Search in sources :

Example 11 with Subject

use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.

the class SAML2Utils method getNameIDStringFromResponse.

/**
     * Obtains the value of NameID from Response.
     *
     * @param response <code>Response</code> object
     * @return value of the NameID from the first Assertion in the response.
     * null if the response is null, or no assertion in the response, or
     * no NameID in the assertion.
     */
public static String getNameIDStringFromResponse(Response response) {
    if (response != null) {
        List assertions = response.getAssertion();
        if ((assertions != null) && (assertions.size() > 0)) {
            Assertion assertion = (Assertion) assertions.get(0);
            Subject subject = assertion.getSubject();
            if (subject != null) {
                NameID nameID = subject.getNameID();
                if (nameID != null) {
                    return nameID.getValue();
                }
            }
        }
    }
    return null;
}
Also used : NameID(com.sun.identity.saml2.assertion.NameID) EncryptedAssertion(com.sun.identity.saml2.assertion.EncryptedAssertion) Assertion(com.sun.identity.saml2.assertion.Assertion) ArrayList(java.util.ArrayList) List(java.util.List) Subject(com.sun.identity.saml2.assertion.Subject)

Example 12 with Subject

use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.

the class SubjectImpl method processElement.

private void processElement(Element element) throws SAML2Exception {
    if (element == null) {
        SAML2SDKUtils.debug.error("SubjectImpl.processElement(): invalid root element");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalid_element"));
    }
    String elemName = element.getLocalName();
    if (elemName == null) {
        SAML2SDKUtils.debug.error("SubjectImpl.processElement(): local name missing");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_local_name"));
    }
    if (!elemName.equals(SUBJECT_ELEMENT)) {
        SAML2SDKUtils.debug.error("SubjectImpl.processElement(): invalid local name " + elemName);
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalid_local_name"));
    }
    // starts processing subelements
    NodeList nodes = element.getChildNodes();
    int numOfNodes = nodes.getLength();
    if (numOfNodes < 1) {
        SAML2SDKUtils.debug.error("SubjectImpl.processElement(): subject has no subelements");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_subelements"));
    }
    int nextElem = 0;
    Node child = (Node) nodes.item(nextElem);
    while (child.getNodeType() != Node.ELEMENT_NODE) {
        if (++nextElem >= numOfNodes) {
            SAML2SDKUtils.debug.error("SubjectImpl.processElement():" + " subject has no subelements");
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_subelements"));
        }
        child = (Node) nodes.item(nextElem);
    }
    String childName = child.getLocalName();
    if (childName != null) {
        if (childName.equals(SUBJECT_CONFIRMATION_ELEMENT)) {
            subjectConfirmations.add(AssertionFactory.getInstance().createSubjectConfirmation((Element) child));
        } else if (childName.equals(BASE_ID_ELEMENT)) {
            baseId = AssertionFactory.getInstance().createBaseID((Element) child);
        } else if (childName.equals(NAME_ID_ELEMENT)) {
            nameId = AssertionFactory.getInstance().createNameID((Element) child);
        } else if (childName.equals(ENCRYPTED_ID_ELEMENT)) {
            encryptedId = AssertionFactory.getInstance().createEncryptedID((Element) child);
        } else {
            SAML2SDKUtils.debug.error("SubjectImpl.processElement(): " + "unexpected subelement " + childName);
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("unexpected_subelement"));
        }
    }
    if (++nextElem >= numOfNodes) {
        return;
    }
    // The next subelements are all <SubjectConfirmation>    
    while (nextElem < numOfNodes) {
        child = (Node) nodes.item(nextElem);
        if (child.getNodeType() == Node.ELEMENT_NODE) {
            childName = child.getLocalName();
            if (childName != null) {
                if (childName.equals(SUBJECT_CONFIRMATION_ELEMENT)) {
                    subjectConfirmations.add(AssertionFactory.getInstance().createSubjectConfirmation((Element) child));
                } else {
                    SAML2SDKUtils.debug.error("SubjectImpl." + "processElement(): unexpected subelement " + childName);
                    throw new SAML2Exception(SAML2SDKUtils.bundle.getString("unexpected_subelement"));
                }
            }
        }
        nextElem++;
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) Element(org.w3c.dom.Element)

Example 13 with Subject

use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.

the class AssertionImpl method processElement.

private void processElement(Element element) throws SAML2Exception {
    if (element == null) {
        SAML2SDKUtils.debug.error("AssertionImpl.processElement(): invalid root element");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalid_element"));
    }
    String elemName = element.getLocalName();
    if (elemName == null) {
        SAML2SDKUtils.debug.error("AssertionImpl.processElement(): local name missing");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_local_name"));
    }
    if (!elemName.equals(ASSERTION_ELEMENT)) {
        SAML2SDKUtils.debug.error("AssertionImpl.processElement(): invalid local name " + elemName);
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalid_local_name"));
    }
    // starts processing attributes
    String attrValue = element.getAttribute(ASSERTION_VERSION_ATTR);
    if ((attrValue == null) || (attrValue.length() == 0)) {
        SAML2SDKUtils.debug.error("AssertionImpl.processElement(): version missing");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_assertion_version"));
    }
    version = attrValue;
    attrValue = element.getAttribute(ASSERTION_ID_ATTR);
    if ((attrValue == null) || (attrValue.length() == 0)) {
        SAML2SDKUtils.debug.error("AssertionImpl.processElement(): assertion id missing");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_assertion_id"));
    }
    id = attrValue;
    attrValue = element.getAttribute(ASSERTION_ISSUEINSTANT_ATTR);
    if ((attrValue == null) || (attrValue.length() == 0)) {
        SAML2SDKUtils.debug.error("AssertionImpl.processElement(): issue instant missing");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_issue_instant"));
    }
    try {
        issueInstant = DateUtils.stringToDate(attrValue);
    } catch (ParseException pe) {
        SAML2SDKUtils.debug.error("AssertionImpl.processElement(): invalid issue instant");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalid_date_format"));
    }
    // starts processing subelements
    NodeList nodes = element.getChildNodes();
    int numOfNodes = nodes.getLength();
    if (numOfNodes < 1) {
        SAML2SDKUtils.debug.error("AssertionImpl.processElement(): assertion has no subelements");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_subelements"));
    }
    AssertionFactory factory = AssertionFactory.getInstance();
    int nextElem = 0;
    Node child = (Node) nodes.item(nextElem);
    while (child.getNodeType() != Node.ELEMENT_NODE) {
        if (++nextElem >= numOfNodes) {
            SAML2SDKUtils.debug.error("AssertionImpl.processElement():" + " assertion has no subelements");
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_subelements"));
        }
        child = (Node) nodes.item(nextElem);
    }
    // The first subelement should be <Issuer>
    String childName = child.getLocalName();
    if ((childName == null) || (!childName.equals(ASSERTION_ISSUER))) {
        SAML2SDKUtils.debug.error("AssertionImpl.processElement():" + " the first element is not <Issuer>");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_subelement_issuer"));
    }
    issuer = factory.getInstance().createIssuer((Element) child);
    if (++nextElem >= numOfNodes) {
        return;
    }
    child = (Node) nodes.item(nextElem);
    while (child.getNodeType() != Node.ELEMENT_NODE) {
        if (++nextElem >= numOfNodes) {
            return;
        }
        child = (Node) nodes.item(nextElem);
    }
    // The next subelement may be <ds:Signature>
    childName = child.getLocalName();
    if ((childName != null) && childName.equals(ASSERTION_SIGNATURE)) {
        signature = XMLUtils.print((Element) child);
        if (++nextElem >= numOfNodes) {
            return;
        }
        child = (Node) nodes.item(nextElem);
        while (child.getNodeType() != Node.ELEMENT_NODE) {
            if (++nextElem >= numOfNodes) {
                return;
            }
            child = (Node) nodes.item(nextElem);
        }
        childName = child.getLocalName();
    } else {
        signature = null;
    }
    // The next subelement may be <Subject>
    if ((childName != null) && childName.equals(ASSERTION_SUBJECT)) {
        subject = factory.createSubject((Element) child);
        if (++nextElem >= numOfNodes) {
            return;
        }
        child = (Node) nodes.item(nextElem);
        while (child.getNodeType() != Node.ELEMENT_NODE) {
            if (++nextElem >= numOfNodes) {
                return;
            }
            child = (Node) nodes.item(nextElem);
        }
        childName = child.getLocalName();
    } else {
        subject = null;
    }
    // The next subelement may be <Conditions>
    if ((childName != null) && childName.equals(ASSERTION_CONDITIONS)) {
        conditions = factory.createConditions((Element) child);
        if (++nextElem >= numOfNodes) {
            return;
        }
        child = (Node) nodes.item(nextElem);
        while (child.getNodeType() != Node.ELEMENT_NODE) {
            if (++nextElem >= numOfNodes) {
                return;
            }
            child = (Node) nodes.item(nextElem);
        }
        childName = child.getLocalName();
    } else {
        conditions = null;
    }
    // The next subelement may be <Advice>
    if ((childName != null) && childName.equals(ASSERTION_ADVICE)) {
        advice = factory.createAdvice((Element) child);
        nextElem++;
    } else {
        advice = null;
    }
    // The next subelements are all statements    
    while (nextElem < numOfNodes) {
        child = (Node) nodes.item(nextElem);
        if (child.getNodeType() == Node.ELEMENT_NODE) {
            childName = child.getLocalName();
            if (childName != null) {
                if (childName.equals(ASSERTION_AUTHNSTATEMENT)) {
                    authnStatements.add(factory.createAuthnStatement((Element) child));
                } else if (childName.equals(ASSERTION_AUTHZDECISIONSTATEMENT)) {
                    authzDecisionStatements.add(factory.createAuthzDecisionStatement((Element) child));
                } else if (childName.equals(ASSERTION_ATTRIBUTESTATEMENT)) {
                    attributeStatements.add(factory.createAttributeStatement((Element) child));
                } else if ((childName != null) && childName.equals(ASSERTION_SIGNATURE)) {
                    signature = XMLUtils.print((Element) child);
                } else {
                    String type = ((Element) child).getAttribute(XSI_TYPE_ATTR);
                    if (childName.equals(ASSERTION_STATEMENT) && (type != null && type.length() > 0)) {
                        statements.add(XMLUtils.print((Element) child));
                    } else {
                        SAML2SDKUtils.debug.error("AssertionImpl.processElement(): " + "unexpected subelement " + childName);
                        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("unexpected_subelement"));
                    }
                }
            }
        }
        nextElem++;
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) AssertionFactory(com.sun.identity.saml2.assertion.AssertionFactory) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) Element(org.w3c.dom.Element) ParseException(java.text.ParseException)

Example 14 with Subject

use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.

the class DefaultSubjectProvider method get.

public Subject get(String subjectId, String spAcsUrl, SAML2Config saml2Config, SAML2SubjectConfirmation subjectConfirmation, Date assertionIssueInstant, ProofTokenState proofTokenState) throws TokenCreationException {
    try {
        Subject subject = AssertionFactory.getInstance().createSubject();
        setNameIdentifier(subject, subjectId, saml2Config.getNameIdFormat());
        SubjectConfirmation subConfirmation = AssertionFactory.getInstance().createSubjectConfirmation();
        switch(subjectConfirmation) {
            case BEARER:
                subConfirmation.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_BEARER);
                /*
                    see section 4.1.4.2 of http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf -
                    Recipient attribute of SubjectConfirmation element must be set to the Service Provider
                    ACS url.
                     */
                SubjectConfirmationData bearerConfirmationData = AssertionFactory.getInstance().createSubjectConfirmationData();
                bearerConfirmationData.setRecipient(spAcsUrl);
                /*
                    see section 4.1.4.2 of http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf - NotBefore cannot
                    be set, but NotOnOrAfter must be set.
                     */
                bearerConfirmationData.setNotOnOrAfter(new Date(assertionIssueInstant.getTime() + (saml2Config.getTokenLifetimeInSeconds() * 1000)));
                subConfirmation.setSubjectConfirmationData(bearerConfirmationData);
                break;
            case SENDER_VOUCHES:
                subConfirmation.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_SENDER_VOUCHES);
                break;
            case HOLDER_OF_KEY:
                subConfirmation.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY);
                subConfirmation.setSubjectConfirmationData(getHoKSubjectConfirmationData(proofTokenState.getX509Certificate()));
                break;
            default:
                throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Unexpected SubjectConfirmation value in DefaultSubjectProvider: " + subjectConfirmation);
        }
        List<SubjectConfirmation> subjectConfirmationList = new ArrayList<>();
        subjectConfirmationList.add(subConfirmation);
        subject.setSubjectConfirmation(subjectConfirmationList);
        return subject;
    } catch (SAML2Exception e) {
        throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught setting subject confirmation state in DefaultSubjectProvider: " + e, e);
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SAML2SubjectConfirmation(org.forgerock.openam.sts.token.SAML2SubjectConfirmation) SubjectConfirmation(com.sun.identity.saml2.assertion.SubjectConfirmation) ArrayList(java.util.ArrayList) SubjectConfirmationData(com.sun.identity.saml2.assertion.SubjectConfirmationData) TokenCreationException(org.forgerock.openam.sts.TokenCreationException) Subject(com.sun.identity.saml2.assertion.Subject) Date(java.util.Date)

Example 15 with Subject

use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.

the class DefaultSubjectProviderTest method testBearerStateSettings.

@Test
public void testBearerStateSettings() throws TokenCreationException {
    SubjectProvider subjectProvider = new DefaultSubjectProvider(Guice.createInjector(new MyModule()).getInstance(KeyInfoFactory.class));
    Date issueInstant = new Date();
    //must be set only when SubjectConfirmation is HoK
    ProofTokenState proof = null;
    Subject subject = subjectProvider.get(SUBJECT_ID, AUDIENCE_ID, createSAML2Config(), SAML2SubjectConfirmation.BEARER, issueInstant, proof);
    assertTrue(SUBJECT_ID.equals(subject.getNameID().getValue()));
    assertTrue(NAME_ID_FORMAT.equals(subject.getNameID().getFormat()));
    SubjectConfirmation subjectConfirmation = (SubjectConfirmation) subject.getSubjectConfirmation().get(0);
    assertTrue(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_BEARER.equals(subjectConfirmation.getMethod()));
    SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData();
    assertTrue((issueInstant.getTime() + (TOKEN_LIFETIME_SECONDS * 1000)) == subjectConfirmationData.getNotOnOrAfter().getTime());
}
Also used : SAML2SubjectConfirmation(org.forgerock.openam.sts.token.SAML2SubjectConfirmation) SubjectConfirmation(com.sun.identity.saml2.assertion.SubjectConfirmation) ProofTokenState(org.forgerock.openam.sts.user.invocation.ProofTokenState) SubjectConfirmationData(com.sun.identity.saml2.assertion.SubjectConfirmationData) Date(java.util.Date) Subject(com.sun.identity.saml2.assertion.Subject) KeyInfoFactory(org.forgerock.openam.sts.tokengeneration.saml2.xmlsig.KeyInfoFactory) Test(org.testng.annotations.Test)

Aggregations

SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)19 Subject (com.sun.identity.saml2.assertion.Subject)15 ArrayList (java.util.ArrayList)15 List (java.util.List)14 Date (java.util.Date)10 NameID (com.sun.identity.saml2.assertion.NameID)9 Assertion (com.sun.identity.saml2.assertion.Assertion)8 AttributeStatement (com.sun.identity.saml2.assertion.AttributeStatement)6 EncryptedAssertion (com.sun.identity.saml2.assertion.EncryptedAssertion)6 EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)6 SubjectConfirmation (com.sun.identity.saml2.assertion.SubjectConfirmation)6 Map (java.util.Map)6 Issuer (com.sun.identity.saml2.assertion.Issuer)5 HashMap (java.util.HashMap)5 Element (org.w3c.dom.Element)5 AssertionFactory (com.sun.identity.saml2.assertion.AssertionFactory)4 AuthnStatement (com.sun.identity.saml2.assertion.AuthnStatement)4 SubjectConfirmationData (com.sun.identity.saml2.assertion.SubjectConfirmationData)4 Node (org.w3c.dom.Node)4 NodeList (org.w3c.dom.NodeList)4