Example 31 with Assertion
use of com.sun.identity.saml.assertion.Assertion in project OpenAM by OpenRock.
the class SAMLSOAPReceiver method extractProcessRequest.
/**
* Extracts the Request object from the SOAPMessage return corresponding
* response.
*/
private Response extractProcessRequest(HttpServletRequest servletReq, org.w3c.dom.Element body, Set partnerSourceID) {
Response retResponse = null;
String respID = SAMLUtils.generateID();
String inResponseTo = null;
List contents = new ArrayList();
String message = null;
Status status;
String remoteAddr = ClientUtils.getClientIPAddress(servletReq);
String recipient = remoteAddr;
String invalidRespPrefix = SAMLUtils.bundle.getString("invalidRequestLogMessage") + " " + remoteAddr + ": ";
String respPrefix = SAMLUtils.bundle.getString("responseLogMessage") + " " + remoteAddr + ": ";
NodeList nl = body.getElementsByTagNameNS(sc.PROTOCOL_NAMESPACE_URI, "Request");
int length = nl.getLength();
if (length == 0) {
SAMLUtils.debug.error("SOAPReceiver: Body does not have a Request");
message = SAMLUtils.bundle.getString("missingRequest");
try {
status = new Status(new StatusCode("samlp:Requester"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, cannot " + "create status or response:" + se.getMessage());
}
String[] data = { invalidRespPrefix, retResponse.toString() };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
return retResponse;
}
boolean foundRequest = false;
Request req = null;
for (int i = 0; i < length; i++) {
Node child = (Node) nl.item(i);
if (child.getNodeType() != Node.ELEMENT_NODE) {
continue;
}
if (child.getLocalName().equals("Request")) {
try {
req = new Request((Element) child);
SAMLUtils.debug.message("found request ");
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message(" Received Request:" + req.toString());
}
String[] data = { SAMLUtils.bundle.getString("requestLogMessage") + " " + remoteAddr, req.toString() };
LogUtils.access(java.util.logging.Level.FINE, LogUtils.SOAP_REQUEST_MESSAGE, data);
inResponseTo = req.getRequestID();
foundRequest = true;
break;
} catch (SAMLRequesterException ss) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:Requester" + " " + ss.getMessage());
}
message = new String(ss.getMessage());
try {
status = new Status(new StatusCode("samlp:Requester"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
}
String[] data = { invalidRespPrefix, retResponse.toString() };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
return retResponse;
} catch (SAMLRequestVersionTooHighException sv) {
String mesg = new String(sv.getMessage());
StringTokenizer tok1 = new StringTokenizer(mesg, "|");
inResponseTo = tok1.nextToken();
message = tok1.nextToken();
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:VersionMismatch" + " " + message);
}
try {
status = new Status(new StatusCode("samlp:RequestVersionTooHigh"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
}
String[] data = { invalidRespPrefix, retResponse.toString() };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
return retResponse;
} catch (SAMLRequestVersionTooLowException sv) {
String mesg = new String(sv.getMessage());
StringTokenizer tok1 = new StringTokenizer(mesg, "|");
inResponseTo = tok1.nextToken();
message = tok1.nextToken();
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:VersionMismatch" + " " + message);
}
try {
status = new Status(new StatusCode("samlp:RequestVersionTooLow"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
}
String[] data = { invalidRespPrefix, retResponse.toString() };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
return retResponse;
} catch (Exception e) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:Responder" + " " + e.getMessage());
}
message = new String(e.getMessage());
try {
status = new Status(new StatusCode("samlp:Responder"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
}
String[] data = { invalidRespPrefix, retResponse.toString() };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
return retResponse;
}
}
}
if (!(foundRequest)) {
SAMLUtils.debug.error("SOAPReceiver: Body does not have a Request");
message = SAMLUtils.bundle.getString("missingRequest");
try {
status = new Status(new StatusCode("samlp:Requester"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
}
String[] data = { invalidRespPrefix, retResponse.toString() };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
return retResponse;
} else {
// found request now process it
if (!req.isSignatureValid()) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver: couldn't verify " + "the signature on Request.");
}
message = SAMLUtils.bundle.getString("cannotVerifyRequest");
try {
status = new Status(new StatusCode("samlp:Requester"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
int reqType = req.getContentType();
if (reqType == Request.NOT_SUPPORTED) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:Found " + "element in the request which are not supported");
}
message = SAMLUtils.bundle.getString("unsupportedElement");
try {
status = new Status(new StatusCode("samlp:Responder"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
List respondWith = req.getRespondWith();
if (!parseRespondWith(respondWith)) {
SAMLUtils.debug.error("SOAPReceiver:Supported statements " + "are not present in the RespondWith element.");
message = SAMLUtils.bundle.getString("unsupportedStatement");
try {
status = new Status(new StatusCode("samlp:Responder"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
AssertionManager am = null;
try {
am = AssertionManager.getInstance();
} catch (SAMLException se) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver: Cannot" + " instantiate AssertionManager");
}
message = se.getMessage();
try {
status = new Status(new StatusCode("samlp:Responder"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException sse) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", sse);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
List artifacts = null;
List assertions = new ArrayList();
if (reqType == Request.ASSERTION_ARTIFACT) {
artifacts = req.getAssertionArtifact();
length = artifacts.size();
// ensure that all the artifacts have this site's sourceID
for (int j = 0; j < length; j++) {
AssertionArtifact art = (AssertionArtifact) artifacts.get(j);
if (!isThisSiteID(art.getSourceID())) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:Artifact" + " has invalid SourceID");
}
message = SAMLUtils.bundle.getString("mismatchSourceID");
try {
status = new Status(new StatusCode("samlp:Requester"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException ex) {
SAMLUtils.debug.error("SOAPReceiver:" + "Fatal error, " + "cannot create status or response", ex);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
}
// for loop to go through artifacts to check for sourceID
for (int i = 0; i < length; i++) {
AssertionArtifact artifact = (AssertionArtifact) artifacts.get(i);
Assertion assertion = null;
try {
assertion = am.getAssertion(artifact, partnerSourceID);
} catch (SAMLException se) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:" + " could not find matching assertion");
}
message = se.getMessage();
try {
status = new Status(new StatusCode("samlp:Success"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException sse) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", sse);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
if (assertion != null) {
assertions.add(i, assertion);
}
}
} else if (reqType == Request.ASSERTION_ID_REFERENCE) {
List assertionIdRefs = req.getAssertionIDReference();
length = assertionIdRefs.size();
for (int i = 0; i < length; i++) {
AssertionIDReference aidRef = (AssertionIDReference) assertionIdRefs.get(i);
Assertion assertion = null;
try {
assertion = am.getAssertion(aidRef, partnerSourceID);
} catch (SAMLException se) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:" + " could not find matching assertion");
}
message = se.getMessage();
try {
status = new Status(new StatusCode("samlp:Success"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException sse) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", sse);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
if (assertion != null) {
assertions.add(i, assertion);
}
}
} else if ((reqType == Request.AUTHENTICATION_QUERY) || (reqType == Request.AUTHORIZATION_DECISION_QUERY) || (reqType == Request.ATTRIBUTE_QUERY)) {
Query query = req.getQuery();
if (query != null) {
Assertion assertion = null;
try {
// if we come here, partnerSourceID is not empty
// always pass the first matching sourceID in
// need to find solution to handle multiple matches:TBD
assertion = am.getAssertion(query, (String) ((Iterator) partnerSourceID.iterator()).next());
} catch (SAMLException se) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:" + " could not find matching assertion");
}
message = se.getMessage();
try {
status = new Status(new StatusCode("samlp:Success"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException sse) {
SAMLUtils.debug.error("SOAPReceiver:Fatal " + " error, cannot create status or " + " response", sse);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
if (assertion != null) {
assertions.add(assertion);
}
}
} else {
//
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:Request " + "contents has element which is not supported at this" + " time");
}
message = SAMLUtils.bundle.getString("unsupportedElement");
try {
status = new Status(new StatusCode("samlp:Responder"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
int assertionSize = assertions.size();
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("found " + assertionSize + " assertions.");
}
// Request received.
for (int i = 0; i < assertionSize; i++) {
Response resp = validateStatements((Assertion) assertions.get(i), respondWith, contents, i, respID, inResponseTo, recipient);
if (resp != null) {
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
return resp;
}
// else there was no mismatch with respondWith element
}
if (reqType == Request.ASSERTION_ARTIFACT) {
if (contents.size() == artifacts.size()) {
message = null;
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver: Matching " + "Assertion found");
}
try {
status = new Status(new StatusCode("samlp:Success"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.FINE, LogUtils.SENDING_RESPONSE, data);
return retResponse;
} else {
message = SAMLUtils.bundle.getString("unequalMatch");
try {
status = new Status(new StatusCode("samlp:Success"), message, null);
//contents = null;
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
} else {
// build response for all the other type of request
try {
status = new Status(new StatusCode("samlp:Success"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
}
}
// end of else found request
if (LogUtils.isAccessLoggable(java.util.logging.Level.FINER)) {
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.FINER, LogUtils.SENDING_RESPONSE, data);
} else {
String[] data = { respPrefix, retResponse.getResponseID() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
}
return retResponse;
}
Also used :
Status(com.sun.identity.saml.protocol.Status)
Query(com.sun.identity.saml.protocol.Query)
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
SOAPElement(javax.xml.soap.SOAPElement)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
Request(com.sun.identity.saml.protocol.Request)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Assertion(com.sun.identity.saml.assertion.Assertion)
SAMLRequesterException(com.sun.identity.saml.common.SAMLRequesterException)
StatusCode(com.sun.identity.saml.protocol.StatusCode)
SAMLException(com.sun.identity.saml.common.SAMLException)
ServletException(javax.servlet.ServletException)
SOAPException(javax.xml.soap.SOAPException)
SAMLRequestVersionTooHighException(com.sun.identity.saml.common.SAMLRequestVersionTooHighException)
SAMLRequesterException(com.sun.identity.saml.common.SAMLRequesterException)
SAMLRequestVersionTooLowException(com.sun.identity.saml.common.SAMLRequestVersionTooLowException)
SAMLException(com.sun.identity.saml.common.SAMLException)
AssertionArtifact(com.sun.identity.saml.protocol.AssertionArtifact)
Response(com.sun.identity.saml.protocol.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
StringTokenizer(java.util.StringTokenizer)
AssertionManager(com.sun.identity.saml.AssertionManager)
SAMLRequestVersionTooLowException(com.sun.identity.saml.common.SAMLRequestVersionTooLowException)
SAMLRequestVersionTooHighException(com.sun.identity.saml.common.SAMLRequestVersionTooHighException)
List(java.util.List)
ArrayList(java.util.ArrayList)
NodeList(org.w3c.dom.NodeList)
AssertionIDReference(com.sun.identity.saml.assertion.AssertionIDReference)
Example 32 with Assertion
use of com.sun.identity.saml.assertion.Assertion in project OpenAM by OpenRock.
the class SAMLUtils method verifyAssertionAndGetSSMap.
/**
* Checks response and get back a Map of relevant data including,
* Subject, SOAPEntry for the partner and the List of Assertions.
* @param response <code>Response</code> object
* @return Map of data including Subject, SOAPEntry, and list of assertions.
*/
public static Map verifyAssertionAndGetSSMap(Response response) {
// loop to check assertions
com.sun.identity.saml.assertion.Subject subject = null;
SAMLServiceManager.SOAPEntry srcSite = null;
List assertions = response.getAssertion();
Iterator iter = assertions.iterator();
Assertion assertion = null;
String aIDString = null;
String issuer = null;
Iterator stmtIter = null;
Statement statement = null;
int stmtType = Statement.NOT_SUPPORTED;
com.sun.identity.saml.assertion.Subject sub = null;
SubjectConfirmation subConf = null;
Set confMethods = null;
String confMethod = null;
Date date = null;
while (iter.hasNext()) {
assertion = (Assertion) iter.next();
aIDString = assertion.getAssertionID();
// make sure it's not being used
if (idTimeMap.containsKey(aIDString)) {
debug.error("verifyAssertion " + "AndGetSSMap: Assertion: " + aIDString + " is used.");
return null;
}
// check issuer of the assertions
issuer = assertion.getIssuer();
if ((srcSite = SAMLUtils.getSourceSite(issuer)) == null) {
debug.error("verifyAsserti " + "onAndGetSSMap: issuer is not on the Partner list.");
return null;
}
if (!assertion.isSignatureValid()) {
debug.error("verifyAssertion " + "AndGetSSMap: assertion's signature is not valid.");
return null;
}
// must be valid (timewise)
if (!assertion.isTimeValid()) {
debug.error("verifyAssertion " + "AndGetSSMap: assertion's time is not valid.");
return null;
}
// TODO: IssuerInstant of the assertion is within a few minutes
// This is a MAY in spec. Which number to use for the few minutes?
// TODO: check AudienceRestrictionCondition
//for each assertion, loop to check each statement
stmtIter = assertion.getStatement().iterator();
while (stmtIter.hasNext()) {
statement = (Statement) stmtIter.next();
stmtType = statement.getStatementType();
if ((stmtType == Statement.AUTHENTICATION_STATEMENT) || (stmtType == Statement.ATTRIBUTE_STATEMENT) || (stmtType == Statement.AUTHORIZATION_DECISION_STATEMENT)) {
sub = ((SubjectStatement) statement).getSubject();
// ConfirmationMethod of each subject must be set to bearer
if (((subConf = sub.getSubjectConfirmation()) == null) || ((confMethods = subConf.getConfirmationMethod()) == null) || (confMethods.size() != 1)) {
debug.error("verify " + "AssertionAndGetSSMap: missing or extra " + "ConfirmationMethod.");
return null;
}
if (((confMethod = (String) confMethods.iterator().next()) == null) || (!confMethod.equals(SAMLConstants.CONFIRMATION_METHOD_BEARER))) {
debug.error("verify " + "AssertionAndGetSSMap:wrong ConfirmationMethod.");
return null;
}
if (stmtType == Statement.AUTHENTICATION_STATEMENT) {
// browser IP. This is a MAY item in the spec.
if (subject == null) {
subject = sub;
}
}
}
}
// add the assertion to idTimeMap
if (debug.messageEnabled()) {
debug.message("Adding " + aIDString + " to idTimeMap.");
}
Conditions conds = assertion.getConditions();
if ((conds != null) && ((date = conds.getNotOnorAfter()) != null)) {
cGoThrough.addElement(aIDString);
idTimeMap.put(aIDString, new Long(date.getTime()));
} else {
cPeriodic.addElement(aIDString);
// it doesn't matter what we store for the value.
idTimeMap.put(aIDString, aIDString);
}
}
// must have at least one SSO assertion
if ((subject == null) || (srcSite == null)) {
debug.error("verifyAssertion AndGetSSMap: couldn't find Subject.");
return null;
}
Map ssMap = new HashMap();
ssMap.put(SAMLConstants.SUBJECT, subject);
ssMap.put(SAMLConstants.SOURCE_SITE_SOAP_ENTRY, srcSite);
ssMap.put(SAMLConstants.POST_ASSERTION, assertions);
return ssMap;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
Statement(com.sun.identity.saml.assertion.Statement)
AuthenticationStatement(com.sun.identity.saml.assertion.AuthenticationStatement)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
SubjectStatement(com.sun.identity.saml.assertion.SubjectStatement)
Assertion(com.sun.identity.saml.assertion.Assertion)
Subject(com.sun.identity.saml.assertion.Subject)
Date(java.util.Date)
Conditions(com.sun.identity.saml.assertion.Conditions)
SubjectConfirmation(com.sun.identity.saml.assertion.SubjectConfirmation)
CharacterIterator(java.text.CharacterIterator)
Iterator(java.util.Iterator)
StringCharacterIterator(java.text.StringCharacterIterator)
List(java.util.List)
ArrayList(java.util.ArrayList)
Map(java.util.Map)
HashMap(java.util.HashMap)
Aggregations
Assertion (com.sun.identity.saml.assertion.Assertion)32
SAMLException (com.sun.identity.saml.common.SAMLException)18
SessionException (com.sun.identity.plugin.session.SessionException)16
Iterator (java.util.Iterator)9
SessionProvider (com.sun.identity.plugin.session.SessionProvider)7
AssertionIDReference (com.sun.identity.saml.assertion.AssertionIDReference)6
AssertionArtifact (com.sun.identity.saml.protocol.AssertionArtifact)6
ArrayList (java.util.ArrayList)6
List (java.util.List)6
Set (java.util.Set)6
FSException (com.sun.identity.federation.common.FSException)4
FSAssertion (com.sun.identity.federation.message.FSAssertion)4
AssertionManager (com.sun.identity.saml.AssertionManager)4
Statement (com.sun.identity.saml.assertion.Statement)4
Subject (com.sun.identity.saml.assertion.Subject)4
SubjectConfirmation (com.sun.identity.saml.assertion.SubjectConfirmation)4
SubjectStatement (com.sun.identity.saml.assertion.SubjectStatement)4
Status (com.sun.identity.saml.protocol.Status)4
AttributeStatement (com.sun.identity.saml.assertion.AttributeStatement)3
StatusCode (com.sun.identity.saml.protocol.StatusCode)3
