Assertion.java
3.91 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
/*
* Decompiled with CFR 0_118.
*
* Could not load the following classes:
* org.slf4j.Logger
* org.slf4j.LoggerFactory
*/
package com.adobe.granite.auth.saml.model;
import com.adobe.granite.auth.saml.configuration.SpConfiguration;
import com.adobe.granite.auth.saml.model.Attribute;
import com.adobe.granite.auth.saml.model.AuthnStatement;
import com.adobe.granite.auth.saml.model.Issuer;
import com.adobe.granite.auth.saml.model.Subject;
import java.util.Calendar;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class Assertion {
private String version;
private Calendar issueInstant;
private String id;
private Issuer issuer;
private Subject subject;
private Calendar notBefore;
private Calendar notOnOrAfter;
private LinkedList<String> audienceRestrictions;
private boolean signatureValid;
private LinkedList<AuthnStatement> authnStatements;
private final int CLOCK_SYNC_TOLERANCE = 60;
private final Logger log;
private Map<String, Attribute> attributeStatements;
public Assertion() {
this.log = LoggerFactory.getLogger(this.getClass());
}
public void addAttribute(Attribute attribute) {
if (null == this.attributeStatements) {
this.attributeStatements = new HashMap<String, Attribute>();
}
this.attributeStatements.put(attribute.getName(), attribute);
}
public Map<String, Attribute> getAttributes() {
if (null == this.attributeStatements) {
return Collections.emptyMap();
}
return this.attributeStatements;
}
public boolean isValid(SpConfiguration spConfiguration) {
Calendar now = Calendar.getInstance();
now.add(13, 60);
if (this.notBefore != null && now.before(this.notBefore)) {
this.log.debug("Invalid Assertion: notBefore violated (" + now.toString() + " < " + this.notBefore.toString() + ").");
return false;
}
if (this.notOnOrAfter != null && (now.after(this.notOnOrAfter) || now.equals(this.notOnOrAfter))) {
this.log.debug("Invalid Assertion: notOnOrAfter violated: (" + now.toString() + " >= " + this.notOnOrAfter.toString() + ").");
return false;
}
if (!this.audienceRestrictions.contains(spConfiguration.getEntityId())) {
this.log.debug("Invalid Assertion: audienceRestrictions violated.");
return false;
}
if (!this.signatureValid) {
this.log.debug("Invalid Assertion: Signature invalid.");
return false;
}
return true;
}
public Calendar getNotBefore() {
return this.notBefore;
}
public void setNotBefore(Calendar notBefore) {
this.notBefore = notBefore;
}
public Calendar getNotOnOrAfter() {
return this.notOnOrAfter;
}
public void setNotOnOrAfter(Calendar notOnOrAfter) {
this.notOnOrAfter = notOnOrAfter;
}
public void addAudienceRestriction(String audience) {
if (null == this.audienceRestrictions) {
this.audienceRestrictions = new LinkedList();
}
this.audienceRestrictions.add(audience);
}
public boolean isSignatureValid() {
return this.signatureValid;
}
public void setSignatureValid(boolean signatureValid) {
this.signatureValid = signatureValid;
}
public Subject getSubject() {
return this.subject;
}
public void setSubject(Subject subject) {
this.subject = subject;
}
public LinkedList<AuthnStatement> getAuthnStatements() {
return this.authnStatements;
}
public void addAuthnStatement(AuthnStatement authnStatement) {
if (this.authnStatements == null) {
this.authnStatements = new LinkedList();
}
this.authnStatements.add(authnStatement);
}
}