Search in sources :

Example 16 with EncryptedID

use of com.sun.identity.saml2.assertion.EncryptedID in project OpenAM by OpenRock.

the class LogoutRequestImpl method toXMLString.

/**
     * Returns the <code>LogoutRequest</code> in an XML document String format
     * based on the <code>LogoutRequest</code> schema described above.
     *
     * @param includeNSPrefix Determines whether or not the namespace qualifier
     *        is prepended to the Element when converted
     * @param declareNS Determines whether or not the namespace is declared
     *        within the Element.
     * @return A XML String representing the <code>LogoutRequest</code>.
     * @throws SAML2Exception if some error occurs during conversion to
     *         <code>String</code>.
     */
public String toXMLString(boolean includeNSPrefix, boolean declareNS) throws SAML2Exception {
    if (isSigned && signedXMLString != null) {
        return signedXMLString;
    }
    validateData();
    StringBuffer xmlString = new StringBuffer(1000);
    xmlString.append(SAML2Constants.START_TAG);
    if (includeNSPrefix) {
        xmlString.append(SAML2Constants.PROTOCOL_PREFIX);
    }
    xmlString.append(SAML2Constants.LOGOUT_REQUEST).append(SAML2Constants.SPACE);
    if (declareNS) {
        xmlString.append(SAML2Constants.PROTOCOL_DECLARE_STR).append(SAML2Constants.SPACE);
    }
    xmlString.append(SAML2Constants.ID).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(requestId).append(SAML2Constants.QUOTE).append(SAML2Constants.SPACE).append(SAML2Constants.VERSION).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(version).append(SAML2Constants.QUOTE).append(SAML2Constants.SPACE).append(SAML2Constants.ISSUE_INSTANT).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(DateUtils.toUTCDateFormat(issueInstant)).append(SAML2Constants.QUOTE);
    if ((destinationURI != null) && (destinationURI.length() > 0)) {
        xmlString.append(SAML2Constants.SPACE).append(SAML2Constants.DESTINATION).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(destinationURI).append(SAML2Constants.QUOTE);
    }
    if ((consent != null) && (consent.length() > 0)) {
        xmlString.append(SAML2Constants.SPACE).append(SAML2Constants.CONSENT).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(consent).append(SAML2Constants.QUOTE);
    }
    if (notOnOrAfter != null) {
        xmlString.append(SAML2Constants.SPACE).append(SAML2Constants.NOTONORAFTER).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(DateUtils.toUTCDateFormat(notOnOrAfter)).append(SAML2Constants.QUOTE);
    }
    if ((reason != null) && (reason.length() > 0)) {
        xmlString.append(SAML2Constants.SPACE).append(SAML2Constants.REASON).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(reason).append(SAML2Constants.QUOTE);
    }
    xmlString.append(SAML2Constants.END_TAG);
    if (nameID != null) {
        String issuerString = nameID.toXMLString(includeNSPrefix, declareNS);
        xmlString.append(issuerString);
    }
    if ((signatureString != null) && (signatureString.length() > 0)) {
        xmlString.append(signatureString);
    }
    if (extensions != null) {
        xmlString.append(extensions.toXMLString(includeNSPrefix, declareNS));
    }
    if (baseId != null) {
        xmlString.append(baseId.toXMLString(includeNSPrefix, declareNS));
    }
    if (nameId != null) {
        xmlString.append(nameId.toXMLString(includeNSPrefix, declareNS));
    }
    if (encryptedId != null) {
        xmlString.append(encryptedId.toXMLString(includeNSPrefix, declareNS));
    }
    if (sessionIndexList != null && !sessionIndexList.isEmpty()) {
        Iterator sessionIterator = sessionIndexList.iterator();
        while (sessionIterator.hasNext()) {
            ProtocolFactory protoFactory = ProtocolFactory.getInstance();
            String sessionString = (String) sessionIterator.next();
            SessionIndex sIndex = protoFactory.createSessionIndex(sessionString);
            xmlString.append(sIndex.toXMLString(includeNSPrefix, declareNS));
        }
    }
    xmlString.append(SAML2Constants.SAML2_END_TAG).append(SAML2Constants.LOGOUT_REQUEST).append(SAML2Constants.END_TAG);
    return xmlString.toString();
}
Also used : ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory) SessionIndex(com.sun.identity.saml2.protocol.SessionIndex) Iterator(java.util.Iterator)

Example 17 with EncryptedID

use of com.sun.identity.saml2.assertion.EncryptedID in project OpenAM by OpenRock.

the class LogoutRequestImpl method parseElement.

/**
     * Parses the Docuemnt Element for this object.
     *
     * @param element the Document Element of this object.
     * @throws SAML2Exception if error parsing the Document Element.
     */
private void parseElement(Element element) throws SAML2Exception {
    AssertionFactory assertionFactory = AssertionFactory.getInstance();
    ProtocolFactory protoFactory = ProtocolFactory.getInstance();
    requestId = element.getAttribute(SAML2Constants.ID);
    validateID(requestId);
    version = element.getAttribute(SAML2Constants.VERSION);
    validateVersion(version);
    String issueInstantStr = element.getAttribute(SAML2Constants.ISSUE_INSTANT);
    validateIssueInstant(issueInstantStr);
    destinationURI = element.getAttribute(SAML2Constants.DESTINATION);
    consent = element.getAttribute(SAML2Constants.CONSENT);
    String notOnOrAfterStr = element.getAttribute(SAML2Constants.NOTONORAFTER);
    validateNotOnOrAfterStr(notOnOrAfterStr);
    reason = element.getAttribute(SAML2Constants.REASON);
    String sessionIndexStr = null;
    NodeList nList = element.getChildNodes();
    if ((nList != null) && (nList.getLength() > 0)) {
        for (int i = 0; i < nList.getLength(); i++) {
            Node childNode = nList.item(i);
            String cName = childNode.getLocalName();
            if (cName != null) {
                if (cName.equals(SAML2Constants.ISSUER)) {
                    nameID = assertionFactory.createIssuer((Element) childNode);
                } else if (cName.equals(SAML2Constants.SIGNATURE)) {
                    signatureString = XMLUtils.print((Element) childNode);
                    isSigned = true;
                } else if (cName.equals(SAML2Constants.EXTENSIONS)) {
                    extensions = protoFactory.createExtensions((Element) childNode);
                } else if (cName.equals(SAML2Constants.BASEID)) {
                    baseId = assertionFactory.createBaseID((Element) childNode);
                } else if (cName.equals(SAML2Constants.NAMEID)) {
                    nameId = assertionFactory.createNameID((Element) childNode);
                } else if (cName.equals(SAML2Constants.ENCRYPTEDID)) {
                    encryptedId = assertionFactory.createEncryptedID((Element) childNode);
                } else if (cName.equals(SAML2Constants.SESSION_INDEX)) {
                    if ((sessionIndexList == null) || (sessionIndexList.isEmpty())) {
                        sessionIndexList = new ArrayList();
                    }
                    sessionIndexStr = XMLUtils.getElementString((Element) childNode);
                    sessionIndexList.add(sessionIndexStr);
                }
            }
        }
        validateBaseIDorNameIDorEncryptedID();
        if ((sessionIndexList != null) && (!sessionIndexList.isEmpty())) {
            sessionIndexList = Collections.unmodifiableList(sessionIndexList);
        }
    }
}
Also used : ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory) AssertionFactory(com.sun.identity.saml2.assertion.AssertionFactory) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList)

Example 18 with EncryptedID

use of com.sun.identity.saml2.assertion.EncryptedID in project OpenAM by OpenRock.

the class ManageNameIDRequestImpl method parseElement.

private void parseElement(Element element) throws SAML2Exception {
    AssertionFactory assertionFactory = AssertionFactory.getInstance();
    ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
    // make sure that the input xml block is not null
    if (element == null) {
        if (SAML2SDKUtils.debug.messageEnabled()) {
            SAML2SDKUtils.debug.message("ManageNameIDRequestImpl.parseElement: " + "Input is null.");
        }
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
    }
    // Make sure this is an EncryptedAssertion.
    String tag = null;
    tag = element.getLocalName();
    if ((tag == null) || (!tag.equals(elementName))) {
        if (SAML2SDKUtils.debug.messageEnabled()) {
            SAML2SDKUtils.debug.message("ManageNameIDRequestImpl.parseElement:" + "not ManageNameIDRequest.");
        }
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("wrongInput"));
    }
    requestId = element.getAttribute("ID");
    validateID(requestId);
    version = element.getAttribute(SAML2Constants.VERSION);
    validateVersion(version);
    String issueInstantStr = element.getAttribute("IssueInstant");
    validateIssueInstant(issueInstantStr);
    destinationURI = element.getAttribute("Destination");
    consent = element.getAttribute("Consent");
    NodeList nList = element.getChildNodes();
    if ((nList != null) && (nList.getLength() > 0)) {
        for (int i = 0; i < nList.getLength(); i++) {
            Node childNode = nList.item(i);
            String cName = childNode.getLocalName();
            if (cName != null) {
                if (cName.equals("Issuer")) {
                    nameID = assertionFactory.createIssuer((Element) childNode);
                } else if (cName.equals("Signature")) {
                    signatureString = XMLUtils.getElementString((Element) childNode);
                    isSigned = true;
                } else if (cName.equals("Extensions")) {
                    extensions = protocolFactory.createExtensions((Element) childNode);
                } else if (cName.equals("NameID")) {
                    nameid = assertionFactory.createNameID((Element) childNode);
                } else if (cName.equals("EncryptedID")) {
                    encryptedID = assertionFactory.createEncryptedID((Element) childNode);
                } else if (cName.equals("NewID")) {
                    newID = protocolFactory.createNewID((Element) childNode);
                } else if (cName.equals("NewEncryptedID")) {
                    newEncryptedID = protocolFactory.createNewEncryptedID((Element) childNode);
                } else if (cName.equals("Terminate")) {
                    terminate = true;
                }
            }
        }
    }
}
Also used : ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) AssertionFactory(com.sun.identity.saml2.assertion.AssertionFactory) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) Element(org.w3c.dom.Element)

Example 19 with EncryptedID

use of com.sun.identity.saml2.assertion.EncryptedID in project OpenAM by OpenRock.

the class NameIDMappingResponseImpl method parseElement.

private void parseElement(Element element) throws SAML2Exception {
    AssertionFactory af = AssertionFactory.getInstance();
    ProtocolFactory pf = ProtocolFactory.getInstance();
    // make sure that the input xml block is not null
    if (element == null) {
        if (SAML2SDKUtils.debug.messageEnabled()) {
            SAML2SDKUtils.debug.message("NameIDMappingResponseImpl.parseElement: Input is null.");
        }
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
    }
    // Make sure this is an EncryptedAssertion.
    String tag = null;
    tag = element.getLocalName();
    if ((tag == null) || (!tag.equals(elementName))) {
        if (SAML2SDKUtils.debug.messageEnabled()) {
            SAML2SDKUtils.debug.message("NameIDMappingResponseImpl.parseElement: " + "not ManageNameIDResponse.");
        }
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("wrongInput"));
    }
    responseId = element.getAttribute("ID");
    validateID(responseId);
    version = element.getAttribute("Version");
    validateVersion(version);
    String issueInstantStr = element.getAttribute("IssueInstant");
    validateIssueInstant(issueInstantStr);
    destination = element.getAttribute("Destination");
    consent = element.getAttribute("Consent");
    inResponseTo = element.getAttribute("InResponseTo");
    NodeList nList = element.getChildNodes();
    if ((nList != null) && (nList.getLength() > 0)) {
        for (int i = 0; i < nList.getLength(); i++) {
            Node childNode = nList.item(i);
            String cName = childNode.getLocalName();
            if (cName != null) {
                if (cName.equals("Issuer")) {
                    issuer = af.createIssuer((Element) childNode);
                } else if (cName.equals("Signature")) {
                    signatureString = XMLUtils.getElementString((Element) childNode);
                    isSigned = true;
                } else if (cName.equals("Extensions")) {
                    extensions = pf.createExtensions((Element) childNode);
                } else if (cName.equals("NameID")) {
                    nameID = af.createNameID((Element) childNode);
                } else if (cName.equals("EncryptedID")) {
                    encryptedID = af.createEncryptedID((Element) childNode);
                } else if (cName.equals("Status")) {
                    status = pf.createStatus((Element) childNode);
                }
            }
        }
    }
}
Also used : ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) AssertionFactory(com.sun.identity.saml2.assertion.AssertionFactory) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) Element(org.w3c.dom.Element)

Example 20 with EncryptedID

use of com.sun.identity.saml2.assertion.EncryptedID in project OpenAM by OpenRock.

the class DefaultAccountMapper method getIdentity.

/**
     * Returns the user's disntinguished name or the universal ID for the 
     * corresponding  <code>SAML</code> <code>ManageNameIDRequest</code>.
     * This method will be invoked by the <code>SAML</code> framework for
     * retrieving the user identity while processing the
     * <code>ManageIDRequest</code>. 
     * @param manageNameIDRequest <code>SAML</code> 
     *     <code>ManageNameIDRequest</code> that needs to be mapped to the user.
     * @param hostEntityID <code>EntityID</code> of the hosted provider.
     * @param realm realm or the organization name that may be used to find
     *        the user information.
     * @return user's disntinguished name or the universal ID.
     * @exception SAML2Exception if any failure.
     */
public String getIdentity(ManageNameIDRequest manageNameIDRequest, String hostEntityID, String realm) throws SAML2Exception {
    if (manageNameIDRequest == null) {
        throw new SAML2Exception(bundle.getString("nullManageIDRequest"));
    }
    if (hostEntityID == null) {
        throw new SAML2Exception(bundle.getString("nullHostEntityID"));
    }
    if (realm == null) {
        throw new SAML2Exception(bundle.getString("nullRealm"));
    }
    NameID nameID = null;
    EncryptedID encryptedID = manageNameIDRequest.getEncryptedID();
    if (encryptedID != null) {
        try {
            final Set<PrivateKey> decryptionKeys = KeyUtil.getDecryptionKeys(getSSOConfig(realm, hostEntityID));
            nameID = encryptedID.decrypt(decryptionKeys);
        } catch (SAML2MetaException sme) {
            debug.error("Unable to retrieve SAML entity config for entity: " + hostEntityID, sme);
        }
    } else {
        nameID = manageNameIDRequest.getNameID();
    }
    String remoteEntityID = manageNameIDRequest.getIssuer().getValue();
    if (debug.messageEnabled()) {
        debug.message("DefaultAccountMapper.getIdentity(ManageNameIDReq)" + " realm = " + realm + " hostEntityID = " + hostEntityID);
    }
    try {
        return dsProvider.getUserID(realm, SAML2Utils.getNameIDKeyMap(nameID, hostEntityID, remoteEntityID, realm, role));
    } catch (DataStoreProviderException dse) {
        debug.error("DefaultAccountMapper.getIdentity(MNIRequest,):" + " DataStoreProviderException", dse);
        throw new SAML2Exception(dse.getMessage());
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) PrivateKey(java.security.PrivateKey) NameID(com.sun.identity.saml2.assertion.NameID) EncryptedID(com.sun.identity.saml2.assertion.EncryptedID) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Aggregations

EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)19 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)19 NameID (com.sun.identity.saml2.assertion.NameID)13 ArrayList (java.util.ArrayList)7 Element (org.w3c.dom.Element)7 Subject (com.sun.identity.saml2.assertion.Subject)6 EncInfo (com.sun.identity.saml2.key.EncInfo)6 List (java.util.List)6 DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)5 AssertionFactory (com.sun.identity.saml2.assertion.AssertionFactory)5 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)5 ProtocolFactory (com.sun.identity.saml2.protocol.ProtocolFactory)5 Node (org.w3c.dom.Node)5 NodeList (org.w3c.dom.NodeList)5 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)4 NewEncryptedID (com.sun.identity.saml2.protocol.NewEncryptedID)4 PrivateKey (java.security.PrivateKey)4 Assertion (com.sun.identity.saml2.assertion.Assertion)3 IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)3 SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)3