Examples with Issuer com.sun.identity.saml2.assertion.Issuer used on opensource projects

Example 46 with Issuer

use of com.sun.identity.saml2.assertion.Issuer in project OpenAM by OpenRock.

the class AssertionGen method getResponse.

/**
 *Generate SAML response and return the xml string
 *
 */
public String getResponse(String[] attrName, String[] attrValue) {
    try {
        Response res = ProtocolFactory.getInstance().createResponse();
        List assertionList = new ArrayList();
        Status status = ProtocolFactory.getInstance().createStatus();
        StatusCode scode = ProtocolFactory.getInstance().createStatusCode();
        MetaDataParser lparser = new MetaDataParser();
        String IDPEntityID = lparser.getIDPEntityID();
        String SPEntityID = lparser.getSPEntityID();
        Assertion assertion = getAssertion(attrName, attrValue);
        assertionList.add(assertion);
        res.setAssertion(assertionList);
        res.setID(SAML2Utils.generateID());
        res.setVersion(SAML2Constants.VERSION_2_0);
        res.setIssueInstant(new Date());
        scode.setValue(SAML2Constants.SUCCESS);
        status.setStatusCode(scode);
        res.setStatus(status);
        Issuer issuer = AssertionFactory.getInstance().createIssuer();
        issuer.setValue(IDPEntityID);
        res.setIssuer(issuer);
        res.setDestination(SPEntityID);
        return res.toXMLString(true, true);
    } catch (SAML2Exception ex) {
        Logger.getLogger(AssertionGen.class.getName()).log(Level.SEVERE, null, ex);
    }
    return null;
}

Example 47 with Issuer

use of com.sun.identity.saml2.assertion.Issuer in project OpenAM by OpenRock.

the class AssertionImpl method toXMLString.

/**
    * Returns a String representation
    * @param includeNSPrefix Determines whether or not the namespace
    *        qualifier is prepended to the Element when converted
    * @param declareNS Determines whether or not the namespace is declared
    *        within the Element.
    * @return A String representation
    * @exception SAML2Exception if something is wrong during conversion
    */
@Override
public String toXMLString(boolean includeNSPrefix, boolean declareNS) throws SAML2Exception {
    if ((signature != null) && (signedXMLString != null)) {
        return signedXMLString;
    }
    StringBuffer sb = new StringBuffer(2000);
    String NS = "";
    String appendNS = "";
    if (declareNS) {
        NS = SAML2Constants.ASSERTION_DECLARE_STR;
    }
    if (includeNSPrefix) {
        appendNS = SAML2Constants.ASSERTION_PREFIX;
    }
    sb.append("<").append(appendNS).append(ASSERTION_ELEMENT).append(NS);
    if ((version == null) || (version.length() == 0)) {
        SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): version missing");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_assertion_version"));
    }
    sb.append(" ").append(ASSERTION_VERSION_ATTR).append("=\"").append(version).append("\"");
    if ((id == null) || (id.length() == 0)) {
        SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): assertion id missing");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_assertion_id"));
    }
    sb.append(" ").append(ASSERTION_ID_ATTR).append("=\"").append(id).append("\"");
    if (issueInstant == null) {
        SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): issue instant missing");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_issue_instant"));
    }
    String instantStr = DateUtils.toUTCDateFormat(issueInstant);
    sb.append(" ").append(ASSERTION_ISSUEINSTANT_ATTR).append("=\"").append(instantStr).append("\"").append(">\n");
    if (issuer == null) {
        SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): issuer missing");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_subelement_issuer"));
    }
    sb.append(issuer.toXMLString(includeNSPrefix, false));
    if (signature != null) {
        sb.append(signature);
    }
    if (subject != null) {
        sb.append(subject.toXMLString(includeNSPrefix, false));
    }
    if (conditions != null) {
        sb.append(conditions.toXMLString(includeNSPrefix, false));
    }
    if (advice != null) {
        sb.append(advice.toXMLString(includeNSPrefix, false));
    }
    int length = 0;
    if (statements != null) {
        length = statements.size();
        for (int i = 0; i < length; i++) {
            String str = (String) statements.get(i);
            sb.append(str);
        }
    }
    if (authnStatements != null) {
        length = authnStatements.size();
        for (int i = 0; i < length; i++) {
            AuthnStatement st = (AuthnStatement) authnStatements.get(i);
            sb.append(st.toXMLString(includeNSPrefix, false));
        }
    }
    if (authzDecisionStatements != null) {
        length = authzDecisionStatements.size();
        for (int i = 0; i < length; i++) {
            AuthzDecisionStatement st = (AuthzDecisionStatement) authzDecisionStatements.get(i);
            sb.append(st.toXMLString(includeNSPrefix, false));
        }
    }
    if (attributeStatements != null) {
        length = attributeStatements.size();
        for (int i = 0; i < length; i++) {
            AttributeStatement st = (AttributeStatement) attributeStatements.get(i);
            sb.append(st.toXMLString(includeNSPrefix, false));
        }
    }
    sb.append("</").append(appendNS).append(ASSERTION_ELEMENT).append(">\n");
    //return SAML2Utils.removeNewLineChars(sb.toString());
    return sb.toString();
}

Example 48 with Issuer

use of com.sun.identity.saml2.assertion.Issuer in project OpenAM by OpenRock.

the class AssertionIDRequestUtil method verifyAssertionIDRequest.

private static void verifyAssertionIDRequest(AssertionIDRequest assertionIDRequest, String samlAuthorityEntityID, String role, String realm) throws SAML2Exception {
    Issuer issuer = assertionIDRequest.getIssuer();
    String requestedEntityID = issuer.getValue();
    if (!SAML2Utils.isSourceSiteValid(issuer, realm, samlAuthorityEntityID)) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("assertionIDRequestIssuerInvalid"));
    }
    SPSSODescriptorElement spSSODesc = metaManager.getSPSSODescriptor(realm, requestedEntityID);
    if (spSSODesc == null) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("assertionIDRequestIssuerNotFound"));
    }
    Set<X509Certificate> verificationCerts = KeyUtil.getVerificationCerts(spSSODesc, requestedEntityID, SAML2Constants.SP_ROLE);
    if (!verificationCerts.isEmpty()) {
        boolean valid = assertionIDRequest.isSignatureValid(verificationCerts);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AssertionIDRequestUtil.verifyAssertionIDRequest: " + "Signature validity is : " + valid);
        }
        if (!valid) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignatureAssertionIDRequest"));
        }
    } else {
        throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
    }
}

Example 49 with Issuer

use of com.sun.identity.saml2.assertion.Issuer in project OpenAM by OpenRock.

the class AssertionIDRequestUtil method processAssertionIDRequest.

/**
     * This method processes the <code>AssertionIDRequest</code> coming
     * from a requester.
     *
     * @param assertionIDRequest the <code>AssertionIDRequest</code> object
     * @param request the <code>HttpServletRequest</code> object
     * @param response the <code>HttpServletResponse</code> object
     * @param samlAuthorityEntityID entity ID of SAML authority
     * @param role the role of SAML authority
     * @param realm the realm of SAML authority
     * @return the <code>Response</code> object
     * @exception SAML2Exception if the operation is not successful
     */
public static Response processAssertionIDRequest(AssertionIDRequest assertionIDRequest, HttpServletRequest request, HttpServletResponse response, String samlAuthorityEntityID, String role, String realm) throws SAML2Exception {
    try {
        verifyAssertionIDRequest(assertionIDRequest, samlAuthorityEntityID, role, realm);
    } catch (SAML2Exception se) {
        SAML2Utils.debug.error("AssertionIDRequestUtil." + "processAssertionIDRequest:", se);
        return SAML2Utils.getErrorResponse(assertionIDRequest, SAML2Constants.REQUESTER, null, se.getMessage(), samlAuthorityEntityID);
    }
    Issuer issuer = assertionIDRequest.getIssuer();
    String spEntityID = issuer.getValue();
    RoleDescriptorType roled = null;
    try {
        if (SAML2Constants.IDP_ROLE.equals(role)) {
            roled = metaManager.getIDPSSODescriptor(realm, samlAuthorityEntityID);
        } else if (SAML2Constants.AUTHN_AUTH_ROLE.equals(role)) {
            roled = metaManager.getAuthnAuthorityDescriptor(realm, samlAuthorityEntityID);
        } else if (SAML2Constants.ATTR_AUTH_ROLE.equals(role)) {
            roled = metaManager.getAttributeAuthorityDescriptor(realm, samlAuthorityEntityID);
        }
    } catch (SAML2MetaException sme) {
        SAML2Utils.debug.error("AssertionIDRequestUtil." + "processAssertionIDRequest:", sme);
        return SAML2Utils.getErrorResponse(assertionIDRequest, SAML2Constants.RESPONDER, null, sme.getMessage(), samlAuthorityEntityID);
    }
    if (roled == null) {
        return SAML2Utils.getErrorResponse(assertionIDRequest, SAML2Constants.REQUESTER, null, SAML2Utils.bundle.getString("samlAuthorityNotFound"), samlAuthorityEntityID);
    }
    List returnAssertions = null;
    List assertionIDRefs = assertionIDRequest.getAssertionIDRefs();
    for (Iterator iter = assertionIDRefs.iterator(); iter.hasNext(); ) {
        AssertionIDRef assertionIDRef = (AssertionIDRef) iter.next();
        String assertionID = assertionIDRef.getValue();
        Assertion assertion = (Assertion) IDPCache.assertionByIDCache.get(assertionID);
        if ((assertion == null) && (SAML2FailoverUtils.isSAML2FailoverEnabled())) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("AssertionIDRequestUtil.processAssertionIDRequest: " + "reading assertion from the SAML2 Token Repository using assertionID:" + assertionID);
            }
            String assertionStr = null;
            try {
                assertionStr = (String) SAML2FailoverUtils.retrieveSAML2Token(assertionID);
            } catch (SAML2TokenRepositoryException se) {
                SAML2Utils.debug.error("AssertionIDRequestUtil.processAssertionIDRequest: " + "There was a problem reading assertion from the SAML2 Token Repository using assertionID:" + assertionID, se);
            }
            if (assertionStr != null) {
                assertion = AssertionFactory.getInstance().createAssertion(assertionStr);
            }
        }
        if ((assertion != null) && (assertion.isTimeValid())) {
            if (returnAssertions == null) {
                returnAssertions = new ArrayList();
            }
            returnAssertions.add(assertion);
        }
    }
    ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
    Response samlResp = protocolFactory.createResponse();
    samlResp.setAssertion(returnAssertions);
    samlResp.setID(SAML2Utils.generateID());
    samlResp.setInResponseTo(assertionIDRequest.getID());
    samlResp.setVersion(SAML2Constants.VERSION_2_0);
    samlResp.setIssueInstant(new Date());
    Status status = protocolFactory.createStatus();
    StatusCode statusCode = protocolFactory.createStatusCode();
    statusCode.setValue(SAML2Constants.SUCCESS);
    status.setStatusCode(statusCode);
    samlResp.setStatus(status);
    Issuer respIssuer = AssertionFactory.getInstance().createIssuer();
    respIssuer.setValue(samlAuthorityEntityID);
    samlResp.setIssuer(respIssuer);
    signResponse(samlResp, samlAuthorityEntityID, role, realm, false);
    return samlResp;
}

Example 50 with Issuer

use of com.sun.identity.saml2.assertion.Issuer in project OpenAM by OpenRock.

the class AssertionIDRequestUtil method verifyResponse.

private static void verifyResponse(Response response, AssertionIDRequest assertionIDRequest, String samlAuthorityEntityID, String role, RoleDescriptorType roled) throws SAML2Exception {
    String aIDReqID = assertionIDRequest.getID();
    if ((aIDReqID != null) && (!aIDReqID.equals(response.getInResponseTo()))) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("invalidInResponseToAssertionIDRequest"));
    }
    Issuer respIssuer = response.getIssuer();
    if (respIssuer == null) {
        return;
    }
    if (!samlAuthorityEntityID.equals(respIssuer.getValue())) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("responseIssuerMismatch"));
    }
    Set<X509Certificate> signingCerts = KeyUtil.getVerificationCerts(roled, samlAuthorityEntityID, role);
    if (!signingCerts.isEmpty()) {
        boolean valid = response.isSignatureValid(signingCerts);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AssertionIDRequestUtil .verifyResponse: " + "Signature validity is : " + valid);
        }
        if (!valid) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignatureOnResponse"));
        }
    } else {
        throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
    }
}