Examples with ConditionsType org.keycloak.dom.saml.v2.assertion.ConditionsType used on opensource projects

Example 11 with ConditionsType

use of org.keycloak.dom.saml.v2.assertion.ConditionsType in project keycloak by keycloak.

the class ConditionsValidator method validateConditions.

private Result validateConditions(ConditionsType ct, Result res) {
    Iterator<ConditionAbstractType> it = ct.getConditions() == null ? Collections.<ConditionAbstractType>emptySet().iterator() : ct.getConditions().iterator();
    while (it.hasNext() && res == Result.VALID) {
        ConditionAbstractType cond = it.next();
        Result r;
        if (cond instanceof OneTimeUseType) {
            r = validateOneTimeUse((OneTimeUseType) cond);
        } else if (cond instanceof AudienceRestrictionType) {
            r = validateAudienceRestriction((AudienceRestrictionType) cond);
        } else if (cond instanceof ProxyRestrictionType) {
            r = validateProxyRestriction((ProxyRestrictionType) cond);
        } else {
            r = Result.INDETERMINATE;
            LOG.infof("Unknown condition in assertion %s: %s", assertionId, cond == null ? "<null>" : cond.getClass());
        }
        res = r.joinResult(res);
    }
    return res;
}

Example 12 with ConditionsType

use of org.keycloak.dom.saml.v2.assertion.ConditionsType in project keycloak by keycloak.

the class AssertionUtil method getExpiration.

/**
 * Extract the expiration time from an {@link AssertionType}
 *
 * @param assertion
 *
 * @return
 */
public static XMLGregorianCalendar getExpiration(AssertionType assertion) {
    XMLGregorianCalendar expiry = null;
    ConditionsType conditionsType = assertion.getConditions();
    if (conditionsType != null) {
        expiry = conditionsType.getNotOnOrAfter();
    }
    return expiry;
}

Example 13 with ConditionsType

use of org.keycloak.dom.saml.v2.assertion.ConditionsType in project keycloak by keycloak.

the class SAMLAssertionWriter method write.

/**
 * Write an {@code AssertionType} to stream
 *
 * @param assertion
 *
 * @throws org.keycloak.saml.common.exceptions.ProcessingException
 */
public void write(AssertionType assertion) throws ProcessingException {
    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ASSERTION.get(), ASSERTION_NSURI.get());
    StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get());
    StaxUtil.writeDefaultNameSpace(writer, ASSERTION_NSURI.get());
    // Attributes
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), assertion.getID());
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.VERSION.get(), assertion.getVersion());
    StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), assertion.getIssueInstant().toString());
    NameIDType issuer = assertion.getIssuer();
    if (issuer != null)
        write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX));
    SubjectType subject = assertion.getSubject();
    if (subject != null) {
        write(subject);
    }
    ConditionsType conditions = assertion.getConditions();
    if (conditions != null) {
        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.CONDITIONS.get(), ASSERTION_NSURI.get());
        if (conditions.getNotBefore() != null) {
            StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString());
        }
        if (conditions.getNotOnOrAfter() != null) {
            StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter().toString());
        }
        List<ConditionAbstractType> typeOfConditions = conditions.getConditions();
        if (typeOfConditions != null) {
            for (ConditionAbstractType typeCondition : typeOfConditions) {
                if (typeCondition instanceof AudienceRestrictionType) {
                    AudienceRestrictionType art = (AudienceRestrictionType) typeCondition;
                    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE_RESTRICTION.get(), ASSERTION_NSURI.get());
                    List<URI> audiences = art.getAudience();
                    if (audiences != null) {
                        for (URI audience : audiences) {
                            StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE.get(), ASSERTION_NSURI.get());
                            StaxUtil.writeCharacters(writer, audience.toString());
                            StaxUtil.writeEndElement(writer);
                        }
                    }
                    StaxUtil.writeEndElement(writer);
                }
                if (typeCondition instanceof OneTimeUseType) {
                    StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ONE_TIME_USE.get(), ASSERTION_NSURI.get());
                    StaxUtil.writeEndElement(writer);
                }
            }
        }
        StaxUtil.writeEndElement(writer);
    }
    AdviceType advice = assertion.getAdvice();
    if (advice != null)
        throw logger.notImplementedYet("Advice");
    Set<StatementAbstractType> statements = assertion.getStatements();
    if (statements != null) {
        for (StatementAbstractType statement : statements) {
            if (statement instanceof AuthnStatementType) {
                write((AuthnStatementType) statement, false);
            } else if (statement instanceof AttributeStatementType) {
                write((AttributeStatementType) statement);
            } else
                throw logger.writerUnknownTypeError(statement.getClass().getName());
        }
    }
    StaxUtil.writeEndElement(writer);
    StaxUtil.flush(writer);
}

Example 14 with ConditionsType

use of org.keycloak.dom.saml.v2.assertion.ConditionsType in project keycloak by keycloak.

the class SAMLAssertionFactory method createAssertion.

/**
 * <p>
 * Creates a SAMLV2 {@code AssertionType} with the specified values.
 * </p>
 *
 * @param id a {@code String} representing the assertion ID.
 * @param issuerID a {@code NameIDType} that identifies the assertion issuer.
 * @param issueInstant the assertion time of creation.
 * @param conditions the {@code ConditionsType} that specify the conditions under which the assertion is to be
 * considered
 * valid
 * @param subject the {@code SubjectType} that identifies the authenticated principal.
 * @param statements a list of statements associated with the authenticated principal.
 *
 * @return
 */
public static AssertionType createAssertion(String id, NameIDType issuerID, XMLGregorianCalendar issueInstant, ConditionsType conditions, SubjectType subject, List<StatementAbstractType> statements) {
    AssertionType assertion = new AssertionType(id, issueInstant);
    assertion.setIssuer(issuerID);
    if (conditions != null)
        assertion.setConditions(conditions);
    if (subject != null)
        assertion.setSubject(subject);
    if (statements != null) {
        for (StatementAbstractType statement : statements) {
            assertion.addStatement(statement);
        }
    }
    return assertion;
}

Example 15 with ConditionsType

use of org.keycloak.dom.saml.v2.assertion.ConditionsType in project keycloak by keycloak.

the class SessionNotOnOrAfterTest method checkSessionNotOnOrAfter.

private SAML2Object checkSessionNotOnOrAfter(SAML2Object ob, int ssoMaxLifespan, int accessCodeLifespan, int accessTokenLifespan) {
    assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    ResponseType resp = (ResponseType) ob;
    Assert.assertNotNull(resp);
    Assert.assertNotNull(resp.getAssertions());
    Assert.assertThat(resp.getAssertions().size(), greaterThan(0));
    Assert.assertNotNull(resp.getAssertions().get(0));
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion());
    // session lifespan
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getStatements());
    Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
    AuthnStatementType authType = statements.stream().filter(statement -> statement instanceof AuthnStatementType).map(s -> (AuthnStatementType) s).findFirst().orElse(null);
    assertThat(authType, notNullValue());
    assertThat(authType.getSessionNotOnOrAfter(), notNullValue());
    assertThat(authType.getSessionNotOnOrAfter(), is(XMLTimeUtil.add(authType.getAuthnInstant(), ssoMaxLifespan * 1000L)));
    // Conditions
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getConditions());
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getConditions());
    ConditionsType condition = resp.getAssertions().get(0).getAssertion().getConditions();
    Assert.assertEquals(XMLTimeUtil.add(condition.getNotBefore(), accessCodeLifespan * 1000L), condition.getNotOnOrAfter());
    // SubjectConfirmation (confirmationData has no NotBefore, using the previous one because it's the same)
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getSubject());
    Assert.assertNotNull(resp.getAssertions().get(0).getAssertion().getSubject().getConfirmation());
    List<SubjectConfirmationType> confirmations = resp.getAssertions().get(0).getAssertion().getSubject().getConfirmation();
    SubjectConfirmationDataType confirmationData = confirmations.stream().map(c -> c.getSubjectConfirmationData()).filter(c -> c != null).findFirst().orElse(null);
    Assert.assertNotNull(confirmationData);
    Assert.assertEquals(XMLTimeUtil.add(condition.getNotBefore(), accessTokenLifespan * 1000L), confirmationData.getNotOnOrAfter());
    return null;
}