Examples with AssertionType org.keycloak.dom.saml.v2.assertion.AssertionType used on opensource projects

Example 21 with AssertionType

use of org.keycloak.dom.saml.v2.assertion.AssertionType in project keycloak by keycloak.

the class AssertionUtil method createTimedConditions.

/**
 * <p>
 * Add validity conditions to the SAML2 Assertion
 * </p>
 * <p>
 * There is no clock skew added.
 *
 * @param assertion
 * @param durationInMilis
 *
 * @throws ConfigurationException
 * @throws IssueInstantMissingException
 * @see {{@link #createTimedConditions(AssertionType, long, long)}
 *      </p>
 */
public static void createTimedConditions(AssertionType assertion, long durationInMilis) throws ConfigurationException, IssueInstantMissingException {
    XMLGregorianCalendar issueInstant = assertion.getIssueInstant();
    if (issueInstant == null)
        throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT);
    XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis);
    ConditionsType conditionsType = new ConditionsType();
    conditionsType.setNotBefore(issueInstant);
    conditionsType.setNotOnOrAfter(assertionValidityLength);
    assertion.setConditions(conditionsType);
}

Example 22 with AssertionType

use of org.keycloak.dom.saml.v2.assertion.AssertionType in project keycloak by keycloak.

the class AssertionUtil method hasExpired.

/**
 * Check whether the assertion has expired.
 * Processing rules defined in Section 2.5.1.2 of saml-core-2.0-os.pdf.
 *
 * @param assertion
 *
 * @return
 *
 * @throws ConfigurationException
 */
public static boolean hasExpired(AssertionType assertion) throws ConfigurationException {
    boolean expiry = false;
    // Check for validity of assertion
    ConditionsType conditionsType = assertion.getConditions();
    if (conditionsType != null) {
        XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
        XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
        XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
        if (notBefore != null) {
            logger.trace("Assertion: " + assertion.getID() + " ::Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat());
        }
        if (notOnOrAfter != null) {
            logger.trace("Assertion: " + assertion.getID() + " ::Now=" + now.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter);
        }
        expiry = !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter);
        if (expiry) {
            logger.samlAssertionExpired(assertion.getID());
        }
    }
    // TODO: if conditions do not exist, assume the assertion to be everlasting?
    return expiry;
}

Example 23 with AssertionType

use of org.keycloak.dom.saml.v2.assertion.AssertionType in project keycloak by keycloak.

the class AssertionUtil method createAssertion.

/**
 * Create an assertion
 *
 * @param id
 * @param issuer
 *
 * @return
 */
public static AssertionType createAssertion(String id, NameIDType issuer) {
    XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
    AssertionType assertion = new AssertionType(id, issueInstant);
    assertion.setIssuer(issuer);
    return assertion;
}

Example 24 with AssertionType

use of org.keycloak.dom.saml.v2.assertion.AssertionType in project keycloak by keycloak.

the class AssertionUtil method hasExpired.

/**
 * Verify whether the assertion has expired. You can add in a clock skew to adapt to conditions where in the IDP and
 * SP are
 * out of sync.
 *
 * @param assertion
 * @param clockSkewInMilis in miliseconds
 *
 * @return
 *
 * @throws ConfigurationException
 */
public static boolean hasExpired(AssertionType assertion, long clockSkewInMilis) throws ConfigurationException {
    boolean expiry = false;
    // Check for validity of assertion
    ConditionsType conditionsType = assertion.getConditions();
    if (conditionsType != null) {
        XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
        XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
        XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis);
        XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
        XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis);
        logger.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter);
        expiry = !XMLTimeUtil.isValid(now, updatedNotBefore, updatedOnOrAfter);
        if (expiry) {
            logger.samlAssertionExpired(assertion.getID());
        }
    }
    // TODO: if conditions do not exist, assume the assertion to be everlasting?
    return expiry;
}

Example 25 with AssertionType

use of org.keycloak.dom.saml.v2.assertion.AssertionType in project keycloak by keycloak.

the class AssertionUtil method getAssertion.

public static AssertionType getAssertion(SAMLDocumentHolder holder, ResponseType responseType, PrivateKey privateKey) throws ParsingException, ProcessingException, ConfigurationException {
    List<ResponseType.RTChoiceType> assertions = responseType.getAssertions();
    if (assertions.isEmpty()) {
        throw new ProcessingException("No assertion from response.");
    }
    ResponseType.RTChoiceType rtChoiceType = assertions.get(0);
    EncryptedAssertionType encryptedAssertion = rtChoiceType.getEncryptedAssertion();
    if (encryptedAssertion != null) {
        if (privateKey == null) {
            throw new ProcessingException("Encryptd assertion and decrypt private key is null");
        }
        decryptAssertion(holder, responseType, privateKey);
    }
    return responseType.getAssertions().get(0).getAssertion();
}