Search in sources :

Example 1 with AttributeStatement

use of org.opensaml.saml.saml2.core.AttributeStatement in project OpenAttestation by OpenAttestation.

the class SamlGenerator method createHostAttributes.

/*  works but not needed
        private List<Attribute> createStringAttributes(Map<String,String> attributes) throws ConfigurationException {
            ArrayList<Attribute> list = new ArrayList<Attribute>();
            for(Map.Entry<String,String> e : attributes.entrySet()) {
                Attribute attr = createStringAttribute(e.getKey(), e.getValue());
                list.add(attr);
            }
            return list;
        }
        * 
        */
// currently unused but probably works
/*
	private Attribute createComplexAttribute(String name, String xmlValue) throws ConfigurationException {
            SAMLObjectBuilder attrBuilder = (SAMLObjectBuilder)  builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
            Attribute attr = (Attribute) attrBuilder.buildObject();
            attr.setName(name);

            XMLObjectBuilder stringBuilder =  builderFactory.getBuilder(XSString.TYPE_NAME);
            XSAny attrValue = (XSAny) stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSAny.TYPE_NAME);
            attrValue.setTextContent(xmlValue);

            attr.getAttributeValues().add(attrValue);
            return attr;
	}
	*/
//        private final String DEFAULT_OID = "2.5.4.789.1";
private AttributeStatement createHostAttributes(TxtHost host, X509AttributeCertificate tagCertificate, Map<String, String> vmMetaData) throws ConfigurationException {
    // Builder Attributes
    SAMLObjectBuilder attrStatementBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME);
    AttributeStatement attrStatement = (AttributeStatement) attrStatementBuilder.buildObject();
    // add host attributes (both for single host and multi-host assertions)
    attrStatement.getAttributes().add(createStringAttribute("Host_Name", host.getHostName().toString()));
    attrStatement.getAttributes().add(createStringAttribute("Host_Address", host.getIPAddress().toString()));
    //            attrStatement.getAttributes().add(createStringAttribute("Host_UUID", host.getUuid()));  
    //            attrStatement.getAttributes().add(createStringAttribute("Host_AIK_SHA1", host.getUuid()));  
    // Create the attribute statements that are trusted
    attrStatement.getAttributes().add(createBooleanAttribute("Trusted", host.isBiosTrusted() && host.isVmmTrusted()));
    attrStatement.getAttributes().add(createBooleanAttribute("Trusted_BIOS", host.isBiosTrusted()));
    if (host.isBiosTrusted()) {
        attrStatement.getAttributes().add(createStringAttribute("BIOS_Name", host.getBios().getName()));
        attrStatement.getAttributes().add(createStringAttribute("BIOS_Version", host.getBios().getVersion()));
        attrStatement.getAttributes().add(createStringAttribute("BIOS_OEM", host.getBios().getOem()));
    }
    attrStatement.getAttributes().add(createBooleanAttribute("Trusted_VMM", host.isVmmTrusted()));
    if (host.isVmmTrusted()) {
        attrStatement.getAttributes().add(createStringAttribute("VMM_Name", host.getVmm().getName()));
        attrStatement.getAttributes().add(createStringAttribute("VMM_Version", host.getVmm().getVersion()));
        attrStatement.getAttributes().add(createStringAttribute("VMM_OSName", host.getVmm().getOsName()));
        attrStatement.getAttributes().add(createStringAttribute("VMM_OSVersion", host.getVmm().getOsVersion()));
    }
    //}
    if (tagCertificate != null) {
        // add the asset tag attestation status and if the status is trusted, then add all the attributes. In order to uniquely
        // identify all the asset tags on the client side, we will just append the text ATAG for all of them.
        attrStatement.getAttributes().add(createBooleanAttribute("Asset_Tag", host.isAssetTagTrusted()));
        attrStatement.getAttributes().add(createStringAttribute("Asset_Tag_Certificate_Sha1", Sha1Digest.digestOf(tagCertificate.getEncoded()).toString()));
        if (host.isAssetTagTrusted()) {
            // get all microformat attributes
            List<UTF8NameValueMicroformat> microformatAttributes = tagCertificate.getAttributes(UTF8NameValueMicroformat.class);
            for (UTF8NameValueMicroformat microformatAttribute : microformatAttributes) {
                attrStatement.getAttributes().add(createStringAttribute(String.format("TAG[" + microformatAttribute.getName() + "]"), microformatAttribute.getValue()));
            }
            // get all name-valuesequence attributes
            List<UTF8NameValueSequence> nameValueSequenceAttributes = tagCertificate.getAttributes(UTF8NameValueSequence.class);
            for (UTF8NameValueSequence nameValueSequenceAttribute : nameValueSequenceAttributes) {
                attrStatement.getAttributes().add(createStringAttribute(String.format("TAG[" + nameValueSequenceAttribute.getName() + "]"), StringUtils.join(nameValueSequenceAttribute.getValues(), ",")));
            }
            // all attributes including above and any other custom attributes will be available directly via the certificate
            attrStatement.getAttributes().add(createBase64BinaryAttribute("TagCertificate", tagCertificate.getEncoded()));
        } else {
            log.debug("Since Asset tag is not verified, no attributes would be added");
        }
    } else {
        log.debug("Since asset tag is not provisioned, asset tag attribute will not be added to the assertion.");
    }
    if (host.getAikCertificate() != null) {
        attrStatement.getAttributes().add(createStringAttribute("AIK_Certificate", host.getAikCertificate()));
    //attrStatement.getAttributes().add(createStringAttribute("AIK_SHA1", host.getAikSha1()));
    }
    if (vmMetaData != null && !vmMetaData.isEmpty()) {
        for (Map.Entry<String, String> entry : vmMetaData.entrySet()) {
            attrStatement.getAttributes().add(createStringAttribute(entry.getKey(), entry.getValue()));
        }
    }
    return attrStatement;
}
Also used : UTF8NameValueSequence(com.intel.mtwilson.datatypes.UTF8NameValueSequence) SAMLObjectBuilder(org.opensaml.common.SAMLObjectBuilder) AttributeStatement(org.opensaml.saml2.core.AttributeStatement) XSString(org.opensaml.xml.schema.XSString) UTF8NameValueMicroformat(com.intel.mtwilson.datatypes.UTF8NameValueMicroformat)

Example 2 with AttributeStatement

use of org.opensaml.saml.saml2.core.AttributeStatement in project cas by apereo.

the class AbstractSaml20ObjectBuilder method newAttributeStatement.

/**
     * New attribute statement.
     *
     * @param attributes            the attributes
     * @param setFriendlyName       the set friendly name
     * @param configuredNameFormats the configured name formats
     * @return the attribute statement
     */
public AttributeStatement newAttributeStatement(final Map<String, Object> attributes, final boolean setFriendlyName, final Map<String, String> configuredNameFormats) {
    final AttributeStatement attrStatement = newSamlObject(AttributeStatement.class);
    for (final Map.Entry<String, Object> e : attributes.entrySet()) {
        if (e.getValue() instanceof Collection<?> && ((Collection<?>) e.getValue()).isEmpty()) {
            LOGGER.info("Skipping attribute [{}] because it does not have any values.", e.getKey());
            continue;
        }
        final Attribute attribute = newAttribute(setFriendlyName, e, configuredNameFormats);
        attrStatement.getAttributes().add(attribute);
    }
    return attrStatement;
}
Also used : Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) XMLObject(org.opensaml.core.xml.XMLObject) Map(java.util.Map)

Example 3 with AttributeStatement

use of org.opensaml.saml.saml2.core.AttributeStatement in project ddf by codice.

the class SecurityAssertionImpl method toString.

/*
     * (non-Javadoc)
     * 
     * @see java.lang.Object#toString()
     */
@Override
public String toString() {
    StringBuilder result = new StringBuilder();
    result.append("Principal: ");
    result.append(getPrincipal());
    result.append(", Attributes: ");
    for (AttributeStatement attributeStatement : getAttributeStatements()) {
        for (Attribute attr : attributeStatement.getAttributes()) {
            result.append("[ ");
            result.append(attr.getName());
            result.append(" : ");
            for (int i = 0; i < attr.getAttributeValues().size(); i++) {
                result.append(((XSString) attr.getAttributeValues().get(i)).getValue());
            }
            result.append("] ");
        }
    }
    // add this back in when we support parsing this information
    result.append(", AuthnStatements: ");
    for (AuthnStatement authStatement : getAuthnStatements()) {
        result.append("[ ");
        result.append(authStatement.getAuthnInstant());
        result.append(" : ");
        result.append(authStatement.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef());
        result.append("] ");
    }
    //        }
    return result.toString();
}
Also used : Attribute(org.opensaml.saml.saml2.core.Attribute) EncryptedAttribute(org.opensaml.saml.saml2.core.EncryptedAttribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement)

Example 4 with AttributeStatement

use of org.opensaml.saml.saml2.core.AttributeStatement in project tesb-rt-se by Talend.

the class ServerSamlValidator method validate.

@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
    Credential validatedCredential = super.validate(credential, data);
    SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion();
    if (!"alice".equals(assertion.getIssuerString())) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    String confirmationMethod = assertion.getConfirmationMethods().get(0);
    if (!OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    Assertion saml2Assertion = assertion.getSaml2();
    if (saml2Assertion == null) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    boolean authenticatedClient = false;
    for (AttributeStatement attributeStatement : saml2Assertion.getAttributeStatements()) {
        for (Attribute attribute : attributeStatement.getAttributes()) {
            if (!"attribute-role".equals(attribute.getName())) {
                continue;
            }
            for (XMLObject attributeValue : attribute.getAttributeValues()) {
                Element attributeValueElement = attributeValue.getDOM();
                String text = attributeValueElement.getTextContent();
                if ("authenticated-client".equals(text)) {
                    authenticatedClient = true;
                }
            }
        }
    }
    if (!authenticatedClient) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    return validatedCredential;
}
Also used : Credential(org.apache.wss4j.dom.validate.Credential) Attribute(org.opensaml.saml.saml2.core.Attribute) AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement) Element(org.w3c.dom.Element) Assertion(org.opensaml.saml.saml2.core.Assertion) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) XMLObject(org.opensaml.core.xml.XMLObject) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 5 with AttributeStatement

use of org.opensaml.saml.saml2.core.AttributeStatement in project webcert by sklintyg.

the class FakeElegAuthenticationProvider method createSamlCredential.

private SAMLCredential createSamlCredential(Authentication token) {
    FakeElegCredentials fakeCredentials = (FakeElegCredentials) token.getCredentials();
    Assertion assertion = new AssertionBuilder().buildObject();
    attachAuthenticationContext(assertion, FAKE_AUTHENTICATION_ELEG_CONTEXT_REF);
    AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
    assertion.getAttributeStatements().add(attributeStatement);
    attributeStatement.getAttributes().add(createAttribute(CgiElegAssertion.PERSON_ID_ATTRIBUTE, fakeCredentials.getPersonId()));
    attributeStatement.getAttributes().add(createAttribute(CgiElegAssertion.FORNAMN_ATTRIBUTE, fakeCredentials.getFirstName()));
    attributeStatement.getAttributes().add(createAttribute(CgiElegAssertion.MELLAN_OCH_EFTERNAMN_ATTRIBUTE, fakeCredentials.getLastName()));
    NameID nameId = new NameIDBuilder().buildObject();
    nameId.setValue(token.getCredentials().toString());
    return new SAMLCredential(nameId, assertion, "fake-idp", "webcert");
}
Also used : NameIDBuilder(org.opensaml.saml2.core.impl.NameIDBuilder) AttributeStatementBuilder(org.opensaml.saml2.core.impl.AttributeStatementBuilder) SAMLCredential(org.springframework.security.saml.SAMLCredential) NameID(org.opensaml.saml2.core.NameID) AttributeStatement(org.opensaml.saml2.core.AttributeStatement) Assertion(org.opensaml.saml2.core.Assertion) AssertionBuilder(org.opensaml.saml2.core.impl.AssertionBuilder)

Aggregations

AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)61 Attribute (org.opensaml.saml.saml2.core.Attribute)40 Assertion (org.opensaml.saml.saml2.core.Assertion)36 Test (org.junit.jupiter.api.Test)24 XMLObject (org.opensaml.core.xml.XMLObject)17 AssertionBuilder.anAssertion (uk.gov.ida.saml.core.test.builders.AssertionBuilder.anAssertion)17 EncryptedAttribute (org.opensaml.saml.saml2.core.EncryptedAttribute)10 SimpleStringAttributeBuilder.aSimpleStringAttribute (uk.gov.ida.saml.core.test.builders.SimpleStringAttributeBuilder.aSimpleStringAttribute)9 ArrayList (java.util.ArrayList)8 SamlTransformationErrorFactory.emptyAttribute (uk.gov.ida.saml.core.errors.SamlTransformationErrorFactory.emptyAttribute)8 HashMap (java.util.HashMap)7 XSString (org.opensaml.core.xml.schema.XSString)7 NameID (org.opensaml.saml.saml2.core.NameID)7 Response (org.opensaml.saml.saml2.core.Response)7 Subject (org.opensaml.saml.saml2.core.Subject)7 Map (java.util.Map)6 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)6 EncryptedAssertion (org.opensaml.saml.saml2.core.EncryptedAssertion)6 AttributeStatement (org.opensaml.saml2.core.AttributeStatement)6 List (java.util.List)5