java.lang.Object
- org.keycloak.saml.processing.core.saml.v2.util.AssertionUtil

```
public class AssertionUtil
extends Object
```
Utility to deal with assertions

Since:

Jun 3, 2009

Author:

Anil.Saldhana@redhat.com

Constructor Summary

Constructors
Constructor Description

AssertionUtil()

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method	Description
`static Document`	`asDocument(AssertionType assertion)`	Given `AssertionType`, convert it into a DOM Document.
`static String`	`asString(AssertionType assertion)`	Given `AssertionType`, convert it into a String
`static AssertionType`	`createAssertion(String id, NameIDType issuer)`	Create an assertion
`static SubjectType`	`createAssertionSubject(String userName)`	Given a user name, create a `SubjectType` that can then be inserted into an assertion
`static AttributeType`	`createAttribute(String name, String nameFormat, Object... attributeValues)`	Create an attribute type
`static SAML11AssertionType`	`createSAML11Assertion(String id, XMLGregorianCalendar issueInstant, String issuer)`	Create an assertion
`static void`	`createSAML11TimedConditions(SAML11AssertionType assertion, long durationInMilis, long clockSkew)`	Add validity conditions to the SAML2 Assertion
`static void`	`createTimedConditions(AssertionType assertion, long durationInMilis)`	Add validity conditions to the SAML2 Assertion
`static void`	`createTimedConditions(AssertionType assertion, long durationInMilis, long clockSkew)`	Add validity conditions to the SAML2 Assertion
`static Element`	`decryptAssertion(SAMLDocumentHolder holder, ResponseType responseType, PrivateKey privateKey)`	This method modifies the given responseType, and replaces the encrypted assertion with a decrypted version.
`static void`	`decryptId(ResponseType responseType, PrivateKey privateKey)`
`static AssertionType`	`getAssertion(SAMLDocumentHolder holder, ResponseType responseType, PrivateKey privateKey)`
`static XMLGregorianCalendar`	`getExpiration(AssertionType assertion)`	Extract the expiration time from an `AssertionType`
`static List<String>`	`getRoles(SAML11AssertionType assertion, List<String> roleKeys)`	Given an assertion, return the list of roles it may have
`static List<String>`	`getRoles(AssertionType assertion, List<String> roleKeys)`	Given an assertion, return the list of roles it may have
`protected static Element`	`getSignature(Element element)`
`static boolean`	`hasExpired(SAML11AssertionType assertion)`	Check whether the assertion has expired
`static boolean`	`hasExpired(SAML11AssertionType assertion, long clockSkewInMilis)`	Verify whether the assertion has expired.
`static boolean`	`hasExpired(AssertionType assertion)`	Check whether the assertion has expired.
`static boolean`	`hasExpired(AssertionType assertion, long clockSkewInMilis)`	Verify whether the assertion has expired.
`static boolean`	`isAssertionEncrypted(ResponseType responseType)`
`static boolean`	`isIdEncrypted(ResponseType responseType)`
`static boolean`	`isSignatureValid(Element element, PublicKey publicKey)`	Given an Element, validate the Signature direct child element
`static boolean`	`isSignatureValid(Element element, KeyLocator keyLocator)`	Given an Element, validate the Signature direct child element
`static boolean`	`isSignedElement(Element element)`	Given an Element, check if there is a Signature direct child element

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- AssertionUtil
```
public AssertionUtil()
```

Method Detail

asString

public static String asString(AssertionType assertion)
                       throws ProcessingException

Given AssertionType, convert it into a String

Parameters:: assertion -
Returns:
Throws:: ProcessingException

asDocument

public static Document asDocument(AssertionType assertion)
                           throws ProcessingException

Given AssertionType, convert it into a DOM Document.

Parameters:: assertion -
Returns:
Throws:: ProcessingException

createSAML11Assertion

public static SAML11AssertionType createSAML11Assertion(String id,
                                                        XMLGregorianCalendar issueInstant,
                                                        String issuer)

Create an assertion

Parameters:: id -; issuer -
Returns:

createAssertion

public static AssertionType createAssertion(String id,
                                            NameIDType issuer)

Create an assertion

Parameters:: id -; issuer -
Returns:

createAssertionSubject
```
public static SubjectType createAssertionSubject(String userName)
```
Given a user name, create a SubjectType that can then be inserted into an assertion

Parameters:

userName -

Returns:

createAttribute

public static AttributeType createAttribute(String name,
                                            String nameFormat,
                                            Object... attributeValues)

Create an attribute type

Parameters:: name - Name of the attribute; nameFormat - name format uri; attributeValues - an object array of attribute values
Returns:

createTimedConditions

public static void createTimedConditions(AssertionType assertion,
                                         long durationInMilis)
                                  throws ConfigurationException,
                                         IssueInstantMissingException

Add validity conditions to the SAML2 Assertion

There is no clock skew added.

Parameters:: assertion -; durationInMilis -
Throws:: ConfigurationException; IssueInstantMissingException

createTimedConditions

public static void createTimedConditions(AssertionType assertion,
                                         long durationInMilis,
                                         long clockSkew)
                                  throws ConfigurationException,
                                         IssueInstantMissingException

Add validity conditions to the SAML2 Assertion

Parameters:: assertion -; durationInMilis -
Throws:: ConfigurationException; IssueInstantMissingException

createSAML11TimedConditions

public static void createSAML11TimedConditions(SAML11AssertionType assertion,
                                               long durationInMilis,
                                               long clockSkew)
                                        throws ConfigurationException,
                                               IssueInstantMissingException

Add validity conditions to the SAML2 Assertion

Parameters:: assertion -; durationInMilis -
Throws:: ConfigurationException; IssueInstantMissingException

isSignatureValid
```
public static boolean isSignatureValid(Element element,
                                       PublicKey publicKey)
```
Given an Element, validate the Signature direct child element

Parameters:

element - parent Element

publicKey - the PublicKey

Returns:

true if signature is present and valid

isSignatureValid
```
public static boolean isSignatureValid(Element element,
                                       KeyLocator keyLocator)
```
Given an Element, validate the Signature direct child element

Parameters:

element - parent Element

keyLocator - the KeyLocator

Returns:

true if signature is present and valid

isSignedElement
```
public static boolean isSignedElement(Element element)
```
Given an Element, check if there is a Signature direct child element

Parameters:

element - parent Element

Returns:

true if signature is present

getSignature

protected static Element getSignature(Element element)

hasExpired
```
public static boolean hasExpired(AssertionType assertion)
                          throws ConfigurationException
```
Check whether the assertion has expired. Processing rules defined in Section 2.5.1.2 of saml-core-2.0-os.pdf.

Parameters:

assertion -

Returns:

Throws:

ConfigurationException

hasExpired
```
public static boolean hasExpired(AssertionType assertion,
                                 long clockSkewInMilis)
                          throws ConfigurationException
```
Verify whether the assertion has expired. You can add in a clock skew to adapt to conditions where in the IDP and SP are out of sync.

Parameters:

assertion -

clockSkewInMilis - in miliseconds

Returns:

Throws:

ConfigurationException

hasExpired

public static boolean hasExpired(SAML11AssertionType assertion)
                          throws ConfigurationException

Check whether the assertion has expired

Parameters:: assertion -
Returns:
Throws:: ConfigurationException

hasExpired
```
public static boolean hasExpired(SAML11AssertionType assertion,
                                 long clockSkewInMilis)
                          throws ConfigurationException
```
Verify whether the assertion has expired. You can add in a clock skew to adapt to conditions where in the IDP and SP are out of sync.

Parameters:

assertion -

clockSkewInMilis - in miliseconds

Returns:

Throws:

ConfigurationException

getExpiration
```
public static XMLGregorianCalendar getExpiration(AssertionType assertion)
```
Extract the expiration time from an AssertionType

Parameters:

assertion -

Returns:

getRoles
```
public static List<String> getRoles(AssertionType assertion,
                                    List<String> roleKeys)
```
Given an assertion, return the list of roles it may have

Parameters:

assertion - The AssertionType

roleKeys - a list of string values representing the role keys. The list can be null.

Returns:

getRoles
```
public static List<String> getRoles(SAML11AssertionType assertion,
                                    List<String> roleKeys)
```
Given an assertion, return the list of roles it may have

Parameters:

assertion - The SAML11AssertionType

roleKeys - a list of string values representing the role keys. The list can be null.

Returns:

getAssertion

public static AssertionType getAssertion(SAMLDocumentHolder holder,
                                         ResponseType responseType,
                                         PrivateKey privateKey)
                                  throws ParsingException,
                                         ProcessingException,
                                         ConfigurationException

Throws:: ParsingException; ProcessingException; ConfigurationException

isAssertionEncrypted

public static boolean isAssertionEncrypted(ResponseType responseType)
                                    throws ProcessingException

Throws:: ProcessingException

decryptAssertion

public static Element decryptAssertion(SAMLDocumentHolder holder,
                                       ResponseType responseType,
                                       PrivateKey privateKey)
                                throws ParsingException,
                                       ProcessingException,
                                       ConfigurationException

This method modifies the given responseType, and replaces the encrypted assertion with a decrypted version.

Parameters:: responseType - a response containg an encrypted assertion
Returns:: the assertion element as it was decrypted. This can be used in signature verification.
Throws:: ParsingException; ProcessingException; ConfigurationException

isIdEncrypted

public static boolean isIdEncrypted(ResponseType responseType)

decryptId

public static void decryptId(ResponseType responseType,
                             PrivateKey privateKey)
                      throws ConfigurationException,
                             ProcessingException,
                             ParsingException

Throws:: ConfigurationException; ProcessingException; ParsingException

Class AssertionUtil

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

AssertionUtil

Method Detail

asString

asDocument

createSAML11Assertion

createAssertion

createAssertionSubject

createAttribute

createTimedConditions

createTimedConditions

createSAML11TimedConditions

isSignatureValid

isSignatureValid

isSignedElement

getSignature

hasExpired

hasExpired

hasExpired

hasExpired

getExpiration

getRoles

getRoles

getAssertion

isAssertionEncrypted

decryptAssertion

isIdEncrypted

decryptId