本文整理了Java中org.opensaml.saml2.core.Assertion.getConditions()
方法的一些代码示例,展示了Assertion.getConditions()
的具体用法。这些代码示例主要来源于Github
/Stackoverflow
/Maven
等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。Assertion.getConditions()
方法的具体详情如下:
包路径:org.opensaml.saml2.core.Assertion
类名称:Assertion
方法名:getConditions
[英]Gets the Conditions placed on this assertion.
[中]获取放置在此断言上的条件。
代码示例来源:origin: cloudfoundry/uaa
DateTime until = new DateTime().plusHours(1);
assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setRecipient(spEndpoint);
assertion.getConditions().getAudienceRestrictions().get(0).getAudiences().get(0).setAudienceURI(audienceEntityID);
assertion.getIssuer().setValue(issuerEntityId);
assertion.getSubject().getNameID().setValue(username);
assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setInResponseTo(null);
assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setNotOnOrAfter(until);
assertion.getConditions().setNotOnOrAfter(until);
SamlConfig config = new SamlConfig();
config.addAndActivateKey("active-key", new SamlKey(privateKey, keyPassword, certificate));
代码示例来源:origin: org.wso2.carbon.identity.inbound.auth.oauth2/org.wso2.carbon.identity.oauth
private DateTime getNotBefore(Assertion assertion) {
return assertion.getConditions().getNotBefore();
}
代码示例来源:origin: org.wso2.carbon.identity.inbound.auth.oauth2/org.wso2.carbon.identity.oauth
private DateTime getNotOnOrAfter(Assertion assertion) {
return assertion.getConditions().getNotOnOrAfter();
}
代码示例来源:origin: se.skltp.adapterservices.se.apotekensservice/TicketMachine
private void validateDateTime(Assertion assertion) throws ValidationException{
DateTime now = new DateTime();
Conditions conditions = assertion.getConditions();
DateTime notBefore = conditions.getNotBefore();
DateTime notAfter = conditions.getNotOnOrAfter();
if (now.getMillis() < notBefore.getMillis()){
throw new ValidationException("notBefore validation failed!");
}
if (now.getMillis() > notAfter.getMillis()){
throw new ValidationException("notOnOrAfter validation failed!");
}
}
代码示例来源:origin: se.skltp.adapterservices.se.apotekensservice/TicketMachine
/**
* {@inheritDoc}
*/
public Assertion getSignedAuthorizationAssertion(List<SAML2Attribute> saml2AuthorizationAttributes,Assertion authnAssertion) {
Assertion authorizationAssertion = saml2AssertionGenerator.generateSAML2Assertion(authnAssertion.getID(),
StringConstants.ATTRIBUTE_AUTHORIZATION_DATA,
new DateTime(),
authnAssertion.getConditions().getNotBefore(),
authnAssertion.getConditions().getNotOnOrAfter().minusMinutes(1),
saml2AuthorizationAttributes);
try {
authorizationAssertion = (Assertion)saml2XmlObjectSigner.sign(authorizationAssertion);
}catch(SignatureException e){
String message ="SAML2 assertion signing failed : ";
logger.error(message,e);
}
return authorizationAssertion;
}
代码示例来源:origin: se.skltp.adapterservices.se.apotekensservice/TicketMachine
/**
* {@inheritDoc}
*/
public Assertion getSignedAuditingAssertion(List<SAML2Attribute> saml2AuditingAttributes,Assertion authnAssertion){
Assertion auditingAssertion = saml2AssertionGenerator.generateSAML2Assertion(authnAssertion.getID(),
StringConstants.ATTRIBUTE_INFO_DATA,
new DateTime(),
authnAssertion.getConditions().getNotBefore(),
authnAssertion.getConditions().getNotOnOrAfter().minusMinutes(1),
saml2AuditingAttributes);
try {
auditingAssertion = (Assertion)saml2XmlObjectSigner.sign(auditingAssertion);
}catch(SignatureException e){
String message ="SAML2 assertion signing failed : ";
logger.error(message,e);
}
return auditingAssertion;
}
代码示例来源:origin: org.wso2.carbon.appmgt/org.wso2.carbon.appmgt.gateway
/**
* Get Audiences of SAML2 Response.
*
* @param samlResponse SAML2 Response
* @return audiences
*/
private List<String> getAudiencesFromSAMLResponse(ResponseImpl samlResponse) {
Assertion assertion = samlResponse.getAssertions().get(0);
List<String> audiences = new ArrayList<>();
if (assertion != null) {
Conditions conditions = assertion.getConditions();
if (conditions != null) {
List<AudienceRestriction> audienceRestrictions = conditions.getAudienceRestrictions();
if (CollectionUtils.isNotEmpty(audienceRestrictions)) {
for (AudienceRestriction audienceRestriction : audienceRestrictions) {
if (CollectionUtils.isNotEmpty(audienceRestriction.getAudiences())) {
for (Audience audience : audienceRestriction.getAudiences()) {
audiences.add(audience.getAudienceURI());
}
}
}
}
}
}
return audiences;
}
代码示例来源:origin: metatron-app/metatron-discovery
public Conditions(Authentication authentication){
SAMLCredential credential = (SAMLCredential) authentication.getCredentials();
Assertion assertion = credential.getAuthenticationAssertion();
org.opensaml.saml2.core.Conditions conditions = assertion.getConditions();
List<AudienceRestriction> audienceRestrictions = conditions.getAudienceRestrictions();
List<Audience> audiences = audienceRestrictions.get(0).getAudiences();
notBefore = conditions.getNotBefore();
notOnOrAfter = conditions.getNotOnOrAfter();
audienceRestriction = new ArrayList<>();
for(Audience audience : audiences){
audienceRestriction.add(audience.getAudienceURI());
}
}
代码示例来源:origin: org.wso2.carbon.identity.inbound.auth.oauth2/org.wso2.carbon.identity.oauth
/**
* The Assertion MUST contain <Conditions> element with an <AudienceRestriction> element with an <Audience> element
* containing a URI reference that identifies the authorization server, or the service provider SAML entity of its
* controlling domain, as an intended audience. The token endpoint URL of the authorization server MAY be used as
* an acceptable value for an <Audience> element. The authorization server MUST verify that
* it is an intended audience for the Assertion.
* @param tokReqMsgCtx
* @param assertion
* @param identityProvider
* @param tenantDomain
* @return
* @throws IdentityOAuth2Exception
*/
private void validateConditions(OAuthTokenReqMessageContext tokReqMsgCtx, Assertion assertion,
IdentityProvider identityProvider, String tenantDomain)
throws IdentityOAuth2Exception {
Conditions conditions = assertion.getConditions();
if (conditions != null) {
String tokenEndpointAlias = getTokenEPAlias(assertion, identityProvider, tenantDomain);
validateAudience(identityProvider, conditions, tokenEndpointAlias, tenantDomain);
} else {
throw new IdentityOAuth2Exception("SAML Assertion doesn't contain Conditions");
}
}
代码示例来源:origin: org.wso2.carbon.identity.agent.sso.java/org.wso2.carbon.identity.sso.agent
/**
* Validates the 'Not Before' and 'Not On Or After' conditions of the SAML Assertion
*
* @param assertion SAML Assertion element
* @throws SSOAgentException
*/
private void validateAssertionValidityPeriod(Assertion assertion) throws SSOAgentException {
if (assertion.getConditions() != null) {
int timeStampSkewInSeconds = ssoAgentConfig.getSAML2().getTimeStampSkewInSeconds();
DateTime validFrom = assertion.getConditions().getNotBefore();
DateTime validTill = assertion.getConditions().getNotOnOrAfter();
if (validFrom != null && validFrom.minusSeconds(timeStampSkewInSeconds).isAfterNow()) {
throw new SSOAgentException("Failed to meet SAML Assertion Condition 'Not Before'");
}
if (validTill != null && validTill.plusSeconds(timeStampSkewInSeconds).isBeforeNow()) {
throw new SSOAgentException("Failed to meet SAML Assertion Condition 'Not On Or After'");
}
if (validFrom != null && validTill != null && validFrom.isAfter(validTill)) {
throw new SSOAgentException(
"SAML Assertion Condition 'Not Before' must be less than the value of 'Not On Or After'");
}
}
}
代码示例来源:origin: org.wso2.carbon.identity/org.wso2.carbon.identity.sso.agent
/**
* Validates the 'Not Before' and 'Not On Or After' conditions of the SAML Assertion
*
* @param assertion SAML Assertion element
* @throws SSOAgentException
*/
private void validateAssertionValidityPeriod(Assertion assertion) throws SSOAgentException {
if (assertion.getConditions() != null) {
int timeStampSkewInSeconds = ssoAgentConfig.getSAML2().getTimeStampSkewInSeconds();
DateTime validFrom = assertion.getConditions().getNotBefore();
DateTime validTill = assertion.getConditions().getNotOnOrAfter();
if (validFrom != null && validFrom.minusSeconds(timeStampSkewInSeconds).isAfterNow()) {
throw new SSOAgentException("Failed to meet SAML Assertion Condition 'Not Before'");
}
if (validTill != null && validTill.plusSeconds(timeStampSkewInSeconds).isBeforeNow()) {
throw new SSOAgentException("Failed to meet SAML Assertion Condition 'Not On Or After'");
}
if (validFrom != null && validTill != null && validFrom.isAfter(validTill)) {
throw new SSOAgentException(
"SAML Assertion Condition 'Not Before' must be less than the value of 'Not On Or After'");
}
}
}
代码示例来源:origin: org.ojbc.bundles.shared/ojb-common
DateTime validTill = null;
if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)
&& assertion.getSaml2().getConditions() != null) {
validFrom = assertion.getSaml2().getConditions().getNotBefore();
validTill = assertion.getSaml2().getConditions().getNotOnOrAfter();
} else if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_11)
&& assertion.getSaml1().getConditions() != null) {
代码示例来源:origin: org.apache.ws.security/wss4j
) throws WSSecurityException {
if (samlAssertion.getSamlVersion().equals(SAMLVersion.VERSION_20)
&& samlAssertion.getSaml2().getConditions() != null
&& samlAssertion.getSaml2().getConditions().getOneTimeUse() != null
&& data.getSamlOneTimeUseReplayCache() != null) {
String identifier = samlAssertion.getId();
DateTime expires = samlAssertion.getSaml2().getConditions().getNotOnOrAfter();
if (expires != null) {
Date rightNow = new Date();
代码示例来源:origin: coveo/saml-client
private void validateAssertion(Response response) throws SamlException {
if (response.getAssertions().size() != 1) {
throw new SamlException("The response doesn't contain exactly 1 assertion");
}
Assertion assertion = response.getAssertions().get(0);
if (!assertion.getIssuer().getValue().equals(responseIssuer)) {
throw new SamlException("The assertion issuer didn't match the expected value");
}
if (assertion.getSubject().getNameID() == null) {
throw new SamlException(
"The NameID value is missing from the SAML response; this is likely an IDP configuration issue");
}
enforceConditions(assertion.getConditions());
}
代码示例来源:origin: org.apache.servicemix.bundles/org.apache.servicemix.bundles.wss4j
) throws WSSecurityException {
if (samlAssertion.getSamlVersion().equals(SAMLVersion.VERSION_20)
&& samlAssertion.getSaml2().getConditions() != null
&& samlAssertion.getSaml2().getConditions().getOneTimeUse() != null
&& data.getSamlOneTimeUseReplayCache() != null) {
String identifier = samlAssertion.getId();
DateTime expires = samlAssertion.getSaml2().getConditions().getNotOnOrAfter();
if (expires != null) {
Date rightNow = new Date();
代码示例来源:origin: org.apache.rampart/rampart-core
protected void processSAMLAssertion() {
this.setAssertionId(assertion.getID());
Subject subject = assertion.getSubject();
//Read the validity period from the 'Conditions' element, else read it from SC Data
if (assertion.getConditions() != null) {
Conditions conditions = assertion.getConditions();
if (conditions.getNotBefore() != null) {
this.setDateNotBefore(conditions.getNotBefore().toDate());
}
if (conditions.getNotOnOrAfter() != null) {
this.setDateNotOnOrAfter(conditions.getNotOnOrAfter().toDate());
}
} else {
SubjectConfirmationData scData = subject.getSubjectConfirmations()
.get(0).getSubjectConfirmationData();
if (scData.getNotBefore() != null) {
this.setDateNotBefore(scData.getNotBefore().toDate());
}
if (scData.getNotOnOrAfter() != null) {
this.setDateNotOnOrAfter(scData.getNotOnOrAfter().toDate());
}
}
}
代码示例来源:origin: usnistgov/iheos-toolkit2
private void verifyAssertion(Assertion assertion, AuthnRequest request, BasicSAMLMessageContext context) throws SAMLException, org.opensaml.xml.security.SecurityException, ValidationException, Exception {
// Verify assertion time skew
if (!isDateTimeSkewValid(MAX_ASSERTION_TIME, assertion.getIssueInstant())) {
System.out.println("Authentication statement is too old to be used"+assertion.getIssueInstant());
throw new Exception("Users authentication credential is too old to be used");
}
// Verify validity of assertion
// Advice is ignored, core 574
verifyIssuer(assertion.getIssuer(), context);
verifyAssertionSignature(assertion.getSignature(), context);
verifySubject(assertion.getSubject(), request, context);
// Assertion with authentication statement must contain audience restriction
if (assertion.getAuthnStatements().size() > 0) {
verifyAssertionConditions(assertion.getConditions(), context, true);
for (AuthnStatement statement : assertion.getAuthnStatements()) {
verifyAuthenticationStatement(statement, context);
}
} else {
verifyAssertionConditions(assertion.getConditions(), context, false);
}
}
/**
代码示例来源:origin: org.wso2.carbon.identity.agent.sso.java/org.wso2.carbon.identity.sso.agent
Conditions conditions = assertion.getConditions();
if (conditions != null) {
List<AudienceRestriction> audienceRestrictions = conditions.getAudienceRestrictions();
Conditions conditions = assertion.getConditions();
if (conditions != null) {
List<AudienceRestriction> audienceRestrictions = conditions.getAudienceRestrictions();
代码示例来源:origin: org.springframework.security.extensions/spring-security-saml2-core
protected void verifyAssertion(Assertion assertion, AuthnRequest request, SAMLMessageContext context) throws AuthenticationException, SAMLException, org.opensaml.xml.security.SecurityException, ValidationException, DecryptionException {
// Verify storage time skew
if (!isDateTimeSkewValid(getResponseSkew(), getMaxAssertionTime(), assertion.getIssueInstant())) {
throw new SAMLException("Assertion is too old to be used, value can be customized by setting maxAssertionTime value " + assertion.getIssueInstant());
}
// Verify validity of storage
// Advice is ignored, core 574
verifyIssuer(assertion.getIssuer(), context);
verifyAssertionSignature(assertion.getSignature(), context);
// Check subject
if (assertion.getSubject() != null) {
verifySubject(assertion.getSubject(), request, context);
} else {
throw new SAMLException("Assertion does not contain subject and is discarded");
}
// Assertion with authentication statement must contain audience restriction
if (assertion.getAuthnStatements().size() > 0) {
verifyAssertionConditions(assertion.getConditions(), context, true);
for (AuthnStatement statement : assertion.getAuthnStatements()) {
if (request != null) {
verifyAuthenticationStatement(statement, request.getRequestedAuthnContext(), context);
} else {
verifyAuthenticationStatement(statement, null, context);
}
}
} else {
verifyAssertionConditions(assertion.getConditions(), context, false);
}
}
内容来源于网络,如有侵权,请联系作者删除!