Search in sources :

Example 11 with Attribute

use of org.opensaml.saml2.core.Attribute in project OpenAttestation by OpenAttestation.

the class SamlGenerator method createBase64BinaryAttribute.

/**
         * Creates a base64-encoded attribute
         * @param name
         * @param value
         * @return
         * @throws ConfigurationException 
         */
private Attribute createBase64BinaryAttribute(String name, byte[] value) throws ConfigurationException {
    SAMLObjectBuilder attrBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
    Attribute attr = (Attribute) attrBuilder.buildObject();
    attr.setName(name);
    XMLObjectBuilder xmlBuilder = builderFactory.getBuilder(XSBase64Binary.TYPE_NAME);
    XSBase64Binary attrValue = (XSBase64Binary) xmlBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSBase64Binary.TYPE_NAME);
    attrValue.setValue(Base64.encodeBase64String(value));
    attr.getAttributeValues().add(attrValue);
    return attr;
}
Also used : XSBase64Binary(org.opensaml.xml.schema.XSBase64Binary) SAMLObjectBuilder(org.opensaml.common.SAMLObjectBuilder) Attribute(org.opensaml.saml2.core.Attribute) XMLObjectBuilder(org.opensaml.xml.XMLObjectBuilder)

Example 12 with Attribute

use of org.opensaml.saml2.core.Attribute in project OpenAttestation by OpenAttestation.

the class SamlGenerator method createBooleanAttribute.

/**
         * This method builds a single-valued boolean attribute such as isTrusted=true
         * @param name
         * @param value
         * @return
         * @throws ConfigurationException 
         */
private Attribute createBooleanAttribute(String name, boolean value) throws ConfigurationException {
    SAMLObjectBuilder attrBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
    Attribute attr = (Attribute) attrBuilder.buildObject();
    attr.setName(name);
    XMLObjectBuilder xmlBuilder = builderFactory.getBuilder(XSAny.TYPE_NAME);
    XSAny attrValue = (XSAny) xmlBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSAny.TYPE_NAME);
    attrValue.setTextContent(value ? "true" : "false");
    attr.getAttributeValues().add(attrValue);
    return attr;
}
Also used : SAMLObjectBuilder(org.opensaml.common.SAMLObjectBuilder) Attribute(org.opensaml.saml2.core.Attribute) XMLObjectBuilder(org.opensaml.xml.XMLObjectBuilder) XSAny(org.opensaml.xml.schema.XSAny)

Example 13 with Attribute

use of org.opensaml.saml2.core.Attribute in project OpenAttestation by OpenAttestation.

the class SamlGenerator method createAssertion.

/**
         * Differences from createAssertion:
         * - the assertion ID is "MultipleHostTrustAssertion" instead of "HostTrustAssertion"
         * - there is no overall Subject for the assertion because it's for multiple host
         * - each host is identified with host attributes within its own attribute statement
         * 
         * @param hosts
         * @return
         * @throws ConfigurationException
         * @throws UnknownHostException 
         */
private Assertion createAssertion(Collection<TxtHostWithAssetTag> hosts) throws ConfigurationException, UnknownHostException {
    // Create the assertion
    SAMLObjectBuilder assertionBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
    Assertion assertion = (Assertion) assertionBuilder.buildObject();
    // ID is arbitrary, only needs to be unique WITHIN THE DOCUMENT, and is required so that the Signature element can refer to it, for example #HostTrustAssertion
    assertion.setID("MultipleHostTrustAssertion");
    assertion.setIssuer(createIssuer());
    DateTime now = new DateTime();
    assertion.setIssueInstant(now);
    assertion.setVersion(SAMLVersion.VERSION_20);
    //            assertion.setSubject(createSubject(host));
    for (TxtHostWithAssetTag host : hosts) {
        assertion.getAttributeStatements().add(createHostAttributes(host.getHost(), host.getTagCertificate(), null));
    }
    return assertion;
}
Also used : SAMLObjectBuilder(org.opensaml.common.SAMLObjectBuilder) Assertion(org.opensaml.saml2.core.Assertion) DateTime(org.joda.time.DateTime)

Example 14 with Attribute

use of org.opensaml.saml2.core.Attribute in project OpenAttestation by OpenAttestation.

the class SamlGenerator method generateHostAssertions.

/**
     * Generates a multi-host SAML assertion which contains an AttributeStatement
     * for each host containing a Host_Address attribute with the host IP address
     * or hostname and the trust attributes as for a single-host assertion.
     * The Subject of the multi-host SAML assertion should not be used because
     * it is simply the collection hosts in the assertion and no statements
     * are made about the collection as a whole.
     * 
     * @param hosts
     * @return
     * @throws SamlException 
     */
public SamlAssertion generateHostAssertions(Collection<TxtHostWithAssetTag> hosts) throws SamlException {
    try {
        samlAssertion = new SamlAssertion();
        Assertion assertion = createAssertion(hosts);
        AssertionMarshaller marshaller = new AssertionMarshaller();
        Element plaintextElement = marshaller.marshall(assertion);
        String originalAssertionString = XMLHelper.nodeToString(plaintextElement);
        System.out.println("Assertion String: " + originalAssertionString);
        // add signatures and/or encryption
        signAssertion(plaintextElement);
        samlAssertion.assertion = XMLHelper.nodeToString(plaintextElement);
        System.out.println("Signed Assertion String: " + samlAssertion.assertion);
        return samlAssertion;
    } catch (Exception e) {
        throw new SamlException(e);
    }
}
Also used : AssertionMarshaller(org.opensaml.saml2.core.impl.AssertionMarshaller) Element(org.w3c.dom.Element) Assertion(org.opensaml.saml2.core.Assertion) XSString(org.opensaml.xml.schema.XSString) MarshalException(javax.xml.crypto.MarshalException) KeyStoreException(java.security.KeyStoreException) GeneralSecurityException(java.security.GeneralSecurityException) XMLSignatureException(javax.xml.crypto.dsig.XMLSignatureException) UnrecoverableEntryException(java.security.UnrecoverableEntryException) MarshallingException(org.opensaml.xml.io.MarshallingException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) UnknownHostException(java.net.UnknownHostException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) ConfigurationException(org.opensaml.xml.ConfigurationException)

Example 15 with Attribute

use of org.opensaml.saml2.core.Attribute in project OpenAttestation by OpenAttestation.

the class SamlGenerator method createAssertion.

/*
        private AttributeStatement createHostAttributes(TxtHost host, ManifestType pcrManifest) throws ConfigurationException {
            AttributeStatement attrStatement = createHostAttributes(host);
            attrStatement.getAttributes().add(createComplexAttribute("Manifest", pcrManifest);

            return attrStatement;
            
        }
        */
/**
         * Creates an assertion with attributes of the host
         * 
         * ID attribute: see section 5.4.2  "References" of http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
         * 
         * @param host
         * @return 
         */
private Assertion createAssertion(TxtHost host, X509AttributeCertificate tagCertificate, Map<String, String> vmMetaData) throws ConfigurationException, UnknownHostException {
    // Create the assertion
    SAMLObjectBuilder assertionBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
    Assertion assertion = (Assertion) assertionBuilder.buildObject();
    // ID is arbitrary, only needs to be unique WITHIN THE DOCUMENT, and is required so that the Signature element can refer to it, for example #HostTrustAssertion
    assertion.setID("HostTrustAssertion");
    assertion.setIssuer(createIssuer());
    DateTime now = new DateTime();
    assertion.setIssueInstant(now);
    assertion.setVersion(SAMLVersion.VERSION_20);
    assertion.setSubject(createSubject(host));
    assertion.getAttributeStatements().add(createHostAttributes(host, tagCertificate, vmMetaData));
    return assertion;
}
Also used : SAMLObjectBuilder(org.opensaml.common.SAMLObjectBuilder) Assertion(org.opensaml.saml2.core.Assertion) DateTime(org.joda.time.DateTime)

Aggregations

Attribute (org.opensaml.saml.saml2.core.Attribute)9 AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)7 SAMLObjectBuilder (org.opensaml.common.SAMLObjectBuilder)6 XMLObject (org.opensaml.core.xml.XMLObject)4 Attribute (org.opensaml.saml2.core.Attribute)4 XSString (org.opensaml.xml.schema.XSString)4 SecurityAssertion (ddf.security.assertion.SecurityAssertion)3 Map (java.util.Map)3 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)3 XSString (org.opensaml.core.xml.schema.XSString)3 Assertion (org.opensaml.saml2.core.Assertion)3 GuestPrincipal (ddf.security.principal.GuestPrincipal)2 IOException (java.io.IOException)2 Principal (java.security.Principal)2 KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)2 X500Principal (javax.security.auth.x500.X500Principal)2 DateTime (org.joda.time.DateTime)2 AttributeStatement (org.opensaml.saml2.core.AttributeStatement)2 XMLObjectBuilder (org.opensaml.xml.XMLObjectBuilder)2 XSAny (org.opensaml.xml.schema.XSAny)2