org.opensaml.saml2.core.Assertion.getConditions()方法的使用及代码示例

x33g5p2x  于2022-01-16 转载在 其他  
字(14.1k)|赞(0)|评价(0)|浏览(159)

本文整理了Java中org.opensaml.saml2.core.Assertion.getConditions()方法的一些代码示例,展示了Assertion.getConditions()的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。Assertion.getConditions()方法的具体详情如下:
包路径:org.opensaml.saml2.core.Assertion
类名称:Assertion
方法名:getConditions

Assertion.getConditions介绍

[英]Gets the Conditions placed on this assertion.
[中]获取放置在此断言上的条件。

代码示例

代码示例来源:origin: cloudfoundry/uaa

DateTime until = new DateTime().plusHours(1);
assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setRecipient(spEndpoint);
assertion.getConditions().getAudienceRestrictions().get(0).getAudiences().get(0).setAudienceURI(audienceEntityID);
assertion.getIssuer().setValue(issuerEntityId);
assertion.getSubject().getNameID().setValue(username);
assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setInResponseTo(null);
assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData().setNotOnOrAfter(until);
assertion.getConditions().setNotOnOrAfter(until);
SamlConfig config = new SamlConfig();
config.addAndActivateKey("active-key", new SamlKey(privateKey, keyPassword, certificate));

代码示例来源:origin: org.wso2.carbon.identity.inbound.auth.oauth2/org.wso2.carbon.identity.oauth

private DateTime getNotBefore(Assertion assertion) {
  return assertion.getConditions().getNotBefore();
}

代码示例来源:origin: org.wso2.carbon.identity.inbound.auth.oauth2/org.wso2.carbon.identity.oauth

private DateTime getNotOnOrAfter(Assertion assertion) {
  return assertion.getConditions().getNotOnOrAfter();
}

代码示例来源:origin: se.skltp.adapterservices.se.apotekensservice/TicketMachine

private void validateDateTime(Assertion assertion) throws ValidationException{
  DateTime now = new DateTime();
  Conditions conditions = assertion.getConditions();
  DateTime notBefore = conditions.getNotBefore();
  DateTime notAfter = conditions.getNotOnOrAfter();
  if (now.getMillis() < notBefore.getMillis()){
    throw new ValidationException("notBefore validation failed!");
  }
  if (now.getMillis() > notAfter.getMillis()){
    throw new ValidationException("notOnOrAfter validation failed!");
  }        
}

代码示例来源:origin: se.skltp.adapterservices.se.apotekensservice/TicketMachine

/**
 * {@inheritDoc}
 */
public Assertion getSignedAuthorizationAssertion(List<SAML2Attribute> saml2AuthorizationAttributes,Assertion authnAssertion) {
  
  Assertion authorizationAssertion = saml2AssertionGenerator.generateSAML2Assertion(authnAssertion.getID(),
      StringConstants.ATTRIBUTE_AUTHORIZATION_DATA,
      new DateTime(), 
      authnAssertion.getConditions().getNotBefore(), 
      authnAssertion.getConditions().getNotOnOrAfter().minusMinutes(1), 
      saml2AuthorizationAttributes);        
  try {
    authorizationAssertion = (Assertion)saml2XmlObjectSigner.sign(authorizationAssertion);
  }catch(SignatureException e){
    String message ="SAML2 assertion signing failed : ";
    logger.error(message,e);
  }
  return authorizationAssertion;
}

代码示例来源:origin: se.skltp.adapterservices.se.apotekensservice/TicketMachine

/**
 * {@inheritDoc}     
 */
public Assertion getSignedAuditingAssertion(List<SAML2Attribute> saml2AuditingAttributes,Assertion authnAssertion){
  Assertion auditingAssertion = saml2AssertionGenerator.generateSAML2Assertion(authnAssertion.getID(),
      StringConstants.ATTRIBUTE_INFO_DATA,
      new DateTime(), 
      authnAssertion.getConditions().getNotBefore(), 
      authnAssertion.getConditions().getNotOnOrAfter().minusMinutes(1), 
      saml2AuditingAttributes);        
  try {
    auditingAssertion = (Assertion)saml2XmlObjectSigner.sign(auditingAssertion);
  }catch(SignatureException e){
    String message ="SAML2 assertion signing failed : ";
    logger.error(message,e);
  }
  return auditingAssertion;
}

代码示例来源:origin: org.wso2.carbon.appmgt/org.wso2.carbon.appmgt.gateway

/**
 * Get Audiences of SAML2 Response.
 *
 * @param samlResponse SAML2 Response
 * @return audiences
 */
private List<String> getAudiencesFromSAMLResponse(ResponseImpl samlResponse) {
  Assertion assertion = samlResponse.getAssertions().get(0);
  List<String> audiences = new ArrayList<>();
  if (assertion != null) {
    Conditions conditions = assertion.getConditions();
    if (conditions != null) {
      List<AudienceRestriction> audienceRestrictions = conditions.getAudienceRestrictions();
      if (CollectionUtils.isNotEmpty(audienceRestrictions)) {
        for (AudienceRestriction audienceRestriction : audienceRestrictions) {
          if (CollectionUtils.isNotEmpty(audienceRestriction.getAudiences())) {
            for (Audience audience : audienceRestriction.getAudiences()) {
              audiences.add(audience.getAudienceURI());
            }
          }
        }
      }
    }
  }
  return audiences;
}

代码示例来源:origin: metatron-app/metatron-discovery

public Conditions(Authentication authentication){
 SAMLCredential credential = (SAMLCredential) authentication.getCredentials();
 Assertion assertion = credential.getAuthenticationAssertion();
 org.opensaml.saml2.core.Conditions conditions = assertion.getConditions();
 List<AudienceRestriction> audienceRestrictions = conditions.getAudienceRestrictions();
 List<Audience> audiences = audienceRestrictions.get(0).getAudiences();
 notBefore = conditions.getNotBefore();
 notOnOrAfter = conditions.getNotOnOrAfter();
 audienceRestriction = new ArrayList<>();
 for(Audience audience : audiences){
  audienceRestriction.add(audience.getAudienceURI());
 }
}

代码示例来源:origin: org.wso2.carbon.identity.inbound.auth.oauth2/org.wso2.carbon.identity.oauth

/**
 * The Assertion MUST contain <Conditions> element with an <AudienceRestriction> element with an <Audience> element
 * containing a URI reference that identifies the authorization server, or the service provider SAML entity of its
 * controlling domain, as an intended audience.  The token endpoint URL of the authorization server MAY be used as
 * an acceptable value for an <Audience> element.  The authorization server MUST verify that
 * it is an intended audience for the Assertion.
 * @param tokReqMsgCtx
 * @param assertion
 * @param identityProvider
 * @param tenantDomain
 * @return
 * @throws IdentityOAuth2Exception
 */
private void validateConditions(OAuthTokenReqMessageContext tokReqMsgCtx, Assertion assertion,
                IdentityProvider identityProvider, String tenantDomain)
    throws IdentityOAuth2Exception {
  Conditions conditions = assertion.getConditions();
  if (conditions != null) {
    String tokenEndpointAlias = getTokenEPAlias(assertion, identityProvider, tenantDomain);
    validateAudience(identityProvider, conditions, tokenEndpointAlias, tenantDomain);
  } else {
    throw new IdentityOAuth2Exception("SAML Assertion doesn't contain Conditions");
  }
}

代码示例来源:origin: org.wso2.carbon.identity.agent.sso.java/org.wso2.carbon.identity.sso.agent

/**
 * Validates the 'Not Before' and 'Not On Or After' conditions of the SAML Assertion
 *
 * @param assertion SAML Assertion element
 * @throws SSOAgentException
 */
private void validateAssertionValidityPeriod(Assertion assertion) throws SSOAgentException {
  if (assertion.getConditions() != null) {
    int timeStampSkewInSeconds = ssoAgentConfig.getSAML2().getTimeStampSkewInSeconds();
    DateTime validFrom = assertion.getConditions().getNotBefore();
    DateTime validTill = assertion.getConditions().getNotOnOrAfter();
    if (validFrom != null && validFrom.minusSeconds(timeStampSkewInSeconds).isAfterNow()) {
      throw new SSOAgentException("Failed to meet SAML Assertion Condition 'Not Before'");
    }
    if (validTill != null && validTill.plusSeconds(timeStampSkewInSeconds).isBeforeNow()) {
      throw new SSOAgentException("Failed to meet SAML Assertion Condition 'Not On Or After'");
    }
    if (validFrom != null && validTill != null && validFrom.isAfter(validTill)) {
      throw new SSOAgentException(
          "SAML Assertion Condition 'Not Before' must be less than the value of 'Not On Or After'");
    }
  }
}

代码示例来源:origin: org.wso2.carbon.identity/org.wso2.carbon.identity.sso.agent

/**
 * Validates the 'Not Before' and 'Not On Or After' conditions of the SAML Assertion
 *
 * @param assertion SAML Assertion element
 * @throws SSOAgentException
 */
private void validateAssertionValidityPeriod(Assertion assertion) throws SSOAgentException {
  if (assertion.getConditions() != null) {
    int timeStampSkewInSeconds = ssoAgentConfig.getSAML2().getTimeStampSkewInSeconds();
    DateTime validFrom = assertion.getConditions().getNotBefore();
    DateTime validTill = assertion.getConditions().getNotOnOrAfter();
    if (validFrom != null && validFrom.minusSeconds(timeStampSkewInSeconds).isAfterNow()) {
      throw new SSOAgentException("Failed to meet SAML Assertion Condition 'Not Before'");
    }
    if (validTill != null && validTill.plusSeconds(timeStampSkewInSeconds).isBeforeNow()) {
      throw new SSOAgentException("Failed to meet SAML Assertion Condition 'Not On Or After'");
    }
    if (validFrom != null && validTill != null && validFrom.isAfter(validTill)) {
      throw new SSOAgentException(
          "SAML Assertion Condition 'Not Before' must be less than the value of 'Not On Or After'");
    }
  }
}

代码示例来源:origin: org.ojbc.bundles.shared/ojb-common

DateTime validTill = null;
if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_20)
  && assertion.getSaml2().getConditions() != null) {
  validFrom = assertion.getSaml2().getConditions().getNotBefore();
  validTill = assertion.getSaml2().getConditions().getNotOnOrAfter();
} else if (assertion.getSamlVersion().equals(SAMLVersion.VERSION_11)
  && assertion.getSaml1().getConditions() != null) {

代码示例来源:origin: org.apache.ws.security/wss4j

) throws WSSecurityException {
  if (samlAssertion.getSamlVersion().equals(SAMLVersion.VERSION_20)
    && samlAssertion.getSaml2().getConditions() != null
    && samlAssertion.getSaml2().getConditions().getOneTimeUse() != null 
    && data.getSamlOneTimeUseReplayCache() != null) {
    String identifier = samlAssertion.getId();
    DateTime expires = samlAssertion.getSaml2().getConditions().getNotOnOrAfter();
    if (expires != null) {
      Date rightNow = new Date();

代码示例来源:origin: coveo/saml-client

private void validateAssertion(Response response) throws SamlException {
 if (response.getAssertions().size() != 1) {
  throw new SamlException("The response doesn't contain exactly 1 assertion");
 }
 Assertion assertion = response.getAssertions().get(0);
 if (!assertion.getIssuer().getValue().equals(responseIssuer)) {
  throw new SamlException("The assertion issuer didn't match the expected value");
 }
 if (assertion.getSubject().getNameID() == null) {
  throw new SamlException(
    "The NameID value is missing from the SAML response; this is likely an IDP configuration issue");
 }
 enforceConditions(assertion.getConditions());
}

代码示例来源:origin: org.apache.servicemix.bundles/org.apache.servicemix.bundles.wss4j

) throws WSSecurityException {
  if (samlAssertion.getSamlVersion().equals(SAMLVersion.VERSION_20)
    && samlAssertion.getSaml2().getConditions() != null
    && samlAssertion.getSaml2().getConditions().getOneTimeUse() != null 
    && data.getSamlOneTimeUseReplayCache() != null) {
    String identifier = samlAssertion.getId();
    DateTime expires = samlAssertion.getSaml2().getConditions().getNotOnOrAfter();
    if (expires != null) {
      Date rightNow = new Date();

代码示例来源:origin: org.apache.rampart/rampart-core

protected void processSAMLAssertion() {
  this.setAssertionId(assertion.getID());
  Subject subject = assertion.getSubject();
  //Read the validity period from the 'Conditions' element, else read it from SC Data
  if (assertion.getConditions() != null) {
    Conditions conditions = assertion.getConditions();
    if (conditions.getNotBefore() != null) {
      this.setDateNotBefore(conditions.getNotBefore().toDate());
    }
    if (conditions.getNotOnOrAfter() != null) {
      this.setDateNotOnOrAfter(conditions.getNotOnOrAfter().toDate());
    }
  } else {
    SubjectConfirmationData scData = subject.getSubjectConfirmations()
        .get(0).getSubjectConfirmationData();
    if (scData.getNotBefore() != null) {
      this.setDateNotBefore(scData.getNotBefore().toDate());
    }
    if (scData.getNotOnOrAfter() != null) {
      this.setDateNotOnOrAfter(scData.getNotOnOrAfter().toDate());
    }
  }
}

代码示例来源:origin: usnistgov/iheos-toolkit2

private void verifyAssertion(Assertion assertion, AuthnRequest request, BasicSAMLMessageContext context) throws  SAMLException, org.opensaml.xml.security.SecurityException, ValidationException, Exception {
  // Verify assertion time skew
  if (!isDateTimeSkewValid(MAX_ASSERTION_TIME, assertion.getIssueInstant())) {
    System.out.println("Authentication statement is too old to be used"+assertion.getIssueInstant());
    throw new Exception("Users authentication credential is too old to be used");
  }
  // Verify validity of assertion
  // Advice is ignored, core 574
  verifyIssuer(assertion.getIssuer(), context);
  verifyAssertionSignature(assertion.getSignature(), context);
  verifySubject(assertion.getSubject(), request, context);
  // Assertion with authentication statement must contain audience restriction
  if (assertion.getAuthnStatements().size() > 0) {
    verifyAssertionConditions(assertion.getConditions(), context, true);
    for (AuthnStatement statement : assertion.getAuthnStatements()) {
      verifyAuthenticationStatement(statement, context);
    }
  } else {
    verifyAssertionConditions(assertion.getConditions(), context, false);
  }
}
/**

代码示例来源:origin: org.wso2.carbon.identity.agent.sso.java/org.wso2.carbon.identity.sso.agent

Conditions conditions = assertion.getConditions();
if (conditions != null) {
  List<AudienceRestriction> audienceRestrictions = conditions.getAudienceRestrictions();

代码示例来源:origin: org.wso2.carbon.identity.authenticator.outbound.saml2sso/org.wso2.carbon.identity.authenticator.outbound.saml2sso

Conditions conditions = assertion.getConditions();
if (conditions != null) {
  List<AudienceRestriction> audienceRestrictions = conditions.getAudienceRestrictions();

代码示例来源:origin: org.springframework.security.extensions/spring-security-saml2-core

protected void verifyAssertion(Assertion assertion, AuthnRequest request, SAMLMessageContext context) throws AuthenticationException, SAMLException, org.opensaml.xml.security.SecurityException, ValidationException, DecryptionException {
  // Verify storage time skew
  if (!isDateTimeSkewValid(getResponseSkew(), getMaxAssertionTime(), assertion.getIssueInstant())) {
    throw new SAMLException("Assertion is too old to be used, value can be customized by setting maxAssertionTime value " + assertion.getIssueInstant());
  }
  // Verify validity of storage
  // Advice is ignored, core 574
  verifyIssuer(assertion.getIssuer(), context);
  verifyAssertionSignature(assertion.getSignature(), context);
  // Check subject
  if (assertion.getSubject() != null) {
    verifySubject(assertion.getSubject(), request, context);
  } else {
    throw new SAMLException("Assertion does not contain subject and is discarded");
  }
  // Assertion with authentication statement must contain audience restriction
  if (assertion.getAuthnStatements().size() > 0) {
    verifyAssertionConditions(assertion.getConditions(), context, true);
    for (AuthnStatement statement : assertion.getAuthnStatements()) {
      if (request != null) {
        verifyAuthenticationStatement(statement, request.getRequestedAuthnContext(), context);
      } else {
        verifyAuthenticationStatement(statement, null, context);
      }
    }
  } else {
    verifyAssertionConditions(assertion.getConditions(), context, false);
  }
}

相关文章