use of org.opensaml.saml.saml2.core.Assertion in project OpenAttestation by OpenAttestation.
the class TrustAssertion method readAssertion.
private Assertion readAssertion(Element document) throws UnmarshallingException {
log.debug("Reading assertion from element {}", document.getTagName());
UnmarshallerFactory factory = Configuration.getUnmarshallerFactory();
Unmarshaller unmarshaller = factory.getUnmarshaller(document);
// UnmarshallingException
XMLObject xml = unmarshaller.unmarshall(document);
Assertion samlAssertion = (Assertion) xml;
return samlAssertion;
}
use of org.opensaml.saml.saml2.core.Assertion in project OpenAttestation by OpenAttestation.
the class SamlGenerator method generateHostAssertion.
/*
public void setKeystoreResource(Resource keystoreResource) {
this.keystoreResource = keystoreResource;
}*/
/**
* Input is a Host record with all the attributes to assert
* Output is XML containing the SAML assertions
*
* From /hosts/trust we get BIOS:1,VMM:1
* From /hosts/location we get location
* From /pollhosts we get trust level "unknown/untrusted/trusted" and timestamp
* From /hosts/reports/trust we get host name, mle info string, created on, overall trust status, and verified on
* From /hosts/reports/manifest we get PCR values, trust status, and verified on for each PCR
*
* @return @SamlAssertion
* @throws MarshallingException
*/
public SamlAssertion generateHostAssertion(TxtHost host, X509AttributeCertificate tagCertificate, Map<String, String> vmMetaData) throws MarshallingException, ConfigurationException, UnknownHostException, GeneralSecurityException, XMLSignatureException, MarshalException {
samlAssertion = new SamlAssertion();
Assertion assertion = createAssertion(host, tagCertificate, vmMetaData);
AssertionMarshaller marshaller = new AssertionMarshaller();
Element plaintextElement = marshaller.marshall(assertion);
//String originalAssertionString = XMLHelper.nodeToString(plaintextElement);
XMLHelper.nodeToString(plaintextElement);
log.info("Uncomment the next line to see the original Assertion String");
//System.out.println("Assertion String: " + originalAssertionString);//
// add signatures and/or encryption
signAssertion(plaintextElement);
samlAssertion.assertion = XMLHelper.nodeToString(plaintextElement);
log.info("Uncomment the next line to see the saml Assertion propertie");
//System.out.println("Signed Assertion String: " + samlAssertion.assertion );
return samlAssertion;
}
use of org.opensaml.saml.saml2.core.Assertion in project OpenAttestation by OpenAttestation.
the class SamlGenerator method createAssertion.
/**
* Differences from createAssertion:
* - the assertion ID is "MultipleHostTrustAssertion" instead of "HostTrustAssertion"
* - there is no overall Subject for the assertion because it's for multiple host
* - each host is identified with host attributes within its own attribute statement
*
* @param hosts
* @return
* @throws ConfigurationException
* @throws UnknownHostException
*/
private Assertion createAssertion(Collection<TxtHostWithAssetTag> hosts) throws ConfigurationException, UnknownHostException {
// Create the assertion
SAMLObjectBuilder assertionBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
Assertion assertion = (Assertion) assertionBuilder.buildObject();
// ID is arbitrary, only needs to be unique WITHIN THE DOCUMENT, and is required so that the Signature element can refer to it, for example #HostTrustAssertion
assertion.setID("MultipleHostTrustAssertion");
assertion.setIssuer(createIssuer());
DateTime now = new DateTime();
assertion.setIssueInstant(now);
assertion.setVersion(SAMLVersion.VERSION_20);
// assertion.setSubject(createSubject(host));
for (TxtHostWithAssetTag host : hosts) {
assertion.getAttributeStatements().add(createHostAttributes(host.getHost(), host.getTagCertificate(), null));
}
return assertion;
}
use of org.opensaml.saml.saml2.core.Assertion in project OpenAttestation by OpenAttestation.
the class SamlGenerator method generateHostAssertions.
/**
* Generates a multi-host SAML assertion which contains an AttributeStatement
* for each host containing a Host_Address attribute with the host IP address
* or hostname and the trust attributes as for a single-host assertion.
* The Subject of the multi-host SAML assertion should not be used because
* it is simply the collection hosts in the assertion and no statements
* are made about the collection as a whole.
*
* @param hosts
* @return
* @throws SamlException
*/
public SamlAssertion generateHostAssertions(Collection<TxtHostWithAssetTag> hosts) throws SamlException {
try {
samlAssertion = new SamlAssertion();
Assertion assertion = createAssertion(hosts);
AssertionMarshaller marshaller = new AssertionMarshaller();
Element plaintextElement = marshaller.marshall(assertion);
String originalAssertionString = XMLHelper.nodeToString(plaintextElement);
System.out.println("Assertion String: " + originalAssertionString);
// add signatures and/or encryption
signAssertion(plaintextElement);
samlAssertion.assertion = XMLHelper.nodeToString(plaintextElement);
System.out.println("Signed Assertion String: " + samlAssertion.assertion);
return samlAssertion;
} catch (Exception e) {
throw new SamlException(e);
}
}
use of org.opensaml.saml.saml2.core.Assertion in project OpenAttestation by OpenAttestation.
the class SamlGenerator method createAssertion.
/*
private AttributeStatement createHostAttributes(TxtHost host, ManifestType pcrManifest) throws ConfigurationException {
AttributeStatement attrStatement = createHostAttributes(host);
attrStatement.getAttributes().add(createComplexAttribute("Manifest", pcrManifest);
return attrStatement;
}
*/
/**
* Creates an assertion with attributes of the host
*
* ID attribute: see section 5.4.2 "References" of http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
*
* @param host
* @return
*/
private Assertion createAssertion(TxtHost host, X509AttributeCertificate tagCertificate, Map<String, String> vmMetaData) throws ConfigurationException, UnknownHostException {
// Create the assertion
SAMLObjectBuilder assertionBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
Assertion assertion = (Assertion) assertionBuilder.buildObject();
// ID is arbitrary, only needs to be unique WITHIN THE DOCUMENT, and is required so that the Signature element can refer to it, for example #HostTrustAssertion
assertion.setID("HostTrustAssertion");
assertion.setIssuer(createIssuer());
DateTime now = new DateTime();
assertion.setIssueInstant(now);
assertion.setVersion(SAMLVersion.VERSION_20);
assertion.setSubject(createSubject(host));
assertion.getAttributeStatements().add(createHostAttributes(host, tagCertificate, vmMetaData));
return assertion;
}
Aggregations