use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class ArtifactResolveImpl method parseElement.
private void parseElement(Element element) throws SAML2Exception {
// make sure that the input xml block is not null
if (element == null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ArtifactResolveImpl.parseElement: " + "element input is null.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
}
// Make sure this is an ArtifactResolve.
String tag = null;
tag = element.getLocalName();
if ((tag == null) || (!tag.equals("ArtifactResolve"))) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ArtifactResolveImpl.parseElement: " + "not ArtifactResolve.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("wrongInput"));
}
// handle the attributes of <ArtifactResolve> element
NamedNodeMap atts = ((Node) element).getAttributes();
if (atts != null) {
int length = atts.getLength();
for (int i = 0; i < length; i++) {
Attr attr = (Attr) atts.item(i);
String attrName = attr.getName();
String attrValue = attr.getValue().trim();
if (attrName.equals("ID")) {
requestId = attrValue;
} else if (attrName.equals("Version")) {
version = attrValue;
} else if (attrName.equals("IssueInstant")) {
try {
issueInstant = DateUtils.stringToDate(attrValue);
} catch (ParseException pe) {
throw new SAML2Exception(pe.getMessage());
}
} else if (attrName.equals("Destination")) {
destinationURI = attrValue;
} else if (attrName.equals("Consent")) {
consent = attrValue;
}
}
}
// handle child elements
NodeList nl = element.getChildNodes();
Node child;
String childName;
int length = nl.getLength();
for (int i = 0; i < length; i++) {
child = nl.item(i);
if ((childName = child.getLocalName()) != null) {
if (childName.equals("Issuer")) {
if (nameID != null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ArtifactResolveImpl.parse" + "Element: included more than one Issuer.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("moreElement"));
}
if (signatureString != null || extensions != null || artifact != null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ArtifactResolveImpl.parse" + "Element:wrong sequence.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("schemaViolation"));
}
nameID = AssertionFactory.getInstance().createIssuer((Element) child);
} else if (childName.equals("Signature")) {
if (signatureString != null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ArtifactResolveImpl.parse" + "Element:included more than one Signature.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("moreElement"));
}
if (extensions != null || artifact != null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ArtifactResolveImpl.parse" + "Element:wrong sequence.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("schemaViolation"));
}
signatureString = XMLUtils.print((Element) child);
isSigned = true;
} else if (childName.equals("Extensions")) {
if (extensions != null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ArtifactResolveImpl.parse" + "Element:included more than one Extensions.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("moreElement"));
}
if (artifact != null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ArtifactResolveImpl.parse" + "Element:wrong sequence.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("schemaViolation"));
}
extensions = ProtocolFactory.getInstance().createExtensions((Element) child);
} else if (childName.equals("Artifact")) {
if (artifact != null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ArtifactResolveImpl.parse" + "Element: included more than one Artifact.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("moreElement"));
}
artifact = ProtocolFactory.getInstance().createArtifact((Element) child);
} else {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ArtifactResolveImpl.parse" + "Element: Invalid element:" + childName);
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalidElement"));
}
}
}
validateData();
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class SPACSUtils method writeFedData.
private static void writeFedData(NameID nameId, String spEntityId, String realm, SAML2MetaManager metaManager, String idpEntityId, String userName, String storageKey) throws SAML2Exception {
final NameIDInfo info;
final String affiID = nameId.getSPNameQualifier();
boolean isDualRole = SAML2Utils.isDualRole(spEntityId, realm);
AffiliationDescriptorType affiDesc = null;
if (affiID != null && !affiID.isEmpty()) {
affiDesc = metaManager.getAffiliationDescriptor(realm, affiID);
}
if (affiDesc != null) {
if (!affiDesc.getAffiliateMember().contains(spEntityId)) {
throw new SAML2Exception("Unable to locate SP Entity ID in the affiliate descriptor.");
}
if (isDualRole) {
info = new NameIDInfo(affiID, idpEntityId, nameId, SAML2Constants.DUAL_ROLE, true);
} else {
info = new NameIDInfo(affiID, idpEntityId, nameId, SAML2Constants.SP_ROLE, true);
}
} else {
if (isDualRole) {
info = new NameIDInfo(spEntityId, idpEntityId, nameId, SAML2Constants.DUAL_ROLE, false);
} else {
info = new NameIDInfo(spEntityId, idpEntityId, nameId, SAML2Constants.SP_ROLE, false);
}
}
// write fed info into data store
SPCache.fedAccountHash.put(storageKey, "true");
AccountUtils.setAccountFederation(info, userName);
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class AuthnRequestImpl method parseDOMElement.
/**
* Parses the Docuemnt Element for this object.
*
* @param element the Document Element of this object.
* @throws SAML2Exception if error parsing the Document Element.
*/
protected void parseDOMElement(Element element) throws SAML2Exception {
AssertionFactory assertionFactory = AssertionFactory.getInstance();
ProtocolFactory protoFactory = ProtocolFactory.getInstance();
requestId = element.getAttribute(SAML2Constants.ID);
validateID(requestId);
version = element.getAttribute(SAML2Constants.VERSION);
validateVersion(version);
String issueInstantStr = element.getAttribute(SAML2Constants.ISSUE_INSTANT);
validateIssueInstant(issueInstantStr);
destinationURI = element.getAttribute(SAML2Constants.DESTINATION);
consent = element.getAttribute(SAML2Constants.CONSENT);
NodeList nList = element.getChildNodes();
if ((nList != null) && (nList.getLength() > 0)) {
for (int i = 0; i < nList.getLength(); i++) {
Node childNode = nList.item(i);
String cName = childNode.getLocalName();
if (cName != null) {
if (cName.equals(SAML2Constants.ISSUER)) {
validateIssuer();
nameID = assertionFactory.createIssuer((Element) childNode);
} else if (cName.equals(SAML2Constants.SIGNATURE)) {
validateSignature();
signatureString = XMLUtils.print((Element) childNode);
isSigned = true;
} else if (cName.equals(SAML2Constants.EXTENSIONS)) {
validateExtensions();
extensions = protoFactory.createExtensions((Element) childNode);
} else if (cName.equals(SAML2Constants.SUBJECT)) {
validateSubject();
subject = assertionFactory.createSubject((Element) childNode);
} else if (cName.equals(SAML2Constants.NAMEIDPOLICY)) {
validateNameIDPolicy();
nameIDPolicy = protoFactory.createNameIDPolicy((Element) childNode);
} else if (cName.equals(SAML2Constants.CONDITIONS)) {
validateConditions();
conditions = assertionFactory.createConditions((Element) childNode);
} else if (cName.equals(SAML2Constants.REQ_AUTHN_CONTEXT)) {
validateReqAuthnContext();
reqAuthnContext = protoFactory.createRequestedAuthnContext((Element) childNode);
} else if (cName.equals(SAML2Constants.SCOPING)) {
validateScoping();
scoping = protoFactory.createScoping((Element) childNode);
}
}
}
}
// Get ForceAuthn Attribute
String forceAuthnAttr = element.getAttribute(SAML2Constants.FORCEAUTHN);
if ((forceAuthnAttr != null) && (forceAuthnAttr.length() > 0)) {
forceAuthn = SAML2SDKUtils.booleanValueOf(forceAuthnAttr);
}
String isPassiveAttr = element.getAttribute(SAML2Constants.ISPASSIVE);
if ((isPassiveAttr != null) && (isPassiveAttr.length() > 0)) {
isPassive = SAML2SDKUtils.booleanValueOf(isPassiveAttr);
}
protocolBinding = element.getAttribute(SAML2Constants.PROTOBINDING);
String index = element.getAttribute(SAML2Constants.ASSERTION_CONSUMER_SVC_INDEX);
if ((index != null) && (index.length() > 0)) {
assertionConsumerSvcIndex = new Integer(index);
validateAssertionConsumerServiceIndex(assertionConsumerSvcIndex);
}
assertionConsumerServiceURL = XMLUtils.unescapeSpecialCharacters(element.getAttribute(SAML2Constants.ASSERTION_CONSUMER_SVC_URL));
index = element.getAttribute(SAML2Constants.ATTR_CONSUMING_SVC_INDEX);
if ((index != null) && (index.length() > 0)) {
attrConsumingSvcIndex = new Integer(index);
validateAttributeConsumingServiceIndex(attrConsumingSvcIndex);
}
providerName = element.getAttribute(SAML2Constants.PROVIDER_NAME);
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class LogoutRequestImpl method toXMLString.
/**
* Returns the <code>LogoutRequest</code> in an XML document String format
* based on the <code>LogoutRequest</code> schema described above.
*
* @param includeNSPrefix Determines whether or not the namespace qualifier
* is prepended to the Element when converted
* @param declareNS Determines whether or not the namespace is declared
* within the Element.
* @return A XML String representing the <code>LogoutRequest</code>.
* @throws SAML2Exception if some error occurs during conversion to
* <code>String</code>.
*/
public String toXMLString(boolean includeNSPrefix, boolean declareNS) throws SAML2Exception {
if (isSigned && signedXMLString != null) {
return signedXMLString;
}
validateData();
StringBuffer xmlString = new StringBuffer(1000);
xmlString.append(SAML2Constants.START_TAG);
if (includeNSPrefix) {
xmlString.append(SAML2Constants.PROTOCOL_PREFIX);
}
xmlString.append(SAML2Constants.LOGOUT_REQUEST).append(SAML2Constants.SPACE);
if (declareNS) {
xmlString.append(SAML2Constants.PROTOCOL_DECLARE_STR).append(SAML2Constants.SPACE);
}
xmlString.append(SAML2Constants.ID).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(requestId).append(SAML2Constants.QUOTE).append(SAML2Constants.SPACE).append(SAML2Constants.VERSION).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(version).append(SAML2Constants.QUOTE).append(SAML2Constants.SPACE).append(SAML2Constants.ISSUE_INSTANT).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(DateUtils.toUTCDateFormat(issueInstant)).append(SAML2Constants.QUOTE);
if ((destinationURI != null) && (destinationURI.length() > 0)) {
xmlString.append(SAML2Constants.SPACE).append(SAML2Constants.DESTINATION).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(destinationURI).append(SAML2Constants.QUOTE);
}
if ((consent != null) && (consent.length() > 0)) {
xmlString.append(SAML2Constants.SPACE).append(SAML2Constants.CONSENT).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(consent).append(SAML2Constants.QUOTE);
}
if (notOnOrAfter != null) {
xmlString.append(SAML2Constants.SPACE).append(SAML2Constants.NOTONORAFTER).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(DateUtils.toUTCDateFormat(notOnOrAfter)).append(SAML2Constants.QUOTE);
}
if ((reason != null) && (reason.length() > 0)) {
xmlString.append(SAML2Constants.SPACE).append(SAML2Constants.REASON).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(reason).append(SAML2Constants.QUOTE);
}
xmlString.append(SAML2Constants.END_TAG);
if (nameID != null) {
String issuerString = nameID.toXMLString(includeNSPrefix, declareNS);
xmlString.append(issuerString);
}
if ((signatureString != null) && (signatureString.length() > 0)) {
xmlString.append(signatureString);
}
if (extensions != null) {
xmlString.append(extensions.toXMLString(includeNSPrefix, declareNS));
}
if (baseId != null) {
xmlString.append(baseId.toXMLString(includeNSPrefix, declareNS));
}
if (nameId != null) {
xmlString.append(nameId.toXMLString(includeNSPrefix, declareNS));
}
if (encryptedId != null) {
xmlString.append(encryptedId.toXMLString(includeNSPrefix, declareNS));
}
if (sessionIndexList != null && !sessionIndexList.isEmpty()) {
Iterator sessionIterator = sessionIndexList.iterator();
while (sessionIterator.hasNext()) {
ProtocolFactory protoFactory = ProtocolFactory.getInstance();
String sessionString = (String) sessionIterator.next();
SessionIndex sIndex = protoFactory.createSessionIndex(sessionString);
xmlString.append(sIndex.toXMLString(includeNSPrefix, declareNS));
}
}
xmlString.append(SAML2Constants.SAML2_END_TAG).append(SAML2Constants.LOGOUT_REQUEST).append(SAML2Constants.END_TAG);
return xmlString.toString();
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class LogoutRequestImpl method parseElement.
/**
* Parses the Docuemnt Element for this object.
*
* @param element the Document Element of this object.
* @throws SAML2Exception if error parsing the Document Element.
*/
private void parseElement(Element element) throws SAML2Exception {
AssertionFactory assertionFactory = AssertionFactory.getInstance();
ProtocolFactory protoFactory = ProtocolFactory.getInstance();
requestId = element.getAttribute(SAML2Constants.ID);
validateID(requestId);
version = element.getAttribute(SAML2Constants.VERSION);
validateVersion(version);
String issueInstantStr = element.getAttribute(SAML2Constants.ISSUE_INSTANT);
validateIssueInstant(issueInstantStr);
destinationURI = element.getAttribute(SAML2Constants.DESTINATION);
consent = element.getAttribute(SAML2Constants.CONSENT);
String notOnOrAfterStr = element.getAttribute(SAML2Constants.NOTONORAFTER);
validateNotOnOrAfterStr(notOnOrAfterStr);
reason = element.getAttribute(SAML2Constants.REASON);
String sessionIndexStr = null;
NodeList nList = element.getChildNodes();
if ((nList != null) && (nList.getLength() > 0)) {
for (int i = 0; i < nList.getLength(); i++) {
Node childNode = nList.item(i);
String cName = childNode.getLocalName();
if (cName != null) {
if (cName.equals(SAML2Constants.ISSUER)) {
nameID = assertionFactory.createIssuer((Element) childNode);
} else if (cName.equals(SAML2Constants.SIGNATURE)) {
signatureString = XMLUtils.print((Element) childNode);
isSigned = true;
} else if (cName.equals(SAML2Constants.EXTENSIONS)) {
extensions = protoFactory.createExtensions((Element) childNode);
} else if (cName.equals(SAML2Constants.BASEID)) {
baseId = assertionFactory.createBaseID((Element) childNode);
} else if (cName.equals(SAML2Constants.NAMEID)) {
nameId = assertionFactory.createNameID((Element) childNode);
} else if (cName.equals(SAML2Constants.ENCRYPTEDID)) {
encryptedId = assertionFactory.createEncryptedID((Element) childNode);
} else if (cName.equals(SAML2Constants.SESSION_INDEX)) {
if ((sessionIndexList == null) || (sessionIndexList.isEmpty())) {
sessionIndexList = new ArrayList();
}
sessionIndexStr = XMLUtils.getElementString((Element) childNode);
sessionIndexList.add(sessionIndexStr);
}
}
}
validateBaseIDorNameIDorEncryptedID();
if ((sessionIndexList != null) && (!sessionIndexList.isEmpty())) {
sessionIndexList = Collections.unmodifiableList(sessionIndexList);
}
}
}
Aggregations