use of org.keycloak.dom.saml.v2.assertion.ConditionsType in project keycloak by keycloak.
the class SAMLConditionsParser method instantiateElement.
@Override
protected ConditionsType instantiateElement(XMLEventReader xmlEventReader, StartElement element) throws ParsingException {
final ConditionsType conditions = new ConditionsType();
conditions.setNotBefore(StaxParserUtil.getXmlTimeAttributeValue(element, SAMLAssertionQNames.ATTR_NOT_BEFORE));
conditions.setNotOnOrAfter(StaxParserUtil.getXmlTimeAttributeValue(element, SAMLAssertionQNames.ATTR_NOT_ON_OR_AFTER));
return conditions;
}
use of org.keycloak.dom.saml.v2.assertion.ConditionsType in project keycloak by keycloak.
the class SAMLConditionsParser method processSubElement.
@Override
protected void processSubElement(XMLEventReader xmlEventReader, ConditionsType target, SAMLAssertionQNames element, StartElement elementDetail) throws ParsingException {
switch(element) {
case AUDIENCE_RESTRICTION:
AudienceRestrictionType audienceRestriction = SAMLAudienceRestrictionParser.getInstance().parse(xmlEventReader);
target.addCondition(audienceRestriction);
break;
case ONE_TIME_USE:
OneTimeUseType oneTimeUseCondition = new OneTimeUseType();
target.addCondition(oneTimeUseCondition);
break;
case PROXY_RESTRICTION:
ProxyRestrictionType proxyRestriction = SAMLProxyRestrictionParser.getInstance().parse(xmlEventReader);
target.addCondition(proxyRestriction);
break;
default:
throw LOGGER.parserUnknownTag(StaxParserUtil.getElementName(elementDetail), elementDetail.getLocation());
}
}
use of org.keycloak.dom.saml.v2.assertion.ConditionsType in project keycloak by keycloak.
the class AssertionUtil method createTimedConditions.
/**
* <p>
* Add validity conditions to the SAML2 Assertion
* </p>
* <p>
* There is no clock skew added.
*
* @param assertion
* @param durationInMilis
*
* @throws ConfigurationException
* @throws IssueInstantMissingException
* @see {{@link #createTimedConditions(AssertionType, long, long)}
* </p>
*/
public static void createTimedConditions(AssertionType assertion, long durationInMilis) throws ConfigurationException, IssueInstantMissingException {
XMLGregorianCalendar issueInstant = assertion.getIssueInstant();
if (issueInstant == null)
throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT);
XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis);
ConditionsType conditionsType = new ConditionsType();
conditionsType.setNotBefore(issueInstant);
conditionsType.setNotOnOrAfter(assertionValidityLength);
assertion.setConditions(conditionsType);
}
use of org.keycloak.dom.saml.v2.assertion.ConditionsType in project keycloak by keycloak.
the class AssertionUtil method hasExpired.
/**
* Check whether the assertion has expired.
* Processing rules defined in Section 2.5.1.2 of saml-core-2.0-os.pdf.
*
* @param assertion
*
* @return
*
* @throws ConfigurationException
*/
public static boolean hasExpired(AssertionType assertion) throws ConfigurationException {
boolean expiry = false;
// Check for validity of assertion
ConditionsType conditionsType = assertion.getConditions();
if (conditionsType != null) {
XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
if (notBefore != null) {
logger.trace("Assertion: " + assertion.getID() + " ::Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat());
}
if (notOnOrAfter != null) {
logger.trace("Assertion: " + assertion.getID() + " ::Now=" + now.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter);
}
expiry = !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter);
if (expiry) {
logger.samlAssertionExpired(assertion.getID());
}
}
// TODO: if conditions do not exist, assume the assertion to be everlasting?
return expiry;
}
use of org.keycloak.dom.saml.v2.assertion.ConditionsType in project keycloak by keycloak.
the class AssertionUtil method hasExpired.
/**
* Verify whether the assertion has expired. You can add in a clock skew to adapt to conditions where in the IDP and
* SP are
* out of sync.
*
* @param assertion
* @param clockSkewInMilis in miliseconds
*
* @return
*
* @throws ConfigurationException
*/
public static boolean hasExpired(AssertionType assertion, long clockSkewInMilis) throws ConfigurationException {
boolean expiry = false;
// Check for validity of assertion
ConditionsType conditionsType = assertion.getConditions();
if (conditionsType != null) {
XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis);
XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis);
logger.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter);
expiry = !XMLTimeUtil.isValid(now, updatedNotBefore, updatedOnOrAfter);
if (expiry) {
logger.samlAssertionExpired(assertion.getID());
}
}
// TODO: if conditions do not exist, assume the assertion to be everlasting?
return expiry;
}
Aggregations