/** {@inheritDoc} */ protected void processChildElement(XMLObject parentObject, XMLObject childObject) throws UnmarshallingException { Conditions conditions = (Conditions) parentObject; if (childObject instanceof Condition) { conditions.getConditions().add((Condition) childObject); } else { super.processChildElement(parentObject, childObject); } }
/** * Get the DelegationRestrictionType Condition from the supplied Conditions, if present. * * @param conditions the Assertion Conditions to process * @return the DelegationRestrictionType Condition object, or null if not present */ @Nullable protected DelegationRestrictionType getDelegationRestrictionCondition( @Nullable final Conditions conditions) { if (conditions == null) { return null; } for (final Condition conditionChild : conditions.getConditions()) { if (DelegationRestrictionType.TYPE_NAME.equals(conditionChild.getSchemaType())) { if (conditionChild instanceof DelegationRestrictionType) { return (DelegationRestrictionType) conditionChild; } else { log.warn("Saw Condition of xsi:type DelegationRestrictionType, but incorrect class instance: {}", conditionChild.getClass().getName()); } } } return null; }
/** * Get the DelegationRestrictionType Condition from the supplied Conditions, if present. * * @param conditions the Assertion Conditions to process * @return the DelegationRestrictionType Condition object, or null if not present */ protected DelegationRestrictionType getDelegationRestrictionCondition(@Nullable final Conditions conditions) { if (conditions == null) { return null; } for (final Condition conditionChild : conditions.getConditions()) { if (DelegationRestrictionType.TYPE_NAME.equals(conditionChild.getSchemaType())) { if (conditionChild instanceof DelegationRestrictionType) { return (DelegationRestrictionType) conditionChild; } else { log.warn("Saw Condition of xsi:type DelegationRestrictionType, but incorrect class instance: {}", conditionChild.getClass().getName()); } } } return null; }
/** * Add a delegation restriction condition to the specified conditions. * * @param profileRequestContext the current profile request context * @param conditions the conditions instance to modify */ protected void addDelegationRestriction(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final Conditions conditions) { final DelegationRestrictionType drt = buildDelegationRestriction(profileRequestContext); if (drt != null) { conditions.getConditions().add(drt); } else { log.error("{} Unable to build DelegationRestriction Condition", getLogPrefix()); ActionSupport.buildEvent(profileRequestContext, EventIds.MESSAGE_PROC_ERROR); } }
protected void addCondition(org.opensaml.saml.saml2.core.Conditions conditions, AssertionCondition c) { if (c instanceof AudienceRestriction) { org.opensaml.saml.saml2.core.AudienceRestriction ar = buildSAMLObject(org.opensaml.saml.saml2.core.AudienceRestriction.class); for (String audience : ((AudienceRestriction) c).getAudiences()) { Audience aud = buildSAMLObject(Audience.class); aud.setAudienceURI(audience); ar.getAudiences().add(aud); } conditions.getAudienceRestrictions().add(ar); } else if (c instanceof OneTimeUse) { org.opensaml.saml.saml2.core.OneTimeUse otu = buildSAMLObject(org.opensaml.saml.saml2.core.OneTimeUse.class); conditions.getConditions().add(otu); } }
/** * Get the {@link ProxyRestriction} to which audiences will be added. * * @param conditions existing set of conditions * * @return the condition to which audiences will be added */ @Nonnull private ProxyRestriction getProxyRestriction(@Nonnull final Conditions conditions) { final ProxyRestriction condition; if (conditions.getProxyRestriction() == null) { final SAMLObjectBuilder<ProxyRestriction> conditionBuilder = (SAMLObjectBuilder<ProxyRestriction>) XMLObjectProviderRegistrySupport.getBuilderFactory().<ProxyRestriction>getBuilderOrThrow( ProxyRestriction.DEFAULT_ELEMENT_NAME); log.debug("{} Adding new ProxyRestriction", getLogPrefix()); condition = conditionBuilder.buildObject(); conditions.getConditions().add(condition); } else { log.debug("{} Conditions already contained an ProxyRestriction, using it", getLogPrefix()); condition = conditions.getProxyRestriction(); } return condition; }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final SAMLObjectBuilder<OneTimeUse> conditionBuilder = (SAMLObjectBuilder<OneTimeUse>) XMLObjectProviderRegistrySupport.getBuilderFactory().<OneTimeUse>getBuilderOrThrow( OneTimeUse.DEFAULT_ELEMENT_NAME); for (final Assertion assertion : response.getAssertions()) { final Conditions conditions = SAML2ActionSupport.addConditionsToAssertion(this, assertion); if (conditions.getOneTimeUse() == null) { conditions.getConditions().add(conditionBuilder.buildObject()); log.debug("{} Added OneTimeUse condition to Assertion {}", getLogPrefix(), assertion.getID()); } else { log.debug("{} Assertion {} already contained OneTimeUse condition, another was not added", getLogPrefix(), assertion.getID()); } } }
conditions.getConditions().add(createOneTimeUse()); conditions.getConditions().add(createProxyRestriction(conditionsBean.getProxyRestriction())); DelegationRestrictionType delegationRestriction = createDelegationRestriction(conditionsBean.getDelegates()); conditions.getConditions().add(delegationRestriction);
protected Conditions getConditions(org.opensaml.saml.saml2.core.Conditions conditions) { return new Conditions() .setNotBefore(conditions.getNotBefore()) .setNotOnOrAfter(conditions.getNotOnOrAfter()) .setCriteria(getCriteria(conditions.getConditions())); }
for (Condition condition : conditions.getConditions()) { validator = conditionValidators.get(condition.getElementQName()); if (validator == null && condition.getSchemaType() != null) {
for (final Condition c : assertion.getConditions().getConditions()) { if (!(c instanceof DelegationRestrictionType)) { continue;
/** * Decrypt any {@link EncryptedID} found in an assertion and replace it with the result. * * @param assertion assertion to operate on * * @throws EncryptionException if an error occurs */ private void processAssertion(@Nonnull final Assertion assertion) throws EncryptionException { processSubject(assertion.getSubject()); if (assertion.getConditions() != null) { for (final Condition c : assertion.getConditions().getConditions()) { if (!(c instanceof DelegationRestrictionType)) { continue; } for (final Delegate d : ((DelegationRestrictionType) c).getDelegates()) { if (shouldEncrypt(d.getNameID())) { log.debug("{} Encrypting NameID in Delegate", getLogPrefix()); final EncryptedID encrypted = getEncrypter().encrypt(d.getNameID()); d.setEncryptedID(encrypted); d.setNameID(null); } } } } }
conditions.getConditions().add(condition);