use of org.keycloak.dom.saml.v1.assertion.SAML11SubjectStatementType in project keycloak by keycloak.
the class SAML11AssertionParser method parse.
/**
* @see {@link ParserNamespaceSupport#parse(XMLEventReader)}
*/
public Object parse(XMLEventReader xmlEventReader) throws ParsingException {
StartElement startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
// Special case: Encrypted Assertion
StaxParserUtil.validate(startElement, ASSERTION);
SAML11AssertionType assertion = parseBaseAttributes(startElement);
Attribute issuerAttribute = startElement.getAttributeByName(new QName(SAML11Constants.ISSUER));
String issuer = StaxParserUtil.getAttributeValue(issuerAttribute);
assertion.setIssuer(issuer);
// Peek at the next event
while (xmlEventReader.hasNext()) {
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
if (xmlEvent == null)
break;
if (xmlEvent instanceof EndElement) {
xmlEvent = StaxParserUtil.getNextEvent(xmlEventReader);
EndElement endElement = (EndElement) xmlEvent;
String endElementTag = StaxParserUtil.getElementName(endElement);
if (endElementTag.equals(JBossSAMLConstants.ASSERTION.get()))
break;
else
throw logger.parserUnknownEndElement(endElementTag, xmlEvent.getLocation());
}
StartElement peekedElement = null;
if (xmlEvent instanceof StartElement) {
peekedElement = (StartElement) xmlEvent;
} else {
peekedElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
}
if (peekedElement == null)
break;
String tag = StaxParserUtil.getElementName(peekedElement);
if (tag.equals(JBossSAMLConstants.SIGNATURE.get())) {
assertion.setSignature(StaxParserUtil.getDOMElement(xmlEventReader));
} else if (JBossSAMLConstants.ISSUER.get().equalsIgnoreCase(tag)) {
startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
issuer = StaxParserUtil.getElementText(xmlEventReader);
assertion.setIssuer(issuer);
} else if (JBossSAMLConstants.SUBJECT.get().equalsIgnoreCase(tag)) {
SAML11SubjectParser subjectParser = new SAML11SubjectParser();
SAML11SubjectType subject = (SAML11SubjectType) subjectParser.parse(xmlEventReader);
SAML11SubjectStatementType subStat = new SAML11SubjectStatementType();
subStat.setSubject(subject);
} else if (JBossSAMLConstants.CONDITIONS.get().equalsIgnoreCase(tag)) {
startElement = (StartElement) xmlEvent;
SAML11ConditionsType conditions = SAML11ParserUtil.parseSAML11Conditions(xmlEventReader);
assertion.setConditions(conditions);
} else if (SAML11Constants.AUTHENTICATION_STATEMENT.equals(tag)) {
startElement = (StartElement) xmlEvent;
SAML11AuthenticationStatementType authStat = SAML11ParserUtil.parseAuthenticationStatement(xmlEventReader);
assertion.add(authStat);
} else if (SAML11Constants.ATTRIBUTE_STATEMENT.equalsIgnoreCase(tag)) {
SAML11AttributeStatementType attributeStatementType = SAML11ParserUtil.parseSAML11AttributeStatement(xmlEventReader);
assertion.add(attributeStatementType);
} else if (SAML11Constants.AUTHORIZATION_DECISION_STATEMENT.equalsIgnoreCase(tag)) {
SAML11AuthorizationDecisionStatementType authzStat = SAML11ParserUtil.parseSAML11AuthorizationDecisionStatement(xmlEventReader);
assertion.add(authzStat);
} else
throw logger.parserUnknownTag(tag, peekedElement.getLocation());
}
return assertion;
}
use of org.keycloak.dom.saml.v1.assertion.SAML11SubjectStatementType in project keycloak by keycloak.
the class SAML11AssertionWriter method write.
/**
* Write an {@code SAML11AssertionType} to stream
*
* @param assertion
* @param out
*
* @throws ProcessingException
*/
public void write(SAML11AssertionType assertion) throws ProcessingException {
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ASSERTION.get(), ns);
StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ns);
StaxUtil.writeDefaultNameSpace(writer, ns);
// Attributes
// StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), assertion.getID());
StaxUtil.writeAttribute(writer, SAML11Constants.ASSERTIONID, assertion.getID());
StaxUtil.writeAttribute(writer, SAML11Constants.MAJOR_VERSION, assertion.getMajorVersion() + "");
StaxUtil.writeAttribute(writer, SAML11Constants.MINOR_VERSION, assertion.getMinorVersion() + "");
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), assertion.getIssueInstant().toString());
String issuer = assertion.getIssuer();
if (issuer != null) {
StaxUtil.writeAttribute(writer, SAML11Constants.ISSUER, issuer);
}
SAML11ConditionsType conditions = assertion.getConditions();
if (conditions != null) {
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.CONDITIONS.get(), ns);
StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString());
StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter().toString());
List<SAML11ConditionAbstractType> typeOfConditions = conditions.get();
if (typeOfConditions != null) {
for (SAML11ConditionAbstractType typeCondition : typeOfConditions) {
if (typeCondition instanceof SAML11AudienceRestrictionCondition) {
SAML11AudienceRestrictionCondition art = (SAML11AudienceRestrictionCondition) typeCondition;
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.AUDIENCE_RESTRICTION_CONDITION, ns);
List<URI> audiences = art.get();
if (audiences != null) {
for (URI audience : audiences) {
StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE.get(), ns);
StaxUtil.writeCharacters(writer, audience.toString());
StaxUtil.writeEndElement(writer);
}
}
StaxUtil.writeEndElement(writer);
}
}
}
StaxUtil.writeEndElement(writer);
}
SAML11AdviceType advice = assertion.getAdvice();
if (advice != null)
throw logger.notImplementedYet("Advice");
List<SAML11StatementAbstractType> statements = assertion.getStatements();
if (statements != null) {
for (SAML11StatementAbstractType statement : statements) {
if (statement instanceof SAML11AuthenticationStatementType) {
write((SAML11AuthenticationStatementType) statement);
} else if (statement instanceof SAML11AttributeStatementType) {
write((SAML11AttributeStatementType) statement);
} else if (statement instanceof SAML11AuthorizationDecisionStatementType) {
write((SAML11AuthorizationDecisionStatementType) statement);
} else if (statement instanceof SAML11SubjectStatementType) {
write((SAML11SubjectStatementType) statement);
} else
throw logger.writerUnknownTypeError(statement.getClass().getName());
}
}
Element sig = assertion.getSignature();
if (sig != null)
StaxUtil.writeDOMElement(writer, sig);
StaxUtil.writeEndElement(writer);
StaxUtil.flush(writer);
}
use of org.keycloak.dom.saml.v1.assertion.SAML11SubjectStatementType in project keycloak by keycloak.
the class SAML11ParserUtil method parseAuthenticationStatement.
/**
* Parse the AuthnStatement inside the assertion
*
* @param xmlEventReader
*
* @return
*
* @throws ParsingException
*/
public static SAML11AuthenticationStatementType parseAuthenticationStatement(XMLEventReader xmlEventReader) throws ParsingException {
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
StaxParserUtil.validate(startElement, SAML11Constants.AUTHENTICATION_STATEMENT);
Attribute authMethod = startElement.getAttributeByName(new QName(SAML11Constants.AUTHENTICATION_METHOD));
if (authMethod == null)
throw logger.parserRequiredAttribute(SAML11Constants.AUTHENTICATION_METHOD);
Attribute authInstant = startElement.getAttributeByName(new QName(SAML11Constants.AUTHENTICATION_INSTANT));
if (authInstant == null)
throw logger.parserRequiredAttribute(SAML11Constants.AUTHENTICATION_INSTANT);
SAML11AuthenticationStatementType authStat = new SAML11AuthenticationStatementType(URI.create(StaxParserUtil.getAttributeValue(authMethod)), XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(authInstant)));
while (xmlEventReader.hasNext()) {
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
if (xmlEvent == null)
break;
if (xmlEvent instanceof EndElement) {
xmlEvent = StaxParserUtil.getNextEvent(xmlEventReader);
EndElement endElement = (EndElement) xmlEvent;
String endElementTag = StaxParserUtil.getElementName(endElement);
if (endElementTag.equals(SAML11Constants.AUTHENTICATION_STATEMENT))
break;
else
throw logger.parserUnknownEndElement(endElementTag, xmlEvent.getLocation());
}
startElement = null;
if (xmlEvent instanceof StartElement) {
startElement = (StartElement) xmlEvent;
} else {
startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
}
if (startElement == null)
break;
String tag = StaxParserUtil.getElementName(startElement);
if (JBossSAMLConstants.SUBJECT.get().equalsIgnoreCase(tag)) {
SAML11SubjectParser subjectParser = new SAML11SubjectParser();
SAML11SubjectType subject = (SAML11SubjectType) subjectParser.parse(xmlEventReader);
SAML11SubjectStatementType subStat = new SAML11SubjectStatementType();
subStat.setSubject(subject);
authStat.setSubject(subject);
} else if (JBossSAMLConstants.SUBJECT_LOCALITY.get().equals(tag)) {
startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
SAML11SubjectLocalityType subjectLocalityType = new SAML11SubjectLocalityType();
Attribute address = startElement.getAttributeByName(new QName(SAML11Constants.IP_ADDRESS));
if (address != null) {
subjectLocalityType.setIpAddress(StaxParserUtil.getAttributeValue(address));
}
Attribute dns = startElement.getAttributeByName(new QName(SAML11Constants.DNS_ADDRESS));
if (dns != null) {
subjectLocalityType.setDnsAddress(StaxParserUtil.getAttributeValue(dns));
}
authStat.setSubjectLocality(subjectLocalityType);
StaxParserUtil.validate(StaxParserUtil.getNextEndElement(xmlEventReader), JBossSAMLConstants.SUBJECT_LOCALITY.get());
} else if (SAML11Constants.AUTHORITY_BINDING.equals(tag)) {
Attribute authorityKindAttr = startElement.getAttributeByName(new QName(SAML11Constants.AUTHORITY_KIND));
if (authorityKindAttr == null)
throw logger.parserRequiredAttribute("AuthorityKind");
Attribute locationAttr = startElement.getAttributeByName(new QName(SAML11Constants.LOCATION));
if (locationAttr == null)
throw logger.parserRequiredAttribute("Location");
URI location = URI.create(StaxParserUtil.getAttributeValue(locationAttr));
Attribute bindingAttr = startElement.getAttributeByName(new QName(SAML11Constants.BINDING));
if (bindingAttr == null)
throw logger.parserRequiredAttribute("Binding");
URI binding = URI.create(StaxParserUtil.getAttributeValue(bindingAttr));
QName authorityKind = QName.valueOf(StaxParserUtil.getAttributeValue(authorityKindAttr));
SAML11AuthorityBindingType authorityBinding = new SAML11AuthorityBindingType(authorityKind, location, binding);
authStat.add(authorityBinding);
} else
throw logger.parserUnknownTag("", startElement.getLocation());
}
return authStat;
}
Aggregations