PicketLink Federation Core 2.1.6.Final-redhat-2

org.picketlink.identity.federation.core.saml.v2.util
Class AssertionUtil

java.lang.Object
  extended by org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil

public class AssertionUtil
extends Object

Utility to deal with assertions

Since:
Jun 3, 2009
Author:
Anil.Saldhana@redhat.com

Constructor Summary
AssertionUtil()
           
 
Method Summary
static String asString(AssertionType assertion)
          Given AssertionType, convert it into a String
static AssertionType createAssertion(String id, NameIDType issuer)
          Create an assertion
static SubjectType createAssertionSubject(String userName)
          Given a user name, create a SubjectType that can then be inserted into an assertion
static AttributeType createAttribute(String name, String nameFormat, Object... attributeValues)
          Create an attribute type
static SAML11AssertionType createSAML11Assertion(String id, XMLGregorianCalendar issueInstant, String issuer)
          Create an assertion
static void createSAML11TimedConditions(SAML11AssertionType assertion, long durationInMilis, long clockSkew)
          Add validity conditions to the SAML2 Assertion
static void createTimedConditions(AssertionType assertion, long durationInMilis)
           Add validity conditions to the SAML2 Assertion
static void createTimedConditions(AssertionType assertion, long durationInMilis, long clockSkew)
          Add validity conditions to the SAML2 Assertion
static XMLGregorianCalendar getExpiration(AssertionType assertion)
          Extract the expiration time from an AssertionType
static List<String> getRoles(AssertionType assertion, List<String> roleKeys)
          Given an assertion, return the list of roles it may have
static List<String> getRoles(SAML11AssertionType assertion, List<String> roleKeys)
          Given an assertion, return the list of roles it may have
static boolean hasExpired(AssertionType assertion)
          Check whether the assertion has expired
static boolean hasExpired(AssertionType assertion, long clockSkewInMilis)
          Verify whether the assertion has expired.
static boolean hasExpired(SAML11AssertionType assertion)
          Check whether the assertion has expired
static boolean hasExpired(SAML11AssertionType assertion, long clockSkewInMilis)
          Verify whether the assertion has expired.
static boolean isSignatureValid(Element assertionElement, PublicKey publicKey)
          Given an assertion element, validate the signature
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AssertionUtil

public AssertionUtil()
Method Detail

asString

public static String asString(AssertionType assertion)
                       throws ProcessingException
Given AssertionType, convert it into a String

Parameters:
assertion -
Returns:
Throws:
ProcessingException

createSAML11Assertion

public static SAML11AssertionType createSAML11Assertion(String id,
                                                        XMLGregorianCalendar issueInstant,
                                                        String issuer)
Create an assertion

Parameters:
id -
issuer -
Returns:

createAssertion

public static AssertionType createAssertion(String id,
                                            NameIDType issuer)
Create an assertion

Parameters:
id -
issuer -
Returns:

createAssertionSubject

public static SubjectType createAssertionSubject(String userName)
Given a user name, create a SubjectType that can then be inserted into an assertion

Parameters:
userName -
Returns:

createAttribute

public static AttributeType createAttribute(String name,
                                            String nameFormat,
                                            Object... attributeValues)
Create an attribute type

Parameters:
name - Name of the attribute
nameFormat - name format uri
attributeValues - an object array of attribute values
Returns:

createTimedConditions

public static void createTimedConditions(AssertionType assertion,
                                         long durationInMilis)
                                  throws ConfigurationException,
                                         IssueInstantMissingException

Add validity conditions to the SAML2 Assertion

There is no clock skew added.

Parameters:
assertion -
durationInMilis -
Throws:
ConfigurationException
IssueInstantMissingException
See Also:
#createTimedConditions(AssertionType, long, long)}


createTimedConditions

public static void createTimedConditions(AssertionType assertion,
                                         long durationInMilis,
                                         long clockSkew)
                                  throws ConfigurationException,
                                         IssueInstantMissingException
Add validity conditions to the SAML2 Assertion

Parameters:
assertion -
durationInMilis -
Throws:
ConfigurationException
IssueInstantMissingException

createSAML11TimedConditions

public static void createSAML11TimedConditions(SAML11AssertionType assertion,
                                               long durationInMilis,
                                               long clockSkew)
                                        throws ConfigurationException,
                                               IssueInstantMissingException
Add validity conditions to the SAML2 Assertion

Parameters:
assertion -
durationInMilis -
Throws:
ConfigurationException
IssueInstantMissingException

isSignatureValid

public static boolean isSignatureValid(Element assertionElement,
                                       PublicKey publicKey)
Given an assertion element, validate the signature

Parameters:
assertionElement -
publicKey - the PublicKey
Returns:

hasExpired

public static boolean hasExpired(AssertionType assertion)
                          throws ConfigurationException
Check whether the assertion has expired

Parameters:
assertion -
Returns:
Throws:
ConfigurationException

hasExpired

public static boolean hasExpired(AssertionType assertion,
                                 long clockSkewInMilis)
                          throws ConfigurationException
Verify whether the assertion has expired. You can add in a clock skew to adapt to conditions where in the IDP and SP are out of sync.

Parameters:
assertion -
clockSkewInMilis - in miliseconds
Returns:
Throws:
ConfigurationException

hasExpired

public static boolean hasExpired(SAML11AssertionType assertion)
                          throws ConfigurationException
Check whether the assertion has expired

Parameters:
assertion -
Returns:
Throws:
ConfigurationException

hasExpired

public static boolean hasExpired(SAML11AssertionType assertion,
                                 long clockSkewInMilis)
                          throws ConfigurationException
Verify whether the assertion has expired. You can add in a clock skew to adapt to conditions where in the IDP and SP are out of sync.

Parameters:
assertion -
clockSkewInMilis - in miliseconds
Returns:
Throws:
ConfigurationException

getExpiration

public static XMLGregorianCalendar getExpiration(AssertionType assertion)
Extract the expiration time from an AssertionType

Parameters:
assertion -
Returns:

getRoles

public static List<String> getRoles(AssertionType assertion,
                                    List<String> roleKeys)
Given an assertion, return the list of roles it may have

Parameters:
assertion - The AssertionType
roleKeys - a list of string values representing the role keys. The list can be null.
Returns:

getRoles

public static List<String> getRoles(SAML11AssertionType assertion,
                                    List<String> roleKeys)
Given an assertion, return the list of roles it may have

Parameters:
assertion - The SAML11AssertionType
roleKeys - a list of string values representing the role keys. The list can be null.
Returns:

PicketLink Federation Core 2.1.6.Final-redhat-2

Copyright © 2013 JBoss by Red Hat. All Rights Reserved.