use of com.sun.identity.saml.assertion.AuthenticationStatement in project OpenAM by OpenRock.
the class LibSecurityTokenProvider method createAuthenticationStatement.
/**
* Creates Authentication Statement for the name identifier.
*/
private AuthenticationStatement createAuthenticationStatement(NameIdentifier senderIdentity, boolean isBearer) throws SecurityTokenException {
AuthenticationStatement authStatement = null;
try {
String authMethod = SAMLServiceManager.getAuthMethodURI(authType);
Date authInstant = DateUtils.stringToDate(authTime);
Subject subject = null;
SubjectConfirmation subConfirmation = null;
if (isBearer) {
subConfirmation = new SubjectConfirmation(SAMLConstants.CONFIRMATION_METHOD_BEARER);
} else {
subConfirmation = new SubjectConfirmation(SAMLConstants.CONFIRMATION_METHOD_HOLDEROFKEY);
subConfirmation.setKeyInfo(createKeyInfo());
}
subject = new Subject(senderIdentity, subConfirmation);
authStatement = new AuthenticationStatement(authMethod, authInstant, subject);
} catch (Exception e) {
debug.error("createAuthenticationStatement: ", e);
throw new SecurityTokenException(e.getMessage());
}
return authStatement;
}
use of com.sun.identity.saml.assertion.AuthenticationStatement in project OpenAM by OpenRock.
the class SecurityUtils method getCertificate.
/**
* Gets the Certificate from the <code>Assertion</code>.
*
* @param assertion the SAML <code>Assertion</code>.
* @return <code>X509Certificate</code> object.
*/
public static java.security.cert.Certificate getCertificate(SecurityAssertion assertion) {
if (debug.messageEnabled()) {
debug.message("SecurityAssertion = " + assertion.toString());
}
try {
Set statements = assertion.getStatement();
if (statements != null && !(statements.isEmpty())) {
Iterator iterator = statements.iterator();
while (iterator.hasNext()) {
Statement statement = (Statement) iterator.next();
int stype = statement.getStatementType();
Subject subject = null;
if (stype == Statement.AUTHENTICATION_STATEMENT) {
subject = ((AuthenticationStatement) statement).getSubject();
} else if (stype == ResourceAccessStatement.RESOURCEACCESS_STATEMENT) {
ResourceAccessStatement raStatement = (ResourceAccessStatement) statement;
subject = raStatement.getProxySubject();
if (subject == null) {
subject = raStatement.getSubject();
}
} else if (stype == SessionContextStatement.SESSIONCONTEXT_STATEMENT) {
SessionContextStatement scStatement = (SessionContextStatement) statement;
subject = scStatement.getProxySubject();
if (subject == null) {
subject = scStatement.getSubject();
}
}
if (subject != null) {
SubjectConfirmation subConfirm = subject.getSubjectConfirmation();
if (subConfirm.getConfirmationMethod().contains(SAMLConstants.CONFIRMATION_METHOD_HOLDEROFKEY)) {
Element keyinfo = subConfirm.getKeyInfo();
return getCertificate(keyinfo);
}
}
}
} else {
debug.error("Assertion does not contain any Statement.");
}
} catch (Exception e) {
debug.error("getCertificate Exception: ", e);
}
return null;
}
use of com.sun.identity.saml.assertion.AuthenticationStatement in project OpenAM by OpenRock.
the class SAMLUtils method examAssertions.
/**
* Determines if there is a valid SSO Assertion
* inside of SAML Response.
*
* @param assertions a List of <code>Assertion</code> objects
* @return a Subject object
* @exception IOException IOException
*/
public static com.sun.identity.saml.assertion.Subject examAssertions(List assertions) throws IOException {
if (assertions == null) {
return null;
}
boolean validation = false;
com.sun.identity.saml.assertion.Subject subject = null;
Iterator iter = assertions.iterator();
while (iter.hasNext()) {
Assertion assertion = (Assertion) iter.next();
if (!checkCondition(assertion)) {
return null;
}
debug.message("Passed checking Conditions!");
// exam the Statement inside the Assertion
Set statements = new HashSet();
statements = assertion.getStatement();
if (statements == null || statements.isEmpty()) {
debug.error(bundle.getString("noStatement"));
return null;
}
Iterator iterator = statements.iterator();
while (iterator.hasNext()) {
Statement statement = (Statement) iterator.next();
subject = ((SubjectStatement) statement).getSubject();
SubjectConfirmation sc = subject.getSubjectConfirmation();
Set cm = new HashSet();
cm = sc.getConfirmationMethod();
if (cm == null || cm.isEmpty()) {
debug.error("Subject confirmation method is null");
return null;
}
String conMethod = (String) cm.iterator().next();
// on Assertion version number
if ((conMethod != null) && (assertion.getMajorVersion() == SAMLConstants.ASSERTION_MAJOR_VERSION) && (((assertion.getMinorVersion() == SAMLConstants.ASSERTION_MINOR_VERSION_ONE) && conMethod.equals(SAMLConstants.CONFIRMATION_METHOD_ARTIFACT)) || ((assertion.getMinorVersion() == SAMLConstants.ASSERTION_MINOR_VERSION_ZERO) && (conMethod.equals(SAMLConstants.DEPRECATED_CONFIRMATION_METHOD_ARTIFACT))))) {
if (debug.messageEnabled()) {
debug.message("Correct Confirmation method");
}
} else {
debug.error("Wrong Confirmation Method.");
return null;
}
if (statement instanceof AuthenticationStatement) {
//found an SSO Assertion
validation = true;
}
}
// end of while (iterator.hasNext()) for Statements
}
if (!validation) {
debug.error(bundle.getString("noSSOAssertion"));
return null;
}
return subject;
}
use of com.sun.identity.saml.assertion.AuthenticationStatement in project OpenAM by OpenRock.
the class SAMLUtils method isAuthNAssertion.
/**
* Returns true if the assertion is valid both time wise and
* signature wise, and contains at least one AuthenticationStatement.
* @param assertion <code>Assertion</code> instance to be checked.
* @return <code>true</code> if the assertion is valid both time wise and
* signature wise, and contains at least one AuthenticationStatement.
*/
public static boolean isAuthNAssertion(Assertion assertion) {
if (assertion == null) {
return false;
}
if ((!assertion.isTimeValid()) || (!assertion.isSignatureValid())) {
return false;
}
Set statements = assertion.getStatement();
Statement statement = null;
Iterator iterator = statements.iterator();
while (iterator.hasNext()) {
statement = (Statement) iterator.next();
if (statement.getStatementType() == Statement.AUTHENTICATION_STATEMENT) {
return true;
}
}
// loop through statements
return false;
}
use of com.sun.identity.saml.assertion.AuthenticationStatement in project OpenAM by OpenRock.
the class SAMLUtils method addEnvParamsFromAssertion.
/**
* Returns attributes included in <code>AttributeStatement</code> of the
* assertion.
* @param envParameters return map which includes name value pairs of
* attributes included in <code>AttributeStatement</code> of the assertion
* @param assertion an <code>Assertion</code> object which contains
* <code>AttributeStatement</code>
* @param subject the <code>Subject</code> instance from
* <code>AuthenticationStatement</code>. The <code>Subject</code>
* included in <code>AttributeStatement</code> must match this
* <code>Subject</code> instance.
*/
public static void addEnvParamsFromAssertion(Map envParameters, Assertion assertion, com.sun.identity.saml.assertion.Subject subject) {
Set statements = assertion.getStatement();
Statement statement = null;
Iterator stmtIter = null;
List attrs = null;
Iterator attrIter = null;
Attribute attribute = null;
Element attrValue = null;
List attrValues = null;
String attrName = null;
String attrValueString = null;
if ((statements != null) && (!statements.isEmpty())) {
stmtIter = statements.iterator();
while (stmtIter.hasNext()) {
statement = (Statement) stmtIter.next();
if (statement.getStatementType() == Statement.ATTRIBUTE_STATEMENT) {
// check for subject
if (!subject.equals(((AttributeStatement) statement).getSubject())) {
continue;
}
attrs = ((AttributeStatement) statement).getAttribute();
attrIter = attrs.iterator();
while (attrIter.hasNext()) {
attribute = (Attribute) attrIter.next();
try {
attrValues = attribute.getAttributeValue();
} catch (Exception e) {
debug.error("SAMLUtils.addEnvParamsFromAssertion:" + " cannot obtain attribute value:", e);
continue;
}
attrName = attribute.getAttributeName();
List attrValueList = null;
for (Iterator avIter = attrValues.iterator(); avIter.hasNext(); ) {
attrValue = (Element) avIter.next();
if (!XMLUtils.hasElementChild(attrValue)) {
attrValueString = XMLUtils.getElementValue(attrValue);
if (attrValueList == null) {
attrValueList = new ArrayList();
}
attrValueList.add(attrValueString);
}
}
if (attrValueList != null) {
if (debug.messageEnabled()) {
debug.message("SAMLUtils.addEnvParamsFromAssertion:" + " attrName = " + attrName + " attrValue = " + attrValueList);
}
String[] attrValueStrs = (String[]) attrValueList.toArray(new String[attrValueList.size()]);
try {
envParameters.put(attrName, attrValueStrs);
} catch (Exception ex) {
if (debug.messageEnabled()) {
debug.message("SAMLUtils.addEnvParamsFromAssertion:", ex);
}
}
} else if (debug.messageEnabled()) {
if (debug.messageEnabled()) {
debug.message("SAMLUtils.addEnvParamsFromAssertion:" + " attrName = " + attrName + " has no value");
}
}
}
}
// if it's an attribute statement
}
}
}
Aggregations