Search in sources :

Example 61 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project OpenAttestation by OpenAttestation.

the class TrustAssertion method readAssertion.

private Assertion readAssertion(Element document) throws UnmarshallingException {
    log.debug("Reading assertion from element {}", document.getTagName());
    UnmarshallerFactory factory = Configuration.getUnmarshallerFactory();
    Unmarshaller unmarshaller = factory.getUnmarshaller(document);
    // UnmarshallingException
    XMLObject xml = unmarshaller.unmarshall(document);
    Assertion samlAssertion = (Assertion) xml;
    return samlAssertion;
}
Also used : Assertion(org.opensaml.saml2.core.Assertion) XMLObject(org.opensaml.xml.XMLObject) UnmarshallerFactory(org.opensaml.xml.io.UnmarshallerFactory) Unmarshaller(org.opensaml.xml.io.Unmarshaller)

Example 62 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project OpenAttestation by OpenAttestation.

the class SamlGenerator method generateHostAssertion.

/*
    public void setKeystoreResource(Resource keystoreResource) {
        this.keystoreResource = keystoreResource;
    }*/
/**
     * Input is a Host record with all the attributes to assert
     * Output is XML containing the SAML assertions
     * 
     * From /hosts/trust we get BIOS:1,VMM:1
     * From /hosts/location we get location
     * From /pollhosts we get trust level "unknown/untrusted/trusted" and timestamp
     * From /hosts/reports/trust we get host name, mle info string, created on, overall trust status, and verified on
     * From /hosts/reports/manifest we get PCR values, trust status, and verified on for each PCR
     * 
     * @return @SamlAssertion
     * @throws MarshallingException 
     */
public SamlAssertion generateHostAssertion(TxtHost host, X509AttributeCertificate tagCertificate, Map<String, String> vmMetaData) throws MarshallingException, ConfigurationException, UnknownHostException, GeneralSecurityException, XMLSignatureException, MarshalException {
    samlAssertion = new SamlAssertion();
    Assertion assertion = createAssertion(host, tagCertificate, vmMetaData);
    AssertionMarshaller marshaller = new AssertionMarshaller();
    Element plaintextElement = marshaller.marshall(assertion);
    //String originalAssertionString = XMLHelper.nodeToString(plaintextElement);
    XMLHelper.nodeToString(plaintextElement);
    log.info("Uncomment the next line to see the original Assertion String");
    //System.out.println("Assertion String: " + originalAssertionString);//
    // add signatures and/or encryption
    signAssertion(plaintextElement);
    samlAssertion.assertion = XMLHelper.nodeToString(plaintextElement);
    log.info("Uncomment the next line to see the saml Assertion propertie");
    //System.out.println("Signed Assertion String: " + samlAssertion.assertion );
    return samlAssertion;
}
Also used : AssertionMarshaller(org.opensaml.saml2.core.impl.AssertionMarshaller) Element(org.w3c.dom.Element) Assertion(org.opensaml.saml2.core.Assertion)

Example 63 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project OpenAttestation by OpenAttestation.

the class SamlGenerator method createAssertion.

/**
         * Differences from createAssertion:
         * - the assertion ID is "MultipleHostTrustAssertion" instead of "HostTrustAssertion"
         * - there is no overall Subject for the assertion because it's for multiple host
         * - each host is identified with host attributes within its own attribute statement
         * 
         * @param hosts
         * @return
         * @throws ConfigurationException
         * @throws UnknownHostException 
         */
private Assertion createAssertion(Collection<TxtHostWithAssetTag> hosts) throws ConfigurationException, UnknownHostException {
    // Create the assertion
    SAMLObjectBuilder assertionBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
    Assertion assertion = (Assertion) assertionBuilder.buildObject();
    // ID is arbitrary, only needs to be unique WITHIN THE DOCUMENT, and is required so that the Signature element can refer to it, for example #HostTrustAssertion
    assertion.setID("MultipleHostTrustAssertion");
    assertion.setIssuer(createIssuer());
    DateTime now = new DateTime();
    assertion.setIssueInstant(now);
    assertion.setVersion(SAMLVersion.VERSION_20);
    //            assertion.setSubject(createSubject(host));
    for (TxtHostWithAssetTag host : hosts) {
        assertion.getAttributeStatements().add(createHostAttributes(host.getHost(), host.getTagCertificate(), null));
    }
    return assertion;
}
Also used : SAMLObjectBuilder(org.opensaml.common.SAMLObjectBuilder) Assertion(org.opensaml.saml2.core.Assertion) DateTime(org.joda.time.DateTime)

Example 64 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project OpenAttestation by OpenAttestation.

the class SamlGenerator method generateHostAssertions.

/**
     * Generates a multi-host SAML assertion which contains an AttributeStatement
     * for each host containing a Host_Address attribute with the host IP address
     * or hostname and the trust attributes as for a single-host assertion.
     * The Subject of the multi-host SAML assertion should not be used because
     * it is simply the collection hosts in the assertion and no statements
     * are made about the collection as a whole.
     * 
     * @param hosts
     * @return
     * @throws SamlException 
     */
public SamlAssertion generateHostAssertions(Collection<TxtHostWithAssetTag> hosts) throws SamlException {
    try {
        samlAssertion = new SamlAssertion();
        Assertion assertion = createAssertion(hosts);
        AssertionMarshaller marshaller = new AssertionMarshaller();
        Element plaintextElement = marshaller.marshall(assertion);
        String originalAssertionString = XMLHelper.nodeToString(plaintextElement);
        System.out.println("Assertion String: " + originalAssertionString);
        // add signatures and/or encryption
        signAssertion(plaintextElement);
        samlAssertion.assertion = XMLHelper.nodeToString(plaintextElement);
        System.out.println("Signed Assertion String: " + samlAssertion.assertion);
        return samlAssertion;
    } catch (Exception e) {
        throw new SamlException(e);
    }
}
Also used : AssertionMarshaller(org.opensaml.saml2.core.impl.AssertionMarshaller) Element(org.w3c.dom.Element) Assertion(org.opensaml.saml2.core.Assertion) XSString(org.opensaml.xml.schema.XSString) MarshalException(javax.xml.crypto.MarshalException) KeyStoreException(java.security.KeyStoreException) GeneralSecurityException(java.security.GeneralSecurityException) XMLSignatureException(javax.xml.crypto.dsig.XMLSignatureException) UnrecoverableEntryException(java.security.UnrecoverableEntryException) MarshallingException(org.opensaml.xml.io.MarshallingException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) UnknownHostException(java.net.UnknownHostException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ConfigurationException(org.opensaml.xml.ConfigurationException)

Example 65 with Assertion

use of org.opensaml.saml.saml2.core.Assertion in project OpenAttestation by OpenAttestation.

the class SamlGenerator method createAssertion.

/*
        private AttributeStatement createHostAttributes(TxtHost host, ManifestType pcrManifest) throws ConfigurationException {
            AttributeStatement attrStatement = createHostAttributes(host);
            attrStatement.getAttributes().add(createComplexAttribute("Manifest", pcrManifest);

            return attrStatement;
            
        }
        */
/**
         * Creates an assertion with attributes of the host
         * 
         * ID attribute: see section 5.4.2  "References" of http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
         * 
         * @param host
         * @return 
         */
private Assertion createAssertion(TxtHost host, X509AttributeCertificate tagCertificate, Map<String, String> vmMetaData) throws ConfigurationException, UnknownHostException {
    // Create the assertion
    SAMLObjectBuilder assertionBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
    Assertion assertion = (Assertion) assertionBuilder.buildObject();
    // ID is arbitrary, only needs to be unique WITHIN THE DOCUMENT, and is required so that the Signature element can refer to it, for example #HostTrustAssertion
    assertion.setID("HostTrustAssertion");
    assertion.setIssuer(createIssuer());
    DateTime now = new DateTime();
    assertion.setIssueInstant(now);
    assertion.setVersion(SAMLVersion.VERSION_20);
    assertion.setSubject(createSubject(host));
    assertion.getAttributeStatements().add(createHostAttributes(host, tagCertificate, vmMetaData));
    return assertion;
}
Also used : SAMLObjectBuilder(org.opensaml.common.SAMLObjectBuilder) Assertion(org.opensaml.saml2.core.Assertion) DateTime(org.joda.time.DateTime)

Aggregations

Assertion (org.opensaml.saml.saml2.core.Assertion)33 Response (org.opensaml.saml.saml2.core.Response)31 Element (org.w3c.dom.Element)31 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)26 Document (org.w3c.dom.Document)22 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)20 Status (org.opensaml.saml.saml2.core.Status)20 SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)18 DateTime (org.joda.time.DateTime)16 Test (org.junit.Test)16 Assertion (org.opensaml.saml.saml1.core.Assertion)13 InputStream (java.io.InputStream)11 Crypto (org.apache.wss4j.common.crypto.Crypto)11 AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)11 ZonedDateTime (java.time.ZonedDateTime)10 XMLObject (org.opensaml.core.xml.XMLObject)10 KeyStore (java.security.KeyStore)9 Merlin (org.apache.wss4j.common.crypto.Merlin)9 Assertion (org.jasig.cas.client.validation.Assertion)9 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)9