Example 6 with AttributeStatement
use of com.sun.identity.saml2.assertion.AttributeStatement in project OpenAM by OpenRock.
the class DefaultAttributeStatementsProviderTest method testAttributeSettings.
@Test
public void testAttributeSettings() throws TokenCreationException {
DefaultAttributeStatementsProvider defaultProvider = new DefaultAttributeStatementsProvider();
List<AttributeStatement> statements = defaultProvider.get(mockToken, saml2Config, mockAttributeMapper);
AttributeStatement statement = statements.get(0);
Attribute attr = (Attribute) statement.getAttribute().get(0);
assertTrue(ATTRIBUTE_VALUE.equals(attr.getAttributeValue().get(0)));
}
Also used :
Attribute(com.sun.identity.saml2.assertion.Attribute)
AttributeStatement(com.sun.identity.saml2.assertion.AttributeStatement)
Test(org.testng.annotations.Test)
BeforeTest(org.testng.annotations.BeforeTest)
Example 7 with AttributeStatement
use of com.sun.identity.saml2.assertion.AttributeStatement in project OpenAM by OpenRock.
the class SAML2TokenGenerationImpl method encryptAttributeStatement.
@SuppressWarnings("unchecked")
private void encryptAttributeStatement(Assertion assertion, SAML2Config saml2Config, STSInstanceState stsInstanceState) throws TokenCreationException {
final PublicKey keyEncryptionKey = stsInstanceState.getSAML2CryptoProvider().getSPX509Certificate(saml2Config.getEncryptionKeyAlias()).getPublicKey();
final String encryptionAlgorithm = saml2Config.getEncryptionAlgorithm();
final int algorithmStrength = saml2Config.getEncryptionAlgorithmStrength();
final String spEntityID = saml2Config.getSpEntityId();
try {
List<AttributeStatement> originalAttributeStatements = assertion.getAttributeStatements();
if ((originalAttributeStatements != null) && (originalAttributeStatements.size() > 0)) {
List<AttributeStatement> encryptedAttributeStatements = new ArrayList<>(originalAttributeStatements.size());
for (AttributeStatement originalStatement : originalAttributeStatements) {
List<Attribute> originalAttributes = originalStatement.getAttribute();
if ((originalAttributes == null) || (originalAttributes.size() == 0)) {
continue;
}
List<EncryptedAttribute> encryptedAttributes = new ArrayList<>(originalAttributes.size());
for (Attribute originalAttribute : originalAttributes) {
EncryptedAttribute encryptedAttribute = originalAttribute.encrypt(keyEncryptionKey, encryptionAlgorithm, algorithmStrength, spEntityID);
if (encryptedAttribute == null) {
throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "In SAML2TokenGenerationImpl, " + "attribute encryption invocation returned null.");
}
encryptedAttributes.add(encryptedAttribute);
}
originalStatement.setEncryptedAttribute(encryptedAttributes);
originalStatement.setAttribute(Collections.EMPTY_LIST);
encryptedAttributeStatements.add(originalStatement);
}
assertion.setAttributeStatements(encryptedAttributeStatements);
}
} catch (SAML2Exception e) {
throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "In SAML2TokenGenerationImpl, exception " + "caught encrypting assertion attributes: " + e, e);
}
}
Also used :
EncryptedAttribute(com.sun.identity.saml2.assertion.EncryptedAttribute)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Attribute(com.sun.identity.saml2.assertion.Attribute)
EncryptedAttribute(com.sun.identity.saml2.assertion.EncryptedAttribute)
PublicKey(java.security.PublicKey)
AttributeStatement(com.sun.identity.saml2.assertion.AttributeStatement)
ArrayList(java.util.ArrayList)
TokenCreationException(org.forgerock.openam.sts.TokenCreationException)
Example 8 with AttributeStatement
use of com.sun.identity.saml2.assertion.AttributeStatement in project OpenAM by OpenRock.
the class DefaultAttributeStatementsProvider method get.
/**
* @see org.forgerock.openam.sts.tokengeneration.saml2.statements.AttributeStatementsProvider#get(com.iplanet.sso.SSOToken,
* org.forgerock.openam.sts.config.user.SAML2Config, AttributeMapper)
*
*/
public List<AttributeStatement> get(SSOToken ssoToken, SAML2Config saml2Config, AttributeMapper mapper) throws TokenCreationException {
AttributeStatement attributeStatement = AssertionFactory.getInstance().createAttributeStatement();
try {
List<Attribute> attributeList = mapper.getAttributes(ssoToken, saml2Config.getAttributeMap());
if ((attributeList == null) || attributeList.isEmpty()) {
return Collections.emptyList();
} else {
attributeStatement.setAttribute(attributeList);
}
} catch (SAML2Exception e) {
throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught setting attributes in DefaultAttributeStatementsProvider: " + e, e);
}
List<AttributeStatement> attributeStatements = new ArrayList<AttributeStatement>(1);
attributeStatements.add(attributeStatement);
return attributeStatements;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Attribute(com.sun.identity.saml2.assertion.Attribute)
AttributeStatement(com.sun.identity.saml2.assertion.AttributeStatement)
ArrayList(java.util.ArrayList)
TokenCreationException(org.forgerock.openam.sts.TokenCreationException)
Example 9 with AttributeStatement
use of com.sun.identity.saml2.assertion.AttributeStatement in project OpenAM by OpenRock.
the class AssertionImpl method makeImmutable.
/**
* Makes the object immutable
*/
@Override
public void makeImmutable() {
if (isMutable) {
if (authnStatements != null) {
int length = authnStatements.size();
for (int i = 0; i < length; i++) {
AuthnStatement authn = (AuthnStatement) authnStatements.get(i);
authn.makeImmutable();
}
authnStatements = Collections.unmodifiableList(authnStatements);
}
if (authzDecisionStatements != null) {
int length = authzDecisionStatements.size();
for (int i = 0; i < length; i++) {
AuthzDecisionStatement authz = (AuthzDecisionStatement) authzDecisionStatements.get(i);
authz.makeImmutable();
}
authzDecisionStatements = Collections.unmodifiableList(authzDecisionStatements);
}
if (attributeStatements != null) {
int length = attributeStatements.size();
for (int i = 0; i < length; i++) {
AttributeStatement attr = (AttributeStatement) attributeStatements.get(i);
attr.makeImmutable();
}
attributeStatements = Collections.unmodifiableList(attributeStatements);
}
if (statements != null) {
statements = Collections.unmodifiableList(statements);
}
if (conditions != null) {
conditions.makeImmutable();
}
if (issuer != null) {
issuer.makeImmutable();
}
if (subject != null) {
subject.makeImmutable();
}
if (advice != null) {
advice.makeImmutable();
}
isMutable = false;
}
}
Also used :
AttributeStatement(com.sun.identity.saml2.assertion.AttributeStatement)
AuthzDecisionStatement(com.sun.identity.saml2.assertion.AuthzDecisionStatement)
AuthnStatement(com.sun.identity.saml2.assertion.AuthnStatement)
Example 10 with AttributeStatement
use of com.sun.identity.saml2.assertion.AttributeStatement in project OpenAM by OpenRock.
the class AttributeStatementImpl method parseElement.
// used by the constructors.
private void parseElement(Element element) throws SAML2Exception {
// make sure that the input xml block is not null
if (element == null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("AttributeStatementImpl." + "parseElement: Input is null.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
}
// Make sure this is an AttributeStatement.
if (!SAML2SDKUtils.checkStatement(element, "AttributeStatement")) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("AttributeStatementImpl." + "parseElement: not AttributeStatement.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("wrongInput"));
}
// handle the sub elementsof the AuthnStatment
NodeList nl = element.getChildNodes();
Node child;
String childName;
int length = nl.getLength();
for (int i = 0; i < length; i++) {
child = nl.item(i);
if ((childName = child.getLocalName()) != null) {
if (childName.equals("Attribute")) {
Attribute attr = AssertionFactory.getInstance().createAttribute((Element) child);
if (attrs == null) {
attrs = new ArrayList();
}
attrs.add(attr);
} else if (childName.equals("EncryptedAttribute")) {
EncryptedAttribute encAttr = AssertionFactory.getInstance().createEncryptedAttribute((Element) child);
if (encAttrs == null) {
encAttrs = new ArrayList();
}
encAttrs.add(encAttr);
} else {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("AttributeStatementImpl." + "parse Element: Invalid element:" + childName);
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalidElement"));
}
}
}
validateData();
if (attrs != null) {
attrs = Collections.unmodifiableList(attrs);
}
if (encAttrs != null) {
encAttrs = Collections.unmodifiableList(encAttrs);
}
mutable = false;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
EncryptedAttribute(com.sun.identity.saml2.assertion.EncryptedAttribute)
Attribute(com.sun.identity.saml2.assertion.Attribute)
EncryptedAttribute(com.sun.identity.saml2.assertion.EncryptedAttribute)
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
Aggregations
AttributeStatement (com.sun.identity.saml2.assertion.AttributeStatement)12
Attribute (com.sun.identity.saml2.assertion.Attribute)8
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)8
ArrayList (java.util.ArrayList)8
EncryptedAttribute (com.sun.identity.saml2.assertion.EncryptedAttribute)5
Assertion (com.sun.identity.saml2.assertion.Assertion)4
EncryptedAssertion (com.sun.identity.saml2.assertion.EncryptedAssertion)4
Subject (com.sun.identity.saml2.assertion.Subject)4
List (java.util.List)4
AuthnStatement (com.sun.identity.saml2.assertion.AuthnStatement)3
Conditions (com.sun.identity.saml2.assertion.Conditions)3
Issuer (com.sun.identity.saml2.assertion.Issuer)3
Date (java.util.Date)3
HashSet (java.util.HashSet)3
AuthzDecisionStatement (com.sun.identity.saml2.assertion.AuthzDecisionStatement)2
HashMap (java.util.HashMap)2
Set (java.util.Set)2
TokenCreationException (org.forgerock.openam.sts.TokenCreationException)2
DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)1
SessionException (com.sun.identity.plugin.session.SessionException)1
