throw new SamlException("response has been expired: " + data.getNotOnOrAfter()); if (!requestIdManager.validateId(data.getInResponseTo())) { throw new SamlException("request ID is not valid: " + data.getInResponseTo());
/** {@inheritDoc} */ protected void marshallAttributes(XMLObject samlObject, Element domElement) throws MarshallingException { SubjectConfirmationData subjectCD = (SubjectConfirmationData) samlObject; if (subjectCD.getNotBefore() != null) { String notBeforeStr = SAMLConfigurationSupport.getSAMLDateFormatter().print(subjectCD.getNotBefore()); domElement.setAttributeNS(null, SubjectConfirmationData.NOT_BEFORE_ATTRIB_NAME, notBeforeStr); } if (subjectCD.getNotOnOrAfter() != null) { String notOnOrAfterStr = SAMLConfigurationSupport.getSAMLDateFormatter().print(subjectCD.getNotOnOrAfter()); domElement.setAttributeNS(null, SubjectConfirmationData.NOT_ON_OR_AFTER_ATTRIB_NAME, notOnOrAfterStr); } if (subjectCD.getRecipient() != null) { domElement.setAttributeNS(null, SubjectConfirmationData.RECIPIENT_ATTRIB_NAME, subjectCD.getRecipient()); } if (subjectCD.getInResponseTo() != null) { domElement.setAttributeNS(null, SubjectConfirmationData.IN_RESPONSE_TO_ATTRIB_NAME, subjectCD .getInResponseTo()); } if (subjectCD.getAddress() != null) { domElement.setAttributeNS(null, SubjectConfirmationData.ADDRESS_ATTRIB_NAME, subjectCD.getAddress()); } marshallUnknownAttributes(subjectCD, domElement); } }
if (requestId != null && !requestId.equals(subjectConfData.getInResponseTo())) { LOG.fine("The InResponseTo String does match the original request id " + requestId); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity"); } else if (requestId == null && subjectConfData.getInResponseTo() != null) { LOG.fine("No InResponseTo String is allowed for the unsolicted case"); throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
/** * Create an efficient field-wise copy of a {@link SubjectConfirmation}. * * @param confirmation the object to clone * * @return the copy */ @Nonnull private SubjectConfirmation cloneConfirmation(@Nonnull final SubjectConfirmation confirmation) { final SubjectConfirmation clone = confirmationBuilder.buildObject(); clone.setMethod(confirmation.getMethod()); final SubjectConfirmationData data = confirmation.getSubjectConfirmationData(); if (data != null) { final SubjectConfirmationData cloneData = confirmationDataBuilder.buildObject(); cloneData.setAddress(data.getAddress()); cloneData.setInResponseTo(data.getInResponseTo()); cloneData.setRecipient(data.getRecipient()); cloneData.setNotBefore(data.getNotBefore()); cloneData.setNotOnOrAfter(data.getNotOnOrAfter()); clone.setSubjectConfirmationData(cloneData); } return clone; }
throw new SamlException("response has been expired: " + data.getNotOnOrAfter()); if (!requestIdManager.validateId(data.getInResponseTo())) { throw new SamlException("request ID is not valid: " + data.getInResponseTo());
protected List<SubjectConfirmation> getConfirmations( List<org.opensaml.saml.saml2.core .SubjectConfirmation> subjectConfirmations, List<SimpleKey> localKeys ) { List<SubjectConfirmation> result = new LinkedList<>(); for (org.opensaml.saml.saml2.core.SubjectConfirmation s : subjectConfirmations) { NameID nameID = getNameID(s.getNameID(), s.getEncryptedID(), localKeys); result.add( new SubjectConfirmation() .setNameId(nameID != null ? nameID.getValue() : null) .setFormat(nameID != null ? NameId.fromUrn(nameID.getFormat()) : null) .setMethod(SubjectConfirmationMethod.fromUrn(s.getMethod())) .setConfirmationData( new SubjectConfirmationData() .setRecipient(s.getSubjectConfirmationData().getRecipient()) .setNotOnOrAfter(s.getSubjectConfirmationData().getNotOnOrAfter()) .setNotBefore(s.getSubjectConfirmationData().getNotBefore()) .setInResponseTo(s.getSubjectConfirmationData().getInResponseTo()) ) ); } return result; }