/*
* JBoss, Home of Professional Open Source.
* Copyright 2008, Red Hat Middleware LLC, and individual contributors
* as indicated by the @author tags. See the copyright.txt file in the
* distribution for a full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.identity.federation.core.saml.v2.util;
import javax.xml.datatype.XMLGregorianCalendar;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory;
import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeType;
import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory;
/**
* Utility to deal with assertions
* @author Anil.Saldhana@redhat.com
* @since Jun 3, 2009
*/
public class AssertionUtil
{
private static Logger log = Logger.getLogger(AssertionUtil.class);
private static boolean trace = log.isTraceEnabled();
/**
* Create an assertion
* @param id
* @param issuer
* @return
*/
public static AssertionType createAssertion(String id, NameIDType issuer)
{
AssertionType assertion = SAMLAssertionFactory.getObjectFactory().createAssertionType();
assertion.setID(id);
assertion.setVersion(JBossSAMLConstants.VERSION_2_0.get());
assertion.setIssuer(issuer);
return assertion;
}
/**
* Create an attribute type
* @param name Name of the attribute
* @param nameFormat name format uri
* @param attributeValues an object array of attribute values
* @return
*/
public static AttributeType createAttribute(String name, String nameFormat,
Object... attributeValues)
{
ObjectFactory of = SAMLAssertionFactory.getObjectFactory();
AttributeType att = of.createAttributeType();
att.setName(name);
att.setNameFormat(nameFormat);
if(attributeValues != null && attributeValues.length > 0)
{
for(Object attributeValue:attributeValues)
{
att.getAttributeValue().add(of.createAttributeValue(attributeValue));
}
}
return att;
}
/**
* Add validity conditions to the SAML2 Assertion
* @param assertion
* @param durationInMilis
* @throws ConfigurationException
* @throws IssueInstantMissingException
*/
public static void createTimedConditions(AssertionType assertion, long durationInMilis)
throws ConfigurationException, IssueInstantMissingException
{
XMLGregorianCalendar issueInstant = assertion.getIssueInstant();
if(issueInstant == null)
throw new IssueInstantMissingException("assertion does not have issue instant");
XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis);
ConditionsType conditionsType = JBossSAMLBaseFactory.getObjectFactory().createConditionsType();
conditionsType.setNotBefore(issueInstant);
conditionsType.setNotOnOrAfter(assertionValidityLength);
assertion.setConditions(conditionsType);
}
/**
* Check whether the assertion has expired
* @param assertion
* @return
* @throws ConfigurationException
*/
public static boolean hasExpired(AssertionType assertion) throws ConfigurationException
{
//Check for validity of assertion
ConditionsType conditionsType = assertion.getConditions();
if(conditionsType != null)
{
XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
if(trace) log.trace("Now="+now.toXMLFormat() + " ::notBefore="+notBefore.toXMLFormat()
+ "::notOnOrAfter="+notOnOrAfter);
return !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter);
}
//TODO: if conditions do not exist, assume the assertion to be everlasting?
return false;
}
}