/** * Add validity conditions to the SAML2 Assertion * * @param assertion * @param durationInMilis * * @throws ConfigurationException * @throws IssueInstantMissingException */ public static void createSAML11TimedConditions(SAML11AssertionType assertion, long durationInMilis, long clockSkew) throws ConfigurationException, IssueInstantMissingException { XMLGregorianCalendar issueInstant = assertion.getIssueInstant(); if (issueInstant == null) throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT); XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew); SAML11ConditionsType conditionsType = new SAML11ConditionsType(); XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew); conditionsType.setNotBefore(beforeInstant); conditionsType.setNotOnOrAfter(assertionValidityLength); assertion.setConditions(conditionsType); }
/** * Check whether the assertion has expired * @param assertion * @return * @throws ConfigurationException */ public static boolean hasExpired(SAML11AssertionType assertion) throws ConfigurationException { boolean expiry = false; //Check for validity of assertion SAML11ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); if (trace) log.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + "::notOnOrAfter=" + notOnOrAfter); expiry = !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter); if (expiry) { log.info("Assertion has expired with id=" + assertion.getID()); } } //TODO: if conditions do not exist, assume the assertion to be everlasting? return expiry; }
SAML11ConditionsType conditions = new SAML11ConditionsType(); StartElement conditionsElement = StaxParserUtil.getNextStartElement(xmlEventReader); StaxParserUtil.validate(conditionsElement, JBossSAMLConstants.CONDITIONS.get()); conditions.setNotBefore(XMLTimeUtil.parse(notBeforeValue)); conditions.setNotOnOrAfter(XMLTimeUtil.parse(notAfterValue)); conditions.add(restrictCond);
conditions.setNotBefore(lifetime.getCreated()); conditions.setNotOnOrAfter(lifetime.getExpires()); SAML11AssertionType newAssertion = new SAML11AssertionType(assertionID, conditions.getNotBefore()); newAssertion.addAllStatements(statements); newAssertion.setConditions(conditions);
StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString()); StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter() .toString()); List<SAML11ConditionAbstractType> typeOfConditions = conditions.get(); if (typeOfConditions != null)
SAML11ConditionsType conditions = new SAML11ConditionsType(); StartElement conditionsElement = StaxParserUtil.getNextStartElement(xmlEventReader); StaxParserUtil.validate(conditionsElement, JBossSAMLConstants.CONDITIONS.get()); conditions.setNotBefore(XMLTimeUtil.parse(notBeforeValue)); conditions.setNotOnOrAfter(XMLTimeUtil.parse(notAfterValue)); conditions.add(restrictCond);
conditions.setNotBefore(lifetime.getCreated()); conditions.setNotOnOrAfter(lifetime.getExpires()); SAML11AssertionType newAssertion = new SAML11AssertionType(assertionID, conditions.getNotBefore()); newAssertion.addAllStatements(statements); newAssertion.setConditions(conditions);
StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString()); StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter() .toString()); List<SAML11ConditionAbstractType> typeOfConditions = conditions.get(); if (typeOfConditions != null)
SAML11ConditionsType conditions = new SAML11ConditionsType(); StartElement conditionsElement = StaxParserUtil.getNextStartElement(xmlEventReader); StaxParserUtil.validate(conditionsElement, JBossSAMLConstants.CONDITIONS.get()); conditions.setNotBefore(XMLTimeUtil.parse(notBeforeValue)); conditions.setNotOnOrAfter(XMLTimeUtil.parse(notAfterValue)); conditions.add(restrictCond); } else throw logger.parserUnknownTag(tag, startElement.getLocation());
/** * Add validity conditions to the SAML2 Assertion * @param assertion * @param durationInMilis * @throws ConfigurationException * @throws IssueInstantMissingException */ public static void createSAML11TimedConditions(SAML11AssertionType assertion, long durationInMilis, long clockSkew) throws ConfigurationException, IssueInstantMissingException { XMLGregorianCalendar issueInstant = assertion.getIssueInstant(); if (issueInstant == null) throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT); XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew); SAML11ConditionsType conditionsType = new SAML11ConditionsType(); XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew); conditionsType.setNotBefore(beforeInstant); conditionsType.setNotOnOrAfter(assertionValidityLength); assertion.setConditions(conditionsType); }
conditions.setNotBefore(wstContext.getRequestSecurityToken().getLifetime().getCreated()); conditions.setNotOnOrAfter(wstContext.getRequestSecurityToken().getLifetime().getExpires()); SAML11AssertionType newAssertion = new SAML11AssertionType(assertionID, conditions.getNotBefore()); newAssertion.addAllStatements(statements); newAssertion.setConditions(conditions);
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.CONDITIONS.get(), ns); StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString()); StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter().toString()); List<SAML11ConditionAbstractType> typeOfConditions = conditions.get(); if (typeOfConditions != null) { for (SAML11ConditionAbstractType typeCondition : typeOfConditions) {
/** * Check whether the assertion has expired * @param assertion * @return * @throws ConfigurationException */ public static boolean hasExpired(SAML11AssertionType assertion) throws ConfigurationException { boolean expiry = false; //Check for validity of assertion SAML11ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); if (trace) log.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + "::notOnOrAfter=" + notOnOrAfter); expiry = !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter); if (expiry) { log.info("Assertion has expired with id=" + assertion.getID()); } } //TODO: if conditions do not exist, assume the assertion to be everlasting? return expiry; }
SAML11ConditionsType conditions = new SAML11ConditionsType(); StartElement conditionsElement = StaxParserUtil.getNextStartElement(xmlEventReader); StaxParserUtil.validate(conditionsElement, JBossSAMLConstants.CONDITIONS.get()); conditions.setNotBefore(XMLTimeUtil.parse(notBeforeValue)); conditions.setNotOnOrAfter(XMLTimeUtil.parse(notAfterValue)); conditions.add(restrictCond); } else throw logger.parserUnknownTag(tag, startElement.getLocation());
/** * Add validity conditions to the SAML2 Assertion * * @param assertion * @param durationInMilis * @throws ConfigurationException * @throws IssueInstantMissingException */ public static void createSAML11TimedConditions(SAML11AssertionType assertion, long durationInMilis, long clockSkew) throws ConfigurationException, IssueInstantMissingException { XMLGregorianCalendar issueInstant = assertion.getIssueInstant(); if (issueInstant == null) throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT); XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew); SAML11ConditionsType conditionsType = new SAML11ConditionsType(); XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew); conditionsType.setNotBefore(beforeInstant); conditionsType.setNotOnOrAfter(assertionValidityLength); assertion.setConditions(conditionsType); }
conditions.setNotBefore(wstContext.getRequestSecurityToken().getLifetime().getCreated()); conditions.setNotOnOrAfter(wstContext.getRequestSecurityToken().getLifetime().getExpires()); SAML11AssertionType newAssertion = new SAML11AssertionType(assertionID, conditions.getNotBefore()); newAssertion.addAllStatements(statements); newAssertion.setConditions(conditions);
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.CONDITIONS.get(), ns); StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString()); StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter().toString()); List<SAML11ConditionAbstractType> typeOfConditions = conditions.get(); if (typeOfConditions != null) { for (SAML11ConditionAbstractType typeCondition : typeOfConditions) {
XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis);
SAML11ConditionsType conditions = new SAML11ConditionsType(); StartElement conditionsElement = StaxParserUtil.getNextStartElement(xmlEventReader); StaxParserUtil.validate(conditionsElement, JBossSAMLConstants.CONDITIONS.get()); conditions.setNotBefore(XMLTimeUtil.parse(notBeforeValue)); conditions.setNotOnOrAfter(XMLTimeUtil.parse(notAfterValue)); conditions.add(restrictCond); } else throw logger.parserUnknownTag(tag, startElement.getLocation());
/** * Add validity conditions to the SAML2 Assertion * @param assertion * @param durationInMilis * @throws ConfigurationException * @throws IssueInstantMissingException */ public static void createSAML11TimedConditions(SAML11AssertionType assertion, long durationInMilis, long clockSkew) throws ConfigurationException, IssueInstantMissingException { XMLGregorianCalendar issueInstant = assertion.getIssueInstant(); if (issueInstant == null) throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT); XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew); SAML11ConditionsType conditionsType = new SAML11ConditionsType(); XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew); conditionsType.setNotBefore(beforeInstant); conditionsType.setNotOnOrAfter(assertionValidityLength); assertion.setConditions(conditionsType); }