@Override public String getId() { return samlAssertionWrapper.getId(); } };
@Override public String getId() { return samlAssertionWrapper.getId(); } };
@Override public String getId() { if (samlAssertion != null) { return samlAssertion.getId(); } return null; }
public SamlSecurityTokenImpl(SamlAssertionWrapper samlAssertionWrapper, InboundSecurityToken subjectSecurityToken, WSInboundSecurityContext wsInboundSecurityContext, Crypto crypto, WSSecurityTokenConstants.KeyIdentifier keyIdentifier, WSSSecurityProperties securityProperties) { super(wsInboundSecurityContext, samlAssertionWrapper.getId(), keyIdentifier, true); this.samlAssertionWrapper = samlAssertionWrapper; this.crypto = crypto; this.subjectSecurityToken = subjectSecurityToken; this.securityProperties = securityProperties; }
/** * Get the id generated during <code>prepare()</code>. * * Returns the the value of wsu:Id attribute of this Timestamp. * * @return Return the wsu:Id of this token or null if <code>prepareToken()</code> * was not called before. */ public String getId() { if (saml == null) { return null; } return saml.getId(); }
private void storeTokenInCache( TokenStore tokenStore, SamlAssertionWrapper assertion, Principal principal, String tokenRealm ) throws WSSecurityException { // Store the successfully validated token in the cache byte[] signatureValue = assertion.getSignatureValue(); if (tokenStore != null && signatureValue != null && signatureValue.length > 0) { SecurityToken securityToken = CacheUtils.createSecurityTokenForStorage(assertion.getElement(), assertion.getId(), assertion.getNotOnOrAfter(), principal, tokenRealm, null); CacheUtils.storeTokenInCache(securityToken, tokenStore, signatureValue); } }
/** * Check the "OneTimeUse" Condition of the Assertion. If this is set then the Assertion * is cached (if a cache is defined), and must not have been previously cached */ protected void checkOneTimeUse( SamlAssertionWrapper samlAssertion, ReplayCache replayCache ) throws WSSecurityException { if (replayCache != null && samlAssertion.getSamlVersion().equals(SAMLVersion.VERSION_20) && samlAssertion.getSaml2().getConditions() != null && samlAssertion.getSaml2().getConditions().getOneTimeUse() != null) { String identifier = samlAssertion.getId(); if (replayCache.contains(identifier)) { throw new WSSecurityException( WSSecurityException.ErrorCode.INVALID_SECURITY, "badSamlToken", new Object[] {"A replay attack has been detected"}); } DateTime expires = samlAssertion.getSaml2().getConditions().getNotOnOrAfter(); if (expires != null) { Instant currentTime = Instant.now(); replayCache.add(identifier, 1L + Duration.between(currentTime, expires.toDate().toInstant()).getSeconds()); } else { replayCache.add(identifier); } } }
private void storeTokenInCache( TokenStore tokenStore, SamlAssertionWrapper assertion, Principal principal, String tokenRealm ) throws WSSecurityException { // Store the successfully validated token in the cache byte[] signatureValue = assertion.getSignatureValue(); if (tokenStore != null && signatureValue != null && signatureValue.length > 0) { SecurityToken securityToken = CacheUtils.createSecurityTokenForStorage(assertion.getElement(), assertion.getId(), assertion.getNotOnOrAfter(), principal, tokenRealm, null); CacheUtils.storeTokenInCache(securityToken, tokenStore, signatureValue); } }
assertion.getId(), assertion.getSaml2().getSubject().getNameID().getValue(), whr); LOG.debug("Expired date={}", expires);
/** * Check the "OneTimeUse" Condition of the Assertion. If this is set then the Assertion * is cached (if a cache is defined), and must not have been previously cached */ protected void checkOneTimeUse( SamlAssertionWrapper samlAssertion, RequestData data ) throws WSSecurityException { if (samlAssertion.getSamlVersion().equals(SAMLVersion.VERSION_20) && samlAssertion.getSaml2().getConditions() != null && samlAssertion.getSaml2().getConditions().getOneTimeUse() != null && data.getSamlOneTimeUseReplayCache() != null) { String identifier = samlAssertion.getId(); ReplayCache replayCache = data.getSamlOneTimeUseReplayCache(); if (replayCache.contains(identifier)) { throw new WSSecurityException( WSSecurityException.ErrorCode.INVALID_SECURITY, "badSamlToken", new Object[] {"A replay attack has been detected"}); } DateTime expires = samlAssertion.getSaml2().getConditions().getNotOnOrAfter(); if (expires != null) { Instant currentTime = Instant.now(); Instant zonedExpires = Instant.ofEpochMilli(expires.getMillis()); replayCache.add(identifier, 1L + Duration.between(currentTime, zonedExpires).getSeconds()); } else { replayCache.add(identifier); } replayCache.add(identifier); } }
private void storeTokenInCache( TokenStore tokenStore, SamlAssertionWrapper assertion, Principal principal, TokenRenewerParameters tokenParameters ) throws WSSecurityException { // Store the successfully renewed token in the cache byte[] signatureValue = assertion.getSignatureValue(); if (tokenStore != null && signatureValue != null && signatureValue.length > 0) { SecurityToken securityToken = CacheUtils.createSecurityTokenForStorage(assertion.getElement(), assertion.getId(), assertion.getNotOnOrAfter(), tokenParameters.getPrincipal(), tokenParameters.getRealm(), tokenParameters.getTokenRequirements().getRenewing()); CacheUtils.storeTokenInCache( securityToken, tokenParameters.getTokenStore(), signatureValue); } }
String id = samlAssertion.getId(); Element foundElement = data.getWsDocInfo().getTokenElement(id); if (elem.equals(foundElement)) {
private void storeTokenInCache( TokenStore tokenStore, SamlAssertionWrapper assertion, Principal principal, TokenRenewerParameters tokenParameters ) throws WSSecurityException { // Store the successfully renewed token in the cache byte[] signatureValue = assertion.getSignatureValue(); if (tokenStore != null && signatureValue != null && signatureValue.length > 0) { SecurityToken securityToken = CacheUtils.createSecurityTokenForStorage(assertion.getElement(), assertion.getId(), assertion.getNotOnOrAfter(), tokenParameters.getPrincipal(), tokenParameters.getRealm(), tokenParameters.getTokenRequirements().getRenewing()); CacheUtils.storeTokenInCache( securityToken, tokenParameters.getTokenStore(), signatureValue); } }
response.setTokenId(renewedAssertion.getId());
response.setTokenId(renewedAssertion.getId());
CacheUtils.createSecurityTokenForStorage(token, assertion.getId(), assertion.getNotOnOrAfter(), tokenParameters.getPrincipal(), tokenParameters.getRealm(), tokenParameters.getTokenRequirements().getRenewing());
private SecurityToken createSecurityToken( SamlAssertionWrapper assertionWrapper ) { SecurityToken token = new SecurityToken(assertionWrapper.getId()); SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo(); if (subjectKeyInfo != null) { token.setSecret(subjectKeyInfo.getSecret()); X509Certificate[] certs = subjectKeyInfo.getCerts(); if (certs != null && certs.length > 0) { token.setX509Certificate(certs[0], null); } if (subjectKeyInfo.getPublicKey() != null) { token.setKey(subjectKeyInfo.getPublicKey()); } } if (assertionWrapper.getSaml1() != null) { token.setTokenType(WSS4JConstants.WSS_SAML_TOKEN_TYPE); } else if (assertionWrapper.getSaml2() != null) { token.setTokenType(WSS4JConstants.WSS_SAML2_TOKEN_TYPE); } token.setToken(assertionWrapper.getElement()); return token; }
private SecurityToken createSecurityToken( SamlAssertionWrapper assertionWrapper ) { SecurityToken token = new SecurityToken(assertionWrapper.getId()); SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo(); if (subjectKeyInfo != null) { token.setSecret(subjectKeyInfo.getSecret()); X509Certificate[] certs = subjectKeyInfo.getCerts(); if (certs != null && certs.length > 0) { token.setX509Certificate(certs[0], null); } if (subjectKeyInfo.getPublicKey() != null) { token.setKey(subjectKeyInfo.getPublicKey()); } } if (assertionWrapper.getSaml1() != null) { token.setTokenType(WSS4JConstants.WSS_SAML_TOKEN_TYPE); } else if (assertionWrapper.getSaml2() != null) { token.setTokenType(WSS4JConstants.WSS_SAML2_TOKEN_TYPE); } token.setToken(assertionWrapper.getElement()); return token; }
outputProcessorChain, WSSConstants.TAG_WSSE_SECURITY_TOKEN_REFERENCE, getAction(), false); outputSecurityTokenReference(subOutputProcessorChain, samlAssertionWrapper, securityTokenReferenceId, samlAssertionWrapper.getId());