Examples with ConditionsType org.keycloak.dom.saml.v2.assertion.ConditionsType used on opensource projects

Example 1 with ConditionsType

use of org.keycloak.dom.saml.v2.assertion.ConditionsType in project keycloak by keycloak.

the class SAMLConditionsParser method instantiateElement.

@Override
protected ConditionsType instantiateElement(XMLEventReader xmlEventReader, StartElement element) throws ParsingException {
    final ConditionsType conditions = new ConditionsType();
    conditions.setNotBefore(StaxParserUtil.getXmlTimeAttributeValue(element, SAMLAssertionQNames.ATTR_NOT_BEFORE));
    conditions.setNotOnOrAfter(StaxParserUtil.getXmlTimeAttributeValue(element, SAMLAssertionQNames.ATTR_NOT_ON_OR_AFTER));
    return conditions;
}

Example 2 with ConditionsType

use of org.keycloak.dom.saml.v2.assertion.ConditionsType in project keycloak by keycloak.

the class SAMLConditionsParser method processSubElement.

@Override
protected void processSubElement(XMLEventReader xmlEventReader, ConditionsType target, SAMLAssertionQNames element, StartElement elementDetail) throws ParsingException {
    switch(element) {
        case AUDIENCE_RESTRICTION:
            AudienceRestrictionType audienceRestriction = SAMLAudienceRestrictionParser.getInstance().parse(xmlEventReader);
            target.addCondition(audienceRestriction);
            break;
        case ONE_TIME_USE:
            OneTimeUseType oneTimeUseCondition = new OneTimeUseType();
            target.addCondition(oneTimeUseCondition);
            break;
        case PROXY_RESTRICTION:
            ProxyRestrictionType proxyRestriction = SAMLProxyRestrictionParser.getInstance().parse(xmlEventReader);
            target.addCondition(proxyRestriction);
            break;
        default:
            throw LOGGER.parserUnknownTag(StaxParserUtil.getElementName(elementDetail), elementDetail.getLocation());
    }
}

Example 3 with ConditionsType

use of org.keycloak.dom.saml.v2.assertion.ConditionsType in project keycloak by keycloak.

the class AssertionUtil method createTimedConditions.

/**
 * <p>
 * Add validity conditions to the SAML2 Assertion
 * </p>
 * <p>
 * There is no clock skew added.
 *
 * @param assertion
 * @param durationInMilis
 *
 * @throws ConfigurationException
 * @throws IssueInstantMissingException
 * @see {{@link #createTimedConditions(AssertionType, long, long)}
 *      </p>
 */
public static void createTimedConditions(AssertionType assertion, long durationInMilis) throws ConfigurationException, IssueInstantMissingException {
    XMLGregorianCalendar issueInstant = assertion.getIssueInstant();
    if (issueInstant == null)
        throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT);
    XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis);
    ConditionsType conditionsType = new ConditionsType();
    conditionsType.setNotBefore(issueInstant);
    conditionsType.setNotOnOrAfter(assertionValidityLength);
    assertion.setConditions(conditionsType);
}

Example 4 with ConditionsType

use of org.keycloak.dom.saml.v2.assertion.ConditionsType in project keycloak by keycloak.

the class AssertionUtil method hasExpired.

/**
 * Check whether the assertion has expired.
 * Processing rules defined in Section 2.5.1.2 of saml-core-2.0-os.pdf.
 *
 * @param assertion
 *
 * @return
 *
 * @throws ConfigurationException
 */
public static boolean hasExpired(AssertionType assertion) throws ConfigurationException {
    boolean expiry = false;
    // Check for validity of assertion
    ConditionsType conditionsType = assertion.getConditions();
    if (conditionsType != null) {
        XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
        XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
        XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
        if (notBefore != null) {
            logger.trace("Assertion: " + assertion.getID() + " ::Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat());
        }
        if (notOnOrAfter != null) {
            logger.trace("Assertion: " + assertion.getID() + " ::Now=" + now.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter);
        }
        expiry = !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter);
        if (expiry) {
            logger.samlAssertionExpired(assertion.getID());
        }
    }
    // TODO: if conditions do not exist, assume the assertion to be everlasting?
    return expiry;
}

Example 5 with ConditionsType

use of org.keycloak.dom.saml.v2.assertion.ConditionsType in project keycloak by keycloak.

the class AssertionUtil method hasExpired.

/**
 * Verify whether the assertion has expired. You can add in a clock skew to adapt to conditions where in the IDP and
 * SP are
 * out of sync.
 *
 * @param assertion
 * @param clockSkewInMilis in miliseconds
 *
 * @return
 *
 * @throws ConfigurationException
 */
public static boolean hasExpired(AssertionType assertion, long clockSkewInMilis) throws ConfigurationException {
    boolean expiry = false;
    // Check for validity of assertion
    ConditionsType conditionsType = assertion.getConditions();
    if (conditionsType != null) {
        XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
        XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
        XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis);
        XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
        XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis);
        logger.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter);
        expiry = !XMLTimeUtil.isValid(now, updatedNotBefore, updatedOnOrAfter);
        if (expiry) {
            logger.samlAssertionExpired(assertion.getID());
        }
    }
    // TODO: if conditions do not exist, assume the assertion to be everlasting?
    return expiry;
}