下面列出了com.amazonaws.auth.profile.internal.ProfileKeyConstants#com.onelogin.saml2.authn.SamlResponse 实例代码,或者点击链接到github查看源代码,也可以在右侧发表评论。
private long getJwtExpiration(SamlResponse samlResponse) throws Exception {
DateTime sessionNotOnOrAfter = samlResponse.getSessionNotOnOrAfter();
if (this.expiryBaseValue == ExpiryBaseValue.NOW) {
return System.currentTimeMillis() / 1000 + this.expiryOffset;
} else if (this.expiryBaseValue == ExpiryBaseValue.SESSION) {
if (sessionNotOnOrAfter != null) {
return sessionNotOnOrAfter.getMillis() / 1000 + this.expiryOffset;
} else {
throw new Exception(
"Error while determining JWT expiration time: SamlResponse did not contain sessionNotOnOrAfter value");
}
} else {
// AUTO
if (sessionNotOnOrAfter != null) {
return sessionNotOnOrAfter.getMillis() / 1000;
} else {
return System.currentTimeMillis() / 1000 + (this.expiryOffset > 0 ? this.expiryOffset : 60 * 60);
}
}
}
private String[] extractRoles(SamlResponse samlResponse) throws XPathExpressionException, ValidationError {
if (this.samlRolesKey == null) {
return new String[0];
}
List<String> values = samlResponse.getAttributes().get(this.samlRolesKey);
if (values == null || values.size() == 0) {
return null;
}
if (samlRolesSeparator != null) {
values = splitRoles(values);
} else {
values = trimRoles(values);
}
return values.toArray(new String[values.size()]);
}
private String createJwt(SamlResponse samlResponse) throws Exception {
JwtClaims jwtClaims = new JwtClaims();
JwtToken jwt = new JwtToken(jwtClaims);
jwtClaims.setNotBefore(System.currentTimeMillis() / 1000);
jwtClaims.setExpiryTime(getJwtExpiration(samlResponse));
jwtClaims.setProperty(this.jwtSubjectKey, this.extractSubject(samlResponse));
if (this.samlSubjectKey != null) {
jwtClaims.setProperty("saml_ni", samlResponse.getNameId());
}
if (samlResponse.getNameIdFormat() != null) {
jwtClaims.setProperty("saml_nif", SamlNameIdFormat.getByUri(samlResponse.getNameIdFormat()).getShortName());
}
String sessionIndex = samlResponse.getSessionIndex();
if (sessionIndex != null) {
jwtClaims.setProperty("saml_si", sessionIndex);
}
if (this.samlRolesKey != null && this.jwtRolesKey != null) {
String[] roles = this.extractRoles(samlResponse);
jwtClaims.setProperty(this.jwtRolesKey, roles);
}
String encodedJwt = this.jwtProducer.processJwt(jwt);
if (token_log.isDebugEnabled()) {
token_log.debug("Created JWT: " + encodedJwt + "\n" + jsonMapReaderWriter.toJson(jwt.getJwsHeaders()) + "\n"
+ JwtUtils.claimsToJson(jwt.getClaims()));
}
return encodedJwt;
}
private String extractSubject(SamlResponse samlResponse) throws Exception {
if (this.samlSubjectKey == null) {
return samlResponse.getNameId();
}
List<String> values = samlResponse.getAttributes().get(this.samlSubjectKey);
if (values == null || values.size() == 0) {
return null;
}
return values.get(0);
}
@Override
public void run() {
// Loop through responses in map and remove ones that are no longer valid.
Iterator<SamlResponse> responseIterator = samlResponseMap.values().iterator();
while (responseIterator.hasNext()) {
try {
responseIterator.next().validateTimestamps();
}
catch (ValidationError e) {
responseIterator.remove();
}
}
}
/**
* Retrieve the SamlResponse from the map that is represented by the
* provided hash, or null if no such object exists.
*
* @param hash
* The SHA-256 hash of the SamlResponse.
*
* @return
* The SamlResponse object matching the hash provided.
*/
protected SamlResponse getSamlResponse(String hash) {
return samlResponseMap.remove(hash);
}
/**
* Place the provided mapping of hash to SamlResponse into the map.
*
* @param hash
* The hash that will be the lookup key for this SamlResponse.
*
* @param samlResponse
* The SamlResponse object.
*/
protected void putSamlResponse(String hash, SamlResponse samlResponse) {
samlResponseMap.put(hash, samlResponse);
}