use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class AdviceImpl method makeImmutable.
/**
* Makes the object immutable
*/
public void makeImmutable() {
if (isMutable) {
if (assertions != null) {
int length = assertions.size();
for (int i = 0; i < length; i++) {
Assertion assertion = (Assertion) assertions.get(i);
assertion.makeImmutable();
}
assertions = Collections.unmodifiableList(assertions);
}
if (encryptedAssertions != null) {
encryptedAssertions = Collections.unmodifiableList(encryptedAssertions);
}
if (assertionIDRefs != null) {
int length = assertionIDRefs.size();
for (int i = 0; i < length; i++) {
AssertionIDRef assertionIDRef = (AssertionIDRef) assertionIDRefs.get(i);
assertionIDRef.makeImmutable();
}
assertionIDRefs = Collections.unmodifiableList(assertionIDRefs);
}
if (assertionURIRefs != null) {
assertionURIRefs = Collections.unmodifiableList(assertionURIRefs);
}
if (additionalInfo != null) {
additionalInfo = Collections.unmodifiableList(additionalInfo);
}
isMutable = false;
}
}
use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class AssertionImpl method toXMLString.
/**
* Returns a String representation
* @param includeNSPrefix Determines whether or not the namespace
* qualifier is prepended to the Element when converted
* @param declareNS Determines whether or not the namespace is declared
* within the Element.
* @return A String representation
* @exception SAML2Exception if something is wrong during conversion
*/
@Override
public String toXMLString(boolean includeNSPrefix, boolean declareNS) throws SAML2Exception {
if ((signature != null) && (signedXMLString != null)) {
return signedXMLString;
}
StringBuffer sb = new StringBuffer(2000);
String NS = "";
String appendNS = "";
if (declareNS) {
NS = SAML2Constants.ASSERTION_DECLARE_STR;
}
if (includeNSPrefix) {
appendNS = SAML2Constants.ASSERTION_PREFIX;
}
sb.append("<").append(appendNS).append(ASSERTION_ELEMENT).append(NS);
if ((version == null) || (version.length() == 0)) {
SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): version missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_assertion_version"));
}
sb.append(" ").append(ASSERTION_VERSION_ATTR).append("=\"").append(version).append("\"");
if ((id == null) || (id.length() == 0)) {
SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): assertion id missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_assertion_id"));
}
sb.append(" ").append(ASSERTION_ID_ATTR).append("=\"").append(id).append("\"");
if (issueInstant == null) {
SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): issue instant missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_issue_instant"));
}
String instantStr = DateUtils.toUTCDateFormat(issueInstant);
sb.append(" ").append(ASSERTION_ISSUEINSTANT_ATTR).append("=\"").append(instantStr).append("\"").append(">\n");
if (issuer == null) {
SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): issuer missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_subelement_issuer"));
}
sb.append(issuer.toXMLString(includeNSPrefix, false));
if (signature != null) {
sb.append(signature);
}
if (subject != null) {
sb.append(subject.toXMLString(includeNSPrefix, false));
}
if (conditions != null) {
sb.append(conditions.toXMLString(includeNSPrefix, false));
}
if (advice != null) {
sb.append(advice.toXMLString(includeNSPrefix, false));
}
int length = 0;
if (statements != null) {
length = statements.size();
for (int i = 0; i < length; i++) {
String str = (String) statements.get(i);
sb.append(str);
}
}
if (authnStatements != null) {
length = authnStatements.size();
for (int i = 0; i < length; i++) {
AuthnStatement st = (AuthnStatement) authnStatements.get(i);
sb.append(st.toXMLString(includeNSPrefix, false));
}
}
if (authzDecisionStatements != null) {
length = authzDecisionStatements.size();
for (int i = 0; i < length; i++) {
AuthzDecisionStatement st = (AuthzDecisionStatement) authzDecisionStatements.get(i);
sb.append(st.toXMLString(includeNSPrefix, false));
}
}
if (attributeStatements != null) {
length = attributeStatements.size();
for (int i = 0; i < length; i++) {
AttributeStatement st = (AttributeStatement) attributeStatements.get(i);
sb.append(st.toXMLString(includeNSPrefix, false));
}
}
sb.append("</").append(appendNS).append(ASSERTION_ELEMENT).append(">\n");
//return SAML2Utils.removeNewLineChars(sb.toString());
return sb.toString();
}
use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class AssertionIDRequestUtil method sendAssertionIDRequest.
/**
* Sends the <code>AssertionIDRequest</code> to specifiied Assertion ID
* Request Service and returns <code>Response</code> coming from the
* Assertion ID Request Service.
*
* @param assertionIDRequest the <code>AssertionIDRequest</code> object
* @param samlAuthorityEntityID entity ID of SAML authority
* @param role SAML authority role, for example,
* <code>SAML2Constants.ATTR_AUTH_ROLE</code>,
* <code>SAML2Constants.AUTHN_AUTH_ROLE</code> or
* <code>SAML2Constants.IDP_ROLE</code>
* @param realm the realm of hosted entity
* @param binding the binding
*
* @return the <code>Response</code> object
* @exception SAML2Exception if the operation is not successful
*
* @supported.api
*/
public static Response sendAssertionIDRequest(AssertionIDRequest assertionIDRequest, String samlAuthorityEntityID, String role, String realm, String binding) throws SAML2Exception {
StringBuffer location = new StringBuffer();
RoleDescriptorType roled = getRoleDescriptorAndLocation(samlAuthorityEntityID, role, realm, binding, location);
if (binding.equalsIgnoreCase(SAML2Constants.SOAP)) {
signAssertionIDRequest(assertionIDRequest, realm, false);
return sendAssertionIDRequestBySOAP(assertionIDRequest, location.toString(), realm, samlAuthorityEntityID, role, roled);
} else {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
}
use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class AssertionIDRequestUtil method processAssertionIDRequest.
/**
* This method processes the <code>AssertionIDRequest</code> coming
* from a requester.
*
* @param assertionIDRequest the <code>AssertionIDRequest</code> object
* @param request the <code>HttpServletRequest</code> object
* @param response the <code>HttpServletResponse</code> object
* @param samlAuthorityEntityID entity ID of SAML authority
* @param role the role of SAML authority
* @param realm the realm of SAML authority
* @return the <code>Response</code> object
* @exception SAML2Exception if the operation is not successful
*/
public static Response processAssertionIDRequest(AssertionIDRequest assertionIDRequest, HttpServletRequest request, HttpServletResponse response, String samlAuthorityEntityID, String role, String realm) throws SAML2Exception {
try {
verifyAssertionIDRequest(assertionIDRequest, samlAuthorityEntityID, role, realm);
} catch (SAML2Exception se) {
SAML2Utils.debug.error("AssertionIDRequestUtil." + "processAssertionIDRequest:", se);
return SAML2Utils.getErrorResponse(assertionIDRequest, SAML2Constants.REQUESTER, null, se.getMessage(), samlAuthorityEntityID);
}
Issuer issuer = assertionIDRequest.getIssuer();
String spEntityID = issuer.getValue();
RoleDescriptorType roled = null;
try {
if (SAML2Constants.IDP_ROLE.equals(role)) {
roled = metaManager.getIDPSSODescriptor(realm, samlAuthorityEntityID);
} else if (SAML2Constants.AUTHN_AUTH_ROLE.equals(role)) {
roled = metaManager.getAuthnAuthorityDescriptor(realm, samlAuthorityEntityID);
} else if (SAML2Constants.ATTR_AUTH_ROLE.equals(role)) {
roled = metaManager.getAttributeAuthorityDescriptor(realm, samlAuthorityEntityID);
}
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error("AssertionIDRequestUtil." + "processAssertionIDRequest:", sme);
return SAML2Utils.getErrorResponse(assertionIDRequest, SAML2Constants.RESPONDER, null, sme.getMessage(), samlAuthorityEntityID);
}
if (roled == null) {
return SAML2Utils.getErrorResponse(assertionIDRequest, SAML2Constants.REQUESTER, null, SAML2Utils.bundle.getString("samlAuthorityNotFound"), samlAuthorityEntityID);
}
List returnAssertions = null;
List assertionIDRefs = assertionIDRequest.getAssertionIDRefs();
for (Iterator iter = assertionIDRefs.iterator(); iter.hasNext(); ) {
AssertionIDRef assertionIDRef = (AssertionIDRef) iter.next();
String assertionID = assertionIDRef.getValue();
Assertion assertion = (Assertion) IDPCache.assertionByIDCache.get(assertionID);
if ((assertion == null) && (SAML2FailoverUtils.isSAML2FailoverEnabled())) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AssertionIDRequestUtil.processAssertionIDRequest: " + "reading assertion from the SAML2 Token Repository using assertionID:" + assertionID);
}
String assertionStr = null;
try {
assertionStr = (String) SAML2FailoverUtils.retrieveSAML2Token(assertionID);
} catch (SAML2TokenRepositoryException se) {
SAML2Utils.debug.error("AssertionIDRequestUtil.processAssertionIDRequest: " + "There was a problem reading assertion from the SAML2 Token Repository using assertionID:" + assertionID, se);
}
if (assertionStr != null) {
assertion = AssertionFactory.getInstance().createAssertion(assertionStr);
}
}
if ((assertion != null) && (assertion.isTimeValid())) {
if (returnAssertions == null) {
returnAssertions = new ArrayList();
}
returnAssertions.add(assertion);
}
}
ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
Response samlResp = protocolFactory.createResponse();
samlResp.setAssertion(returnAssertions);
samlResp.setID(SAML2Utils.generateID());
samlResp.setInResponseTo(assertionIDRequest.getID());
samlResp.setVersion(SAML2Constants.VERSION_2_0);
samlResp.setIssueInstant(new Date());
Status status = protocolFactory.createStatus();
StatusCode statusCode = protocolFactory.createStatusCode();
statusCode.setValue(SAML2Constants.SUCCESS);
status.setStatusCode(statusCode);
samlResp.setStatus(status);
Issuer respIssuer = AssertionFactory.getInstance().createIssuer();
respIssuer.setValue(samlAuthorityEntityID);
samlResp.setIssuer(respIssuer);
signResponse(samlResp, samlAuthorityEntityID, role, realm, false);
return samlResp;
}
use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.
the class AssertionIDRequestUtil method processAssertionIDRequestURI.
/**
* Gets assertion ID from URI and returns assertion if found.
*
* @param request the <code>HttpServletRequest</code> object
* @param response the <code>HttpServletResponse</code> object
* @param samlAuthorityEntityID entity ID of SAML authority
* @param role SAML authority role
* @param realm the realm of hosted entity
*
* @exception IOException if response can't be sent
*/
public static void processAssertionIDRequestURI(HttpServletRequest request, HttpServletResponse response, String samlAuthorityEntityID, String role, String realm) throws IOException {
String assertionID = request.getParameter("ID");
if (assertionID == null) {
SAMLUtils.sendError(request, response, HttpServletResponse.SC_BAD_REQUEST, "nullAssertionID", SAML2Utils.bundle.getString("nullAssertionID"));
return;
}
AssertionIDRequestMapper aidReqMapper = null;
try {
aidReqMapper = getAssertionIDRequestMapper(realm, samlAuthorityEntityID, role);
} catch (SAML2Exception ex) {
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "failedToGetAssertionIDRequestMapper", ex.getMessage());
return;
}
try {
aidReqMapper.authenticateRequesterURI(request, response, samlAuthorityEntityID, role, realm);
} catch (SAML2Exception ex) {
SAMLUtils.sendError(request, response, HttpServletResponse.SC_FORBIDDEN, "failedToAuthenticateRequesterURI", ex.getMessage());
return;
}
Assertion assertion = (Assertion) IDPCache.assertionByIDCache.get(assertionID);
if ((assertion == null) || (!assertion.isTimeValid())) {
SAMLUtils.sendError(request, response, HttpServletResponse.SC_NOT_FOUND, "invalidAssertionID", SAML2Utils.bundle.getString("invalidAssertionID"));
return;
}
response.setContentType(MIME_TYPE_ASSERTION);
response.addHeader("Cache-Control", "no-cache, no-store");
response.addHeader("Pragma", "no-cache");
String content = null;
try {
content = assertion.toXMLString(true, true);
} catch (SAML2Exception ex) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AssertionIDRequestUtil." + "processAssertionIDRequestURI:", ex);
}
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "invalidAssertion", ex.getMessage());
return;
}
byte[] bytes = null;
try {
bytes = content.getBytes("UTF-8");
} catch (UnsupportedEncodingException ueex) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AssertionIDRequestUtil." + "processAssertionIDRequestURI:", ueex);
}
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "unsupportedEncoding", ueex.getMessage());
return;
}
response.setContentLength(bytes.length);
BufferedOutputStream bos = null;
try {
bos = new BufferedOutputStream(response.getOutputStream());
bos.write(bytes, 0, bytes.length);
} catch (IOException ioex) {
SAML2Utils.debug.error("AssertionIDRequestUtil." + "processAssertionIDRequestURI:", ioex);
} finally {
if (bos != null) {
try {
bos.close();
} catch (IOException ioex) {
SAML2Utils.debug.error("AssertionIDRequestUtil." + "processAssertionIDRequestURI:", ioex);
}
}
}
}
Aggregations