Examples with XMLObject org.opensaml.core.xml.XMLObject used on opensource projects

Search in sources :

Example 46 with XMLObject

use of org.opensaml.core.xml.XMLObject in project ddf by codice.

the class LogoutMessageImpl method extractRequest.

private LogoutWrapper<LogoutRequest> extractRequest(String samlObject) throws LogoutSecurityException, XMLStreamException {
    try {
        Document requestDoc = StaxUtils.read(new ByteArrayInputStream(samlObject.getBytes(StandardCharsets.UTF_8)));
        XMLObject requestXmlObject = OpenSAMLUtil.fromDom(requestDoc.getDocumentElement());
        if (LogoutRequest.class.isAssignableFrom(requestXmlObject.getClass())) {
            return new LogoutWrapperImpl<>((LogoutRequest) requestXmlObject);
        }
        return null;
    } catch (WSSecurityException e) {
        throw new LogoutSecurityException(e);
    }
}
Also used : ByteArrayInputStream(java.io.ByteArrayInputStream) XMLObject(org.opensaml.core.xml.XMLObject) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Document(org.w3c.dom.Document) LogoutSecurityException(ddf.security.samlp.LogoutSecurityException)

Example 47 with XMLObject

use of org.opensaml.core.xml.XMLObject in project ddf by codice.

the class LogoutMessageImpl method signSamlGet.

private URI signSamlGet(LogoutWrapper samlObject, URI target, String relayState, String requestType) throws LogoutSecurityException, SignatureException, IOException {
    try {
        Document doc = DOMUtils.createDocument();
        doc.appendChild(doc.createElement("root"));
        SamlSecurity samlSecurity = new SamlSecurity();
        String encodedResponse = URLEncoder.encode(samlSecurity.deflateAndBase64Encode(DOM2Writer.nodeToString(OpenSAMLUtil.toDom((XMLObject) samlObject.getMessage(), doc, false))), "UTF-8");
        String requestToSign = String.format("%s=%s&%s=%s", requestType, encodedResponse, SSOConstants.RELAY_STATE, relayState);
        UriBuilder uriBuilder = UriBuilder.fromUri(target);
        uriBuilder.queryParam(requestType, encodedResponse);
        uriBuilder.queryParam(SSOConstants.RELAY_STATE, relayState);
        new SimpleSign(systemCrypto).signUriString(requestToSign, uriBuilder);
        return uriBuilder.build();
    } catch (WSSecurityException e) {
        throw new LogoutSecurityException(e);
    }
}
Also used : XMLObject(org.opensaml.core.xml.XMLObject) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Document(org.w3c.dom.Document) SamlSecurity(org.codice.ddf.security.jaxrs.impl.SamlSecurity) UriBuilder(javax.ws.rs.core.UriBuilder) LogoutSecurityException(ddf.security.samlp.LogoutSecurityException)

Example 48 with XMLObject

use of org.opensaml.core.xml.XMLObject in project ddf by codice.

the class MetadataConfigurationParser method readEntityDescriptors.

private List<EntityDescriptor> readEntityDescriptors(Reader reader) {
    Document entityDoc;
    try {
        entityDoc = StaxUtils.read(reader);
    } catch (Exception ex) {
        throw new IllegalArgumentException("Unable to read SAMLRequest as XML.");
    }
    XMLObject entityXmlObj;
    try {
        entityXmlObj = OpenSAMLUtil.fromDom(entityDoc.getDocumentElement());
    } catch (WSSecurityException ex) {
        throw new IllegalArgumentException("Unable to convert EntityDescriptor document to XMLObject.");
    }
    if (entityXmlObj instanceof EntitiesDescriptor) {
        return ((EntitiesDescriptor) entityXmlObj).getEntityDescriptors();
    } else {
        return Collections.singletonList((EntityDescriptor) entityXmlObj);
    }
}
Also used : XMLObject(org.opensaml.core.xml.XMLObject) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Document(org.w3c.dom.Document) EntitiesDescriptor(org.opensaml.saml.saml2.metadata.EntitiesDescriptor) NoSuchFileException(java.nio.file.NoSuchFileException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) PrivilegedActionException(java.security.PrivilegedActionException) IOException(java.io.IOException)

Example 49 with XMLObject

use of org.opensaml.core.xml.XMLObject in project ddf by codice.

the class PaosInInterceptor method checkSamlpResponse.

private void checkSamlpResponse(SOAPPart soapRequest) throws IOException {
    XMLObject responseXmlObj = null;
    try {
        Node node = soapRequest.getEnvelope().getBody().getFirstChild();
        responseXmlObj = SamlProtocol.getXmlObjectFromNode(node);
    } catch (WSSecurityException | SOAPException | XMLStreamException ex) {
        throw new IOException("Unable to convert Response document to XMLObject.");
    }
    if (responseXmlObj == null) {
        throw new IOException("Response object is not Found.");
    }
    if (!(responseXmlObj instanceof org.opensaml.saml.saml2.core.Response)) {
        throw new IOException("SAMLRequest object is not org.opensaml.saml.saml2.core.Response.");
    }
}
Also used : HttpResponse(com.google.api.client.http.HttpResponse) XMLStreamException(javax.xml.stream.XMLStreamException) Node(org.w3c.dom.Node) SOAPException(javax.xml.soap.SOAPException) XMLObject(org.opensaml.core.xml.XMLObject) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) IOException(java.io.IOException)

Example 50 with XMLObject

use of org.opensaml.core.xml.XMLObject in project cas by apereo.

the class WsFederationHelper method createCredentialFromToken.

/**
 * createCredentialFromToken converts a SAML 1.1 assertion to a WSFederationCredential.
 *
 * @param assertion the provided assertion
 * @return an equivalent credential.
 */
public WsFederationCredential createCredentialFromToken(final Assertion assertion) {
    val retrievedOn = ZonedDateTime.now(clock);
    LOGGER.trace("Retrieved on [{}]", retrievedOn);
    val credential = new WsFederationCredential();
    credential.setRetrievedOn(retrievedOn);
    credential.setId(assertion.getID());
    credential.setIssuer(assertion.getIssuer());
    credential.setIssuedOn(DateTimeUtils.zonedDateTimeOf(assertion.getIssueInstant()));
    val conditions = assertion.getConditions();
    if (conditions != null) {
        credential.setNotBefore(DateTimeUtils.zonedDateTimeOf(conditions.getNotBefore()));
        credential.setNotOnOrAfter(DateTimeUtils.zonedDateTimeOf(conditions.getNotOnOrAfter()));
        if (!conditions.getAudienceRestrictionConditions().isEmpty()) {
            credential.setAudience(conditions.getAudienceRestrictionConditions().get(0).getAudiences().get(0).getURI());
        }
    }
    if (!assertion.getAuthenticationStatements().isEmpty()) {
        credential.setAuthenticationMethod(assertion.getAuthenticationStatements().get(0).getAuthenticationMethod());
    }
    val attributes = new HashMap<String, List<Object>>();
    assertion.getAttributeStatements().stream().flatMap(attributeStatement -> attributeStatement.getAttributes().stream()).forEach(item -> {
        LOGGER.trace("Processed attribute: [{}]", item.getAttributeName());
        final List<Object> itemList = item.getAttributeValues().stream().map(xmlObject -> ((XSAny) xmlObject).getTextContent()).collect(Collectors.toList());
        if (!itemList.isEmpty()) {
            attributes.put(item.getAttributeName(), itemList);
        }
    });
    credential.setAttributes(attributes);
    LOGGER.debug("WsFederation Credential retrieved as: [{}]", credential);
    return credential;
}
Also used : lombok.val(lombok.val) WsFederationCertificateProvider(org.apereo.cas.support.wsfederation.authentication.crypto.WsFederationCertificateProvider) XSAny(org.opensaml.core.xml.schema.XSAny) ChainingEncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.ChainingEncryptedKeyResolver) ExplicitKeySignatureTrustEngine(org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine) SneakyThrows(lombok.SneakyThrows) Assertion(org.opensaml.saml.saml1.core.Assertion) ZonedDateTime(java.time.ZonedDateTime) RequiredArgsConstructor(lombok.RequiredArgsConstructor) StaticCredentialResolver(org.opensaml.security.credential.impl.StaticCredentialResolver) Security(java.security.Security) StringUtils(org.apache.commons.lang3.StringUtils) SamlUtils(org.apereo.cas.support.saml.SamlUtils) LoggingUtils(org.apereo.cas.util.LoggingUtils) FunctionUtils(org.apereo.cas.util.function.FunctionUtils) Pair(org.apache.commons.lang3.tuple.Pair) StaticKeyInfoCredentialResolver(org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver) ByteArrayInputStream(java.io.ByteArrayInputStream) PEMEncryptedKeyPair(org.bouncycastle.openssl.PEMEncryptedKeyPair) WsFederationCredential(org.apereo.cas.support.wsfederation.authentication.principal.WsFederationCredential) Unchecked(org.jooq.lambda.Unchecked) UsageType(org.opensaml.security.credential.UsageType) DateTimeUtils(org.apereo.cas.util.DateTimeUtils) PEMParser(org.bouncycastle.openssl.PEMParser) Collection(java.util.Collection) ProtocolCriterion(org.opensaml.saml.criterion.ProtocolCriterion) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) Collectors(java.util.stream.Collectors) StandardCharsets(java.nio.charset.StandardCharsets) OpenSamlConfigBean(org.apereo.cas.support.saml.OpenSamlConfigBean) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) RequestedSecurityToken(org.opensaml.soap.wsfed.RequestedSecurityToken) EncryptedData(org.opensaml.xmlsec.encryption.EncryptedData) EncryptedElementTypeEncryptedKeyResolver(org.opensaml.saml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver) EncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.EncryptedKeyResolver) Setter(lombok.Setter) JcaPEMKeyConverter(org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter) UsageCriterion(org.opensaml.security.criteria.UsageCriterion) RegisteredServiceProperty(org.apereo.cas.services.RegisteredServiceProperty) RegisteredServiceAccessStrategyUtils(org.apereo.cas.services.RegisteredServiceAccessStrategyUtils) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) Decrypter(org.opensaml.saml.saml2.encryption.Decrypter) JcePEMDecryptorProviderBuilder(org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder) X509CertParser(org.bouncycastle.jce.provider.X509CertParser) SAMLSignatureProfileValidator(org.opensaml.saml.security.impl.SAMLSignatureProfileValidator) Predicates(com.google.common.base.Predicates) IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor) XMLObject(org.opensaml.core.xml.XMLObject) X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject) SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants) SignatureTrustEngine(org.opensaml.xmlsec.signature.support.SignatureTrustEngine) ServicesManager(org.apereo.cas.services.ServicesManager) InlineEncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.InlineEncryptedKeyResolver) RequestSecurityTokenResponse(org.opensaml.soap.wsfed.RequestSecurityTokenResponse) Credential(org.opensaml.security.credential.Credential) lombok.val(lombok.val) InputStreamReader(java.io.InputStreamReader) RegexUtils(org.apereo.cas.util.RegexUtils) BouncyCastleProvider(org.bouncycastle.jce.provider.BouncyCastleProvider) Service(org.apereo.cas.authentication.principal.Service) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) Clock(java.time.Clock) PEMKeyPair(org.bouncycastle.openssl.PEMKeyPair) BufferedReader(java.io.BufferedReader) SimpleRetrievalMethodEncryptedKeyResolver(org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyResolver) HashMap(java.util.HashMap) XMLObject(org.opensaml.core.xml.XMLObject) X509CertificateObject(org.bouncycastle.jce.provider.X509CertificateObject) WsFederationCredential(org.apereo.cas.support.wsfederation.authentication.principal.WsFederationCredential) XSAny(org.opensaml.core.xml.schema.XSAny)

Aggregations

XMLObject (org.opensaml.core.xml.XMLObject)68 Element (org.w3c.dom.Element)27 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)21 Document (org.w3c.dom.Document)21 ByteArrayInputStream (java.io.ByteArrayInputStream)19 Attribute (org.opensaml.saml.saml2.core.Attribute)14 AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)10 IOException (java.io.IOException)9 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)9 ArrayList (java.util.ArrayList)8 Test (org.junit.Test)8 XSString (org.opensaml.core.xml.schema.XSString)7 Assertion (org.opensaml.saml.saml2.core.Assertion)7 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)7 HashMap (java.util.HashMap)6 List (java.util.List)6 XMLStreamException (javax.xml.stream.XMLStreamException)6 InputStream (java.io.InputStream)5 InputStreamReader (java.io.InputStreamReader)5 LogoutSecurityException (ddf.security.samlp.LogoutSecurityException)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial