Search in sources :

Example 1 with AuthenticationStatement

use of com.sun.identity.saml.assertion.AuthenticationStatement in project OpenAM by OpenRock.

the class LibSecurityTokenProvider method createAuthenticationStatement.

/**
     * Creates Authentication Statement for the name identifier.
     */
private AuthenticationStatement createAuthenticationStatement(NameIdentifier senderIdentity, boolean isBearer) throws SecurityTokenException {
    AuthenticationStatement authStatement = null;
    try {
        String authMethod = SAMLServiceManager.getAuthMethodURI(authType);
        Date authInstant = DateUtils.stringToDate(authTime);
        Subject subject = null;
        SubjectConfirmation subConfirmation = null;
        if (isBearer) {
            subConfirmation = new SubjectConfirmation(SAMLConstants.CONFIRMATION_METHOD_BEARER);
        } else {
            subConfirmation = new SubjectConfirmation(SAMLConstants.CONFIRMATION_METHOD_HOLDEROFKEY);
            subConfirmation.setKeyInfo(createKeyInfo());
        }
        subject = new Subject(senderIdentity, subConfirmation);
        authStatement = new AuthenticationStatement(authMethod, authInstant, subject);
    } catch (Exception e) {
        debug.error("createAuthenticationStatement: ", e);
        throw new SecurityTokenException(e.getMessage());
    }
    return authStatement;
}
Also used : SubjectConfirmation(com.sun.identity.saml.assertion.SubjectConfirmation) AuthenticationStatement(com.sun.identity.saml.assertion.AuthenticationStatement) Date(java.util.Date) Subject(com.sun.identity.saml.assertion.Subject) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException)

Example 2 with AuthenticationStatement

use of com.sun.identity.saml.assertion.AuthenticationStatement in project OpenAM by OpenRock.

the class SecurityUtils method getCertificate.

/**
     * Gets the  Certificate from the <code>Assertion</code>.
     *
     * @param assertion the SAML <code>Assertion</code>.
     * @return <code>X509Certificate</code> object.
     */
public static java.security.cert.Certificate getCertificate(SecurityAssertion assertion) {
    if (debug.messageEnabled()) {
        debug.message("SecurityAssertion = " + assertion.toString());
    }
    try {
        Set statements = assertion.getStatement();
        if (statements != null && !(statements.isEmpty())) {
            Iterator iterator = statements.iterator();
            while (iterator.hasNext()) {
                Statement statement = (Statement) iterator.next();
                int stype = statement.getStatementType();
                Subject subject = null;
                if (stype == Statement.AUTHENTICATION_STATEMENT) {
                    subject = ((AuthenticationStatement) statement).getSubject();
                } else if (stype == ResourceAccessStatement.RESOURCEACCESS_STATEMENT) {
                    ResourceAccessStatement raStatement = (ResourceAccessStatement) statement;
                    subject = raStatement.getProxySubject();
                    if (subject == null) {
                        subject = raStatement.getSubject();
                    }
                } else if (stype == SessionContextStatement.SESSIONCONTEXT_STATEMENT) {
                    SessionContextStatement scStatement = (SessionContextStatement) statement;
                    subject = scStatement.getProxySubject();
                    if (subject == null) {
                        subject = scStatement.getSubject();
                    }
                }
                if (subject != null) {
                    SubjectConfirmation subConfirm = subject.getSubjectConfirmation();
                    if (subConfirm.getConfirmationMethod().contains(SAMLConstants.CONFIRMATION_METHOD_HOLDEROFKEY)) {
                        Element keyinfo = subConfirm.getKeyInfo();
                        return getCertificate(keyinfo);
                    }
                }
            }
        } else {
            debug.error("Assertion does not contain any Statement.");
        }
    } catch (Exception e) {
        debug.error("getCertificate Exception: ", e);
    }
    return null;
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) SubjectConfirmation(com.sun.identity.saml.assertion.SubjectConfirmation) Statement(com.sun.identity.saml.assertion.Statement) AuthenticationStatement(com.sun.identity.saml.assertion.AuthenticationStatement) Element(org.w3c.dom.Element) Iterator(java.util.Iterator) Subject(com.sun.identity.saml.assertion.Subject) XMLSignatureException(com.sun.identity.saml.xmlsig.XMLSignatureException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)

Example 3 with AuthenticationStatement

use of com.sun.identity.saml.assertion.AuthenticationStatement in project OpenAM by OpenRock.

the class SAMLUtils method examAssertions.

/**
     * Determines if there is a valid SSO Assertion
     * inside of SAML Response.
     *
     * @param assertions a List of <code>Assertion</code> objects
     * @return a Subject object
     * @exception IOException IOException
     */
public static com.sun.identity.saml.assertion.Subject examAssertions(List assertions) throws IOException {
    if (assertions == null) {
        return null;
    }
    boolean validation = false;
    com.sun.identity.saml.assertion.Subject subject = null;
    Iterator iter = assertions.iterator();
    while (iter.hasNext()) {
        Assertion assertion = (Assertion) iter.next();
        if (!checkCondition(assertion)) {
            return null;
        }
        debug.message("Passed checking Conditions!");
        // exam the Statement inside the Assertion
        Set statements = new HashSet();
        statements = assertion.getStatement();
        if (statements == null || statements.isEmpty()) {
            debug.error(bundle.getString("noStatement"));
            return null;
        }
        Iterator iterator = statements.iterator();
        while (iterator.hasNext()) {
            Statement statement = (Statement) iterator.next();
            subject = ((SubjectStatement) statement).getSubject();
            SubjectConfirmation sc = subject.getSubjectConfirmation();
            Set cm = new HashSet();
            cm = sc.getConfirmationMethod();
            if (cm == null || cm.isEmpty()) {
                debug.error("Subject confirmation method is null");
                return null;
            }
            String conMethod = (String) cm.iterator().next();
            // on Assertion version number
            if ((conMethod != null) && (assertion.getMajorVersion() == SAMLConstants.ASSERTION_MAJOR_VERSION) && (((assertion.getMinorVersion() == SAMLConstants.ASSERTION_MINOR_VERSION_ONE) && conMethod.equals(SAMLConstants.CONFIRMATION_METHOD_ARTIFACT)) || ((assertion.getMinorVersion() == SAMLConstants.ASSERTION_MINOR_VERSION_ZERO) && (conMethod.equals(SAMLConstants.DEPRECATED_CONFIRMATION_METHOD_ARTIFACT))))) {
                if (debug.messageEnabled()) {
                    debug.message("Correct Confirmation method");
                }
            } else {
                debug.error("Wrong Confirmation Method.");
                return null;
            }
            if (statement instanceof AuthenticationStatement) {
                //found an SSO Assertion
                validation = true;
            }
        }
    // end of  while (iterator.hasNext()) for Statements
    }
    if (!validation) {
        debug.error(bundle.getString("noSSOAssertion"));
        return null;
    }
    return subject;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) Statement(com.sun.identity.saml.assertion.Statement) AuthenticationStatement(com.sun.identity.saml.assertion.AuthenticationStatement) AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement) SubjectStatement(com.sun.identity.saml.assertion.SubjectStatement) Assertion(com.sun.identity.saml.assertion.Assertion) Subject(com.sun.identity.saml.assertion.Subject) AuthenticationStatement(com.sun.identity.saml.assertion.AuthenticationStatement) SubjectConfirmation(com.sun.identity.saml.assertion.SubjectConfirmation) CharacterIterator(java.text.CharacterIterator) Iterator(java.util.Iterator) StringCharacterIterator(java.text.StringCharacterIterator) HashSet(java.util.HashSet)

Example 4 with AuthenticationStatement

use of com.sun.identity.saml.assertion.AuthenticationStatement in project OpenAM by OpenRock.

the class SAMLUtils method isAuthNAssertion.

/**
     * Returns true if the assertion is valid both time wise and
     * signature wise, and contains at least one AuthenticationStatement.
     * @param assertion <code>Assertion</code> instance to be checked.
     * @return <code>true</code> if the assertion is valid both time wise and
     * signature wise, and contains at least one AuthenticationStatement.
     */
public static boolean isAuthNAssertion(Assertion assertion) {
    if (assertion == null) {
        return false;
    }
    if ((!assertion.isTimeValid()) || (!assertion.isSignatureValid())) {
        return false;
    }
    Set statements = assertion.getStatement();
    Statement statement = null;
    Iterator iterator = statements.iterator();
    while (iterator.hasNext()) {
        statement = (Statement) iterator.next();
        if (statement.getStatementType() == Statement.AUTHENTICATION_STATEMENT) {
            return true;
        }
    }
    // loop through statements
    return false;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) Statement(com.sun.identity.saml.assertion.Statement) AuthenticationStatement(com.sun.identity.saml.assertion.AuthenticationStatement) AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement) SubjectStatement(com.sun.identity.saml.assertion.SubjectStatement) CharacterIterator(java.text.CharacterIterator) Iterator(java.util.Iterator) StringCharacterIterator(java.text.StringCharacterIterator)

Example 5 with AuthenticationStatement

use of com.sun.identity.saml.assertion.AuthenticationStatement in project OpenAM by OpenRock.

the class SAMLUtils method addEnvParamsFromAssertion.

/**
     * Returns attributes included in <code>AttributeStatement</code> of the
     * assertion.
     * @param envParameters return map which includes name value pairs of 
     *   attributes included in <code>AttributeStatement</code> of the assertion
     * @param assertion an <code>Assertion</code> object which contains
     *   <code>AttributeStatement</code>
     * @param subject the <code>Subject</code> instance from
     *   <code>AuthenticationStatement</code>. The <code>Subject</code>
     *   included in <code>AttributeStatement</code> must match this
     *   <code>Subject</code> instance.
     */
public static void addEnvParamsFromAssertion(Map envParameters, Assertion assertion, com.sun.identity.saml.assertion.Subject subject) {
    Set statements = assertion.getStatement();
    Statement statement = null;
    Iterator stmtIter = null;
    List attrs = null;
    Iterator attrIter = null;
    Attribute attribute = null;
    Element attrValue = null;
    List attrValues = null;
    String attrName = null;
    String attrValueString = null;
    if ((statements != null) && (!statements.isEmpty())) {
        stmtIter = statements.iterator();
        while (stmtIter.hasNext()) {
            statement = (Statement) stmtIter.next();
            if (statement.getStatementType() == Statement.ATTRIBUTE_STATEMENT) {
                // check for subject
                if (!subject.equals(((AttributeStatement) statement).getSubject())) {
                    continue;
                }
                attrs = ((AttributeStatement) statement).getAttribute();
                attrIter = attrs.iterator();
                while (attrIter.hasNext()) {
                    attribute = (Attribute) attrIter.next();
                    try {
                        attrValues = attribute.getAttributeValue();
                    } catch (Exception e) {
                        debug.error("SAMLUtils.addEnvParamsFromAssertion:" + " cannot obtain attribute value:", e);
                        continue;
                    }
                    attrName = attribute.getAttributeName();
                    List attrValueList = null;
                    for (Iterator avIter = attrValues.iterator(); avIter.hasNext(); ) {
                        attrValue = (Element) avIter.next();
                        if (!XMLUtils.hasElementChild(attrValue)) {
                            attrValueString = XMLUtils.getElementValue(attrValue);
                            if (attrValueList == null) {
                                attrValueList = new ArrayList();
                            }
                            attrValueList.add(attrValueString);
                        }
                    }
                    if (attrValueList != null) {
                        if (debug.messageEnabled()) {
                            debug.message("SAMLUtils.addEnvParamsFromAssertion:" + " attrName = " + attrName + " attrValue = " + attrValueList);
                        }
                        String[] attrValueStrs = (String[]) attrValueList.toArray(new String[attrValueList.size()]);
                        try {
                            envParameters.put(attrName, attrValueStrs);
                        } catch (Exception ex) {
                            if (debug.messageEnabled()) {
                                debug.message("SAMLUtils.addEnvParamsFromAssertion:", ex);
                            }
                        }
                    } else if (debug.messageEnabled()) {
                        if (debug.messageEnabled()) {
                            debug.message("SAMLUtils.addEnvParamsFromAssertion:" + " attrName = " + attrName + " has no value");
                        }
                    }
                }
            }
        // if it's an attribute statement
        }
    }
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) Attribute(com.sun.identity.saml.assertion.Attribute) Statement(com.sun.identity.saml.assertion.Statement) AuthenticationStatement(com.sun.identity.saml.assertion.AuthenticationStatement) AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement) SubjectStatement(com.sun.identity.saml.assertion.SubjectStatement) AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement) CharacterIterator(java.text.CharacterIterator) Iterator(java.util.Iterator) StringCharacterIterator(java.text.StringCharacterIterator) ArrayList(java.util.ArrayList) List(java.util.List) ArrayList(java.util.ArrayList) ServletException(javax.servlet.ServletException) SystemConfigurationException(com.sun.identity.common.SystemConfigurationException) SessionException(com.sun.identity.plugin.session.SessionException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) MalformedURLException(java.net.MalformedURLException) IOException(java.io.IOException)

Aggregations

AuthenticationStatement (com.sun.identity.saml.assertion.AuthenticationStatement)6 HashSet (java.util.HashSet)5 Set (java.util.Set)5 AttributeStatement (com.sun.identity.saml.assertion.AttributeStatement)4 Statement (com.sun.identity.saml.assertion.Statement)4 Iterator (java.util.Iterator)4 SessionException (com.sun.identity.plugin.session.SessionException)3 Subject (com.sun.identity.saml.assertion.Subject)3 SubjectConfirmation (com.sun.identity.saml.assertion.SubjectConfirmation)3 SubjectStatement (com.sun.identity.saml.assertion.SubjectStatement)3 CharacterIterator (java.text.CharacterIterator)3 StringCharacterIterator (java.text.StringCharacterIterator)3 SAMLException (com.sun.identity.saml.common.SAMLException)2 ArrayList (java.util.ArrayList)2 Date (java.util.Date)2 List (java.util.List)2 SystemConfigurationException (com.sun.identity.common.SystemConfigurationException)1 Assertion (com.sun.identity.saml.assertion.Assertion)1 Attribute (com.sun.identity.saml.assertion.Attribute)1 AudienceRestrictionCondition (com.sun.identity.saml.assertion.AudienceRestrictionCondition)1