Example 1 with AuthenticationStatement
use of ddf.security.assertion.AuthenticationStatement in project ddf by codice.
the class SecurityAssertionSamlTest method testSampleAssertion.
@Test
public void testSampleAssertion() throws Exception {
Element issuedAssertion = this.readDocument("/saml.xml").getDocumentElement();
String assertionId = issuedAssertion.getAttributeNodeNS(null, "ID").getNodeValue();
SecurityAssertionSaml assertion = new SecurityAssertionSaml(issuedAssertion);
assertNotNull(assertion.getToken());
assertEquals(issuedAssertion, assertion.getToken());
assertEquals(ISSUER, assertion.getIssuer());
assertEquals(PRINCIPAL, assertion.getPrincipal().getName());
assertEquals(PRINCIPAL, assertion.getPrincipal().toString());
assertEquals(NUM_ATTRIBUTES, assertion.getAttributeStatements().size());
List<AuthenticationStatement> authnStatements = assertion.getAuthnStatements();
assertEquals(NUM_NAUTH, authnStatements.size());
assertEquals((long) NUM_NAUTH, authnStatements.stream().map(AuthenticationStatement::getSessionIndex).count());
Optional<String> sessionIndex = authnStatements.stream().map(AuthenticationStatement::getSessionIndex).findFirst();
assertTrue(sessionIndex.isPresent());
assertEquals(SESSION_INDEX, sessionIndex.get());
assertEquals(DatatypeConverter.parseDateTime(BEFORE).getTimeInMillis(), assertion.getNotBefore().getTime());
assertEquals(DatatypeConverter.parseDateTime(AFTER).getTimeInMillis(), assertion.getNotOnOrAfter().getTime());
// we don't currently parse these
// assertEquals(NUM_AUTHZ, assertion.getAuthzDecisionStatements().size());
assertNotNull(assertion.toString());
assertTrue(assertion.isPresentlyValid());
}
Also used :
Element(org.w3c.dom.Element)
SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml)
AuthenticationStatement(ddf.security.assertion.AuthenticationStatement)
Test(org.junit.Test)
Example 2 with AuthenticationStatement
use of ddf.security.assertion.AuthenticationStatement in project ddf by codice.
the class SecurityAssertionSaml method parseToken.
/**
* Parses the SecurityToken by wrapping within an AssertionWrapper.
*
* @param samlAssertion SecurityToken
*/
private void parseToken(Element samlAssertion) {
XMLStreamReader xmlStreamReader = StaxUtils.createXMLStreamReader(samlAssertion);
try {
AttributeStatement attributeStatement = null;
AuthenticationStatement authenticationStatement = null;
Attribute attribute = null;
int attrs = 0;
while (xmlStreamReader.hasNext()) {
int event = xmlStreamReader.next();
switch(event) {
case XMLStreamConstants.START_ELEMENT:
{
String localName = xmlStreamReader.getLocalName();
switch(localName) {
case NameID.DEFAULT_ELEMENT_LOCAL_NAME:
name = xmlStreamReader.getElementText();
for (int i = 0; i < xmlStreamReader.getAttributeCount(); i++) {
if (xmlStreamReader.getAttributeLocalName(i).equals(NameID.FORMAT_ATTRIB_NAME)) {
nameIDFormat = xmlStreamReader.getAttributeValue(i);
break;
}
}
break;
case org.opensaml.saml.saml2.core.AttributeStatement.DEFAULT_ELEMENT_LOCAL_NAME:
attributeStatement = new AttributeStatementSaml();
attributeStatements.add(attributeStatement);
break;
case AuthnStatement.DEFAULT_ELEMENT_LOCAL_NAME:
authenticationStatement = new AuthenticationStatementSaml();
authenticationStatements.add(authenticationStatement);
attrs = xmlStreamReader.getAttributeCount();
for (int i = 0; i < attrs; i++) {
String name = xmlStreamReader.getAttributeLocalName(i);
String value = xmlStreamReader.getAttributeValue(i);
if (AuthnStatement.AUTHN_INSTANT_ATTRIB_NAME.equals(name)) {
authenticationStatement.setAuthnInstant(DateTime.parse(value));
}
if (AuthnStatement.SESSION_INDEX_ATTRIB_NAME.equals(name)) {
authenticationStatement.setSessionIndex(value);
}
}
break;
case AuthnContextClassRef.DEFAULT_ELEMENT_LOCAL_NAME:
if (authenticationStatement != null) {
String classValue = xmlStreamReader.getText();
classValue = classValue.trim();
authenticationStatement.setAuthnContextClassRef(classValue);
}
break;
case org.opensaml.saml.saml2.core.Attribute.DEFAULT_ELEMENT_LOCAL_NAME:
attribute = new AttributeSaml();
if (attributeStatement != null) {
attributeStatement.addAttribute(attribute);
}
attrs = xmlStreamReader.getAttributeCount();
for (int i = 0; i < attrs; i++) {
String name = xmlStreamReader.getAttributeLocalName(i);
String value = xmlStreamReader.getAttributeValue(i);
if (org.opensaml.saml.saml2.core.Attribute.NAME_ATTTRIB_NAME.equals(name)) {
attribute.setName(value);
} else if (org.opensaml.saml.saml2.core.Attribute.NAME_FORMAT_ATTRIB_NAME.equals(name)) {
attribute.setNameFormat(value);
}
}
break;
case AttributeValue.DEFAULT_ELEMENT_LOCAL_NAME:
if (attribute != null) {
attribute.addValue(xmlStreamReader.getElementText());
}
break;
case Issuer.DEFAULT_ELEMENT_LOCAL_NAME:
issuer = xmlStreamReader.getElementText();
break;
case Conditions.DEFAULT_ELEMENT_LOCAL_NAME:
attrs = xmlStreamReader.getAttributeCount();
for (int i = 0; i < attrs; i++) {
String name = xmlStreamReader.getAttributeLocalName(i);
String value = xmlStreamReader.getAttributeValue(i);
if (Conditions.NOT_BEFORE_ATTRIB_NAME.equals(name)) {
notBefore = DatatypeConverter.parseDateTime(value).getTime();
} else if (Conditions.NOT_ON_OR_AFTER_ATTRIB_NAME.equals(name)) {
notOnOrAfter = DatatypeConverter.parseDateTime(value).getTime();
}
}
break;
case SubjectConfirmation.DEFAULT_ELEMENT_LOCAL_NAME:
attrs = xmlStreamReader.getAttributeCount();
for (int i = 0; i < attrs; i++) {
String name = xmlStreamReader.getAttributeLocalName(i);
String value = xmlStreamReader.getAttributeValue(i);
if (SubjectConfirmation.METHOD_ATTRIB_NAME.equals(name)) {
subjectConfirmations.add(value);
}
}
break;
case Assertion.DEFAULT_ELEMENT_LOCAL_NAME:
attrs = xmlStreamReader.getAttributeCount();
for (int i = 0; i < attrs; i++) {
String name = xmlStreamReader.getAttributeLocalName(i);
String value = xmlStreamReader.getAttributeValue(i);
if (Assertion.VERSION_ATTRIB_NAME.equals(name)) {
if ("2.0".equals(value)) {
tokenType = SAML2_TOKEN_TYPE;
} else if ("1.1".equals(value)) {
tokenType = SAML1_TOKEN_TYPE;
}
}
}
}
break;
}
case XMLStreamConstants.END_ELEMENT:
{
String localName = xmlStreamReader.getLocalName();
switch(localName) {
case org.opensaml.saml.saml2.core.AttributeStatement.DEFAULT_ELEMENT_LOCAL_NAME:
attributeStatement = null;
break;
case org.opensaml.saml.saml2.core.Attribute.DEFAULT_ELEMENT_LOCAL_NAME:
attribute = null;
break;
default:
break;
}
break;
}
}
}
} catch (XMLStreamException e) {
LOGGER.info("Unable to parse security token.", e);
} finally {
try {
xmlStreamReader.close();
} catch (XMLStreamException ignore) {
// ignore
}
}
}
Also used :
XMLStreamReader(javax.xml.stream.XMLStreamReader)
XMLStreamException(javax.xml.stream.XMLStreamException)
Attribute(ddf.security.assertion.Attribute)
AttributeStatement(ddf.security.assertion.AttributeStatement)
AuthenticationStatement(ddf.security.assertion.AuthenticationStatement)
Example 3 with AuthenticationStatement
use of ddf.security.assertion.AuthenticationStatement in project ddf by codice.
the class SecurityAssertionSaml method toString.
/*
* (non-Javadoc)
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder result = new StringBuilder();
result.append("Principal: ");
result.append(getPrincipal());
result.append(", Attributes: ");
for (AttributeStatement attributeStatement : getAttributeStatements()) {
for (Attribute attr : attributeStatement.getAttributes()) {
result.append("[ ");
result.append(attr.getName());
result.append(" : ");
for (int i = 0; i < attr.getValues().size(); i++) {
result.append(attr.getValues().get(i));
}
result.append("] ");
}
}
// add this back in when we support parsing this information
result.append(", AuthnStatements: ");
for (AuthenticationStatement authStatement : getAuthnStatements()) {
result.append("[ ");
result.append(authStatement.getAuthnInstant());
result.append(" : ");
result.append(authStatement.getAuthnContextClassRef());
result.append("] ");
}
return result.toString();
}
Also used :
Attribute(ddf.security.assertion.Attribute)
AttributeStatement(ddf.security.assertion.AttributeStatement)
AuthenticationStatement(ddf.security.assertion.AuthenticationStatement)
Example 4 with AuthenticationStatement
use of ddf.security.assertion.AuthenticationStatement in project ddf by codice.
the class DefaultSecurityAssertionBuilderTest method testDefaultSecurityAssertionBuilder.
@Test
public void testDefaultSecurityAssertionBuilder() {
Principal principal = mock(Principal.class);
AttributeStatement attributeStatement = mock(AttributeStatement.class);
AuthenticationStatement authenticationStatement = mock(AuthenticationStatement.class);
Object token = new Object();
Date notBefore = Date.from(Instant.now());
Date notOnOrAfter = Date.from(Instant.now().plus(Duration.ofMinutes(1)));
DefaultSecurityAssertionBuilder builder = new DefaultSecurityAssertionBuilder();
SecurityAssertion assertion = builder.userPrincipal(principal).addPrincipal(principal).issuer("test").addAttributeStatement(attributeStatement).addAuthnStatement(authenticationStatement).addSubjectConfirmation("subjectConfirmation").tokenType("testToken").token(token).notBefore(notBefore).notOnOrAfter(notOnOrAfter).weight(7).build();
assertThat(assertion.getPrincipal(), is(principal));
assertThat(assertion.getPrincipals(), hasItem(principal));
assertThat(assertion.getIssuer(), is("test"));
assertThat(assertion.getAttributeStatements(), hasItem(attributeStatement));
assertThat(assertion.getSubjectConfirmations(), hasItem("subjectConfirmation"));
assertThat(assertion.getTokenType(), is("testToken"));
assertThat(assertion.getToken(), is(token));
assertThat(assertion.getNotBefore(), is(notBefore));
assertThat(assertion.getNotOnOrAfter(), is(notOnOrAfter));
assertThat(assertion.getWeight(), is(7));
}
Also used :
AttributeStatement(ddf.security.assertion.AttributeStatement)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Principal(java.security.Principal)
AuthenticationStatement(ddf.security.assertion.AuthenticationStatement)
Date(java.util.Date)
Test(org.junit.Test)
Aggregations
AuthenticationStatement (ddf.security.assertion.AuthenticationStatement)4
AttributeStatement (ddf.security.assertion.AttributeStatement)3
Attribute (ddf.security.assertion.Attribute)2
Test (org.junit.Test)2
SecurityAssertion (ddf.security.assertion.SecurityAssertion)1
SecurityAssertionSaml (ddf.security.assertion.saml.impl.SecurityAssertionSaml)1
Principal (java.security.Principal)1
Date (java.util.Date)1
XMLStreamException (javax.xml.stream.XMLStreamException)1
XMLStreamReader (javax.xml.stream.XMLStreamReader)1
Element (org.w3c.dom.Element)1
