Search in sources :

Example 11 with AudienceRestrictionType

use of org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType in project keycloak by keycloak.

the class ConditionsValidator method validateConditions.

private Result validateConditions(ConditionsType ct, Result res) {
    Iterator<ConditionAbstractType> it = ct.getConditions() == null ? Collections.<ConditionAbstractType>emptySet().iterator() : ct.getConditions().iterator();
    while (it.hasNext() && res == Result.VALID) {
        ConditionAbstractType cond = it.next();
        Result r;
        if (cond instanceof OneTimeUseType) {
            r = validateOneTimeUse((OneTimeUseType) cond);
        } else if (cond instanceof AudienceRestrictionType) {
            r = validateAudienceRestriction((AudienceRestrictionType) cond);
        } else if (cond instanceof ProxyRestrictionType) {
            r = validateProxyRestriction((ProxyRestrictionType) cond);
        } else {
            r = Result.INDETERMINATE;
            LOG.infof("Unknown condition in assertion %s: %s", assertionId, cond == null ? "<null>" : cond.getClass());
        }
        res = r.joinResult(res);
    }
    return res;
}
Also used : OneTimeUseType(org.keycloak.dom.saml.v2.assertion.OneTimeUseType) ConditionAbstractType(org.keycloak.dom.saml.v2.assertion.ConditionAbstractType) ProxyRestrictionType(org.keycloak.dom.saml.v2.assertion.ProxyRestrictionType) AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)

Example 12 with AudienceRestrictionType

use of org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType in project keycloak by keycloak.

the class SAMLAssertionWriter method write.

/**
 * Write an {@code AssertionType} to stream
 *
 * @param assertion
 *
 * @throws org.keycloak.saml.common.exceptions.ProcessingException
 */
public void write(AssertionType assertion) throws ProcessingException {
    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ASSERTION.get(), ASSERTION_NSURI.get());
    StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get());
    StaxUtil.writeDefaultNameSpace(writer, ASSERTION_NSURI.get());
    // Attributes
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), assertion.getID());
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.VERSION.get(), assertion.getVersion());
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), assertion.getIssueInstant().toString());
    NameIDType issuer = assertion.getIssuer();
    if (issuer != null)
        write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX));
    SubjectType subject = assertion.getSubject();
    if (subject != null) {
        write(subject);
    }
    ConditionsType conditions = assertion.getConditions();
    if (conditions != null) {
        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.CONDITIONS.get(), ASSERTION_NSURI.get());
        if (conditions.getNotBefore() != null) {
            StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString());
        }
        if (conditions.getNotOnOrAfter() != null) {
            StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter().toString());
        }
        List<ConditionAbstractType> typeOfConditions = conditions.getConditions();
        if (typeOfConditions != null) {
            for (ConditionAbstractType typeCondition : typeOfConditions) {
                if (typeCondition instanceof AudienceRestrictionType) {
                    AudienceRestrictionType art = (AudienceRestrictionType) typeCondition;
                    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE_RESTRICTION.get(), ASSERTION_NSURI.get());
                    List<URI> audiences = art.getAudience();
                    if (audiences != null) {
                        for (URI audience : audiences) {
                            StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE.get(), ASSERTION_NSURI.get());
                            StaxUtil.writeCharacters(writer, audience.toString());
                            StaxUtil.writeEndElement(writer);
                        }
                    }
                    StaxUtil.writeEndElement(writer);
                }
                if (typeCondition instanceof OneTimeUseType) {
                    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ONE_TIME_USE.get(), ASSERTION_NSURI.get());
                    StaxUtil.writeEndElement(writer);
                }
            }
        }
        StaxUtil.writeEndElement(writer);
    }
    AdviceType advice = assertion.getAdvice();
    if (advice != null)
        throw logger.notImplementedYet("Advice");
    Set<StatementAbstractType> statements = assertion.getStatements();
    if (statements != null) {
        for (StatementAbstractType statement : statements) {
            if (statement instanceof AuthnStatementType) {
                write((AuthnStatementType) statement, false);
            } else if (statement instanceof AttributeStatementType) {
                write((AttributeStatementType) statement);
            } else
                throw logger.writerUnknownTypeError(statement.getClass().getName());
        }
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}
Also used : QName(javax.xml.namespace.QName) AudienceRestrictionType(org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) URI(java.net.URI) ASSERTION_NSURI(org.keycloak.saml.common.constants.JBossSAMLURIConstants.ASSERTION_NSURI) OneTimeUseType(org.keycloak.dom.saml.v2.assertion.OneTimeUseType) AuthnStatementType(org.keycloak.dom.saml.v2.assertion.AuthnStatementType) ConditionAbstractType(org.keycloak.dom.saml.v2.assertion.ConditionAbstractType) SubjectType(org.keycloak.dom.saml.v2.assertion.SubjectType) AdviceType(org.keycloak.dom.saml.v2.assertion.AdviceType) ConditionsType(org.keycloak.dom.saml.v2.assertion.ConditionsType) NameIDType(org.keycloak.dom.saml.v2.assertion.NameIDType) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType)

Aggregations

AudienceRestrictionType (org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType)12 AssertionType (org.keycloak.dom.saml.v2.assertion.AssertionType)8 List (java.util.List)7 Test (org.junit.Test)7 NameIDType (org.keycloak.dom.saml.v2.assertion.NameIDType)7 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)6 UncaughtServerErrorExpected (org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected)6 OAuthClient (org.keycloak.testsuite.util.OAuthClient)6 HashMap (java.util.HashMap)5 AccessToken (org.keycloak.representations.AccessToken)5 Element (org.w3c.dom.Element)5 OneTimeUseType (org.keycloak.dom.saml.v2.assertion.OneTimeUseType)4 Response (javax.ws.rs.core.Response)2 AuthnStatementType (org.keycloak.dom.saml.v2.assertion.AuthnStatementType)2 ConditionAbstractType (org.keycloak.dom.saml.v2.assertion.ConditionAbstractType)2 ConditionsType (org.keycloak.dom.saml.v2.assertion.ConditionsType)2 ProxyRestrictionType (org.keycloak.dom.saml.v2.assertion.ProxyRestrictionType)2 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)2 Document (org.w3c.dom.Document)2 IOException (java.io.IOException)1