org.opensaml.saml2.core.Conditions Java Examples
The following examples show how to use
org.opensaml.saml2.core.Conditions.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: AssertionUnmarshaller.java From lams with GNU General Public License v2.0 | 6 votes |
|
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentObject, XMLObject childObject) throws UnmarshallingException {
Assertion assertion = (Assertion) parentObject;
if (childObject instanceof Issuer) {
assertion.setIssuer((Issuer) childObject);
} else if (childObject instanceof Signature) {
assertion.setSignature((Signature) childObject);
} else if (childObject instanceof Subject) {
assertion.setSubject((Subject) childObject);
} else if (childObject instanceof Conditions) {
assertion.setConditions((Conditions) childObject);
} else if (childObject instanceof Advice) {
assertion.setAdvice((Advice) childObject);
} else if (childObject instanceof Statement) {
assertion.getStatements().add((Statement) childObject);
} else {
super.processChildElement(parentObject, childObject);
}
}
Example #2
| Source File: AuthnRequestUnmarshaller.java From lams with GNU General Public License v2.0 | 6 votes |
|
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
throws UnmarshallingException {
AuthnRequest req = (AuthnRequest) parentSAMLObject;
if (childSAMLObject instanceof Subject) {
req.setSubject((Subject) childSAMLObject);
} else if (childSAMLObject instanceof NameIDPolicy) {
req.setNameIDPolicy((NameIDPolicy) childSAMLObject);
} else if (childSAMLObject instanceof Conditions) {
req.setConditions((Conditions) childSAMLObject);
} else if (childSAMLObject instanceof RequestedAuthnContext) {
req.setRequestedAuthnContext((RequestedAuthnContext) childSAMLObject);
} else if (childSAMLObject instanceof Scoping) {
req.setScoping((Scoping) childSAMLObject);
} else {
super.processChildElement(parentSAMLObject, childSAMLObject);
}
}
Example #3
| Source File: ConditionsSpecValidator.java From lams with GNU General Public License v2.0 | 5 votes |
|
/**
* Checks that there is at most one OneTimeUse condition.
*
* @param conditions
* @throws ValidationException
*/
protected void validateOneTimeUseCondition(Conditions conditions) throws ValidationException {
int oneTimeUseCount = 0;
for (int i = 0; i < conditions.getConditions().size(); i++) {
if (conditions.getConditions().get(i) instanceof OneTimeUse) {
oneTimeUseCount++;
}
}
if (oneTimeUseCount > 1) {
throw new ValidationException("At most one instance of OneTimeUse allowed");
}
}
Example #4
| Source File: SAML2SSOManager.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* Validate the AudienceRestriction of SAML2 Response
*
* @param assertion SAML2 Assertion
* @return validity
*/
protected void validateAudienceRestriction(Assertion assertion) throws SSOAgentException {
if (assertion != null) {
Conditions conditions = assertion.getConditions();
if (conditions != null) {
List<AudienceRestriction> audienceRestrictions = conditions.getAudienceRestrictions();
if (audienceRestrictions != null && !audienceRestrictions.isEmpty()) {
boolean audienceFound = false;
for (AudienceRestriction audienceRestriction : audienceRestrictions) {
if (audienceRestriction.getAudiences() != null && !audienceRestriction.getAudiences().isEmpty()
) {
for (Audience audience : audienceRestriction.getAudiences()) {
if (ssoAgentConfig.getSAML2().getSPEntityId().equals(audience.getAudienceURI())) {
audienceFound = true;
break;
}
}
}
if (audienceFound) {
break;
}
}
if (!audienceFound) {
throw new SSOAgentException("SAML2 Assertion Audience Restriction validation failed");
}
} else {
throw new SSOAgentException("SAML2 Response doesn't contain AudienceRestrictions");
}
} else {
throw new SSOAgentException("SAML2 Response doesn't contain Conditions");
}
}
}
Example #5
| Source File: SAML2SSOAuthenticator.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* Validate the AudienceRestriction of SAML2 Assertion
*
* @param assertion SAML2 Assertion
* @return validity
*/
public boolean validateAudienceRestrictionInAssertion(Assertion assertion) {
if (assertion != null) {
Conditions conditions = assertion.getConditions();
if (conditions != null) {
List<AudienceRestriction> audienceRestrictions = conditions.getAudienceRestrictions();
if (audienceRestrictions != null && !audienceRestrictions.isEmpty()) {
for (AudienceRestriction audienceRestriction : audienceRestrictions) {
if (audienceRestriction.getAudiences() != null && audienceRestriction.getAudiences().size() > 0) {
for (Audience audience : audienceRestriction.getAudiences()) {
String spId = org.wso2.carbon.identity.authenticator.saml2.sso.common.Util.getServiceProviderId();
if (spId == null) {
org.wso2.carbon.identity.authenticator.saml2.sso.common.Util.initSSOConfigParams();
spId = org.wso2.carbon.identity.authenticator.saml2.sso.common.Util.getServiceProviderId();
}
if (spId != null) {
if (spId.equals(audience.getAudienceURI())) {
return true;
}
} else {
log.warn("No SAML2 service provider ID defined.");
}
}
} else {
log.warn("SAML2 Response's AudienceRestriction doesn't contain Audiences");
}
}
} else {
log.error("SAML2 Response doesn't contain AudienceRestrictions");
}
} else {
log.error("SAML2 Response doesn't contain Conditions");
}
}
return false;
}
Example #6
| Source File: DefaultSAML2SSOManager.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* Validate the AudienceRestriction of SAML2 Response
*
* @param assertion SAML2 Assertion
* @return validity
*/
private void validateAudienceRestriction(Assertion assertion) throws SAMLSSOException {
if (assertion != null) {
Conditions conditions = assertion.getConditions();
if (conditions != null) {
List<AudienceRestriction> audienceRestrictions = conditions.getAudienceRestrictions();
if (audienceRestrictions != null && !audienceRestrictions.isEmpty()) {
for (AudienceRestriction audienceRestriction : audienceRestrictions) {
if (CollectionUtils.isNotEmpty(audienceRestriction.getAudiences())) {
boolean audienceFound = false;
for (Audience audience : audienceRestriction.getAudiences()) {
if (properties.get(IdentityApplicationConstants.Authenticator.SAML2SSO.SP_ENTITY_ID)
.equals(audience.getAudienceURI())) {
audienceFound = true;
break;
}
}
if (!audienceFound) {
throw new SAMLSSOException("SAML Assertion Audience Restriction validation failed");
}
} else {
throw new SAMLSSOException("SAML Response's AudienceRestriction doesn't contain Audiences");
}
}
} else {
throw new SAMLSSOException("SAML Response doesn't contain AudienceRestrictions");
}
} else {
throw new SAMLSSOException("SAML Response doesn't contain Conditions");
}
}
}
Example #7
| Source File: ConditionsGenerator.java From MaxKey with Apache License 2.0 | 5 votes |
|
public Conditions generateConditions(String audienceUrl,int validInSeconds) {
Conditions conditions = new ConditionsBuilder().buildObject();
conditions.setNotBefore(new DateTime());
conditions.setNotOnOrAfter(new DateTime().plus(validInSeconds*1000));
AudienceRestriction audienceRestriction=builderAudienceRestriction(audienceUrl);
conditions.getAudienceRestrictions().add(audienceRestriction);
return conditions;
}
Example #8
| Source File: ConditionsUnmarshaller.java From lams with GNU General Public License v2.0 | 5 votes |
|
/** {@inheritDoc} */
protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {
Conditions conditions = (Conditions) samlObject;
if (attribute.getLocalName().equals(Conditions.NOT_BEFORE_ATTRIB_NAME)
&& !DatatypeHelper.isEmpty(attribute.getValue())) {
conditions.setNotBefore(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC()));
} else if (attribute.getLocalName().equals(Conditions.NOT_ON_OR_AFTER_ATTRIB_NAME)
&& !DatatypeHelper.isEmpty(attribute.getValue())) {
conditions.setNotOnOrAfter(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC()));
} else {
super.processAttribute(samlObject, attribute);
}
}
Example #9
| Source File: ConditionsUnmarshaller.java From lams with GNU General Public License v2.0 | 5 votes |
|
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentObject, XMLObject childObject) throws UnmarshallingException {
Conditions conditions = (Conditions) parentObject;
if (childObject instanceof Condition) {
conditions.getConditions().add((Condition) childObject);
} else {
super.processChildElement(parentObject, childObject);
}
}
Example #10
| Source File: ConditionsMarshaller.java From lams with GNU General Public License v2.0 | 5 votes |
|
/** {@inheritDoc} */
protected void marshallAttributes(XMLObject samlObject, Element domElement) throws MarshallingException {
Conditions conditions = (Conditions) samlObject;
if (conditions.getNotBefore() != null) {
String notBeforeStr = Configuration.getSAMLDateFormatter().print(conditions.getNotBefore());
domElement.setAttributeNS(null, Conditions.NOT_BEFORE_ATTRIB_NAME, notBeforeStr);
}
if (conditions.getNotOnOrAfter() != null) {
String notOnOrAfterStr = Configuration.getSAMLDateFormatter().print(conditions.getNotOnOrAfter());
domElement.setAttributeNS(null, Conditions.NOT_ON_OR_AFTER_ATTRIB_NAME, notOnOrAfterStr);
}
}
Example #11
| Source File: ConditionsSpecValidator.java From lams with GNU General Public License v2.0 | 5 votes |
|
protected void validateProxyRestrictionCondition(Conditions conditions) throws ValidationException {
int proxyRestrictionCount = 0;
for (int i = 0; i < conditions.getConditions().size(); i++) {
if (conditions.getConditions().get(i) instanceof ProxyRestriction) {
proxyRestrictionCount++;
}
}
if (proxyRestrictionCount > 1) {
throw new ValidationException("At most one instance of ProxyRestriction allowed");
}
}
Example #12
| Source File: ConditionsBuilder.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
public Conditions buildObject(String namespaceURI, String localName, String namespacePrefix) {
return new ConditionsImpl(namespaceURI, localName, namespacePrefix);
}
Example #13
| Source File: ConditionsBuilder.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
public Conditions buildObject() {
return buildObject(SAMLConstants.SAML20_NS, Conditions.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20_PREFIX);
}
Example #14
| Source File: AssertionImpl.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
public void setConditions(Conditions newConditions) {
this.conditions = prepareForAssignment(this.conditions, newConditions);
}
Example #15
| Source File: AssertionImpl.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
public Conditions getConditions() {
return conditions;
}
Example #16
| Source File: AuthnRequestImpl.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
public void setConditions(Conditions newConditions) {
this.conditions = prepareForAssignment(this.conditions, newConditions);
}
Example #17
| Source File: OAuth2SAMLWorkflowSample.java From jam-collaboration-sample with Apache License 2.0 | 4 votes |
|
private static Assertion buildSAML2Assertion(boolean includeClientKeyAttribute)
{
// Bootstrap the OpenSAML library
try {
DefaultBootstrap.bootstrap();
} catch (ConfigurationException e) {
}
DateTime issueInstant = new DateTime();
DateTime notOnOrAfter = issueInstant.plusMinutes(10);
DateTime notBefore = issueInstant.minusMinutes(10);
NameID nameID = (new NameIDBuilder().buildObject());
if (SUBJECT_NAME_ID_FORMAT.equals("email")) {
nameID.setFormat(NameIDType.EMAIL);
} else if (SUBJECT_NAME_ID_FORMAT.equals("unspecified")) {
nameID.setFormat(NameIDType.UNSPECIFIED);
} else {
throw new IllegalArgumentException("SUBJECT_NAME_ID_FORMAT must be 'email' or 'unspecified'.");
}
if (subjectNameIdQualifier != null) {
nameID.setNameQualifier(subjectNameIdQualifier);
}
nameID.setValue(SUBJECT_NAME_ID);
SubjectConfirmationData subjectConfirmationData = (new SubjectConfirmationDataBuilder().buildObject());
subjectConfirmationData.setRecipient(BASE_URL + ACCESS_TOKEN_URL_PATH);
subjectConfirmationData.setNotOnOrAfter(notOnOrAfter);
SubjectConfirmation subjectConfirmation = (new SubjectConfirmationBuilder().buildObject());
subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
Subject subject = (new SubjectBuilder().buildObject());
subject.setNameID(nameID);
subject.getSubjectConfirmations().add(subjectConfirmation);
Issuer issuer = (new IssuerBuilder().buildObject());
issuer.setValue(IDP_ID);
Audience audience = (new AudienceBuilder().buildObject());
audience.setAudienceURI(SP_ID_JAM);
AudienceRestriction audienceRestriction = (new AudienceRestrictionBuilder().buildObject());
audienceRestriction.getAudiences().add(audience);
Conditions conditions = (new ConditionsBuilder().buildObject());
conditions.setNotBefore(notBefore);
conditions.setNotOnOrAfter(notOnOrAfter);
conditions.getAudienceRestrictions().add(audienceRestriction);
Assertion assertion = (new AssertionBuilder().buildObject());
assertion.setID(UUID.randomUUID().toString());
assertion.setVersion(SAMLVersion.VERSION_20);
assertion.setIssueInstant(issueInstant);
assertion.setIssuer(issuer);
assertion.setSubject(subject);
assertion.setConditions(conditions);
if (includeClientKeyAttribute) {
XSString attributeValue = (XSString)Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
attributeValue.setValue(CLIENT_KEY);
Attribute attribute = (new AttributeBuilder().buildObject());
attribute.setName("client_id");
attribute.getAttributeValues().add(attributeValue);
AttributeStatement attributeStatement = (new AttributeStatementBuilder().buildObject());
attributeStatement.getAttributes().add(attribute);
assertion.getAttributeStatements().add(attributeStatement);
}
return assertion;
}
Example #18
| Source File: OAuth2SAMLWorkflowSample.java From jam-collaboration-sample with Apache License 2.0 | 4 votes |
|
private static Assertion buildSAML2Assertion(
String baseUrl,
String subjectNameId,
String subjectNameIdFormat,
String subjectNameIdQualifier,
String idpId,
String clientKey,
boolean includeClientKeyAttribute)
{
// Bootstrap the OpenSAML library
try {
DefaultBootstrap.bootstrap();
} catch (ConfigurationException e) {
}
DateTime issueInstant = new DateTime();
DateTime notOnOrAfter = issueInstant.plusMinutes(10);
DateTime notBefore = issueInstant.minusMinutes(10);
NameID nameID = (new NameIDBuilder().buildObject());
if (subjectNameIdFormat.equals("email")) {
nameID.setFormat(NameIDType.EMAIL);
} else if (subjectNameIdFormat.equals("unspecified")) {
nameID.setFormat(NameIDType.UNSPECIFIED);
} else {
throw new IllegalArgumentException("subjectNameIdFormat must be 'email' or 'unspecified'.");
}
if (subjectNameIdQualifier != null) {
nameID.setNameQualifier(subjectNameIdQualifier);
}
nameID.setValue(subjectNameId);
SubjectConfirmationData subjectConfirmationData = (new SubjectConfirmationDataBuilder().buildObject());
subjectConfirmationData.setRecipient(baseUrl + ACCESS_TOKEN_URL_PATH);
subjectConfirmationData.setNotOnOrAfter(notOnOrAfter);
SubjectConfirmation subjectConfirmation = (new SubjectConfirmationBuilder().buildObject());
subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
Subject subject = (new SubjectBuilder().buildObject());
subject.setNameID(nameID);
subject.getSubjectConfirmations().add(subjectConfirmation);
Issuer issuer = (new IssuerBuilder().buildObject());
issuer.setValue(idpId);
Audience audience = (new AudienceBuilder().buildObject());
audience.setAudienceURI(SP_ID_JAM);
AudienceRestriction audienceRestriction = (new AudienceRestrictionBuilder().buildObject());
audienceRestriction.getAudiences().add(audience);
Conditions conditions = (new ConditionsBuilder().buildObject());
conditions.setNotBefore(notBefore);
conditions.setNotOnOrAfter(notOnOrAfter);
conditions.getAudienceRestrictions().add(audienceRestriction);
Assertion assertion = (new AssertionBuilder().buildObject());
assertion.setID(UUID.randomUUID().toString());
assertion.setVersion(SAMLVersion.VERSION_20);
assertion.setIssueInstant(issueInstant);
assertion.setIssuer(issuer);
assertion.setSubject(subject);
assertion.setConditions(conditions);
if (includeClientKeyAttribute) {
XSString attributeValue = (XSString)Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
attributeValue.setValue(clientKey);
Attribute attribute = (new AttributeBuilder().buildObject());
attribute.setName("client_id");
attribute.getAttributeValues().add(attributeValue);
AttributeStatement attributeStatement = (new AttributeStatementBuilder().buildObject());
attributeStatement.getAttributes().add(attribute);
assertion.getAttributeStatements().add(attributeStatement);
}
return assertion;
}
Example #19
| Source File: OAuth2SAMLUtil.java From jam-collaboration-sample with Apache License 2.0 | 4 votes |
|
public static String buildSignedSAML2Assertion(
final String idpId,
final String destinationUri,
final String subjectNameId,
final String subjectNameIdFormat,
final String subjectNameIdQualifier,
final PrivateKey idpPrivateKey,
final X509Certificate idpCertificate,
final String spJamId,
final Map<String, List<Object>> attributes) throws Exception {
// Bootstrap the OpenSAML library
try {
DefaultBootstrap.bootstrap();
} catch (ConfigurationException e) {
}
DateTime issueInstant = new DateTime();
DateTime notOnOrAfter = issueInstant.plusMinutes(10);
DateTime notBefore = issueInstant.minusMinutes(10);
NameID nameID = makeEmailFormatName(subjectNameId, subjectNameIdFormat, subjectNameIdQualifier);
SubjectConfirmationData subjectConfirmationData = (new SubjectConfirmationDataBuilder().buildObject());
subjectConfirmationData.setRecipient(destinationUri);
subjectConfirmationData.setNotOnOrAfter(notOnOrAfter);
SubjectConfirmation subjectConfirmation = (new SubjectConfirmationBuilder().buildObject());
subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER);
subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
Subject subject = (new SubjectBuilder().buildObject());
subject.setNameID(nameID);
subject.getSubjectConfirmations().add(subjectConfirmation);
Issuer issuer = (new IssuerBuilder().buildObject());
issuer.setValue(idpId);
Audience audience = (new AudienceBuilder().buildObject());
audience.setAudienceURI(spJamId);
AudienceRestriction audienceRestriction = (new AudienceRestrictionBuilder().buildObject());
audienceRestriction.getAudiences().add(audience);
Conditions conditions = (new ConditionsBuilder().buildObject());
conditions.setNotBefore(notBefore);
conditions.setNotOnOrAfter(notOnOrAfter);
conditions.getAudienceRestrictions().add(audienceRestriction);
Assertion assertion = (new AssertionBuilder().buildObject());
assertion.setID(UUID.randomUUID().toString());
assertion.setVersion(SAMLVersion.VERSION_20);
assertion.setIssueInstant(issueInstant);
assertion.setIssuer(issuer);
assertion.setSubject(subject);
assertion.setConditions(conditions);
return signAssertion(assertion, idpPrivateKey);
}
Example #20
| Source File: SAML2TokenBuilder.java From carbon-identity with Apache License 2.0 | 4 votes |
|
@Override
public void createSAMLAssertion(DateTime notAfter, DateTime notBefore, String assertionId)
throws IdentityProviderException {
assertion = (Assertion) buildXMLObject(Assertion.DEFAULT_ELEMENT_NAME);
Conditions conditions = (Conditions) buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME);
conditions.setNotBefore(notBefore);
conditions.setNotOnOrAfter(notAfter);
ServerConfiguration config = ServerConfiguration.getInstance();
String host = "http://" + config.getFirstProperty("HostName");
Issuer issuer = (Issuer) buildXMLObject(Issuer.DEFAULT_ELEMENT_NAME);
issuer.setValue(host);
assertion.setIssuer(issuer);
assertion.setIssueInstant(new DateTime());
if (appilesTo != null) {
Audience audience = (Audience) buildXMLObject(Audience.DEFAULT_ELEMENT_NAME);
audience.setAudienceURI(appilesTo);
AudienceRestriction audienceRestrictions =
(AudienceRestriction) buildXMLObject(AudienceRestriction.DEFAULT_ELEMENT_NAME);
audienceRestrictions.getAudiences().add(audience);
conditions.getAudienceRestrictions().add(audienceRestrictions);
}
assertion.setConditions(conditions);
assertion.getAttributeStatements().add(this.attributeStmt);
assertion.setID(assertionId);
Subject subject = (Subject) buildXMLObject(Subject.DEFAULT_ELEMENT_NAME);
SubjectConfirmation subjectConf =
(SubjectConfirmation) buildXMLObject(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
SubjectConfirmationData confData =
(SubjectConfirmationData) buildXMLObject(SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
confData.setAddress(CONF_KEY);
subjectConf.setSubjectConfirmationData(confData);
subject.getSubjectConfirmations().add(subjectConf);
assertion.setSubject(subject);
}
Example #21
| Source File: AuthnRequestImpl.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
public Conditions getConditions() {
return this.conditions;
}
Example #22
| Source File: ConditionsSpecValidator.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
public void validate(Conditions conditions) throws ValidationException {
validateOneTimeUseCondition(conditions);
validateProxyRestrictionCondition(conditions);
}
Example #23
| Source File: SamlFederationResourceTest.java From secure-data-service with Apache License 2.0 | 3 votes |
|
private Assertion createAssertion(String conditionNotBefore, String subjectNotBefore, String recipient) {
Assertion assertion = Mockito.mock(Assertion.class);
Conditions conditions = Mockito.mock(Conditions.class);
DateTimeFormatter fmt = DateTimeFormat.forPattern("MM/dd/yyyy");
DateTime datetime = DateTime.now();
datetime = datetime.plusMonths(1) ;
Mockito.when(conditions.getNotBefore()).thenReturn(DateTime.parse(conditionNotBefore, fmt));
Mockito.when(conditions.getNotOnOrAfter()).thenReturn(DateTime.parse(datetime.toString(fmt), fmt));
Subject subject = Mockito.mock(Subject.class);
SubjectConfirmationData subjectConfirmationData = Mockito.mock(SubjectConfirmationData.class);
SubjectConfirmation subjectConfirmation = Mockito.mock(SubjectConfirmation.class);
Mockito.when(subjectConfirmation.getSubjectConfirmationData()).thenReturn(subjectConfirmationData);
ArrayList<SubjectConfirmation> res = new ArrayList<SubjectConfirmation>();
res.add(subjectConfirmation);
Mockito.when(subject.getSubjectConfirmations()).thenReturn(res);
Mockito.when(subjectConfirmationData.getNotBefore()).thenReturn(DateTime.parse(subjectNotBefore, fmt));
Mockito.when(subjectConfirmationData.getNotOnOrAfter()).thenReturn(DateTime.parse(datetime.toString(fmt), fmt));
Mockito.when(subjectConfirmationData.getRecipient()).thenReturn(recipient);
Mockito.when(assertion.getConditions()).thenReturn(conditions);
Mockito.when(assertion.getSubject()).thenReturn(subject);
return assertion;
}
