use of com.sun.identity.saml2.assertion.Advice in project OpenAM by OpenRock.
the class SPACSUtils method setDiscoBootstrapCredsInSSOToken.
/** Sets Discovery bootstrap credentials in the SSOToken
*
* @param sessionProvider session provider.
* @param assertion assertion.
* @param session the valid session object.
*/
private static void setDiscoBootstrapCredsInSSOToken(SessionProvider sessionProvider, Assertion assertion, Object session) throws SessionException {
if (assertion == null) {
return;
}
Set discoBootstrapCreds = null;
Advice advice = assertion.getAdvice();
if (advice != null) {
List creds = advice.getAdditionalInfo();
if ((creds != null) && !creds.isEmpty()) {
if (discoBootstrapCreds == null) {
discoBootstrapCreds = new HashSet();
}
discoBootstrapCreds.addAll(creds);
}
}
if (discoBootstrapCreds != null) {
sessionProvider.setProperty(session, SAML2Constants.DISCOVERY_BOOTSTRAP_CREDENTIALS, (String[]) discoBootstrapCreds.toArray(new String[discoBootstrapCreds.size()]));
}
}
use of com.sun.identity.saml2.assertion.Advice in project OpenAM by OpenRock.
the class DefaultSPAuthnContextMapper method getAuthLevelFromAdvice.
/**
* Returns the auth level from advice.
* The advice is passed in through paramsMap as follows:
* Key: Value:
* sunamcompositeadvice URLEncoded XML blob that specifies auth level
* advice. Here is an example of the xml blob:
* <Advice>
* <AttributeValuePair>
* <Attribute name="AuthLevelConditionAdvice"/>
* <Value>/:1</Value>
* </AttributeValuePair>
* </Advice>
*
* In this advice, the requested auth level is 1.
* Note: The ":" before auth level 1 is a must.
*/
private Integer getAuthLevelFromAdvice(Map paramsMap) {
Integer level = null;
List advices = (List) paramsMap.get(SAML2Constants.AUTH_LEVEL_ADVICE);
if (advices != null && !advices.isEmpty()) {
String adviceXML = URLEncDec.decode((String) advices.iterator().next());
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("DefaultSPAuthnContextMapper:adviceXML=" + adviceXML);
}
Set authLevelvalues = null;
// parse xml
Document document = XMLUtils.toDOMDocument(adviceXML, SAML2Utils.debug);
if (document != null) {
Node adviceNode = XMLUtils.getRootNode(document, "Advices");
if (adviceNode != null) {
Map advicePair = XMLUtils.parseAttributeValuePairTags(adviceNode);
authLevelvalues = (Set) advicePair.get("AuthLevelConditionAdvice");
}
}
if ((authLevelvalues != null) && (!authLevelvalues.isEmpty())) {
// get the lowest auth level from the given set
Iterator iter = authLevelvalues.iterator();
while (iter.hasNext()) {
String authLevelvalue = (String) iter.next();
if (authLevelvalue != null && authLevelvalue.length() != 0) {
int index = authLevelvalue.indexOf(":");
String authLevelStr = null;
if (index != -1) {
authLevelStr = authLevelvalue.substring(index + 1).trim();
} else {
authLevelStr = authLevelvalue;
}
try {
Integer authLevel = new Integer(authLevelStr);
if (level == null || level.compareTo(authLevel) > 0) {
level = authLevel;
}
} catch (Exception nex) {
continue;
}
}
}
}
}
return level;
}
use of com.sun.identity.saml2.assertion.Advice in project OpenAM by OpenRock.
the class AssertionImpl method processElement.
private void processElement(Element element) throws SAML2Exception {
if (element == null) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement(): invalid root element");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalid_element"));
}
String elemName = element.getLocalName();
if (elemName == null) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement(): local name missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_local_name"));
}
if (!elemName.equals(ASSERTION_ELEMENT)) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement(): invalid local name " + elemName);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalid_local_name"));
}
// starts processing attributes
String attrValue = element.getAttribute(ASSERTION_VERSION_ATTR);
if ((attrValue == null) || (attrValue.length() == 0)) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement(): version missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_assertion_version"));
}
version = attrValue;
attrValue = element.getAttribute(ASSERTION_ID_ATTR);
if ((attrValue == null) || (attrValue.length() == 0)) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement(): assertion id missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_assertion_id"));
}
id = attrValue;
attrValue = element.getAttribute(ASSERTION_ISSUEINSTANT_ATTR);
if ((attrValue == null) || (attrValue.length() == 0)) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement(): issue instant missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_issue_instant"));
}
try {
issueInstant = DateUtils.stringToDate(attrValue);
} catch (ParseException pe) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement(): invalid issue instant");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalid_date_format"));
}
// starts processing subelements
NodeList nodes = element.getChildNodes();
int numOfNodes = nodes.getLength();
if (numOfNodes < 1) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement(): assertion has no subelements");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_subelements"));
}
AssertionFactory factory = AssertionFactory.getInstance();
int nextElem = 0;
Node child = (Node) nodes.item(nextElem);
while (child.getNodeType() != Node.ELEMENT_NODE) {
if (++nextElem >= numOfNodes) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement():" + " assertion has no subelements");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_subelements"));
}
child = (Node) nodes.item(nextElem);
}
// The first subelement should be <Issuer>
String childName = child.getLocalName();
if ((childName == null) || (!childName.equals(ASSERTION_ISSUER))) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement():" + " the first element is not <Issuer>");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_subelement_issuer"));
}
issuer = factory.getInstance().createIssuer((Element) child);
if (++nextElem >= numOfNodes) {
return;
}
child = (Node) nodes.item(nextElem);
while (child.getNodeType() != Node.ELEMENT_NODE) {
if (++nextElem >= numOfNodes) {
return;
}
child = (Node) nodes.item(nextElem);
}
// The next subelement may be <ds:Signature>
childName = child.getLocalName();
if ((childName != null) && childName.equals(ASSERTION_SIGNATURE)) {
signature = XMLUtils.print((Element) child);
if (++nextElem >= numOfNodes) {
return;
}
child = (Node) nodes.item(nextElem);
while (child.getNodeType() != Node.ELEMENT_NODE) {
if (++nextElem >= numOfNodes) {
return;
}
child = (Node) nodes.item(nextElem);
}
childName = child.getLocalName();
} else {
signature = null;
}
// The next subelement may be <Subject>
if ((childName != null) && childName.equals(ASSERTION_SUBJECT)) {
subject = factory.createSubject((Element) child);
if (++nextElem >= numOfNodes) {
return;
}
child = (Node) nodes.item(nextElem);
while (child.getNodeType() != Node.ELEMENT_NODE) {
if (++nextElem >= numOfNodes) {
return;
}
child = (Node) nodes.item(nextElem);
}
childName = child.getLocalName();
} else {
subject = null;
}
// The next subelement may be <Conditions>
if ((childName != null) && childName.equals(ASSERTION_CONDITIONS)) {
conditions = factory.createConditions((Element) child);
if (++nextElem >= numOfNodes) {
return;
}
child = (Node) nodes.item(nextElem);
while (child.getNodeType() != Node.ELEMENT_NODE) {
if (++nextElem >= numOfNodes) {
return;
}
child = (Node) nodes.item(nextElem);
}
childName = child.getLocalName();
} else {
conditions = null;
}
// The next subelement may be <Advice>
if ((childName != null) && childName.equals(ASSERTION_ADVICE)) {
advice = factory.createAdvice((Element) child);
nextElem++;
} else {
advice = null;
}
// The next subelements are all statements
while (nextElem < numOfNodes) {
child = (Node) nodes.item(nextElem);
if (child.getNodeType() == Node.ELEMENT_NODE) {
childName = child.getLocalName();
if (childName != null) {
if (childName.equals(ASSERTION_AUTHNSTATEMENT)) {
authnStatements.add(factory.createAuthnStatement((Element) child));
} else if (childName.equals(ASSERTION_AUTHZDECISIONSTATEMENT)) {
authzDecisionStatements.add(factory.createAuthzDecisionStatement((Element) child));
} else if (childName.equals(ASSERTION_ATTRIBUTESTATEMENT)) {
attributeStatements.add(factory.createAttributeStatement((Element) child));
} else if ((childName != null) && childName.equals(ASSERTION_SIGNATURE)) {
signature = XMLUtils.print((Element) child);
} else {
String type = ((Element) child).getAttribute(XSI_TYPE_ATTR);
if (childName.equals(ASSERTION_STATEMENT) && (type != null && type.length() > 0)) {
statements.add(XMLUtils.print((Element) child));
} else {
SAML2SDKUtils.debug.error("AssertionImpl.processElement(): " + "unexpected subelement " + childName);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("unexpected_subelement"));
}
}
}
}
nextElem++;
}
}
use of com.sun.identity.saml2.assertion.Advice in project OpenAM by OpenRock.
the class AssertionImpl method makeImmutable.
/**
* Makes the object immutable
*/
@Override
public void makeImmutable() {
if (isMutable) {
if (authnStatements != null) {
int length = authnStatements.size();
for (int i = 0; i < length; i++) {
AuthnStatement authn = (AuthnStatement) authnStatements.get(i);
authn.makeImmutable();
}
authnStatements = Collections.unmodifiableList(authnStatements);
}
if (authzDecisionStatements != null) {
int length = authzDecisionStatements.size();
for (int i = 0; i < length; i++) {
AuthzDecisionStatement authz = (AuthzDecisionStatement) authzDecisionStatements.get(i);
authz.makeImmutable();
}
authzDecisionStatements = Collections.unmodifiableList(authzDecisionStatements);
}
if (attributeStatements != null) {
int length = attributeStatements.size();
for (int i = 0; i < length; i++) {
AttributeStatement attr = (AttributeStatement) attributeStatements.get(i);
attr.makeImmutable();
}
attributeStatements = Collections.unmodifiableList(attributeStatements);
}
if (statements != null) {
statements = Collections.unmodifiableList(statements);
}
if (conditions != null) {
conditions.makeImmutable();
}
if (issuer != null) {
issuer.makeImmutable();
}
if (subject != null) {
subject.makeImmutable();
}
if (advice != null) {
advice.makeImmutable();
}
isMutable = false;
}
}
use of com.sun.identity.saml2.assertion.Advice in project OpenAM by OpenRock.
the class DiscoveryBootstrap method getCredentials.
/**
* Gets the credential for discovery boot strap resource offering
* @return Advice Credential advice
*/
public Advice getCredentials() throws SAML2Exception {
Advice advice = null;
if ((assertions != null) && (assertions.size() != 0)) {
List assertionStrs = new ArrayList();
for (Iterator iter = assertions.iterator(); iter.hasNext(); ) {
Assertion assertion = (Assertion) iter.next();
assertionStrs.add(assertion.toString(true, true));
}
advice = AssertionFactory.getInstance().createAdvice();
advice.setAdditionalInfo(assertionStrs);
}
return advice;
}
Aggregations