.
        SAML11AssertionType newAssertion = new SAML11AssertionType(assertionID, conditions.getNotBefore());
        newAssertion.addAllStatements(statements);
        newAssertion.setConditions(conditions);
        newAssertion.setIssuer(wstContext.getTokenIssuer());

        // create a security token with the new assertion.
View Full Code Here

Examples of org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType

460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
     * @return
     * @throws ParsingException
     */
    public static SAML11ConditionsType parseSAML11Conditions(XMLEventReader xmlEventReader) throws ParsingException {
        StartElement startElement;
        SAML11ConditionsType conditions = new SAML11ConditionsType();
        StartElement conditionsElement = StaxParserUtil.getNextStartElement(xmlEventReader);
        StaxParserUtil.validate(conditionsElement, JBossSAMLConstants.CONDITIONS.get());

        String assertionNS = SAML11Constants.ASSERTION_11_NSURI;

        QName notBeforeQName = new QName("", JBossSAMLConstants.NOT_BEFORE.get());
        QName notBeforeQNameWithNS = new QName(assertionNS, JBossSAMLConstants.NOT_BEFORE.get());

        QName notAfterQName = new QName("", JBossSAMLConstants.NOT_ON_OR_AFTER.get());
        QName notAfterQNameWithNS = new QName(assertionNS, JBossSAMLConstants.NOT_ON_OR_AFTER.get());

        Attribute notBeforeAttribute = conditionsElement.getAttributeByName(notBeforeQName);
        if (notBeforeAttribute == null)
            notBeforeAttribute = conditionsElement.getAttributeByName(notBeforeQNameWithNS);

        Attribute notAfterAttribute = conditionsElement.getAttributeByName(notAfterQName);
        if (notAfterAttribute == null)
            notAfterAttribute = conditionsElement.getAttributeByName(notAfterQNameWithNS);

        if (notBeforeAttribute != null) {
            String notBeforeValue = StaxParserUtil.getAttributeValue(notBeforeAttribute);
            conditions.setNotBefore(XMLTimeUtil.parse(notBeforeValue));
        }

        if (notAfterAttribute != null) {
            String notAfterValue = StaxParserUtil.getAttributeValue(notAfterAttribute);
            conditions.setNotOnOrAfter(XMLTimeUtil.parse(notAfterValue));
        }

        while (xmlEventReader.hasNext()) {
            XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
            if (xmlEvent instanceof EndElement) {
                EndElement end = StaxParserUtil.getNextEndElement(xmlEventReader);
                if (StaxParserUtil.matches(end, JBossSAMLConstants.CONDITIONS.get()))
                    break;
            }
            startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
            if (startElement == null)
                break;
            String tag = StaxParserUtil.getStartElementName(startElement);

            if (SAML11Constants.AUDIENCE_RESTRICTION_CONDITION.equals(tag)) {
                startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
                SAML11AudienceRestrictionCondition restrictCond = new SAML11AudienceRestrictionCondition();

                startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
                if (StaxParserUtil.getStartElementName(startElement).equals(JBossSAMLConstants.AUDIENCE.get())) {
                    restrictCond.add(URI.create(StaxParserUtil.getElementText(xmlEventReader)));
                }
                EndElement theEndElement = StaxParserUtil.getNextEndElement(xmlEventReader);
                StaxParserUtil.validate(theEndElement, SAML11Constants.AUDIENCE_RESTRICTION_CONDITION);
                conditions.add(restrictCond);
            } else
                throw logger.parserUnknownTag(tag, startElement.getLocation());
        }
        return conditions;
    }
View Full Code Here

Examples of org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType

71
72
73
74
75
76
77
78
79
80
81
82
83
        assertEquals(1, assertion.getMinorVersion());
        assertEquals("buGxcG4gILg5NlocyLccDz6iXrUa", assertion.getID());
        assertEquals("https://idp.example.org/saml", assertion.getIssuer());
        assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:37.795Z"), assertion.getIssueInstant());

        SAML11ConditionsType conditions = assertion.getConditions();
        assertEquals(XMLTimeUtil.parse("2002-06-19T17:00:37.795Z"), conditions.getNotBefore());
        assertEquals(XMLTimeUtil.parse("2002-06-19T17:10:37.795Z"), conditions.getNotOnOrAfter());

        SAML11AuthenticationStatementType stat = (SAML11AuthenticationStatementType) assertion.getStatements().get(0);
        assertEquals("urn:oasis:names:tc:SAML:1.0:am:password", stat.getAuthenticationMethod().toString());
        assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:17.706Z"), stat.getAuthenticationInstant());
View Full Code Here

Examples of org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType

113
114
115
116
117
118
119
120
121
122
123
124
125
        assertEquals(1, assertion.getMinorVersion());
        assertEquals("buGxcG4gILg5NlocyLccDz6iXrUb", assertion.getID());
        assertEquals("https://idp.example.org/saml", assertion.getIssuer());
        assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:37.795Z"), assertion.getIssueInstant());

        SAML11ConditionsType conditions = assertion.getConditions();
        assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:37.795Z"), conditions.getNotBefore());
        assertEquals(XMLTimeUtil.parse("2002-06-19T17:15:37.795Z"), conditions.getNotOnOrAfter());

        SAML11AuthenticationStatementType stat = (SAML11AuthenticationStatementType) assertion.getStatements().get(0);
        assertEquals("urn:oasis:names:tc:SAML:1.0:am:password", stat.getAuthenticationMethod().toString());
        assertEquals(XMLTimeUtil.parse("2002-06-19T17:08:37.795Z"), stat.getAuthenticationInstant());
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.