Search in sources :

Example 1 with SAMLObjectBuilder

use of org.opensaml.common.SAMLObjectBuilder in project OpenAttestation by OpenAttestation.

the class SamlGenerator method createSubjectConfirmationData.

/**
         * 
         * The SubjectConfirmationData element may be extended with custom information that we want to include, both as attributes or as child elements.
         * 
         * See also section 2.4.1.2 Element <SubjectConfirmationData> of http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
         * 
         * @param host
         * @return
         * @throws ConfigurationException
         * @throws UnknownHostException 
         */
private SubjectConfirmationData createSubjectConfirmationData(TxtHost host) throws ConfigurationException, UnknownHostException {
    SAMLObjectBuilder confirmationMethodBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
    SubjectConfirmationData confirmationMethod = (SubjectConfirmationData) confirmationMethodBuilder.buildObject();
    DateTime now = new DateTime();
    // Required to add to cache
    samlAssertion.created_ts = now.toDate();
    confirmationMethod.setNotBefore(now);
    if (validitySeconds != null) {
        confirmationMethod.setNotOnOrAfter(now.plusSeconds(validitySeconds));
        // Required to add to cache
        samlAssertion.expiry_ts = confirmationMethod.getNotOnOrAfter().toDate();
    }
    InetAddress localhost = InetAddress.getLocalHost();
    // NOTE: This is the ATTESTATION SERVICE IP ADDRESS,  **NOT** THE HOST ADDRESS
    confirmationMethod.setAddress(localhost.getHostAddress());
    return confirmationMethod;
}
Also used : SAMLObjectBuilder(org.opensaml.common.SAMLObjectBuilder) SubjectConfirmationData(org.opensaml.saml2.core.SubjectConfirmationData) InetAddress(java.net.InetAddress) DateTime(org.joda.time.DateTime)

Example 2 with SAMLObjectBuilder

use of org.opensaml.common.SAMLObjectBuilder in project OpenAttestation by OpenAttestation.

the class SamlGenerator method createHostAttributes.

/*  works but not needed
        private List<Attribute> createStringAttributes(Map<String,String> attributes) throws ConfigurationException {
            ArrayList<Attribute> list = new ArrayList<Attribute>();
            for(Map.Entry<String,String> e : attributes.entrySet()) {
                Attribute attr = createStringAttribute(e.getKey(), e.getValue());
                list.add(attr);
            }
            return list;
        }
        * 
        */
// currently unused but probably works
/*
	private Attribute createComplexAttribute(String name, String xmlValue) throws ConfigurationException {
            SAMLObjectBuilder attrBuilder = (SAMLObjectBuilder)  builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
            Attribute attr = (Attribute) attrBuilder.buildObject();
            attr.setName(name);

            XMLObjectBuilder stringBuilder =  builderFactory.getBuilder(XSString.TYPE_NAME);
            XSAny attrValue = (XSAny) stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSAny.TYPE_NAME);
            attrValue.setTextContent(xmlValue);

            attr.getAttributeValues().add(attrValue);
            return attr;
	}
	*/
//        private final String DEFAULT_OID = "2.5.4.789.1";
private AttributeStatement createHostAttributes(TxtHost host, X509AttributeCertificate tagCertificate, Map<String, String> vmMetaData) throws ConfigurationException {
    // Builder Attributes
    SAMLObjectBuilder attrStatementBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME);
    AttributeStatement attrStatement = (AttributeStatement) attrStatementBuilder.buildObject();
    // add host attributes (both for single host and multi-host assertions)
    attrStatement.getAttributes().add(createStringAttribute("Host_Name", host.getHostName().toString()));
    attrStatement.getAttributes().add(createStringAttribute("Host_Address", host.getIPAddress().toString()));
    //            attrStatement.getAttributes().add(createStringAttribute("Host_UUID", host.getUuid()));  
    //            attrStatement.getAttributes().add(createStringAttribute("Host_AIK_SHA1", host.getUuid()));  
    // Create the attribute statements that are trusted
    attrStatement.getAttributes().add(createBooleanAttribute("Trusted", host.isBiosTrusted() && host.isVmmTrusted()));
    attrStatement.getAttributes().add(createBooleanAttribute("Trusted_BIOS", host.isBiosTrusted()));
    if (host.isBiosTrusted()) {
        attrStatement.getAttributes().add(createStringAttribute("BIOS_Name", host.getBios().getName()));
        attrStatement.getAttributes().add(createStringAttribute("BIOS_Version", host.getBios().getVersion()));
        attrStatement.getAttributes().add(createStringAttribute("BIOS_OEM", host.getBios().getOem()));
    }
    attrStatement.getAttributes().add(createBooleanAttribute("Trusted_VMM", host.isVmmTrusted()));
    if (host.isVmmTrusted()) {
        attrStatement.getAttributes().add(createStringAttribute("VMM_Name", host.getVmm().getName()));
        attrStatement.getAttributes().add(createStringAttribute("VMM_Version", host.getVmm().getVersion()));
        attrStatement.getAttributes().add(createStringAttribute("VMM_OSName", host.getVmm().getOsName()));
        attrStatement.getAttributes().add(createStringAttribute("VMM_OSVersion", host.getVmm().getOsVersion()));
    }
    //}
    if (tagCertificate != null) {
        // add the asset tag attestation status and if the status is trusted, then add all the attributes. In order to uniquely
        // identify all the asset tags on the client side, we will just append the text ATAG for all of them.
        attrStatement.getAttributes().add(createBooleanAttribute("Asset_Tag", host.isAssetTagTrusted()));
        attrStatement.getAttributes().add(createStringAttribute("Asset_Tag_Certificate_Sha1", Sha1Digest.digestOf(tagCertificate.getEncoded()).toString()));
        if (host.isAssetTagTrusted()) {
            // get all microformat attributes
            List<UTF8NameValueMicroformat> microformatAttributes = tagCertificate.getAttributes(UTF8NameValueMicroformat.class);
            for (UTF8NameValueMicroformat microformatAttribute : microformatAttributes) {
                attrStatement.getAttributes().add(createStringAttribute(String.format("TAG[" + microformatAttribute.getName() + "]"), microformatAttribute.getValue()));
            }
            // get all name-valuesequence attributes
            List<UTF8NameValueSequence> nameValueSequenceAttributes = tagCertificate.getAttributes(UTF8NameValueSequence.class);
            for (UTF8NameValueSequence nameValueSequenceAttribute : nameValueSequenceAttributes) {
                attrStatement.getAttributes().add(createStringAttribute(String.format("TAG[" + nameValueSequenceAttribute.getName() + "]"), StringUtils.join(nameValueSequenceAttribute.getValues(), ",")));
            }
            // all attributes including above and any other custom attributes will be available directly via the certificate
            attrStatement.getAttributes().add(createBase64BinaryAttribute("TagCertificate", tagCertificate.getEncoded()));
        } else {
            log.debug("Since Asset tag is not verified, no attributes would be added");
        }
    } else {
        log.debug("Since asset tag is not provisioned, asset tag attribute will not be added to the assertion.");
    }
    if (host.getAikCertificate() != null) {
        attrStatement.getAttributes().add(createStringAttribute("AIK_Certificate", host.getAikCertificate()));
    //attrStatement.getAttributes().add(createStringAttribute("AIK_SHA1", host.getAikSha1()));
    }
    if (vmMetaData != null && !vmMetaData.isEmpty()) {
        for (Map.Entry<String, String> entry : vmMetaData.entrySet()) {
            attrStatement.getAttributes().add(createStringAttribute(entry.getKey(), entry.getValue()));
        }
    }
    return attrStatement;
}
Also used : UTF8NameValueSequence(com.intel.mtwilson.datatypes.UTF8NameValueSequence) SAMLObjectBuilder(org.opensaml.common.SAMLObjectBuilder) AttributeStatement(org.opensaml.saml2.core.AttributeStatement) XSString(org.opensaml.xml.schema.XSString) UTF8NameValueMicroformat(com.intel.mtwilson.datatypes.UTF8NameValueMicroformat)

Example 3 with SAMLObjectBuilder

use of org.opensaml.common.SAMLObjectBuilder in project OpenAttestation by OpenAttestation.

the class SamlGenerator method createSubject.

private Subject createSubject(TxtHost host) throws ConfigurationException, UnknownHostException {
    // Create the Subject
    SAMLObjectBuilder subjectBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME);
    Subject subject = (Subject) subjectBuilder.buildObject();
    subject.setNameID(createNameID(host));
    subject.getSubjectConfirmations().add(createSubjectConfirmation(host));
    return subject;
}
Also used : SAMLObjectBuilder(org.opensaml.common.SAMLObjectBuilder) Subject(org.opensaml.saml2.core.Subject)

Example 4 with SAMLObjectBuilder

use of org.opensaml.common.SAMLObjectBuilder in project OpenAttestation by OpenAttestation.

the class SamlGenerator method createStringAttribute.

// create the host attributes 
/**
         * An attribute can be multi-valued, but this method builds a single-valued
         * String attribute such as FirstName=John or IPAddress=1.2.3.4
         * @param name
         * @param value
         * @return
         * @throws ConfigurationException 
         */
private Attribute createStringAttribute(String name, String value) throws ConfigurationException {
    SAMLObjectBuilder attrBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
    Attribute attr = (Attribute) attrBuilder.buildObject();
    attr.setName(name);
    XMLObjectBuilder xmlBuilder = builderFactory.getBuilder(XSString.TYPE_NAME);
    XSString attrValue = (XSString) xmlBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
    attrValue.setValue(value);
    attr.getAttributeValues().add(attrValue);
    return attr;
}
Also used : SAMLObjectBuilder(org.opensaml.common.SAMLObjectBuilder) Attribute(org.opensaml.saml2.core.Attribute) XMLObjectBuilder(org.opensaml.xml.XMLObjectBuilder) XSString(org.opensaml.xml.schema.XSString)

Example 5 with SAMLObjectBuilder

use of org.opensaml.common.SAMLObjectBuilder in project OpenAttestation by OpenAttestation.

the class SamlGenerator method createIssuer.

// create the issuer
private Issuer createIssuer() {
    // Create Issuer
    SAMLObjectBuilder issuerBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
    Issuer issuer = (Issuer) issuerBuilder.buildObject();
    issuer.setValue(this.issuerName);
    return issuer;
}
Also used : SAMLObjectBuilder(org.opensaml.common.SAMLObjectBuilder) Issuer(org.opensaml.saml2.core.Issuer)

Aggregations

SAMLObjectBuilder (org.opensaml.common.SAMLObjectBuilder)11 DateTime (org.joda.time.DateTime)3 Attribute (org.opensaml.saml2.core.Attribute)3 XMLObjectBuilder (org.opensaml.xml.XMLObjectBuilder)3 Assertion (org.opensaml.saml2.core.Assertion)2 NameID (org.opensaml.saml2.core.NameID)2 XSString (org.opensaml.xml.schema.XSString)2 UTF8NameValueMicroformat (com.intel.mtwilson.datatypes.UTF8NameValueMicroformat)1 UTF8NameValueSequence (com.intel.mtwilson.datatypes.UTF8NameValueSequence)1 InetAddress (java.net.InetAddress)1 AttributeStatement (org.opensaml.saml2.core.AttributeStatement)1 Issuer (org.opensaml.saml2.core.Issuer)1 Subject (org.opensaml.saml2.core.Subject)1 SubjectConfirmation (org.opensaml.saml2.core.SubjectConfirmation)1 SubjectConfirmationData (org.opensaml.saml2.core.SubjectConfirmationData)1 XSAny (org.opensaml.xml.schema.XSAny)1 XSBase64Binary (org.opensaml.xml.schema.XSBase64Binary)1