XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis);
XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis);
/** * Add validity conditions to the SAML2 Assertion * * @param assertion * @param durationInMilis * * @throws ConfigurationException * @throws IssueInstantMissingException */ public static void createSAML11TimedConditions(SAML11AssertionType assertion, long durationInMilis, long clockSkew) throws ConfigurationException, IssueInstantMissingException { XMLGregorianCalendar issueInstant = assertion.getIssueInstant(); if (issueInstant == null) throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT); XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew); SAML11ConditionsType conditionsType = new SAML11ConditionsType(); XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew); conditionsType.setNotBefore(beforeInstant); conditionsType.setNotOnOrAfter(assertionValidityLength); assertion.setConditions(conditionsType); }
protected Lifetime adjustLifetimeForClockSkew(Lifetime lifetime) throws ProcessingException { try { lifetime.setCreated( XMLTimeUtil.subtract(lifetime.getCreated(), getClockSkewInMillis())); lifetime.setExpires( XMLTimeUtil.add(lifetime.getExpires(), getClockSkewInMillis())); return lifetime; } catch( ConfigurationException ce ) { throw new ProcessingException(ce.getMessage()); } }
/** * Add validity conditions to the SAML2 Assertion * * @param assertion * @param durationInMilis * @throws ConfigurationException * @throws IssueInstantMissingException */ public static void createTimedConditions(AssertionType assertion, long durationInMilis, long clockSkew) throws ConfigurationException, IssueInstantMissingException { XMLGregorianCalendar issueInstant = assertion.getIssueInstant(); if (issueInstant == null) throw logger.samlIssueInstantMissingError(); XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew); ConditionsType conditionsType = new ConditionsType(); XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew); conditionsType.setNotBefore(beforeInstant); conditionsType.setNotOnOrAfter(assertionValidityLength); assertion.setConditions(conditionsType); }
/** * Add validity conditions to the SAML2 Assertion * @param assertion * @param durationInMilis * @throws ConfigurationException * @throws IssueInstantMissingException */ public static void createTimedConditions(AssertionType assertion, long durationInMilis, long clockSkew) throws ConfigurationException, IssueInstantMissingException { XMLGregorianCalendar issueInstant = assertion.getIssueInstant(); if (issueInstant == null) throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT); XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew); ConditionsType conditionsType = new ConditionsType(); XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew); conditionsType.setNotBefore(beforeInstant); conditionsType.setNotOnOrAfter(assertionValidityLength); assertion.setConditions(conditionsType); }
/** * Add validity conditions to the SAML2 Assertion * * @param assertion * @param durationInMilis * @throws ConfigurationException * @throws IssueInstantMissingException */ public static void createSAML11TimedConditions(SAML11AssertionType assertion, long durationInMilis, long clockSkew) throws ConfigurationException, IssueInstantMissingException { XMLGregorianCalendar issueInstant = assertion.getIssueInstant(); if (issueInstant == null) throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT); XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew); SAML11ConditionsType conditionsType = new SAML11ConditionsType(); XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew); conditionsType.setNotBefore(beforeInstant); conditionsType.setNotOnOrAfter(assertionValidityLength); assertion.setConditions(conditionsType); }
protected Lifetime adjustLifetimeForClockSkew(Lifetime lifetime) throws ProcessingException { try { lifetime.setCreated( XMLTimeUtil.subtract(lifetime.getCreated(), getClockSkewInMillis())); lifetime.setExpires( XMLTimeUtil.add(lifetime.getExpires(), getClockSkewInMillis())); return lifetime; } catch( ConfigurationException ce ) { throw new ProcessingException(ce.getMessage()); } }
/** * Add validity conditions to the SAML2 Assertion * @param assertion * @param durationInMilis * @throws ConfigurationException * @throws IssueInstantMissingException */ public static void createSAML11TimedConditions(SAML11AssertionType assertion, long durationInMilis, long clockSkew) throws ConfigurationException, IssueInstantMissingException { XMLGregorianCalendar issueInstant = assertion.getIssueInstant(); if (issueInstant == null) throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT); XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew); SAML11ConditionsType conditionsType = new SAML11ConditionsType(); XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew); conditionsType.setNotBefore(beforeInstant); conditionsType.setNotOnOrAfter(assertionValidityLength); assertion.setConditions(conditionsType); }
/** * Add validity conditions to the SAML2 Assertion * * @param assertion * @param durationInMilis * * @throws ConfigurationException * @throws IssueInstantMissingException */ public static void createSAML11TimedConditions(SAML11AssertionType assertion, long durationInMilis, long clockSkew) throws ConfigurationException, IssueInstantMissingException { XMLGregorianCalendar issueInstant = assertion.getIssueInstant(); if (issueInstant == null) throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT); XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew); SAML11ConditionsType conditionsType = new SAML11ConditionsType(); XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew); conditionsType.setNotBefore(beforeInstant); conditionsType.setNotOnOrAfter(assertionValidityLength); assertion.setConditions(conditionsType); }
/** * Add validity conditions to the SAML2 Assertion * @param assertion * @param durationInMilis * @throws ConfigurationException * @throws IssueInstantMissingException */ public static void createTimedConditions(AssertionType assertion, long durationInMilis, long clockSkew) throws ConfigurationException, IssueInstantMissingException { XMLGregorianCalendar issueInstant = assertion.getIssueInstant(); if (issueInstant == null) throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT); XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew); ConditionsType conditionsType = new ConditionsType(); XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew); conditionsType.setNotBefore(beforeInstant); conditionsType.setNotOnOrAfter(assertionValidityLength); assertion.setConditions(conditionsType); }
/** * Add validity conditions to the SAML2 Assertion * @param assertion * @param durationInMilis * @throws ConfigurationException * @throws IssueInstantMissingException */ public static void createSAML11TimedConditions(SAML11AssertionType assertion, long durationInMilis, long clockSkew) throws ConfigurationException, IssueInstantMissingException { XMLGregorianCalendar issueInstant = assertion.getIssueInstant(); if (issueInstant == null) throw new IssueInstantMissingException(ErrorCodes.NULL_ISSUE_INSTANT); XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew); SAML11ConditionsType conditionsType = new SAML11ConditionsType(); XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew); conditionsType.setNotBefore(beforeInstant); conditionsType.setNotOnOrAfter(assertionValidityLength); assertion.setConditions(conditionsType); }
/** * Add validity conditions to the SAML2 Assertion * * @param assertion * @param durationInMilis * * @throws ConfigurationException * @throws IssueInstantMissingException */ public static void createTimedConditions(AssertionType assertion, long durationInMilis, long clockSkew) throws ConfigurationException, IssueInstantMissingException { XMLGregorianCalendar issueInstant = assertion.getIssueInstant(); if (issueInstant == null) throw logger.samlIssueInstantMissingError(); XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew); ConditionsType conditionsType = new ConditionsType(); XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew); conditionsType.setNotBefore(beforeInstant); conditionsType.setNotOnOrAfter(assertionValidityLength); assertion.setConditions(conditionsType); }
/** * Add validity conditions to the SAML2 Assertion * * @param assertion * @param durationInMilis * * @throws ConfigurationException * @throws IssueInstantMissingException */ public static void createTimedConditions(AssertionType assertion, long durationInMilis, long clockSkew) throws ConfigurationException, IssueInstantMissingException { XMLGregorianCalendar issueInstant = assertion.getIssueInstant(); if (issueInstant == null) throw logger.samlIssueInstantMissingError(); XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew); ConditionsType conditionsType = new ConditionsType(); XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew); conditionsType.setNotBefore(beforeInstant); conditionsType.setNotOnOrAfter(assertionValidityLength); assertion.setConditions(conditionsType); }
XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis);
/** * Verify whether the assertion has expired. You can add in a clock skew to adapt to conditions where in the IDP and SP are * out of sync. * * @param assertion * @param clockSkewInMilis in miliseconds * @return * @throws ConfigurationException */ public static boolean hasExpired(AssertionType assertion, long clockSkewInMilis) throws ConfigurationException { boolean expiry = false; // Check for validity of assertion ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis); logger.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter); expiry = !XMLTimeUtil.isValid(now, updatedNotBefore, updatedOnOrAfter); if (expiry) { logger.samlAssertionExpired(assertion.getID()); } } // TODO: if conditions do not exist, assume the assertion to be everlasting? return expiry; }
/** * Verify whether the assertion has expired. You can add in a clock skew to adapt to conditions where in the IDP and SP are * out of sync. * * @param assertion * @param clockSkewInMilis in miliseconds * @return * @throws ConfigurationException */ public static boolean hasExpired(SAML11AssertionType assertion, long clockSkewInMilis) throws ConfigurationException { boolean expiry = false; // Check for validity of assertion SAML11ConditionsType conditionsType = assertion.getConditions(); if (conditionsType != null) { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis); logger.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter); expiry = !XMLTimeUtil.isValid(now, updatedNotBefore, updatedOnOrAfter); if (expiry) { logger.samlAssertionExpired(assertion.getID()); } } // TODO: if conditions do not exist, assume the assertion to be everlasting? return expiry; }
XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis);
XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis);
XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); XMLGregorianCalendar notBefore = conditionsType.getNotBefore(); XMLGregorianCalendar updatedNotBefore = XMLTimeUtil.subtract(notBefore, clockSkewInMilis); XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter(); XMLGregorianCalendar updatedOnOrAfter = XMLTimeUtil.add(notOnOrAfter, clockSkewInMilis);