Package org.apache.wss4j.common.saml

Examples of org.apache.wss4j.common.saml.SamlAssertionWrapper

407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
        assertTrue(SAML2_TOKEN_TYPE.equals(token.getTokenType()));
        assertTrue(token.getToken() != null);
       
        List<WSSecurityEngineResult> results = processToken(token);
        assertTrue(results != null && results.size() == 1);
        SamlAssertionWrapper assertion =
            (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        assertTrue(assertion != null);
        assertTrue(assertion.isSigned());
       
        List<String> methods = assertion.getConfirmationMethods();
        String confirmMethod = null;
        if (methods != null && methods.size() > 0) {
            confirmMethod = methods.get(0);
        }
        assertTrue(confirmMethod.contains("bearer"));
       
        assertTrue("b-issuer".equals(assertion.getIssuerString()));
        String subjectName = assertion.getSaml2().getSubject().getNameID().getValue();
        assertTrue("Subject must be ALICE instead of " + subjectName, "ALICE".equals(subjectName));
       
    }
View Full Code Here
169
170
171
172
173
174
175
176
177
178
179
180
            reportError("INVALID_RELAY_STATE");
            return false;
        }
        try {
            String assertion = responseState.getAssertion();
            SamlAssertionWrapper assertionWrapper =
                new SamlAssertionWrapper(
                    StaxUtils.read(new StringReader(assertion)).getDocumentElement());
            setSecurityContext(m, assertionWrapper);
        } catch (Exception ex) {
            reportError("INVALID_RESPONSE_STATE");
            return false;
View Full Code Here
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
            EncryptedData encryptedData = assertion.getEncryptedData();
            Element encryptedDataDOM = encryptedData.getDOM();
           
            Element decAssertion = decryptAssertion(encryptedDataDOM, sigCrypto, callbackHandler);
           
            SamlAssertionWrapper wrapper = new SamlAssertionWrapper(decAssertion);
            samlResponse.getAssertions().add(wrapper.getSaml2());
        }

        // Validate Assertions
        for (org.opensaml.saml2.core.Assertion assertion : samlResponse.getAssertions()) {
            SamlAssertionWrapper wrapper = new SamlAssertionWrapper(assertion);
            validateAssertion(wrapper, sigCrypto, callbackHandler, doc);
        }
    }
View Full Code Here
162
163
164
165
166
167
168
169
170
171
172
        validateResponseAgainstSchemas(samlResponse);
        validateResponseSignature(samlResponse, sigCrypto, callbackHandler);

        // Validate Assertions
        for (org.opensaml.saml1.core.Assertion assertion : samlResponse.getAssertions()) {
            SamlAssertionWrapper wrapper = new SamlAssertionWrapper(assertion);
            validateAssertion(
                wrapper, sigCrypto, callbackHandler, samlResponse.getDOM().getOwnerDocument()
            );
        }
    }
View Full Code Here
211
212
213
214
215
216
217
218
219
220
221
222
223
224
        private boolean isOneTimeUse(SecurityToken issuedToken) {
            Element token = issuedToken.getToken();
            if (token != null && "Assertion".equals(token.getLocalName())
                && WSConstants.SAML2_NS.equals(token.getNamespaceURI())) {
                try {
                    SamlAssertionWrapper assertion = new SamlAssertionWrapper(token);
                   
                    if (assertion.getSaml2().getConditions() != null
                        && assertion.getSaml2().getConditions().getOneTimeUse() != null) {
                        return true;
                    }
                } catch (WSSecurityException ex) {
                    throw new Fault(ex);
                }
View Full Code Here
589
590
591
592
593
594
595
596
597
598
599
600
601
                if (foundCert.equals(cert)) {
                    return true;
                }
            } else if (actInt.intValue() == WSConstants.ST_SIGNED
                || actInt.intValue() == WSConstants.ST_UNSIGNED) {
                SamlAssertionWrapper assertionWrapper =
                    (SamlAssertionWrapper)token.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
                SAMLKeyInfo samlKeyInfo = assertionWrapper.getSubjectKeyInfo();
                if (samlKeyInfo != null) {
                    X509Certificate[] subjectCerts = samlKeyInfo.getCerts();
                    byte[] subjectSecretKey = samlKeyInfo.getSecret();
                    PublicKey subjectPublicKey = samlKeyInfo.getPublicKey();
                    if ((cert != null && subjectCerts != null && cert.equals(subjectCerts[0]))
View Full Code Here
228
229
230
231
232
233
234
235
236
237
238
239
240
        conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
        callbackHandler.setConditions(conditions);
       
        SAMLCallback samlCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
       
        response.getAssertions().add(assertion.getSaml2());
       
        Element policyElement = OpenSAMLUtil.toDom(response, doc);
        doc.appendChild(policyElement);
        assertNotNull(policyElement);
       
View Full Code Here
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
                    WSEncryptionPart part = new WSEncryptionPart(sig.getBSTTokenId(), "Element");
                    encryptedTokensList.add(part);
                }
                ret.add(new SupportingToken(token, sig));               
            } else if (token instanceof SamlToken) {
                SamlAssertionWrapper assertionWrapper = addSamlToken((SamlToken)token);
                if (assertionWrapper != null) {
                    Element assertionElement = assertionWrapper.toDOM(saaj.getSOAPPart());
                    addSupportingElement(assertionElement);
                    ret.add(new SupportingToken(token, assertionWrapper));
                    if (suppTokens.isEncryptedToken()) {
                        WSEncryptionPart part = new WSEncryptionPart(assertionWrapper.getId(), "Element");
                        part.setElement(assertionElement);
                        encryptedTokensList.add(part);
                    }
                }
            }
View Full Code Here
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
            } else if (tempTok instanceof BinarySecurity) {
                BinarySecurity bst = (BinarySecurity)tempTok;
                part = new WSEncryptionPart(bst.getID());
                part.setElement(bst.getElement());
            } else if (tempTok instanceof SamlAssertionWrapper) {
                SamlAssertionWrapper assertionWrapper = (SamlAssertionWrapper)tempTok;

                Document doc = assertionWrapper.getElement().getOwnerDocument();
                boolean saml1 = assertionWrapper.getSaml1() != null;
                // TODO We only support using a KeyIdentifier for the moment
                SecurityTokenReference secRef =
                    createSTRForSamlAssertion(doc, assertionWrapper.getId(), saml1, false);
                Element clone = cloneElement(secRef.getElement());
                addSupportingElement(clone);
                part = new WSEncryptionPart("STRTransform", null, "Element");
                part.setId(secRef.getID());
                part.setElement(clone);
View Full Code Here
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
                String namespace = tokenElement.getNamespaceURI();
                String localname = tokenElement.getLocalName();
                SamlTokenType tokenType = token.getSamlTokenType();
                if ((tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11)
                    && WSConstants.SAML_NS.equals(namespace) && "Assertion".equals(localname)) {
                    return new SamlAssertionWrapper(tokenElement);
                } else if (tokenType == SamlTokenType.WssSamlV20Token11
                    && WSConstants.SAML2_NS.equals(namespace) && "Assertion".equals(localname)) {
                    return new SamlAssertionWrapper(tokenElement);
                }
            }
        }
       
        CallbackHandler handler = null;
        if (o instanceof CallbackHandler) {
            handler = (CallbackHandler)o;
        } else if (o instanceof String) {
            try {
                handler = (CallbackHandler)ClassLoaderUtils
                    .loadClass((String)o, this.getClass()).newInstance();
            } catch (Exception e) {
                handler = null;
            }
        }
        if (handler == null) {
            policyNotAsserted(token, "No SAML CallbackHandler available");
            return null;
        }
       
        SAMLCallback samlCallback = new SAMLCallback();
        SamlTokenType tokenType = token.getSamlTokenType();
        if (tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11) {
            samlCallback.setSamlVersion(SAMLVersion.VERSION_11);
        } else if (tokenType == SamlTokenType.WssSamlV20Token11) {
            samlCallback.setSamlVersion(SAMLVersion.VERSION_20);
        }
        SAMLUtil.doSAMLCallback(handler, samlCallback);
        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
       
        if (samlCallback.isSignAssertion()) {
            String issuerName = samlCallback.getIssuerKeyName();
            if (issuerName == null) {
                String userNameKey = SecurityConstants.SIGNATURE_USERNAME;
                issuerName = (String)message.getContextualProperty(userNameKey);
            }
            String password = samlCallback.getIssuerKeyPassword();
            if (password == null) {
                password = getPassword(issuerName, token, WSPasswordCallback.SIGNATURE);
            }
            Crypto crypto = samlCallback.getIssuerCrypto();
            if (crypto == null) {
                crypto = getSignatureCrypto(null);
            }
           
            assertion.signAssertion(
                    issuerName,
                    password,
                    crypto,
                    samlCallback.isSendKeyValue(),
                    samlCallback.getCanonicalizationAlgorithm(),
View Full Code Here
TOP

Related Classes of org.apache.wss4j.common.saml.SamlAssertionWrapper

  • org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler
  • org.apache.cxf.rs.security.saml.SAMLUtils
  • org.apache.cxf.rs.security.saml.sso.AbstractServiceProviderFilter
  • org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator
  • org.apache.cxf.rs.security.saml.sso.SAMLResponseValidatorTest
  • org.apache.cxf.rt.security.saml.SAMLClaimsTest
  • org.apache.cxf.sts.operation.IssueOnbehalfofUnitTest
  • org.apache.cxf.sts.operation.IssueSamlUnitTest
  • org.apache.cxf.sts.operation.TokenIssueOperation
  • org.apache.cxf.sts.token.provider.SAMLClaimsTest
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.