Search in sources :

Example 16 with Subject

use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.

the class AssertionImpl method toXMLString.

/**
    * Returns a String representation
    * @param includeNSPrefix Determines whether or not the namespace
    *        qualifier is prepended to the Element when converted
    * @param declareNS Determines whether or not the namespace is declared
    *        within the Element.
    * @return A String representation
    * @exception SAML2Exception if something is wrong during conversion
    */
@Override
public String toXMLString(boolean includeNSPrefix, boolean declareNS) throws SAML2Exception {
    if ((signature != null) && (signedXMLString != null)) {
        return signedXMLString;
    }
    StringBuffer sb = new StringBuffer(2000);
    String NS = "";
    String appendNS = "";
    if (declareNS) {
        NS = SAML2Constants.ASSERTION_DECLARE_STR;
    }
    if (includeNSPrefix) {
        appendNS = SAML2Constants.ASSERTION_PREFIX;
    }
    sb.append("<").append(appendNS).append(ASSERTION_ELEMENT).append(NS);
    if ((version == null) || (version.length() == 0)) {
        SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): version missing");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_assertion_version"));
    }
    sb.append(" ").append(ASSERTION_VERSION_ATTR).append("=\"").append(version).append("\"");
    if ((id == null) || (id.length() == 0)) {
        SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): assertion id missing");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_assertion_id"));
    }
    sb.append(" ").append(ASSERTION_ID_ATTR).append("=\"").append(id).append("\"");
    if (issueInstant == null) {
        SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): issue instant missing");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_issue_instant"));
    }
    String instantStr = DateUtils.toUTCDateFormat(issueInstant);
    sb.append(" ").append(ASSERTION_ISSUEINSTANT_ATTR).append("=\"").append(instantStr).append("\"").append(">\n");
    if (issuer == null) {
        SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): issuer missing");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_subelement_issuer"));
    }
    sb.append(issuer.toXMLString(includeNSPrefix, false));
    if (signature != null) {
        sb.append(signature);
    }
    if (subject != null) {
        sb.append(subject.toXMLString(includeNSPrefix, false));
    }
    if (conditions != null) {
        sb.append(conditions.toXMLString(includeNSPrefix, false));
    }
    if (advice != null) {
        sb.append(advice.toXMLString(includeNSPrefix, false));
    }
    int length = 0;
    if (statements != null) {
        length = statements.size();
        for (int i = 0; i < length; i++) {
            String str = (String) statements.get(i);
            sb.append(str);
        }
    }
    if (authnStatements != null) {
        length = authnStatements.size();
        for (int i = 0; i < length; i++) {
            AuthnStatement st = (AuthnStatement) authnStatements.get(i);
            sb.append(st.toXMLString(includeNSPrefix, false));
        }
    }
    if (authzDecisionStatements != null) {
        length = authzDecisionStatements.size();
        for (int i = 0; i < length; i++) {
            AuthzDecisionStatement st = (AuthzDecisionStatement) authzDecisionStatements.get(i);
            sb.append(st.toXMLString(includeNSPrefix, false));
        }
    }
    if (attributeStatements != null) {
        length = attributeStatements.size();
        for (int i = 0; i < length; i++) {
            AttributeStatement st = (AttributeStatement) attributeStatements.get(i);
            sb.append(st.toXMLString(includeNSPrefix, false));
        }
    }
    sb.append("</").append(appendNS).append(ASSERTION_ELEMENT).append(">\n");
    //return SAML2Utils.removeNewLineChars(sb.toString());
    return sb.toString();
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) AttributeStatement(com.sun.identity.saml2.assertion.AttributeStatement) AuthzDecisionStatement(com.sun.identity.saml2.assertion.AuthzDecisionStatement) AuthnStatement(com.sun.identity.saml2.assertion.AuthnStatement)

Example 17 with Subject

use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.

the class AttributeQueryUtil method getIdentityFromDataStoreX509Subject.

public static String getIdentityFromDataStoreX509Subject(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm) throws SAML2Exception {
    Subject subject = attrQuery.getSubject();
    NameID nameID = null;
    EncryptedID encryptedID = subject.getEncryptedID();
    if (encryptedID != null) {
        nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE));
    } else {
        nameID = subject.getNameID();
    }
    if (!SAML2Constants.X509_SUBJECT_NAME.equals(nameID.getFormat())) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedAttrQuerySubjectNameID"));
    }
    String mappingAttrName = getAttributeValueFromAttrAuthorityConfig(realm, attrAuthorityEntityID, SAML2Constants.X509_SUBJECT_DATA_STORE_ATTR_NAME);
    if ((mappingAttrName == null) || (mappingAttrName.length() == 0)) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("x509SubjectMappingNotConfigured"));
    }
    String x509SubjectDN = nameID.getValue();
    Map attrMap = new HashMap();
    Set values = new HashSet();
    values.add(x509SubjectDN);
    attrMap.put(mappingAttrName, values);
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message("AttributeQueryUtil.getIdentityFromDataStoreX509Subject: " + "mappingAttrName = " + mappingAttrName + ", X509 subject DN = " + x509SubjectDN);
    }
    try {
        return dsProvider.getUserID(realm, attrMap);
    } catch (DataStoreProviderException dse) {
        SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStoreX509Subject:", dse);
        throw new SAML2Exception(dse.getMessage());
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) Set(java.util.Set) HashSet(java.util.HashSet) NameID(com.sun.identity.saml2.assertion.NameID) HashMap(java.util.HashMap) EncryptedID(com.sun.identity.saml2.assertion.EncryptedID) Map(java.util.Map) HashMap(java.util.HashMap) Subject(com.sun.identity.saml2.assertion.Subject) HashSet(java.util.HashSet)

Example 18 with Subject

use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.

the class AttributeQueryUtil method getIdentity.

public static String getIdentity(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm) throws SAML2Exception {
    Subject subject = attrQuery.getSubject();
    NameID nameID = null;
    EncryptedID encryptedID = subject.getEncryptedID();
    if (encryptedID != null) {
        nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE));
    } else {
        nameID = subject.getNameID();
    }
    String nameIDFormat = nameID.getFormat();
    // NameIDFormat is "transient"
    if (SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(nameIDFormat)) {
        return (String) IDPCache.userIDByTransientNameIDValue.get(nameID.getValue());
    } else // NameIDFormat is "unspecified"
    if (SAML2Constants.UNSPECIFIED.equals(nameIDFormat)) {
        Map userIDsSearchMap = new HashMap();
        Set userIDValuesSet = new HashSet();
        userIDValuesSet.add(nameID.getValue());
        String userId = "uid";
        IDPSSOConfigElement config = SAML2Utils.getSAML2MetaManager().getIDPSSOConfig(realm, attrAuthorityEntityID);
        Map attrs = SAML2MetaUtils.getAttributes(config);
        List nimAttrs = (List) attrs.get(SAML2Constants.NAME_ID_FORMAT_MAP);
        for (Iterator i = nimAttrs.iterator(); i.hasNext(); ) {
            String attrName = (String) i.next();
            if (attrName != null && attrName.length() > 2 && attrName.startsWith(nameIDFormat)) {
                int eqPos = attrName.indexOf('=');
                if (eqPos != -1 && eqPos < attrName.length() - 2) {
                    userId = attrName.substring(eqPos + 1);
                    SAML2Utils.debug.message("AttributeQueryUtil.getIdentity: NameID attribute from map: " + userId);
                    break;
                }
            }
        }
        userIDsSearchMap.put(userId, userIDValuesSet);
        try {
            return dsProvider.getUserID(realm, userIDsSearchMap);
        } catch (DataStoreProviderException dse) {
            SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStore1:", dse);
            throw new SAML2Exception(dse.getMessage());
        }
    } else {
        String requestedEntityID = attrQuery.getIssuer().getValue();
        try {
            return dsProvider.getUserID(realm, SAML2Utils.getNameIDKeyMap(nameID, attrAuthorityEntityID, requestedEntityID, realm, SAML2Constants.IDP_ROLE));
        } catch (DataStoreProviderException dse) {
            SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStore:", dse);
            throw new SAML2Exception(dse.getMessage());
        }
    }
}
Also used : DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) Set(java.util.Set) HashSet(java.util.HashSet) NameID(com.sun.identity.saml2.assertion.NameID) HashMap(java.util.HashMap) IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement) EncryptedID(com.sun.identity.saml2.assertion.EncryptedID) Subject(com.sun.identity.saml2.assertion.Subject) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList) Map(java.util.Map) HashMap(java.util.HashMap) HashSet(java.util.HashSet)

Example 19 with Subject

use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.

the class SubjectQueryAbstractImpl method parseDOMChileElements.

/** 
     * Parses child elements of the Docuemnt Element for this object.
     * 
     * @param iter the child elements iterator.
     * @throws SAML2Exception if error parsing the Document Element.
     */
protected void parseDOMChileElements(ListIterator iter) throws SAML2Exception {
    super.parseDOMChileElements(iter);
    if (iter.hasNext()) {
        Element childElement = (Element) iter.next();
        String localName = childElement.getLocalName();
        if (SAML2Constants.SUBJECT.equals(localName)) {
            subject = AssertionFactory.getInstance().createSubject(childElement);
            return;
        }
    }
    if (SAML2SDKUtils.debug.messageEnabled()) {
        SAML2SDKUtils.debug.message("SubjectQueryAbstractImpl." + "parseDOMChileElements: Subject is expected");
    }
    throw new SAML2Exception(SAML2SDKUtils.bundle.getString("schemaViolation"));
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Element(org.w3c.dom.Element)

Example 20 with Subject

use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.

the class XACMLRequestProcessor method processRequest.

/**
     * Processes an XACML context Request and returns an XACML context 
     * Response. 
     *
     * @param xacmlRequest XACML context Request. This describes the
     *        Resource(s), Subject(s), Action, Environment of the request
     *        and corresponds to XACML context schema element Request.
     *        One would contruct this Request object using XACML client SDK.
     *
     * @param pdpEntityId EntityID of PDP
     * @param pepEntityId EntityID of PEP
     * @return XACML context Response. This corresponds to 
     *               XACML context schema element Response
     * @exception XACMLException if request could not be processed 
     */
public Response processRequest(Request xacmlRequest, String pdpEntityId, String pepEntityId) throws XACMLException, SAML2Exception {
    if (XACMLSDKUtils.debug.messageEnabled()) {
        XACMLSDKUtils.debug.message("XACMLRequestProcessor.processRequest(), entering" + ":pdpEntityId=" + pdpEntityId + ":pepEntityId=" + pepEntityId + ":xacmlRequest=\n" + xacmlRequest.toXMLString(true, true));
    }
    XACMLAuthzDecisionQuery samlpQuery = createXACMLAuthzDecisionQuery(xacmlRequest);
    //set InputContextOnly
    samlpQuery.setInputContextOnly(true);
    //set ReturnContext
    samlpQuery.setReturnContext(true);
    if (XACMLSDKUtils.debug.messageEnabled()) {
        XACMLSDKUtils.debug.message("XACMLRequestProcessor.processRequest()," + "samlpQuery=\n" + samlpQuery.toXMLString(true, true));
    }
    com.sun.identity.saml2.protocol.Response samlpResponse = QueryClient.processXACMLQuery(samlpQuery, pepEntityId, pdpEntityId);
    if (XACMLSDKUtils.debug.messageEnabled()) {
        XACMLSDKUtils.debug.message("XACMLRequestProcessor.processRequest()," + ":samlpResponse=\n" + samlpResponse.toXMLString(true, true));
    }
    Response xacmlResponse = null;
    List assertions = samlpResponse.getAssertion();
    if (assertions != null) {
        Assertion assertion = (Assertion) (assertions.get(0));
        if (assertion != null) {
            List statements = assertion.getStatements();
            if (statements.size() > 0) {
                String statementString = (String) (statements.get(0));
                if (statementString != null) {
                    XACMLAuthzDecisionStatement statement = ContextFactory.getInstance().createXACMLAuthzDecisionStatement(statementString);
                    if (XACMLSDKUtils.debug.messageEnabled()) {
                        XACMLSDKUtils.debug.message("XACMLRequestProcessor.processRequest()," + ":xacmlAuthzDecisionStatement=\n" + statement.toXMLString(true, true));
                    }
                    if (statement != null) {
                        xacmlResponse = statement.getResponse();
                        if (xacmlResponse != null) {
                            if (XACMLSDKUtils.debug.messageEnabled()) {
                                XACMLSDKUtils.debug.message("XACMLRequestProcessor.processRequest()" + ",returning :xacmlResponse=\n" + xacmlResponse.toXMLString(true, true));
                            }
                            return xacmlResponse;
                        }
                    }
                }
            }
        }
    }
    return null;
}
Also used : Response(com.sun.identity.xacml.context.Response) XACMLAuthzDecisionStatement(com.sun.identity.xacml.saml2.XACMLAuthzDecisionStatement) Assertion(com.sun.identity.saml2.assertion.Assertion) XACMLAuthzDecisionQuery(com.sun.identity.xacml.saml2.XACMLAuthzDecisionQuery) List(java.util.List)

Aggregations

SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)19 Subject (com.sun.identity.saml2.assertion.Subject)15 ArrayList (java.util.ArrayList)15 List (java.util.List)14 Date (java.util.Date)10 NameID (com.sun.identity.saml2.assertion.NameID)9 Assertion (com.sun.identity.saml2.assertion.Assertion)8 AttributeStatement (com.sun.identity.saml2.assertion.AttributeStatement)6 EncryptedAssertion (com.sun.identity.saml2.assertion.EncryptedAssertion)6 EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)6 SubjectConfirmation (com.sun.identity.saml2.assertion.SubjectConfirmation)6 Map (java.util.Map)6 Issuer (com.sun.identity.saml2.assertion.Issuer)5 HashMap (java.util.HashMap)5 Element (org.w3c.dom.Element)5 AssertionFactory (com.sun.identity.saml2.assertion.AssertionFactory)4 AuthnStatement (com.sun.identity.saml2.assertion.AuthnStatement)4 SubjectConfirmationData (com.sun.identity.saml2.assertion.SubjectConfirmationData)4 Node (org.w3c.dom.Node)4 NodeList (org.w3c.dom.NodeList)4