use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.
the class SAML2Utils method getNameIDStringFromResponse.
/**
* Obtains the value of NameID from Response.
*
* @param response <code>Response</code> object
* @return value of the NameID from the first Assertion in the response.
* null if the response is null, or no assertion in the response, or
* no NameID in the assertion.
*/
public static String getNameIDStringFromResponse(Response response) {
if (response != null) {
List assertions = response.getAssertion();
if ((assertions != null) && (assertions.size() > 0)) {
Assertion assertion = (Assertion) assertions.get(0);
Subject subject = assertion.getSubject();
if (subject != null) {
NameID nameID = subject.getNameID();
if (nameID != null) {
return nameID.getValue();
}
}
}
}
return null;
}
use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.
the class SubjectImpl method processElement.
private void processElement(Element element) throws SAML2Exception {
if (element == null) {
SAML2SDKUtils.debug.error("SubjectImpl.processElement(): invalid root element");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalid_element"));
}
String elemName = element.getLocalName();
if (elemName == null) {
SAML2SDKUtils.debug.error("SubjectImpl.processElement(): local name missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_local_name"));
}
if (!elemName.equals(SUBJECT_ELEMENT)) {
SAML2SDKUtils.debug.error("SubjectImpl.processElement(): invalid local name " + elemName);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalid_local_name"));
}
// starts processing subelements
NodeList nodes = element.getChildNodes();
int numOfNodes = nodes.getLength();
if (numOfNodes < 1) {
SAML2SDKUtils.debug.error("SubjectImpl.processElement(): subject has no subelements");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_subelements"));
}
int nextElem = 0;
Node child = (Node) nodes.item(nextElem);
while (child.getNodeType() != Node.ELEMENT_NODE) {
if (++nextElem >= numOfNodes) {
SAML2SDKUtils.debug.error("SubjectImpl.processElement():" + " subject has no subelements");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_subelements"));
}
child = (Node) nodes.item(nextElem);
}
String childName = child.getLocalName();
if (childName != null) {
if (childName.equals(SUBJECT_CONFIRMATION_ELEMENT)) {
subjectConfirmations.add(AssertionFactory.getInstance().createSubjectConfirmation((Element) child));
} else if (childName.equals(BASE_ID_ELEMENT)) {
baseId = AssertionFactory.getInstance().createBaseID((Element) child);
} else if (childName.equals(NAME_ID_ELEMENT)) {
nameId = AssertionFactory.getInstance().createNameID((Element) child);
} else if (childName.equals(ENCRYPTED_ID_ELEMENT)) {
encryptedId = AssertionFactory.getInstance().createEncryptedID((Element) child);
} else {
SAML2SDKUtils.debug.error("SubjectImpl.processElement(): " + "unexpected subelement " + childName);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("unexpected_subelement"));
}
}
if (++nextElem >= numOfNodes) {
return;
}
// The next subelements are all <SubjectConfirmation>
while (nextElem < numOfNodes) {
child = (Node) nodes.item(nextElem);
if (child.getNodeType() == Node.ELEMENT_NODE) {
childName = child.getLocalName();
if (childName != null) {
if (childName.equals(SUBJECT_CONFIRMATION_ELEMENT)) {
subjectConfirmations.add(AssertionFactory.getInstance().createSubjectConfirmation((Element) child));
} else {
SAML2SDKUtils.debug.error("SubjectImpl." + "processElement(): unexpected subelement " + childName);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("unexpected_subelement"));
}
}
}
nextElem++;
}
}
use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.
the class AssertionImpl method processElement.
private void processElement(Element element) throws SAML2Exception {
if (element == null) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement(): invalid root element");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalid_element"));
}
String elemName = element.getLocalName();
if (elemName == null) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement(): local name missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_local_name"));
}
if (!elemName.equals(ASSERTION_ELEMENT)) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement(): invalid local name " + elemName);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalid_local_name"));
}
// starts processing attributes
String attrValue = element.getAttribute(ASSERTION_VERSION_ATTR);
if ((attrValue == null) || (attrValue.length() == 0)) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement(): version missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_assertion_version"));
}
version = attrValue;
attrValue = element.getAttribute(ASSERTION_ID_ATTR);
if ((attrValue == null) || (attrValue.length() == 0)) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement(): assertion id missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_assertion_id"));
}
id = attrValue;
attrValue = element.getAttribute(ASSERTION_ISSUEINSTANT_ATTR);
if ((attrValue == null) || (attrValue.length() == 0)) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement(): issue instant missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_issue_instant"));
}
try {
issueInstant = DateUtils.stringToDate(attrValue);
} catch (ParseException pe) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement(): invalid issue instant");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalid_date_format"));
}
// starts processing subelements
NodeList nodes = element.getChildNodes();
int numOfNodes = nodes.getLength();
if (numOfNodes < 1) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement(): assertion has no subelements");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_subelements"));
}
AssertionFactory factory = AssertionFactory.getInstance();
int nextElem = 0;
Node child = (Node) nodes.item(nextElem);
while (child.getNodeType() != Node.ELEMENT_NODE) {
if (++nextElem >= numOfNodes) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement():" + " assertion has no subelements");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_subelements"));
}
child = (Node) nodes.item(nextElem);
}
// The first subelement should be <Issuer>
String childName = child.getLocalName();
if ((childName == null) || (!childName.equals(ASSERTION_ISSUER))) {
SAML2SDKUtils.debug.error("AssertionImpl.processElement():" + " the first element is not <Issuer>");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_subelement_issuer"));
}
issuer = factory.getInstance().createIssuer((Element) child);
if (++nextElem >= numOfNodes) {
return;
}
child = (Node) nodes.item(nextElem);
while (child.getNodeType() != Node.ELEMENT_NODE) {
if (++nextElem >= numOfNodes) {
return;
}
child = (Node) nodes.item(nextElem);
}
// The next subelement may be <ds:Signature>
childName = child.getLocalName();
if ((childName != null) && childName.equals(ASSERTION_SIGNATURE)) {
signature = XMLUtils.print((Element) child);
if (++nextElem >= numOfNodes) {
return;
}
child = (Node) nodes.item(nextElem);
while (child.getNodeType() != Node.ELEMENT_NODE) {
if (++nextElem >= numOfNodes) {
return;
}
child = (Node) nodes.item(nextElem);
}
childName = child.getLocalName();
} else {
signature = null;
}
// The next subelement may be <Subject>
if ((childName != null) && childName.equals(ASSERTION_SUBJECT)) {
subject = factory.createSubject((Element) child);
if (++nextElem >= numOfNodes) {
return;
}
child = (Node) nodes.item(nextElem);
while (child.getNodeType() != Node.ELEMENT_NODE) {
if (++nextElem >= numOfNodes) {
return;
}
child = (Node) nodes.item(nextElem);
}
childName = child.getLocalName();
} else {
subject = null;
}
// The next subelement may be <Conditions>
if ((childName != null) && childName.equals(ASSERTION_CONDITIONS)) {
conditions = factory.createConditions((Element) child);
if (++nextElem >= numOfNodes) {
return;
}
child = (Node) nodes.item(nextElem);
while (child.getNodeType() != Node.ELEMENT_NODE) {
if (++nextElem >= numOfNodes) {
return;
}
child = (Node) nodes.item(nextElem);
}
childName = child.getLocalName();
} else {
conditions = null;
}
// The next subelement may be <Advice>
if ((childName != null) && childName.equals(ASSERTION_ADVICE)) {
advice = factory.createAdvice((Element) child);
nextElem++;
} else {
advice = null;
}
// The next subelements are all statements
while (nextElem < numOfNodes) {
child = (Node) nodes.item(nextElem);
if (child.getNodeType() == Node.ELEMENT_NODE) {
childName = child.getLocalName();
if (childName != null) {
if (childName.equals(ASSERTION_AUTHNSTATEMENT)) {
authnStatements.add(factory.createAuthnStatement((Element) child));
} else if (childName.equals(ASSERTION_AUTHZDECISIONSTATEMENT)) {
authzDecisionStatements.add(factory.createAuthzDecisionStatement((Element) child));
} else if (childName.equals(ASSERTION_ATTRIBUTESTATEMENT)) {
attributeStatements.add(factory.createAttributeStatement((Element) child));
} else if ((childName != null) && childName.equals(ASSERTION_SIGNATURE)) {
signature = XMLUtils.print((Element) child);
} else {
String type = ((Element) child).getAttribute(XSI_TYPE_ATTR);
if (childName.equals(ASSERTION_STATEMENT) && (type != null && type.length() > 0)) {
statements.add(XMLUtils.print((Element) child));
} else {
SAML2SDKUtils.debug.error("AssertionImpl.processElement(): " + "unexpected subelement " + childName);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("unexpected_subelement"));
}
}
}
}
nextElem++;
}
}
use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.
the class DefaultSubjectProvider method get.
public Subject get(String subjectId, String spAcsUrl, SAML2Config saml2Config, SAML2SubjectConfirmation subjectConfirmation, Date assertionIssueInstant, ProofTokenState proofTokenState) throws TokenCreationException {
try {
Subject subject = AssertionFactory.getInstance().createSubject();
setNameIdentifier(subject, subjectId, saml2Config.getNameIdFormat());
SubjectConfirmation subConfirmation = AssertionFactory.getInstance().createSubjectConfirmation();
switch(subjectConfirmation) {
case BEARER:
subConfirmation.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_BEARER);
/*
see section 4.1.4.2 of http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf -
Recipient attribute of SubjectConfirmation element must be set to the Service Provider
ACS url.
*/
SubjectConfirmationData bearerConfirmationData = AssertionFactory.getInstance().createSubjectConfirmationData();
bearerConfirmationData.setRecipient(spAcsUrl);
/*
see section 4.1.4.2 of http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf - NotBefore cannot
be set, but NotOnOrAfter must be set.
*/
bearerConfirmationData.setNotOnOrAfter(new Date(assertionIssueInstant.getTime() + (saml2Config.getTokenLifetimeInSeconds() * 1000)));
subConfirmation.setSubjectConfirmationData(bearerConfirmationData);
break;
case SENDER_VOUCHES:
subConfirmation.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_SENDER_VOUCHES);
break;
case HOLDER_OF_KEY:
subConfirmation.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY);
subConfirmation.setSubjectConfirmationData(getHoKSubjectConfirmationData(proofTokenState.getX509Certificate()));
break;
default:
throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Unexpected SubjectConfirmation value in DefaultSubjectProvider: " + subjectConfirmation);
}
List<SubjectConfirmation> subjectConfirmationList = new ArrayList<>();
subjectConfirmationList.add(subConfirmation);
subject.setSubjectConfirmation(subjectConfirmationList);
return subject;
} catch (SAML2Exception e) {
throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught setting subject confirmation state in DefaultSubjectProvider: " + e, e);
}
}
use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.
the class DefaultSubjectProviderTest method testBearerStateSettings.
@Test
public void testBearerStateSettings() throws TokenCreationException {
SubjectProvider subjectProvider = new DefaultSubjectProvider(Guice.createInjector(new MyModule()).getInstance(KeyInfoFactory.class));
Date issueInstant = new Date();
//must be set only when SubjectConfirmation is HoK
ProofTokenState proof = null;
Subject subject = subjectProvider.get(SUBJECT_ID, AUDIENCE_ID, createSAML2Config(), SAML2SubjectConfirmation.BEARER, issueInstant, proof);
assertTrue(SUBJECT_ID.equals(subject.getNameID().getValue()));
assertTrue(NAME_ID_FORMAT.equals(subject.getNameID().getFormat()));
SubjectConfirmation subjectConfirmation = (SubjectConfirmation) subject.getSubjectConfirmation().get(0);
assertTrue(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_BEARER.equals(subjectConfirmation.getMethod()));
SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData();
assertTrue((issueInstant.getTime() + (TOKEN_LIFETIME_SECONDS * 1000)) == subjectConfirmationData.getNotOnOrAfter().getTime());
}
Aggregations