Search in sources :

Example 11 with StatusCode

use of com.sun.identity.saml2.protocol.StatusCode in project OpenAM by OpenRock.

the class SPACSUtils method getResponseFromSOAP.

/**
     * Obtains <code>SAML Response</code> from <code>SOAPBody</code>.
     * Used by Artifact profile.
     */
private static Response getResponseFromSOAP(SOAPMessage resMsg, ArtifactResolve resolve, HttpServletRequest request, HttpServletResponse response, String idpEntityID, IDPSSODescriptorElement idp, String orgName, String hostEntityId, SAML2MetaManager sm) throws SAML2Exception, IOException {
    String method = "SPACSUtils.getResponseFromSOAP:";
    Element resElem = null;
    try {
        resElem = SOAPCommunicator.getInstance().getSamlpElement(resMsg, "ArtifactResponse");
    } catch (SAML2Exception se) {
        String[] data = { idpEntityID };
        LogUtil.error(Level.INFO, LogUtil.SOAP_ERROR, data, null);
        SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "soapError", se.getMessage());
        throw se;
    }
    ArtifactResponse artiResp = null;
    try {
        artiResp = ProtocolFactory.getInstance().createArtifactResponse(resElem);
    } catch (SAML2Exception se) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(method + "Couldn't create " + "ArtifactResponse:", se);
        }
        String[] data = { idpEntityID };
        LogUtil.error(Level.INFO, LogUtil.CANNOT_INSTANTIATE_ARTIFACT_RESPONSE, data, null);
        SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "failedToCreateArtifactResponse", se.getMessage());
        throw se;
    }
    if (artiResp == null) {
        String[] data = { idpEntityID };
        LogUtil.error(Level.INFO, LogUtil.MISSING_ARTIFACT_RESPONSE, data, null);
        SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "missingArtifactResponse", SAML2Utils.bundle.getString("missingArtifactResponse"));
        throw new SAML2Exception(SAML2Utils.bundle.getString("missingArtifactResponse"));
    } else {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(method + "Received ArtifactResponse:" + artiResp.toXMLString(true, true));
        }
    }
    // verify ArtifactResponse
    String wantArtiRespSigned = getAttributeValueFromSPSSOConfig(orgName, hostEntityId, sm, SAML2Constants.WANT_ARTIFACT_RESPONSE_SIGNED);
    if (wantArtiRespSigned != null && wantArtiRespSigned.equals("true")) {
        Set<X509Certificate> verificationCerts = KeyUtil.getVerificationCerts(idp, idpEntityID, SAML2Constants.IDP_ROLE);
        if (!artiResp.isSigned() || !artiResp.isSignatureValid(verificationCerts)) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(method + "ArtifactResponse's signature is invalid.");
            }
            String[] data = { idpEntityID };
            LogUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_SIGNATURE, data, null);
            SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "invalidSignature", SAML2Utils.bundle.getString("invalidSignature"));
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignature"));
        }
    }
    String inResponseTo = artiResp.getInResponseTo();
    if (inResponseTo == null || !inResponseTo.equals(resolve.getID())) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(method + "ArtifactResponse's InResponseTo is invalid.");
        }
        String[] data = { idpEntityID };
        LogUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_INRESPONSETO, data, null);
        SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "invalidInResponseTo", SAML2Utils.bundle.getString("invalidInResponseTo"));
        throw new SAML2Exception(SAML2Utils.bundle.getString("invalidInResponseTo"));
    }
    Issuer idpIssuer = artiResp.getIssuer();
    if (idpIssuer == null || !idpIssuer.getValue().equals(idpEntityID)) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(method + "ArtifactResponse's Issuer is invalid.");
        }
        String[] data = { idpEntityID };
        LogUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_ISSUER, data, null);
        SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "invalidIssuer", SAML2Utils.bundle.getString("invalidIssuer"));
        throw new SAML2Exception(SAML2Utils.bundle.getString("invalidIssuer"));
    }
    // check time?
    Status status = artiResp.getStatus();
    if (status == null || !status.getStatusCode().getValue().equals(SAML2Constants.SUCCESS)) {
        String statusCode = (status == null) ? "" : status.getStatusCode().getValue();
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(method + "ArtifactResponse's status code is not success." + statusCode);
        }
        String[] data = { idpEntityID, "" };
        if (LogUtil.isErrorLoggable(Level.FINE)) {
            data[1] = statusCode;
        }
        LogUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_STATUS_CODE, data, null);
        SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "invalidStatusCode", SAML2Utils.bundle.getString("invalidStatusCode"));
        throw new SAML2Exception(SAML2Utils.bundle.getString("invalidStatusCode"));
    }
    try {
        return ProtocolFactory.getInstance().createResponse(artiResp.getAny());
    } catch (SAML2Exception se) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(method + "couldn't instantiate Response:", se);
        }
        String[] data = { idpEntityID };
        LogUtil.error(Level.INFO, LogUtil.CANNOT_INSTANTIATE_RESPONSE_ARTIFACT, data, null);
        SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "failedToCreateResponse", se.getMessage());
        throw se;
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Status(com.sun.identity.saml2.protocol.Status) Issuer(com.sun.identity.saml2.assertion.Issuer) ArtifactResponse(com.sun.identity.saml2.protocol.ArtifactResponse) SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement) ArtifactResolutionServiceElement(com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement) Element(org.w3c.dom.Element) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement) X509Certificate(java.security.cert.X509Certificate)

Example 12 with StatusCode

use of com.sun.identity.saml2.protocol.StatusCode in project OpenAM by OpenRock.

the class IDPSingleLogout method getLogoutStatus.

private static int getLogoutStatus(LogoutResponse logoutRes) {
    StatusCode statusCode = logoutRes.getStatus().getStatusCode();
    String code = statusCode.getValue();
    if (code.equals(SAML2Constants.SUCCESS)) {
        return SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS;
    } else {
        return SingleLogoutManager.LOGOUT_FAILED_STATUS;
    }
}
Also used : StatusCode(com.sun.identity.saml2.protocol.StatusCode)

Example 13 with StatusCode

use of com.sun.identity.saml2.protocol.StatusCode in project OpenAM by OpenRock.

the class StatusCodeImpl method parseElement.

/* Parses the <code>StatusCode</code> Element. */
private void parseElement(Element element) throws SAML2Exception {
    ProtocolFactory protoFactory = ProtocolFactory.getInstance();
    statusCodeValue = element.getAttribute(SAML2Constants.VALUE);
    validateStatusCodeValue(statusCodeValue);
    NodeList nList = element.getChildNodes();
    if ((nList != null) && (nList.getLength() > 0)) {
        for (int i = 0; i < nList.getLength(); i++) {
            Node childNode = nList.item(i);
            String cName = childNode.getLocalName();
            if (cName != null) {
                if (cName.equals(SAML2Constants.STATUS_CODE)) {
                    statusCode = protoFactory.createStatusCode((Element) childNode);
                }
            }
        }
    }
}
Also used : ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) Element(org.w3c.dom.Element)

Example 14 with StatusCode

use of com.sun.identity.saml2.protocol.StatusCode in project OpenAM by OpenRock.

the class StatusImpl method parseElement.

/* Parses the <code>Status</code> Element. */
private void parseElement(Element element) throws SAML2Exception {
    ProtocolFactory protoFactory = ProtocolFactory.getInstance();
    NodeList nList = element.getChildNodes();
    if ((nList != null) && (nList.getLength() > 0)) {
        for (int i = 0; i < nList.getLength(); i++) {
            Node childNode = nList.item(i);
            String cName = childNode.getLocalName();
            if (cName != null) {
                if (cName.equals(SAML2Constants.STATUS_CODE)) {
                    statusCode = protoFactory.createStatusCode((Element) childNode);
                    validateStatusCode(statusCode);
                } else if (cName.equals(SAML2Constants.STATUS_MESSAGE)) {
                    statusMessage = XMLUtils.getElementString((Element) childNode);
                } else if (cName.equals(SAML2Constants.STATUS_DETAIL)) {
                    statusDetail = protoFactory.createStatusDetail((Element) childNode);
                }
            }
        }
    }
}
Also used : ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) Element(org.w3c.dom.Element)

Example 15 with StatusCode

use of com.sun.identity.saml2.protocol.StatusCode in project OpenAM by OpenRock.

the class StatusImpl method toXMLString.

/**
     * Returns the <code>Status</code> in an XML document String format
     * based on the <code>Status</code> schema described above.
     *
     * @param includeNSPrefix Determines whether or not the namespace qualifier
     *        is prepended to the Element when converted
     * @param declareNS Determines whether or not the namespace is declared
     *        within the Element.
     * @return A XML String representing the <code>Status</code>.
     * @throws SAML2Exception if some error occurs during conversion to
     *         <code>String</code>.
     */
public String toXMLString(boolean includeNSPrefix, boolean declareNS) throws SAML2Exception {
    String xmlStr = null;
    if (statusCode != null) {
        StringBuffer xmlString = new StringBuffer(500);
        xmlString.append(SAML2Constants.START_TAG);
        if (includeNSPrefix) {
            xmlString.append(SAML2Constants.PROTOCOL_PREFIX);
        }
        xmlString.append(SAML2Constants.STATUS);
        if (declareNS) {
            xmlString.append(SAML2Constants.PROTOCOL_DECLARE_STR);
        }
        xmlString.append(SAML2Constants.END_TAG);
        xmlString.append(SAML2Constants.NEWLINE).append(statusCode.toXMLString(includeNSPrefix, declareNS));
        if ((statusMessage != null) && (statusMessage.length() != 0)) {
            ProtocolFactory protoFactory = ProtocolFactory.getInstance();
            StatusMessage sMessage = protoFactory.createStatusMessage(statusMessage);
            xmlString.append(SAML2Constants.NEWLINE).append(sMessage.toXMLString(includeNSPrefix, declareNS));
        }
        if (statusDetail != null) {
            xmlString.append(SAML2Constants.NEWLINE).append(statusDetail.toXMLString(includeNSPrefix, declareNS));
        }
        xmlString.append(SAML2Constants.NEWLINE).append(SAML2Constants.SAML2_END_TAG).append(SAML2Constants.STATUS).append(SAML2Constants.END_TAG);
        xmlStr = xmlString.toString();
    }
    return xmlStr;
}
Also used : ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory) StatusMessage(com.sun.identity.saml2.protocol.StatusMessage)

Aggregations

SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)8 Status (com.sun.identity.saml2.protocol.Status)8 StatusCode (com.sun.identity.saml2.protocol.StatusCode)8 ArrayList (java.util.ArrayList)8 List (java.util.List)8 Issuer (com.sun.identity.saml2.assertion.Issuer)7 Date (java.util.Date)7 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)6 ProtocolFactory (com.sun.identity.saml2.protocol.ProtocolFactory)6 Assertion (com.sun.identity.saml2.assertion.Assertion)5 Response (com.sun.identity.saml2.protocol.Response)5 HttpServletResponse (javax.servlet.http.HttpServletResponse)5 Element (org.w3c.dom.Element)5 EncryptedAssertion (com.sun.identity.saml2.assertion.EncryptedAssertion)4 SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)4 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)3 X509Certificate (java.security.cert.X509Certificate)3 Map (java.util.Map)3 SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)2 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)2