Example 1 with AttributeValueType
use of org.opensaml.xacml.ctx.AttributeValueType in project ddf by codice.
the class SamlAssertionValidatorImplTest method createHolderOfKeyAssertion.
private Assertion createHolderOfKeyAssertion() throws Exception {
Assertion assertion = new AssertionBuilder().buildObject();
assertion.setID(UUID.randomUUID().toString());
assertion.setIssueInstant(new DateTime());
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue(ISSUER);
assertion.setIssuer(issuer);
NameID nameID = new NameIDBuilder().buildObject();
nameID.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
nameID.setNameQualifier("http://cxf.apache.org/sts");
nameID.setValue("admin");
X509SubjectName x509SubjectName = new X509SubjectNameBuilder().buildObject();
x509SubjectName.setValue("EMAILADDRESS=localhost@example.org, CN=localhost, OU=Dev, O=DDF, ST=AZ, C=US");
org.opensaml.xmlsec.signature.X509Certificate x509Certificate = new X509CertificateBuilder().buildObject();
byte[] certBytes = certificate.getEncoded();
String certString = new String(Base64.encode(certBytes));
x509Certificate.setValue(certString);
X509Data x509Data = new X509DataBuilder().buildObject();
x509Data.getX509SubjectNames().add(x509SubjectName);
x509Data.getX509Certificates().add(x509Certificate);
KeyInfo keyInfo = new KeyInfoBuilder().buildObject();
keyInfo.getX509Datas().add(x509Data);
KeyInfoConfirmationDataType keyInfoConfirmationDataType = new KeyInfoConfirmationDataTypeBuilder().buildObject();
keyInfoConfirmationDataType.getKeyInfos().add(keyInfo);
SubjectConfirmation subjectConfirmation = new SubjectConfirmationBuilder().buildObject();
subjectConfirmation.setMethod("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
subjectConfirmation.setSubjectConfirmationData(keyInfoConfirmationDataType);
Subject subject = new SubjectBuilder().buildObject();
subject.setNameID(nameID);
subject.getSubjectConfirmations().add(subjectConfirmation);
assertion.setSubject(subject);
Conditions conditions = new ConditionsBuilder().buildObject();
conditions.setNotBefore(new DateTime().minusDays(3));
conditions.setNotOnOrAfter(new DateTime().plusDays(3));
assertion.setConditions(conditions);
AuthnStatement authnStatement = new AuthnStatementBuilder().buildObject();
authnStatement.setAuthnInstant(new DateTime());
AuthnContext authnContext = new AuthnContextBuilder().buildObject();
AuthnContextClassRef authnContextClassRef = new AuthnContextClassRefBuilder().buildObject();
authnContextClassRef.setAuthnContextClassRef("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified");
authnContext.setAuthnContextClassRef(authnContextClassRef);
authnStatement.setAuthnContext(authnContext);
assertion.getAuthnStatements().add(authnStatement);
AttributeStatement attributeStatement = new AttributeStatementBuilder().buildObject();
Attribute attribute = new AttributeBuilder().buildObject();
AttributeValueType attributeValue = new AttributeValueTypeImplBuilder().buildObject();
attributeValue.setValue("admin");
attribute.setName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
attribute.setNameFormat("urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified");
attribute.getAttributeValues().add(attributeValue);
attributeStatement.getAttributes().add(attribute);
assertion.getAttributeStatements().add(attributeStatement);
Signature signature = OpenSAMLUtil.buildSignature();
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
signature.setSignatureAlgorithm(WSS4JConstants.RSA);
BasicX509Credential signingCredential;
signingCredential = new BasicX509Credential(certificate);
signingCredential.setPrivateKey(privateKey);
signature.setSigningCredential(signingCredential);
X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
KeyInfo signatureKeyInfo = x509KeyInfoGeneratorFactory.newInstance().generate(signingCredential);
signature.setKeyInfo(signatureKeyInfo);
assertion.setSignature(signature);
return assertion;
}
Also used :
Issuer(org.opensaml.saml.saml2.core.Issuer)
KeyInfoBuilder(org.opensaml.xmlsec.signature.impl.KeyInfoBuilder)
Attribute(org.opensaml.saml.saml2.core.Attribute)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
AuthnStatementBuilder(org.opensaml.saml.saml2.core.impl.AuthnStatementBuilder)
AuthnContextClassRefBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder)
X509Data(org.opensaml.xmlsec.signature.X509Data)
DateTime(org.joda.time.DateTime)
Conditions(org.opensaml.saml.saml2.core.Conditions)
AuthnContext(org.opensaml.saml.saml2.core.AuthnContext)
NameIDBuilder(org.opensaml.saml.saml2.core.impl.NameIDBuilder)
X509DataBuilder(org.opensaml.xmlsec.signature.impl.X509DataBuilder)
SubjectConfirmation(org.opensaml.saml.saml2.core.SubjectConfirmation)
KeyInfo(org.opensaml.xmlsec.signature.KeyInfo)
SubjectBuilder(org.opensaml.saml.saml2.core.impl.SubjectBuilder)
SubjectConfirmationBuilder(org.opensaml.saml.saml2.core.impl.SubjectConfirmationBuilder)
X509KeyInfoGeneratorFactory(org.opensaml.xmlsec.keyinfo.impl.X509KeyInfoGeneratorFactory)
AttributeStatementBuilder(org.opensaml.saml.saml2.core.impl.AttributeStatementBuilder)
AttributeBuilder(org.opensaml.saml.saml2.core.impl.AttributeBuilder)
X509SubjectNameBuilder(org.opensaml.xmlsec.signature.impl.X509SubjectNameBuilder)
KeyInfoConfirmationDataTypeBuilder(org.opensaml.saml.saml2.core.impl.KeyInfoConfirmationDataTypeBuilder)
NameID(org.opensaml.saml.saml2.core.NameID)
AttributeValueType(org.opensaml.xacml.ctx.AttributeValueType)
AuthnContextBuilder(org.opensaml.saml.saml2.core.impl.AuthnContextBuilder)
Assertion(org.opensaml.saml.saml2.core.Assertion)
X509CertificateBuilder(org.opensaml.xmlsec.signature.impl.X509CertificateBuilder)
KeyInfoConfirmationDataType(org.opensaml.saml.saml2.core.KeyInfoConfirmationDataType)
AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef)
AssertionBuilder(org.opensaml.saml.saml2.core.impl.AssertionBuilder)
Subject(org.opensaml.saml.saml2.core.Subject)
ConditionsBuilder(org.opensaml.saml.saml2.core.impl.ConditionsBuilder)
BasicX509Credential(org.opensaml.security.x509.BasicX509Credential)
AttributeStatement(org.opensaml.saml.saml2.core.AttributeStatement)
Signature(org.opensaml.xmlsec.signature.Signature)
AuthnStatement(org.opensaml.saml.saml2.core.AuthnStatement)
X509SubjectName(org.opensaml.xmlsec.signature.X509SubjectName)
IssuerBuilder(org.opensaml.saml.saml2.core.impl.IssuerBuilder)
AttributeValueTypeImplBuilder(org.opensaml.xacml.ctx.impl.AttributeValueTypeImplBuilder)
Example 2 with AttributeValueType
use of org.opensaml.xacml.ctx.AttributeValueType in project cxf by apache.
the class SamlRequestComponentBuilderTest method testCreateXACMLSamlAuthzQueryRequest.
@org.junit.Test
public void testCreateXACMLSamlAuthzQueryRequest() throws Exception {
Document doc = docBuilder.newDocument();
//
// Create XACML request
//
// Subject
AttributeValueType subjectIdAttributeValue = RequestComponentBuilder.createAttributeValueType("alice-user@apache.org");
AttributeType subjectIdAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.SUBJECT_ID, XACMLConstants.RFC_822_NAME, null, Collections.singletonList(subjectIdAttributeValue));
AttributeValueType subjectGroupAttributeValue = RequestComponentBuilder.createAttributeValueType("manager");
AttributeType subjectGroupAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.SUBJECT_ROLE, XACMLConstants.XS_ANY_URI, "admin-user@apache.org", Collections.singletonList(subjectGroupAttributeValue));
List<AttributeType> attributes = new ArrayList<>();
attributes.add(subjectIdAttribute);
attributes.add(subjectGroupAttribute);
SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null);
// Resource
AttributeValueType resourceAttributeValue = RequestComponentBuilder.createAttributeValueType("{http://www.example.org/contract/DoubleIt}DoubleIt");
AttributeType resourceAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.RESOURCE_ID, XACMLConstants.XS_STRING, null, Collections.singletonList(resourceAttributeValue));
attributes.clear();
attributes.add(resourceAttribute);
ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null);
// Action
AttributeValueType actionAttributeValue = RequestComponentBuilder.createAttributeValueType("execute");
AttributeType actionAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.ACTION_ID, XACMLConstants.XS_STRING, null, Collections.singletonList(actionAttributeValue));
attributes.clear();
attributes.add(actionAttribute);
ActionType action = RequestComponentBuilder.createActionType(attributes);
// Request
RequestType request = RequestComponentBuilder.createRequestType(Collections.singletonList(subject), Collections.singletonList(resource), action, null);
//
// Create SAML wrapper
//
XACMLAuthzDecisionQueryType authzQuery = SamlRequestComponentBuilder.createAuthzDecisionQuery("Issuer", request, SAMLProfileConstants.SAML20XACML20P_NS);
Element policyElement = OpenSAMLUtil.toDom(authzQuery, doc);
// String outputString = DOM2Writer.nodeToString(policyElement);
assertNotNull(policyElement);
}
Also used :
SubjectType(org.opensaml.xacml.ctx.SubjectType)
ActionType(org.opensaml.xacml.ctx.ActionType)
XACMLAuthzDecisionQueryType(org.opensaml.xacml.profile.saml.XACMLAuthzDecisionQueryType)
AttributeValueType(org.opensaml.xacml.ctx.AttributeValueType)
AttributeType(org.opensaml.xacml.ctx.AttributeType)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
ResourceType(org.opensaml.xacml.ctx.ResourceType)
Document(org.w3c.dom.Document)
RequestType(org.opensaml.xacml.ctx.RequestType)
Example 3 with AttributeValueType
use of org.opensaml.xacml.ctx.AttributeValueType in project cxf by apache.
the class DefaultXACMLRequestBuilder method createSubjectType.
private SubjectType createSubjectType(Principal principal, List<String> roles, String issuer) {
List<AttributeType> attributes = new ArrayList<>();
attributes.add(createAttribute(XACMLConstants.SUBJECT_ID, XACMLConstants.XS_STRING, issuer, principal.getName()));
if (roles != null) {
List<AttributeValueType> roleAttributes = new ArrayList<>();
for (String role : roles) {
if (role != null) {
AttributeValueType subjectRoleAttributeValue = RequestComponentBuilder.createAttributeValueType(role);
roleAttributes.add(subjectRoleAttributeValue);
}
}
if (!roleAttributes.isEmpty()) {
AttributeType subjectRoleAttribute = createAttribute(XACMLConstants.SUBJECT_ROLE, XACMLConstants.XS_ANY_URI, issuer, roleAttributes);
attributes.add(subjectRoleAttribute);
}
}
return RequestComponentBuilder.createSubjectType(attributes, null);
}
Also used :
AttributeValueType(org.opensaml.xacml.ctx.AttributeValueType)
AttributeType(org.opensaml.xacml.ctx.AttributeType)
ArrayList(java.util.ArrayList)
Example 4 with AttributeValueType
use of org.opensaml.xacml.ctx.AttributeValueType in project cxf by apache.
the class RequestComponentBuilder method createAttributeValueType.
@SuppressWarnings("unchecked")
public static AttributeValueType createAttributeValueType(String value) {
if (attributeValueTypeBuilder == null) {
attributeValueTypeBuilder = (XACMLObjectBuilder<AttributeValueType>) builderFactory.getBuilder(AttributeValueType.DEFAULT_ELEMENT_NAME);
}
AttributeValueType attributeValue = attributeValueTypeBuilder.buildObject();
attributeValue.setValue(value);
return attributeValue;
}
Also used :
AttributeValueType(org.opensaml.xacml.ctx.AttributeValueType)
Example 5 with AttributeValueType
use of org.opensaml.xacml.ctx.AttributeValueType in project cxf by apache.
the class RequestComponentBuilderTest method testEnvironment.
@org.junit.Test
public void testEnvironment() throws Exception {
Document doc = docBuilder.newDocument();
// Subject
AttributeValueType subjectIdAttributeValue = RequestComponentBuilder.createAttributeValueType("alice-user@apache.org");
AttributeType subjectIdAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.SUBJECT_ID, XACMLConstants.RFC_822_NAME, null, Collections.singletonList(subjectIdAttributeValue));
List<AttributeType> attributes = new ArrayList<>();
attributes.add(subjectIdAttribute);
SubjectType subject = RequestComponentBuilder.createSubjectType(attributes, null);
// Resource
AttributeValueType resourceAttributeValue = RequestComponentBuilder.createAttributeValueType("{http://www.example.org/contract/DoubleIt}DoubleIt");
AttributeType resourceAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.RESOURCE_ID, XACMLConstants.XS_STRING, null, Collections.singletonList(resourceAttributeValue));
attributes.clear();
attributes.add(resourceAttribute);
ResourceType resource = RequestComponentBuilder.createResourceType(attributes, null);
// Action
AttributeValueType actionAttributeValue = RequestComponentBuilder.createAttributeValueType("execute");
AttributeType actionAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.ACTION_ID, XACMLConstants.XS_STRING, null, Collections.singletonList(actionAttributeValue));
attributes.clear();
attributes.add(actionAttribute);
ActionType action = RequestComponentBuilder.createActionType(attributes);
// Environment
DateTime dateTime = new DateTime();
AttributeValueType environmentAttributeValue = RequestComponentBuilder.createAttributeValueType(dateTime.toString());
AttributeType environmentAttribute = RequestComponentBuilder.createAttributeType(XACMLConstants.CURRENT_DATETIME, XACMLConstants.XS_DATETIME, null, Collections.singletonList(environmentAttributeValue));
attributes.clear();
attributes.add(environmentAttribute);
EnvironmentType environmentType = RequestComponentBuilder.createEnvironmentType(attributes);
// Request
RequestType request = RequestComponentBuilder.createRequestType(Collections.singletonList(subject), Collections.singletonList(resource), action, environmentType);
Element policyElement = OpenSAMLUtil.toDom(request, doc);
// String outputString = DOM2Writer.nodeToString(policyElement);
assertNotNull(policyElement);
}
Also used :
SubjectType(org.opensaml.xacml.ctx.SubjectType)
ActionType(org.opensaml.xacml.ctx.ActionType)
EnvironmentType(org.opensaml.xacml.ctx.EnvironmentType)
AttributeValueType(org.opensaml.xacml.ctx.AttributeValueType)
AttributeType(org.opensaml.xacml.ctx.AttributeType)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
ResourceType(org.opensaml.xacml.ctx.ResourceType)
Document(org.w3c.dom.Document)
DateTime(org.joda.time.DateTime)
RequestType(org.opensaml.xacml.ctx.RequestType)
Aggregations
AttributeValueType (org.opensaml.xacml.ctx.AttributeValueType)7
ArrayList (java.util.ArrayList)4
AttributeType (org.opensaml.xacml.ctx.AttributeType)4
DateTime (org.joda.time.DateTime)3
ActionType (org.opensaml.xacml.ctx.ActionType)3
RequestType (org.opensaml.xacml.ctx.RequestType)3
ResourceType (org.opensaml.xacml.ctx.ResourceType)3
SubjectType (org.opensaml.xacml.ctx.SubjectType)3
Assertion (org.opensaml.saml.saml2.core.Assertion)2
Attribute (org.opensaml.saml.saml2.core.Attribute)2
AttributeStatement (org.opensaml.saml.saml2.core.AttributeStatement)2
AuthnContext (org.opensaml.saml.saml2.core.AuthnContext)2
AuthnContextClassRef (org.opensaml.saml.saml2.core.AuthnContextClassRef)2
AuthnStatement (org.opensaml.saml.saml2.core.AuthnStatement)2
Conditions (org.opensaml.saml.saml2.core.Conditions)2
Issuer (org.opensaml.saml.saml2.core.Issuer)2
NameID (org.opensaml.saml.saml2.core.NameID)2
Subject (org.opensaml.saml.saml2.core.Subject)2
SubjectConfirmation (org.opensaml.saml.saml2.core.SubjectConfirmation)2
AssertionBuilder (org.opensaml.saml.saml2.core.impl.AssertionBuilder)2
