Example 1 with Attribute
use of ddf.security.assertion.Attribute in project ddf by codice.
the class SecurityAssertionSaml method parseToken.
/**
* Parses the SecurityToken by wrapping within an AssertionWrapper.
*
* @param samlAssertion SecurityToken
*/
private void parseToken(Element samlAssertion) {
XMLStreamReader xmlStreamReader = StaxUtils.createXMLStreamReader(samlAssertion);
try {
AttributeStatement attributeStatement = null;
AuthenticationStatement authenticationStatement = null;
Attribute attribute = null;
int attrs = 0;
while (xmlStreamReader.hasNext()) {
int event = xmlStreamReader.next();
switch(event) {
case XMLStreamConstants.START_ELEMENT:
{
String localName = xmlStreamReader.getLocalName();
switch(localName) {
case NameID.DEFAULT_ELEMENT_LOCAL_NAME:
name = xmlStreamReader.getElementText();
for (int i = 0; i < xmlStreamReader.getAttributeCount(); i++) {
if (xmlStreamReader.getAttributeLocalName(i).equals(NameID.FORMAT_ATTRIB_NAME)) {
nameIDFormat = xmlStreamReader.getAttributeValue(i);
break;
}
}
break;
case org.opensaml.saml.saml2.core.AttributeStatement.DEFAULT_ELEMENT_LOCAL_NAME:
attributeStatement = new AttributeStatementSaml();
attributeStatements.add(attributeStatement);
break;
case AuthnStatement.DEFAULT_ELEMENT_LOCAL_NAME:
authenticationStatement = new AuthenticationStatementSaml();
authenticationStatements.add(authenticationStatement);
attrs = xmlStreamReader.getAttributeCount();
for (int i = 0; i < attrs; i++) {
String name = xmlStreamReader.getAttributeLocalName(i);
String value = xmlStreamReader.getAttributeValue(i);
if (AuthnStatement.AUTHN_INSTANT_ATTRIB_NAME.equals(name)) {
authenticationStatement.setAuthnInstant(DateTime.parse(value));
}
if (AuthnStatement.SESSION_INDEX_ATTRIB_NAME.equals(name)) {
authenticationStatement.setSessionIndex(value);
}
}
break;
case AuthnContextClassRef.DEFAULT_ELEMENT_LOCAL_NAME:
if (authenticationStatement != null) {
String classValue = xmlStreamReader.getText();
classValue = classValue.trim();
authenticationStatement.setAuthnContextClassRef(classValue);
}
break;
case org.opensaml.saml.saml2.core.Attribute.DEFAULT_ELEMENT_LOCAL_NAME:
attribute = new AttributeSaml();
if (attributeStatement != null) {
attributeStatement.addAttribute(attribute);
}
attrs = xmlStreamReader.getAttributeCount();
for (int i = 0; i < attrs; i++) {
String name = xmlStreamReader.getAttributeLocalName(i);
String value = xmlStreamReader.getAttributeValue(i);
if (org.opensaml.saml.saml2.core.Attribute.NAME_ATTTRIB_NAME.equals(name)) {
attribute.setName(value);
} else if (org.opensaml.saml.saml2.core.Attribute.NAME_FORMAT_ATTRIB_NAME.equals(name)) {
attribute.setNameFormat(value);
}
}
break;
case AttributeValue.DEFAULT_ELEMENT_LOCAL_NAME:
if (attribute != null) {
attribute.addValue(xmlStreamReader.getElementText());
}
break;
case Issuer.DEFAULT_ELEMENT_LOCAL_NAME:
issuer = xmlStreamReader.getElementText();
break;
case Conditions.DEFAULT_ELEMENT_LOCAL_NAME:
attrs = xmlStreamReader.getAttributeCount();
for (int i = 0; i < attrs; i++) {
String name = xmlStreamReader.getAttributeLocalName(i);
String value = xmlStreamReader.getAttributeValue(i);
if (Conditions.NOT_BEFORE_ATTRIB_NAME.equals(name)) {
notBefore = DatatypeConverter.parseDateTime(value).getTime();
} else if (Conditions.NOT_ON_OR_AFTER_ATTRIB_NAME.equals(name)) {
notOnOrAfter = DatatypeConverter.parseDateTime(value).getTime();
}
}
break;
case SubjectConfirmation.DEFAULT_ELEMENT_LOCAL_NAME:
attrs = xmlStreamReader.getAttributeCount();
for (int i = 0; i < attrs; i++) {
String name = xmlStreamReader.getAttributeLocalName(i);
String value = xmlStreamReader.getAttributeValue(i);
if (SubjectConfirmation.METHOD_ATTRIB_NAME.equals(name)) {
subjectConfirmations.add(value);
}
}
break;
case Assertion.DEFAULT_ELEMENT_LOCAL_NAME:
attrs = xmlStreamReader.getAttributeCount();
for (int i = 0; i < attrs; i++) {
String name = xmlStreamReader.getAttributeLocalName(i);
String value = xmlStreamReader.getAttributeValue(i);
if (Assertion.VERSION_ATTRIB_NAME.equals(name)) {
if ("2.0".equals(value)) {
tokenType = SAML2_TOKEN_TYPE;
} else if ("1.1".equals(value)) {
tokenType = SAML1_TOKEN_TYPE;
}
}
}
}
break;
}
case XMLStreamConstants.END_ELEMENT:
{
String localName = xmlStreamReader.getLocalName();
switch(localName) {
case org.opensaml.saml.saml2.core.AttributeStatement.DEFAULT_ELEMENT_LOCAL_NAME:
attributeStatement = null;
break;
case org.opensaml.saml.saml2.core.Attribute.DEFAULT_ELEMENT_LOCAL_NAME:
attribute = null;
break;
default:
break;
}
break;
}
}
}
} catch (XMLStreamException e) {
LOGGER.info("Unable to parse security token.", e);
} finally {
try {
xmlStreamReader.close();
} catch (XMLStreamException ignore) {
// ignore
}
}
}
Also used :
XMLStreamReader(javax.xml.stream.XMLStreamReader)
XMLStreamException(javax.xml.stream.XMLStreamException)
Attribute(ddf.security.assertion.Attribute)
AttributeStatement(ddf.security.assertion.AttributeStatement)
AuthenticationStatement(ddf.security.assertion.AuthenticationStatement)
Example 2 with Attribute
use of ddf.security.assertion.Attribute in project ddf by codice.
the class SecurityAssertionSaml method toString.
/*
* (non-Javadoc)
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder result = new StringBuilder();
result.append("Principal: ");
result.append(getPrincipal());
result.append(", Attributes: ");
for (AttributeStatement attributeStatement : getAttributeStatements()) {
for (Attribute attr : attributeStatement.getAttributes()) {
result.append("[ ");
result.append(attr.getName());
result.append(" : ");
for (int i = 0; i < attr.getValues().size(); i++) {
result.append(attr.getValues().get(i));
}
result.append("] ");
}
}
// add this back in when we support parsing this information
result.append(", AuthnStatements: ");
for (AuthenticationStatement authStatement : getAuthnStatements()) {
result.append("[ ");
result.append(authStatement.getAuthnInstant());
result.append(" : ");
result.append(authStatement.getAuthnContextClassRef());
result.append("] ");
}
return result.toString();
}
Also used :
Attribute(ddf.security.assertion.Attribute)
AttributeStatement(ddf.security.assertion.AttributeStatement)
AuthenticationStatement(ddf.security.assertion.AuthenticationStatement)
Example 3 with Attribute
use of ddf.security.assertion.Attribute in project ddf by codice.
the class PKIRealmTest method testDoGetAuthenticationInfo.
@Test
public void testDoGetAuthenticationInfo() {
BaseAuthenticationToken authenticationToken = mock(BaseAuthenticationToken.class);
X509Certificate[] certificates = new X509Certificate[1];
certificates[0] = mock(X509Certificate.class);
X500Principal x500Principal = new X500Principal("cn=myxman,ou=someunit,o=someorg");
when(authenticationToken.getCredentials()).thenReturn(certificates);
when(authenticationToken.getPrincipal()).thenReturn(x500Principal);
when(authenticationToken.getType()).thenReturn(AuthenticationTokenType.PKI);
AuthenticationInfo authenticationInfo = pkiRealm.doGetAuthenticationInfo(authenticationToken);
assertThat(authenticationInfo.getCredentials(), is(certificates));
SecurityAssertion assertion = authenticationInfo.getPrincipals().oneByType(SecurityAssertion.class);
assertNotNull(assertion);
assertThat(assertion.getPrincipal(), is(x500Principal));
AttributeStatement attributeStatement = assertion.getAttributeStatements().get(0);
assertNotNull(attributeStatement);
assertThat(attributeStatement.getAttributes().size(), greaterThan(0));
Attribute attribute = attributeStatement.getAttributes().get(0);
assertThat(attribute.getName(), is("email"));
assertThat(attribute.getValues().size(), is(2));
assertThat(attribute.getValues(), contains("tester@example.com", "test@example.com"));
}
Also used :
Attribute(ddf.security.assertion.Attribute)
AttributeStatement(ddf.security.assertion.AttributeStatement)
BaseAuthenticationToken(org.codice.ddf.security.handler.BaseAuthenticationToken)
X500Principal(javax.security.auth.x500.X500Principal)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
X509Certificate(java.security.cert.X509Certificate)
AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo)
Test(org.junit.Test)
Example 4 with Attribute
use of ddf.security.assertion.Attribute in project ddf by codice.
the class SubjectUtilsTest method getSubjectWithAttributes.
private ddf.security.Subject getSubjectWithAttributes(Map<String, List<String>> attributes) {
ddf.security.Subject subject = mock(ddf.security.Subject.class);
PrincipalCollection principalCollection = mock(PrincipalCollection.class);
SecurityAssertion securityAssertion = mock(SecurityAssertion.class);
AttributeStatement attributeStatement = mock(AttributeStatement.class);
List<Attribute> attrs = attributes.entrySet().stream().map(this::getAttribute).collect(Collectors.toList());
doReturn(principalCollection).when(subject).getPrincipals();
doReturn(Collections.singletonList(securityAssertion)).when(principalCollection).byType(SecurityAssertion.class);
doReturn(ImmutableList.of(securityAssertion)).when(principalCollection).byType(SecurityAssertion.class);
doReturn(Collections.singletonList(attributeStatement)).when(securityAssertion).getAttributeStatements();
doReturn(attrs).when(attributeStatement).getAttributes();
return subject;
}
Also used :
Attribute(ddf.security.assertion.Attribute)
AttributeStatement(ddf.security.assertion.AttributeStatement)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Example 5 with Attribute
use of ddf.security.assertion.Attribute in project ddf by codice.
the class SubjectIdentityTest method getSubjectWithAttributes.
private Subject getSubjectWithAttributes(Map<String, List<String>> attributes) {
Subject subject = mock(Subject.class);
PrincipalCollection pc = mock(PrincipalCollection.class);
SecurityAssertion assertion = mock(SecurityAssertion.class);
AttributeStatement as = mock(AttributeStatement.class);
List<Attribute> attrs = attributes.entrySet().stream().map(this::getAttribute).collect(Collectors.toList());
doReturn(pc).when(subject).getPrincipals();
doReturn(Collections.singletonList(assertion)).when(pc).byType(SecurityAssertion.class);
doReturn(ImmutableList.of(assertion)).when(pc).byType(SecurityAssertion.class);
doReturn(Collections.singletonList(as)).when(assertion).getAttributeStatements();
doReturn(attrs).when(as).getAttributes();
return subject;
}
Also used :
Attribute(ddf.security.assertion.Attribute)
AttributeStatement(ddf.security.assertion.AttributeStatement)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Subject(ddf.security.Subject)
Aggregations
Attribute (ddf.security.assertion.Attribute)15
AttributeStatement (ddf.security.assertion.AttributeStatement)10
SecurityAssertion (ddf.security.assertion.SecurityAssertion)7
PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)5
Principal (java.security.Principal)3
X500Principal (javax.security.auth.x500.X500Principal)3
AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)3
BaseAuthenticationToken (org.codice.ddf.security.handler.BaseAuthenticationToken)3
Test (org.junit.Test)3
Subject (ddf.security.Subject)2
AuthenticationStatement (ddf.security.assertion.AuthenticationStatement)2
AttributeDefault (ddf.security.assertion.impl.AttributeDefault)2
Claim (ddf.security.claims.Claim)2
GuestPrincipal (ddf.security.principal.impl.GuestPrincipal)2
Arrays (java.util.Arrays)2
HashSet (java.util.HashSet)2
KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)2
RolePrincipal (org.apache.karaf.jaas.boot.principal.RolePrincipal)2
AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)2
SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)2
