use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.
the class DoManageNameID method signMNIRequest.
private static void signMNIRequest(ManageNameIDRequest mniRequest, String realm, String hostEntity, String hostEntityRole, String remoteEntity, boolean includeCert) throws SAML2Exception {
String method = "signMNIRequest : ";
boolean needRequestSign = false;
if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
needRequestSign = SAML2Utils.getWantMNIRequestSigned(realm, remoteEntity, SAML2Constants.SP_ROLE);
} else {
needRequestSign = SAML2Utils.getWantMNIRequestSigned(realm, remoteEntity, SAML2Constants.IDP_ROLE);
}
if (!needRequestSign) {
if (debug.messageEnabled()) {
debug.message(method + "MNIRequest doesn't need to be signed.");
}
return;
}
String alias = SAML2Utils.getSigningCertAlias(realm, hostEntity, hostEntityRole);
if (debug.messageEnabled()) {
debug.message(method + "realm is : " + realm);
debug.message(method + "hostEntity is : " + hostEntity);
debug.message(method + "Host Entity role is : " + hostEntityRole);
debug.message(method + "remoteEntity is : " + remoteEntity);
debug.message(method + "Cert Alias is : " + alias);
debug.message(method + "MNI Request before sign : " + mniRequest.toXMLString(true, true));
}
PrivateKey signingKey = keyProvider.getPrivateKey(alias);
X509Certificate signingCert = null;
if (includeCert) {
signingCert = keyProvider.getX509Certificate(alias);
}
if (signingKey != null) {
mniRequest.sign(signingKey, signingCert);
} else {
logError("missingSigningCertAlias", LogUtil.METADATA_ERROR, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
}
if (debug.messageEnabled()) {
debug.message(method + "MNI Request after sign : " + mniRequest.toXMLString(true, true));
}
}
use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.
the class DoManageNameID method getNameIDFromMNIRequest.
private static NameID getNameIDFromMNIRequest(ManageNameIDRequest request, String realm, String hostEntity, String hostEntityRole) throws SAML2Exception {
String method = "DoManageNameID.getNameIDFromMNIRequest: ";
boolean needDecryptIt = SAML2Utils.getWantNameIDEncrypted(realm, hostEntity, hostEntityRole);
if (!needDecryptIt) {
if (debug.messageEnabled()) {
debug.message(method + "NamID doesn't need to be decrypted.");
}
return request.getNameID();
}
if (debug.messageEnabled()) {
debug.message(method + "realm is : " + realm);
debug.message(method + "hostEntity is : " + hostEntity);
debug.message(method + "Host Entity role is : " + hostEntityRole);
}
EncryptedID encryptedID = request.getEncryptedID();
return encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, hostEntity, hostEntityRole));
}
use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.
the class SAML2IDPProxyImpl method getPreferredIDP.
/**
* Returns a list of preferred IDP providerIDs.
* @param authnRequest original authnrequest
* @param hostProviderID ProxyIDP providerID.
* @param realm Realm
* @param request HttpServletRequest
* @param response HttpServletResponse
* @return a list of providerID's of the authenticating providers to be
* proxied or <code>null</code> to disable the proxying and continue
* for the localauthenticating provider.
* @exception SAML2Exception if error occurs.
*/
public List getPreferredIDP(AuthnRequest authnRequest, String hostProviderID, String realm, HttpServletRequest request, HttpServletResponse response) throws SAML2Exception {
String classMethod = "SAML2IDPProxyImpl.getPreferredIDP:";
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "Init.");
}
try {
SAML2MetaManager sm = new SAML2MetaManager();
// Retreive MetaData
if (sm == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("errorMetaManager"));
}
SPSSOConfigElement spEntityCfg = sm.getSPSSOConfig(realm, authnRequest.getIssuer().getValue());
Map spConfigAttrsMap = null;
if (spEntityCfg != null) {
spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg);
}
String useIntroductionForProxying = SPSSOFederate.getParameter(spConfigAttrsMap, SAML2Constants.USE_INTRODUCTION_FOR_IDP_PROXY);
List providerIDs = new ArrayList();
if (useIntroductionForProxying == null || !useIntroductionForProxying.equals("true")) {
List proxyIDPs = null;
if ((spConfigAttrsMap != null) && (!spConfigAttrsMap.isEmpty())) {
proxyIDPs = (List) spConfigAttrsMap.get(SAML2Constants.IDP_PROXY_LIST);
}
if (proxyIDPs == null || proxyIDPs.isEmpty()) {
SAML2Utils.debug.error("SAML2IDPProxyImpl.getPrefferedIDP:" + "Preferred IDPs are null.");
return null;
}
providerIDs.add(proxyIDPs.iterator().next());
return providerIDs;
} else {
/* IDP Proxy with introduction cookie case*/
String idpEntityID = null;
List cotList = (List) spConfigAttrsMap.get("cotlist");
String cotListStr = (String) cotList.iterator().next();
CircleOfTrustManager cotManager = new CircleOfTrustManager();
CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotListStr);
String readerURL = cotDesc.getSAML2ReaderServiceURL();
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "SAMLv2 idp" + "discovery reader URL = " + readerURL);
}
if (readerURL != null && (!readerURL.equals(""))) {
String rID = SAML2Utils.generateID();
String redirectURL = SAML2Utils.getRedirectURL(readerURL, rID, request);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.error(classMethod + "Redirect url = " + redirectURL);
}
if (redirectURL != null) {
response.sendRedirect(redirectURL);
Map aMap = new HashMap();
SPCache.reqParamHash.put(rID, aMap);
providerIDs.add(rID);
return providerIDs;
}
}
}
return null;
} catch (SAML2MetaException ex) {
SAML2Utils.debug.error(classMethod + "meta Exception in retrieving the preferred IDP", ex);
return null;
} catch (COTException sme) {
SAML2Utils.debug.error(classMethod + "Error retreiving COT ", sme);
return null;
} catch (Exception e) {
SAML2Utils.debug.error(classMethod + "Exception in retrieving the preferred IDP", e);
return null;
}
}
use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.
the class AssertionIDRequestUtil method sendAssertionIDRequestURI.
/**
* Sends the Assertion ID to specifiied Assertion ID Request Service and
* returns <code>Assertion</code> coming from the Assertion ID Request
* Service.
*
* @param assertionID the asssertionID</code> object
* @param samlAuthorityEntityID entity ID of SAML authority
* @param role SAML authority role, for example,
* <code>SAML2Constants.ATTR_AUTH_ROLE</code>,
* <code>SAML2Constants.AUTHN_AUTH_ROLE</code> or
* <code>SAML2Constants.IDP_ROLE</code>
* @param realm the realm of hosted entity
*
* @return the <code>Assertion</code> object
* @exception SAML2Exception if the operation is not successful
*
* @supported.api
*/
public static Assertion sendAssertionIDRequestURI(String assertionID, String samlAuthorityEntityID, String role, String realm) throws SAML2Exception {
StringBuffer locationSB = new StringBuffer();
getRoleDescriptorAndLocation(samlAuthorityEntityID, role, realm, SAML2Constants.URI, locationSB);
if (locationSB.indexOf("?") == -1) {
locationSB.append("?");
} else {
locationSB.append("&");
}
locationSB.append("ID=").append(assertionID);
String location = fillInBasicAuthInfo(locationSB.toString(), realm, samlAuthorityEntityID, role);
URL url = null;
try {
url = new URL(location);
} catch (MalformedURLException me) {
throw new SAML2Exception(me.getMessage());
}
try {
HttpURLConnection conn = HttpURLConnectionManager.getConnection(url);
conn.setInstanceFollowRedirects(false);
conn.setUseCaches(false);
conn.setDoOutput(false);
conn.connect();
int respCode = conn.getResponseCode();
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AssertionIDRequestUtil.sendAssertionIDRequestURI: " + "Response code = " + respCode + ", Response message = " + conn.getResponseMessage());
}
if (respCode != HttpURLConnection.HTTP_OK) {
return null;
}
String contentType = conn.getContentType();
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AssertionIDRequestUtil.sendAssertionIDRequestURI: " + "Content type = " + contentType);
}
if ((contentType == null) || (contentType.indexOf(MIME_TYPE_ASSERTION) == -1)) {
return null;
}
int contentLength = conn.getContentLength();
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AssertionIDRequestUtil.sendAssertionIDRequestURI: " + "Content length = " + contentLength);
}
BufferedInputStream bin = new BufferedInputStream(conn.getInputStream());
StringBuffer contentSB = new StringBuffer();
byte[] content = new byte[2048];
if (contentLength != -1) {
int read = 0, totalRead = 0;
int left;
while (totalRead < contentLength) {
left = contentLength - totalRead;
read = bin.read(content, 0, left < content.length ? left : content.length);
if (read == -1) {
// We need to close connection !!
break;
} else {
if (read > 0) {
totalRead += read;
contentSB.append(new String(content, 0, read));
}
}
}
} else {
int numbytes;
int totalRead = 0;
while (true) {
numbytes = bin.read(content);
if (numbytes == -1) {
break;
}
totalRead += numbytes;
contentSB.append(new String(content, 0, numbytes));
}
}
return AssertionFactory.getInstance().createAssertion(contentSB.toString());
} catch (IOException ioex) {
SAML2Utils.debug.error("AssertionIDRequest.sendAssertionIDRequestURI:", ioex);
throw new SAML2Exception(ioex.getMessage());
}
}
use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.
the class AssertionIDRequestUtil method getRoleDescriptorAndLocation.
private static RoleDescriptorType getRoleDescriptorAndLocation(String samlAuthorityEntityID, String role, String realm, String binding, StringBuffer location) throws SAML2Exception {
List aIDReqServices = null;
RoleDescriptorType roled = null;
try {
if (role == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedRole"));
} else if (role.equals(SAML2Constants.IDP_ROLE)) {
IDPSSODescriptorElement idpd = metaManager.getIDPSSODescriptor(realm, samlAuthorityEntityID);
if (idpd == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("idpNotFound"));
}
aIDReqServices = idpd.getAssertionIDRequestService();
roled = idpd;
} else if (role.equals(SAML2Constants.AUTHN_AUTH_ROLE)) {
AuthnAuthorityDescriptorElement attrd = metaManager.getAuthnAuthorityDescriptor(realm, samlAuthorityEntityID);
if (attrd == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("authnAuthorityNotFound"));
}
aIDReqServices = attrd.getAssertionIDRequestService();
roled = attrd;
} else if (role.equals(SAML2Constants.ATTR_AUTH_ROLE)) {
AttributeAuthorityDescriptorElement aad = metaManager.getAttributeAuthorityDescriptor(realm, samlAuthorityEntityID);
if (aad == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("attrAuthorityNotFound"));
}
aIDReqServices = aad.getAssertionIDRequestService();
roled = aad;
} else {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedRole"));
}
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error("AssertionIDRequest.getRoleDescriptorAndLocation:", sme);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
if (binding == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
if ((aIDReqServices == null) || (aIDReqServices.isEmpty())) {
throw new SAML2Exception(SAML2Utils.bundle.getString("aIDReqServiceNotFound"));
}
for (Iterator iter = aIDReqServices.iterator(); iter.hasNext(); ) {
AssertionIDRequestServiceElement aIDReqService = (AssertionIDRequestServiceElement) iter.next();
if (binding.equalsIgnoreCase(aIDReqService.getBinding())) {
location.append(aIDReqService.getLocation());
break;
}
}
if (location.length() == 0) {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
return roled;
}
Aggregations