AssertionUtil (Red Hat JBoss Enterprise Application Platform 7.2.0.Beta public API)

java.lang.Object
- org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil

```
public class AssertionUtil
extends Object
```
Utility to deal with assertions

Since:

Jun 3, 2009

Author:

Anil.Saldhana@redhat.com

Constructor Summary

Constructors
Constructor and Description

AssertionUtil()

Constructors
Constructor and Description
`AssertionUtil()`

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static Document`	`asDocument(AssertionType assertion)` Given `AssertionType`, convert it into a DOM Document.
`static String`	`asString(AssertionType assertion)` Given `AssertionType`, convert it into a String
`static AssertionType`	`createAssertion(String id, NameIDType issuer)` Create an assertion
`static SubjectType`	`createAssertionSubject(String userName)` Given a user name, create a `SubjectType` that can then be inserted into an assertion
`static AttributeType`	`createAttribute(String name, String nameFormat, Object... attributeValues)` Create an attribute type
`static SAML11AssertionType`	`createSAML11Assertion(String id, XMLGregorianCalendar issueInstant, String issuer)` Create an assertion
`static void`	`createSAML11TimedConditions(SAML11AssertionType assertion, long durationInMilis, long clockSkew)` Add validity conditions to the SAML2 Assertion
`static void`	`createTimedConditions(AssertionType assertion, long durationInMilis)` Add validity conditions to the SAML2 Assertion
`static void`	`createTimedConditions(AssertionType assertion, long durationInMilis, long clockSkew)` Add validity conditions to the SAML2 Assertion
`static XMLGregorianCalendar`	`getExpiration(AssertionType assertion)` Extract the expiration time from an `AssertionType`
`static List<String>`	`getRoles(AssertionType assertion, List<String> roleKeys)` Given an assertion, return the list of roles it may have
`static List<String>`	`getRoles(SAML11AssertionType assertion, List<String> roleKeys)` Given an assertion, return the list of roles it may have
`static boolean`	`hasExpired(AssertionType assertion)` Check whether the assertion has expired
`static boolean`	`hasExpired(AssertionType assertion, long clockSkewInMilis)` Verify whether the assertion has expired.
`static boolean`	`hasExpired(SAML11AssertionType assertion)` Check whether the assertion has expired
`static boolean`	`hasExpired(SAML11AssertionType assertion, long clockSkewInMilis)` Verify whether the assertion has expired.
`static boolean`	`isAudience(AssertionType assertionType, SPType spType)` Checks whether the given assertion is intended for the given `SPType` or not.
`static boolean`	`isSignatureValid(Element assertionElement, PublicKey publicKey)` Given an assertion element, validate the signature

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- AssertionUtil
```
public AssertionUtil()
```

Method Detail

asString

public static String asString(AssertionType assertion)
                       throws ProcessingException

Given AssertionType, convert it into a String

Parameters:: assertion -
Returns:
Throws:: ProcessingException

asDocument

public static Document asDocument(AssertionType assertion)
                           throws ProcessingException

Given AssertionType, convert it into a DOM Document.

Parameters:: assertion -
Returns:
Throws:: ProcessingException

createSAML11Assertion

public static SAML11AssertionType createSAML11Assertion(String id,
                                                        XMLGregorianCalendar issueInstant,
                                                        String issuer)

Create an assertion

Parameters:: id -; issuer -
Returns:

createAssertion

public static AssertionType createAssertion(String id,
                                            NameIDType issuer)

Create an assertion

Parameters:: id -; issuer -
Returns:

createAssertionSubject
```
public static SubjectType createAssertionSubject(String userName)
```
Given a user name, create a SubjectType that can then be inserted into an assertion

Parameters:

userName -

Returns:

createAttribute

public static AttributeType createAttribute(String name,
                                            String nameFormat,
                                            Object... attributeValues)

Create an attribute type

Parameters:: name - Name of the attribute; nameFormat - name format uri; attributeValues - an object array of attribute values
Returns:

createTimedConditions

public static void createTimedConditions(AssertionType assertion,
                                         long durationInMilis)
                                  throws ConfigurationException,
                                         IssueInstantMissingException

Add validity conditions to the SAML2 Assertion

There is no clock skew added.

Parameters:: assertion -; durationInMilis -
Throws:: ConfigurationException; IssueInstantMissingException
See Also:: #createTimedConditions(AssertionType, long, long)}

createTimedConditions

public static void createTimedConditions(AssertionType assertion,
                                         long durationInMilis,
                                         long clockSkew)
                                  throws ConfigurationException,
                                         IssueInstantMissingException

Add validity conditions to the SAML2 Assertion

Parameters:: assertion -; durationInMilis -
Throws:: ConfigurationException; IssueInstantMissingException

createSAML11TimedConditions

public static void createSAML11TimedConditions(SAML11AssertionType assertion,
                                               long durationInMilis,
                                               long clockSkew)
                                        throws ConfigurationException,
                                               IssueInstantMissingException

Add validity conditions to the SAML2 Assertion

Parameters:: assertion -; durationInMilis -
Throws:: ConfigurationException; IssueInstantMissingException

isSignatureValid

public static boolean isSignatureValid(Element assertionElement,
                                       PublicKey publicKey)

Given an assertion element, validate the signature

Parameters:: assertionElement -; publicKey - the PublicKey
Returns:

hasExpired

public static boolean hasExpired(AssertionType assertion)
                          throws ConfigurationException

Check whether the assertion has expired

Parameters:: assertion -
Returns:
Throws:: ConfigurationException

hasExpired
```
public static boolean hasExpired(AssertionType assertion,
                                 long clockSkewInMilis)
                          throws ConfigurationException
```
Verify whether the assertion has expired. You can add in a clock skew to adapt to conditions where in the IDP and SP are out of sync.

Parameters:

assertion -

clockSkewInMilis - in miliseconds

Returns:

Throws:

ConfigurationException

isAudience

public static boolean isAudience(AssertionType assertionType,
                                 SPType spType)

Checks whether the given assertion is intended for the given SPType or not.

Parameters:: assertionType -; spType -
Returns:

hasExpired

public static boolean hasExpired(SAML11AssertionType assertion)
                          throws ConfigurationException

Check whether the assertion has expired

Parameters:: assertion -
Returns:
Throws:: ConfigurationException

hasExpired
```
public static boolean hasExpired(SAML11AssertionType assertion,
                                 long clockSkewInMilis)
                          throws ConfigurationException
```
Verify whether the assertion has expired. You can add in a clock skew to adapt to conditions where in the IDP and SP are out of sync.

Parameters:

assertion -

clockSkewInMilis - in miliseconds

Returns:

Throws:

ConfigurationException

getExpiration
```
public static XMLGregorianCalendar getExpiration(AssertionType assertion)
```
Extract the expiration time from an AssertionType

Parameters:

assertion -

Returns:

getRoles
```
public static List<String> getRoles(AssertionType assertion,
                                    List<String> roleKeys)
```
Given an assertion, return the list of roles it may have

Parameters:

assertion - The AssertionType

roleKeys - a list of string values representing the role keys. The list can be null.

Returns:

getRoles
```
public static List<String> getRoles(SAML11AssertionType assertion,
                                    List<String> roleKeys)
```
Given an assertion, return the list of roles it may have

Parameters:

assertion - The SAML11AssertionType

roleKeys - a list of string values representing the role keys. The list can be null.

Returns:

Class AssertionUtil

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

AssertionUtil

Method Detail

asString

asDocument

createSAML11Assertion

createAssertion

createAssertionSubject

createAttribute

createTimedConditions

createTimedConditions

createSAML11TimedConditions

isSignatureValid

hasExpired

hasExpired

isAudience

hasExpired

hasExpired

getExpiration

getRoles

getRoles