Tabnine Logo
AssertionUtil
Code IndexAdd Tabnine to your IDE (free)

How to use
AssertionUtil
in
org.picketlink.identity.federation.core.saml.v2.util

Best Java code snippets using org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil (Showing top 20 results out of 315)

origin: org.picketlink/picketlink-federation

  /**
   * Verify whether an {@link org.picketlink.identity.federation.saml.v2.assertion.AssertionType} has expired
   * @param assertionType
   * @return
   * @throws ConfigurationException
   */
  public boolean hasExpired(AssertionType assertionType) throws ConfigurationException {
    return AssertionUtil.hasExpired(assertionType);
  }
}
origin: org.overlord/overlord-commons-auth

/**
 * Creates a SAML Assertion that can be used as a bearer token when invoking REST
 * services.  The REST service must be configured to accept SAML Assertion bearer
 * tokens.
 *
 * In JBoss this means protecting the REST services with {@link org.overlord.commons.auth.jboss7.SAMLBearerTokenLoginModule}.
 * In Tomcat7 this means protecting the REST services with {@link org.overlord.commons.auth.tomcat7.SAMLBearerTokenAuthenticator}.
 *
 * @param principal
 * @param roles
 * @param issuerName
 * @param forService
 * @param timeValidInMillis
 */
public static String createSAMLAssertion(Principal principal, Set<String> roles, String issuerName,
    String forService, int timeValidInMillis) {
  try {
    NameIDType issuer = SAMLAssertionFactory.createNameID(null, null, issuerName);
    SubjectType subject = AssertionUtil.createAssertionSubject(principal.getName());
    AssertionType assertion = AssertionUtil.createAssertion(UUID.randomUUID().toString(), issuer);
    assertion.setSubject(subject);
    AssertionUtil.createTimedConditions(assertion, timeValidInMillis);
    ConditionAbstractType restriction = SAMLAssertionFactory.createAudienceRestriction(forService);
    assertion.getConditions().addCondition(restriction);
    addRoleStatements(roles, assertion, principal);
    return AssertionUtil.asString(assertion);
  } catch (Exception e) {
    throw new RuntimeException(e);
  }
}
origin: org.picketlink.distribution/picketlink-jbas5

/**
 * This method validates SAML Credential in following steps: <ol> <li>Validate the signing key embedded in SAML token is still
 * valid, not expired</li> <li>Validate the signing key embedded in SAML token is trusted against a local truststore,  such as
 * certpath validation</li> <li>Validate SAML token is still valid, not expired</li> <li>Validate the SAML signature using the
 * embedded signing key in SAML token itself as you indicated below</li> </ol>
 *
 * If something goes wrong throws LoginException.
 *
 * @throws LoginException
 */
private void validateSAMLCredential() throws LoginException, ConfigurationException, CertificateExpiredException, CertificateNotYetValidException {
  X509Certificate cert = getX509Certificate();
  // public certificate validation
  validateCertPath(cert);
  // check time validity of the certificate
  cert.checkValidity();
  boolean sigValid = false;
  try {
    sigValid = AssertionUtil.isSignatureValid(credential.getAssertionAsElement(), cert.getPublicKey());
  } catch (ProcessingException e) {
    logger.processingError(e);
  }
  if (!sigValid) {
    throw logger.authSAMLInvalidSignatureError();
  }
  if (AssertionUtil.hasExpired(assertion)) {
    throw logger.authSAMLAssertionExpiredError();
  }
}
origin: org.picketlink/picketlink-trust-jbossws

if(AssertionUtil.hasExpired(assertionType))
  throw new RuntimeException(ErrorCodes.EXPIRED_ASSERTION + "Assertion has expired");
  log.trace("Inbound::Rolekeys to extract roles from the assertion:" + roleKeys);
List<String> roles = AssertionUtil.getRoles(assertionType, roleKeys); 
if(roles.size() > 0 )
origin: org.picketlink/picketlink-fed

 XMLGregorianCalendar expiry = AssertionUtil.getExpiration(assertion);
 if (expiry != null)
roleKeys.addAll(StringUtil.tokenize(roleKey));
List<String> roles = AssertionUtil.getRoles(assertion, roleKeys);
if (roles.size() > 0)
List<String> roles = AssertionUtil.getRoles(assertion, null);
for (String role : roles)
origin: org.picketlink/picketlink-trust-jbossws

List<String> roles = AssertionUtil.getRoles(assertion, null);
Group roleGroup = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
for(String role: roles)
origin: org.picketlink.distribution/picketlink-jbas7

@Override
protected Group[] getRoleSets() throws LoginException {
  if (this.assertion == null) {
    try {
      this.assertion = SAMLUtil.fromElement(this.credential.getAssertionAsElement());
    } catch (Exception e) {
      throw logger.authFailedToParseSAMLAssertion(e);
    }
  }
  if (logger.isTraceEnabled()) {
    try {
      logger.trace("Assertion from where roles will be sought = " + AssertionUtil.asString(assertion));
    } catch (ProcessingException ignore) {
    }
  }
  List<String> roleKeys = new ArrayList<String>();
  if (StringUtil.isNotNull(roleKey)) {
    roleKeys.addAll(StringUtil.tokenize(roleKey));
  }
  String groupName = SecurityConstants.ROLES_IDENTIFIER;
  Group rolesGroup = new PicketLinkGroup(groupName);
  List<String> roles = AssertionUtil.getRoles(assertion, roleKeys);
  for (String role : roles) {
    rolesGroup.addMember(new SimplePrincipal(role));
  }
  return new Group[]{rolesGroup};
}
origin: org.picketlink/picketlink-fed

/**
* Add validity conditions to the SAML2 Assertion
* @param assertion
* @param durationInMilis   
* @throws ConfigurationException 
* @throws IssueInstantMissingException 
*/
public void createTimedConditions(AssertionType assertion, long durationInMilis) throws ConfigurationException,
   IssueInstantMissingException
{
 AssertionUtil.createTimedConditions(assertion, durationInMilis);
}
origin: org.picketlink/picketlink-federation

  if (isNotNull(skew)) {
    long skewMilis = Long.parseLong(skew);
    expiredAssertion = AssertionUtil.hasExpired(assertion, skewMilis);
  } else
    expiredAssertion = AssertionUtil.hasExpired(assertion);
} catch (ConfigurationException e) {
  throw new ProcessingException(e);
if (!AssertionUtil.isAudience(assertion, getSPConfiguration())) {
  throw logger.samlAssertionWrongAudience(getSPConfiguration().getServiceURL());
origin: org.picketlink.distribution/picketlink-jbas7

XMLGregorianCalendar expiry = AssertionUtil.getExpiration(assertion);
if (expiry != null) {
  Date expiryDate = expiry.toGregorianCalendar().getTime();
origin: org.picketlink/picketlink-federation

assertionType.addAllStatements(statements);
try {
  AssertionUtil.createSAML11TimedConditions(assertionType, ASSERTION_VALIDITY, CLOCK_SKEW);
} catch (Exception e) {
  throw logger.processingError(e);
origin: org.picketlink/picketlink-fed

/**
* Create an assertion
* @param id
* @param issuer
* @return
*/
public AssertionType createAssertion(String id, NameIDType issuer)
{
 return AssertionUtil.createAssertion(id, issuer);
}
origin: org.picketlink.distribution/picketlink-wildfly8

  @POST
  public Response generateAssertion(@Context HttpServletRequest httpServletRequest,
      @Context HttpServletResponse httpServletResponse) throws Exception {
    Principal principal = httpServletRequest.getUserPrincipal();
    if (principal == null) {
      // Send Error Response
      return Response.status(403).build();
    }
    SAMLProtocolContext samlProtocolContext = getSAMLProtocolContext(principal.getName());
    AssertionType assertionType = issueSAMLAssertion(samlProtocolContext);
    // TODO: sign/encrypt
    String base64EncodedAssertion = PostBindingUtil.base64Encode(AssertionUtil.asString(assertionType));

    return Response.status(200).entity(base64EncodedAssertion).build();
  }
}
origin: org.picketlink.distribution/picketlink-jbas7

try {
  assertionType = SAMLUtil.fromElement(assertion);
  if (AssertionUtil.hasExpired(assertionType)) {
    throw new RuntimeException(logger.samlAssertionExpiredError());
  List<String> roles = AssertionUtil.getRoles(assertionType, roleKeys);
  if (roles.size() > 0) {
    logger.trace("Roles in the assertion: " + roles);
origin: org.picketlink/picketlink-federation

  TimeCacheExpiry cacheExpiry = JBossAuthCacheInvalidationFactory.getCacheExpiry();
  XMLGregorianCalendar expiry = AssertionUtil.getExpiration(assertion);
  if (expiry != null) {
    cacheExpiry.register(securityDomain, expiry.toGregorianCalendar().getTime(), principal);
roleKeys.addAll(StringUtil.tokenize(roleKey));
List<String> roles = AssertionUtil.getRoles(assertion, roleKeys);
if (roles.size() > 0) {
  SimpleGroup group = new SimpleGroup(SecurityConstants.ROLES_IDENTIFIER);
List<String> roles = AssertionUtil.getRoles(assertion, null);
for (String role : roles) {
  callerPrincipal.addMember(new SimplePrincipal(role));
origin: org.picketlink.distribution/picketlink-jbas7

/**
 * This method validates SAML Credential in following steps: <ol> <li>Validate the signing key embedded in SAML token is still
 * valid, not expired</li> <li>Validate the signing key embedded in SAML token is trusted against a local truststore,  such as
 * certpath validation</li> <li>Validate SAML token is still valid, not expired</li> <li>Validate the SAML signature using the
 * embedded signing key in SAML token itself as you indicated below</li> </ol>
 *
 * If something goes wrong throws LoginException.
 *
 * @throws LoginException
 */
private void validateSAMLCredential() throws LoginException, ConfigurationException, CertificateExpiredException, CertificateNotYetValidException {
  X509Certificate cert = getX509Certificate();
  // public certificate validation
  validateCertPath(cert);
  // check time validity of the certificate
  cert.checkValidity();
  boolean sigValid = false;
  try {
    sigValid = AssertionUtil.isSignatureValid(credential.getAssertionAsElement(), cert.getPublicKey());
  } catch (ProcessingException e) {
    logger.processingError(e);
  }
  if (!sigValid) {
    throw logger.authSAMLInvalidSignatureError();
  }
  if (AssertionUtil.hasExpired(assertion)) {
    throw logger.authSAMLAssertionExpiredError();
  }
}
origin: picketlink/picketlink

roles = AssertionUtil.getRoles(assertion, null);
origin: org.picketlink.distribution/picketlink-jbas7

@Override
protected Group[] getRoleSets() throws LoginException {
  if (this.assertion == null) {
    try {
      this.assertion = SAMLUtil.fromElement(this.credential.getAssertionAsElement());
    } catch (Exception e) {
      throw logger.authFailedToParseSAMLAssertion(e);
    }
  }
  if (logger.isTraceEnabled()) {
    try {
      logger.trace("Assertion from where roles will be sought = " + AssertionUtil.asString(assertion));
    } catch (ProcessingException ignore) {
    }
  }
  List<String> roleKeys = new ArrayList<String>();
  if (StringUtil.isNotNull(roleKey)) {
    roleKeys.addAll(StringUtil.tokenize(roleKey));
  }
  String groupName = SecurityConstants.ROLES_IDENTIFIER;
  Group rolesGroup = new PicketLinkGroup(groupName);
  List<String> roles = AssertionUtil.getRoles(assertion, roleKeys);
  for (String role : roles) {
    rolesGroup.addMember(new SimplePrincipal(role));
  }
  return new Group[]{rolesGroup};
}
origin: picketlink/picketlink

/**
 * Add validity conditions to the SAML2 Assertion
 *
 * @param assertion
 * @param durationInMilis
 *
 * @throws ConfigurationException
 * @throws IssueInstantMissingException
 */
public void createTimedConditions(AssertionType assertion, long durationInMilis) throws ConfigurationException,
    IssueInstantMissingException {
  AssertionUtil.createTimedConditions(assertion, durationInMilis);
}
origin: picketlink/picketlink

  if (isNotNull(skew)) {
    long skewMilis = Long.parseLong(skew);
    expiredAssertion = AssertionUtil.hasExpired(assertion, skewMilis);
  } else
    expiredAssertion = AssertionUtil.hasExpired(assertion);
} catch (ConfigurationException e) {
  throw new ProcessingException(e);
if (!AssertionUtil.isAudience(assertion, getSPConfiguration())) {
  throw logger.samlAssertionWrongAudience(getSPConfiguration().getServiceURL());
org.picketlink.identity.federation.core.saml.v2.utilAssertionUtil

Javadoc

Utility to deal with assertions

Most used methods

  • hasExpired
    Verify whether the assertion has expired. You can add in a clock skew to adapt to conditions where i
  • getRoles
    Given an assertion, return the list of roles it may have
  • getExpiration
    Extract the expiration time from an AssertionType
  • asString
    Given AssertionType, convert it into a String
  • createTimedConditions
    Add validity conditions to the SAML2 Assertion
  • createAssertion
    Create an assertion
  • createSAML11TimedConditions
    Add validity conditions to the SAML2 Assertion
  • isSignatureValid
    Given an assertion element, validate the signature
  • asDocument
    Given AssertionType, convert it into a DOM Document.
  • createAssertionSubject
    Given a user name, create a SubjectType that can then be inserted into an assertion
  • isAudience
    Checks whether the given assertion is intended for the given org.picketlink.config.federation.SPType
  • isAudience

Popular in Java

  • Start an intent from android
  • requestLocationUpdates (LocationManager)
  • compareTo (BigDecimal)
  • putExtra (Intent)
  • BigInteger (java.math)
    An immutable arbitrary-precision signed integer.FAST CRYPTOGRAPHY This implementation is efficient f
  • ServerSocket (java.net)
    This class represents a server-side socket that waits for incoming client connections. A ServerSocke
  • Locale (java.util)
    Locale represents a language/country/variant combination. Locales are used to alter the presentatio
  • PriorityQueue (java.util)
    A PriorityQueue holds elements on a priority heap, which orders the elements according to their natu
  • CountDownLatch (java.util.concurrent)
    A synchronization aid that allows one or more threads to wait until a set of operations being perfor
  • Collectors (java.util.stream)
  • Top plugins for Android Studio
Tabnine Logo

  • Products

    Search for Java codeSearch for JavaScript code

  • IDE Plugins

    IntelliJ IDEAWebStormVisual StudioAndroid StudioEclipseVisual Studio CodePyCharmSublime TextPhpStormVimGoLandRubyMineEmacsJupyter NotebookJupyter LabRiderDataGripAppCode

  • Company

    About UsContact UsCareers

  • Resources

    FAQBlogTabnine AcademyTerms of usePrivacy policyJava Code IndexJavascript Code Index
Get Tabnine for your IDE now