use of org.opensaml.saml.saml2.core.AttributeStatement in project OpenAttestation by OpenAttestation.
the class SamlGenerator method createHostAttributes.
/* works but not needed
private List<Attribute> createStringAttributes(Map<String,String> attributes) throws ConfigurationException {
ArrayList<Attribute> list = new ArrayList<Attribute>();
for(Map.Entry<String,String> e : attributes.entrySet()) {
Attribute attr = createStringAttribute(e.getKey(), e.getValue());
list.add(attr);
}
return list;
}
*
*/
// currently unused but probably works
/*
private Attribute createComplexAttribute(String name, String xmlValue) throws ConfigurationException {
SAMLObjectBuilder attrBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
Attribute attr = (Attribute) attrBuilder.buildObject();
attr.setName(name);
XMLObjectBuilder stringBuilder = builderFactory.getBuilder(XSString.TYPE_NAME);
XSAny attrValue = (XSAny) stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSAny.TYPE_NAME);
attrValue.setTextContent(xmlValue);
attr.getAttributeValues().add(attrValue);
return attr;
}
*/
// private final String DEFAULT_OID = "2.5.4.789.1";
private AttributeStatement createHostAttributes(TxtHost host, X509AttributeCertificate tagCertificate, Map<String, String> vmMetaData) throws ConfigurationException {
// Builder Attributes
SAMLObjectBuilder attrStatementBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME);
AttributeStatement attrStatement = (AttributeStatement) attrStatementBuilder.buildObject();
// add host attributes (both for single host and multi-host assertions)
attrStatement.getAttributes().add(createStringAttribute("Host_Name", host.getHostName().toString()));
attrStatement.getAttributes().add(createStringAttribute("Host_Address", host.getIPAddress().toString()));
// attrStatement.getAttributes().add(createStringAttribute("Host_UUID", host.getUuid()));
// attrStatement.getAttributes().add(createStringAttribute("Host_AIK_SHA1", host.getUuid()));
// Create the attribute statements that are trusted
attrStatement.getAttributes().add(createBooleanAttribute("Trusted", host.isBiosTrusted() && host.isVmmTrusted()));
attrStatement.getAttributes().add(createBooleanAttribute("Trusted_BIOS", host.isBiosTrusted()));
if (host.isBiosTrusted()) {
attrStatement.getAttributes().add(createStringAttribute("BIOS_Name", host.getBios().getName()));
attrStatement.getAttributes().add(createStringAttribute("BIOS_Version", host.getBios().getVersion()));
attrStatement.getAttributes().add(createStringAttribute("BIOS_OEM", host.getBios().getOem()));
}
attrStatement.getAttributes().add(createBooleanAttribute("Trusted_VMM", host.isVmmTrusted()));
if (host.isVmmTrusted()) {
attrStatement.getAttributes().add(createStringAttribute("VMM_Name", host.getVmm().getName()));
attrStatement.getAttributes().add(createStringAttribute("VMM_Version", host.getVmm().getVersion()));
attrStatement.getAttributes().add(createStringAttribute("VMM_OSName", host.getVmm().getOsName()));
attrStatement.getAttributes().add(createStringAttribute("VMM_OSVersion", host.getVmm().getOsVersion()));
}
//}
if (tagCertificate != null) {
// add the asset tag attestation status and if the status is trusted, then add all the attributes. In order to uniquely
// identify all the asset tags on the client side, we will just append the text ATAG for all of them.
attrStatement.getAttributes().add(createBooleanAttribute("Asset_Tag", host.isAssetTagTrusted()));
attrStatement.getAttributes().add(createStringAttribute("Asset_Tag_Certificate_Sha1", Sha1Digest.digestOf(tagCertificate.getEncoded()).toString()));
if (host.isAssetTagTrusted()) {
// get all microformat attributes
List<UTF8NameValueMicroformat> microformatAttributes = tagCertificate.getAttributes(UTF8NameValueMicroformat.class);
for (UTF8NameValueMicroformat microformatAttribute : microformatAttributes) {
attrStatement.getAttributes().add(createStringAttribute(String.format("TAG[" + microformatAttribute.getName() + "]"), microformatAttribute.getValue()));
}
// get all name-valuesequence attributes
List<UTF8NameValueSequence> nameValueSequenceAttributes = tagCertificate.getAttributes(UTF8NameValueSequence.class);
for (UTF8NameValueSequence nameValueSequenceAttribute : nameValueSequenceAttributes) {
attrStatement.getAttributes().add(createStringAttribute(String.format("TAG[" + nameValueSequenceAttribute.getName() + "]"), StringUtils.join(nameValueSequenceAttribute.getValues(), ",")));
}
// all attributes including above and any other custom attributes will be available directly via the certificate
attrStatement.getAttributes().add(createBase64BinaryAttribute("TagCertificate", tagCertificate.getEncoded()));
} else {
log.debug("Since Asset tag is not verified, no attributes would be added");
}
} else {
log.debug("Since asset tag is not provisioned, asset tag attribute will not be added to the assertion.");
}
if (host.getAikCertificate() != null) {
attrStatement.getAttributes().add(createStringAttribute("AIK_Certificate", host.getAikCertificate()));
//attrStatement.getAttributes().add(createStringAttribute("AIK_SHA1", host.getAikSha1()));
}
if (vmMetaData != null && !vmMetaData.isEmpty()) {
for (Map.Entry<String, String> entry : vmMetaData.entrySet()) {
attrStatement.getAttributes().add(createStringAttribute(entry.getKey(), entry.getValue()));
}
}
return attrStatement;
}
use of org.opensaml.saml.saml2.core.AttributeStatement in project cas by apereo.
the class AbstractSaml20ObjectBuilder method newAttributeStatement.
/**
* New attribute statement.
*
* @param attributes the attributes
* @param setFriendlyName the set friendly name
* @param configuredNameFormats the configured name formats
* @return the attribute statement
*/
public AttributeStatement newAttributeStatement(final Map<String, Object> attributes, final boolean setFriendlyName, final Map<String, String> configuredNameFormats) {
final AttributeStatement attrStatement = newSamlObject(AttributeStatement.class);
for (final Map.Entry<String, Object> e : attributes.entrySet()) {
if (e.getValue() instanceof Collection<?> && ((Collection<?>) e.getValue()).isEmpty()) {
LOGGER.info("Skipping attribute [{}] because it does not have any values.", e.getKey());
continue;
}
final Attribute attribute = newAttribute(setFriendlyName, e, configuredNameFormats);
attrStatement.getAttributes().add(attribute);
}
return attrStatement;
}
use of org.opensaml.saml.saml2.core.AttributeStatement in project ddf by codice.
the class SecurityAssertionImpl method toString.
/*
* (non-Javadoc)
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder result = new StringBuilder();
result.append("Principal: ");
result.append(getPrincipal());
result.append(", Attributes: ");
for (AttributeStatement attributeStatement : getAttributeStatements()) {
for (Attribute attr : attributeStatement.getAttributes()) {
result.append("[ ");
result.append(attr.getName());
result.append(" : ");
for (int i = 0; i < attr.getAttributeValues().size(); i++) {
result.append(((XSString) attr.getAttributeValues().get(i)).getValue());
}
result.append("] ");
}
}
// add this back in when we support parsing this information
result.append(", AuthnStatements: ");
for (AuthnStatement authStatement : getAuthnStatements()) {
result.append("[ ");
result.append(authStatement.getAuthnInstant());
result.append(" : ");
result.append(authStatement.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef());
result.append("] ");
}
// }
return result.toString();
}
use of org.opensaml.saml.saml2.core.AttributeStatement in project tesb-rt-se by Talend.
the class ServerSamlValidator method validate.
@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
Credential validatedCredential = super.validate(credential, data);
SamlAssertionWrapper assertion = validatedCredential.getSamlAssertion();
if (!"alice".equals(assertion.getIssuerString())) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
String confirmationMethod = assertion.getConfirmationMethods().get(0);
if (!OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
Assertion saml2Assertion = assertion.getSaml2();
if (saml2Assertion == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
boolean authenticatedClient = false;
for (AttributeStatement attributeStatement : saml2Assertion.getAttributeStatements()) {
for (Attribute attribute : attributeStatement.getAttributes()) {
if (!"attribute-role".equals(attribute.getName())) {
continue;
}
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String text = attributeValueElement.getTextContent();
if ("authenticated-client".equals(text)) {
authenticatedClient = true;
}
}
}
}
if (!authenticatedClient) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
}
return validatedCredential;
}
use of org.opensaml.saml.saml2.core.AttributeStatement in project webcert by sklintyg.
the class FakeElegAuthenticationProvider method createSamlCredential.
private SAMLCredential createSamlCredential(Authentication token) {
FakeElegCredentials fakeCredentials = (FakeElegCredentials) token.getCredentials();
Assertion assertion = new AssertionBuilder().buildObject();
attachAuthenticationContext(assertion, FAKE_AUTHENTICATION_ELEG_CONTEXT_REF);
AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
assertion.getAttributeStatements().add(attributeStatement);
attributeStatement.getAttributes().add(createAttribute(CgiElegAssertion.PERSON_ID_ATTRIBUTE, fakeCredentials.getPersonId()));
attributeStatement.getAttributes().add(createAttribute(CgiElegAssertion.FORNAMN_ATTRIBUTE, fakeCredentials.getFirstName()));
attributeStatement.getAttributes().add(createAttribute(CgiElegAssertion.MELLAN_OCH_EFTERNAMN_ATTRIBUTE, fakeCredentials.getLastName()));
NameID nameId = new NameIDBuilder().buildObject();
nameId.setValue(token.getCredentials().toString());
return new SAMLCredential(nameId, assertion, "fake-idp", "webcert");
}
Aggregations