Examples of org.jboss.identity.federation.saml.v2.assertion.AssertionType

• org.picketlink.identity.federation.saml.v2.assertion.AssertionType
  3.org/2001/XMLSchema}anyType"> <sequence> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}Issuer"/> <element ref="{http://www.w3.org/2000/09/xmldsig#}Signature" minOccurs="0"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}Subject" minOccurs="0"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}Conditions" minOccurs="0"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}Advice" minOccurs="0"/> <choice maxOccurs="unbounded" minOccurs="0"> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}Statement"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}AuthnStatement"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}AuthzDecisionStatement"/> <element ref="{urn:oasis:names:tc:SAML:2.0:assertion}AttributeStatement"/> </choice> </sequence> <attribute name="Version" use="required" type="{http://www.w3.org/2001/XMLSchema}string" /> <attribute name="ID" use="required" type="{http://www.w3.org/2001/XMLSchema}ID" /> <attribute name="IssueInstant" use="required" type="{http://www.w3.org/2001/XMLSchema}dateTime" /> </restriction> </complexContent> </complexType>

        StaxUtil.writeStartElement(writer, PREFIX, WSTrustConstants.VALIDATE_TARGET, BASE_NAMESPACE);

        List<Object> list = validateTarget.getAny();
        for (Object validateTargetObj : list) {
            if (validateTargetObj instanceof AssertionType) {
                AssertionType assertion = (AssertionType) validateTargetObj;
                SAMLAssertionWriter samlAssertionWriter = new SAMLAssertionWriter(this.writer);
                samlAssertionWriter.write(assertion);
            } else if (validateTargetObj instanceof Element) {
                StaxUtil.writeDOMElement(writer, (Element) validateTargetObj);
            } else

        StaxUtil.writeStartElement(writer, PREFIX, WSTrustConstants.RENEW_TARGET, BASE_NAMESPACE);

        List<Object> list = renewTarget.getAny();
        for (Object renewTargetObj : list) {
            if (renewTargetObj instanceof AssertionType) {
                AssertionType assertion = (AssertionType) renewTargetObj;
                SAMLAssertionWriter samlAssertionWriter = new SAMLAssertionWriter(this.writer);
                samlAssertionWriter.write(assertion);
            } else if (renewTargetObj instanceof Element) {
                StaxUtil.writeDOMElement(writer, (Element) renewTargetObj);
            } else

        List<Object> list = cancelTarget.getAny();

        for (Object cancelTargetObj : list) {
            if (cancelTargetObj instanceof AssertionType) {
                AssertionType assertion = (AssertionType) cancelTargetObj;
                SAMLAssertionWriter samlAssertionWriter = new SAMLAssertionWriter(this.writer);
                samlAssertionWriter.write(assertion);
            } else if (cancelTargetObj instanceof Element) {
                StaxUtil.writeDOMElement(writer, (Element) cancelTargetObj);
            } else

        // create an AuthnStatement
        statements.add(StatementUtil.createAuthnStatement(lifetime.getCreated(), confirmationMethod));

        // create the SAML assertion.
        NameIDType issuerID = SAMLAssertionFactory.createNameID(null, null, context.getTokenIssuer());
        AssertionType assertion = SAMLAssertionFactory.createAssertion(assertionID, issuerID, lifetime.getCreated(),
                conditions, subject, statements);

        if (this.attributeProvider != null) {
            AttributeStatementType attributeStatement = this.attributeProvider.getAttributeStatement();
            if (attributeStatement != null) {
                assertion.addStatement(attributeStatement);
            }
        }

        // convert the constructed assertion to element.
        Element assertionElement = null;

            StaxUtil.writeStartElement(this.writer, WSTrustConstants.PREFIX, WSTrustConstants.REQUESTED_TOKEN,
                    WSTrustConstants.BASE_NAMESPACE);
            List<Object> theList = response.getRequestedSecurityToken().getAny();
            for (Object securityToken : theList) {
                if (securityToken instanceof AssertionType) {
                    AssertionType assertion = (AssertionType) securityToken;
                    SAMLAssertionWriter samlAssertionWriter = new SAMLAssertionWriter(this.writer);
                    samlAssertionWriter.write(assertion);
                } else if (securityToken instanceof Element) {
                    StaxUtil.writeDOMElement(this.writer, (Element) securityToken);
                } else

        Element oldAssertionElement = (Element) token.getFirstChild();
        if (!this.isAssertion(oldAssertionElement))
            throw logger.assertionInvalidError();

        // get the JAXB representation of the old assertion.
        AssertionType oldAssertion = null;
        try {
            oldAssertion = SAMLUtil.fromElement(oldAssertionElement);
        } catch (Exception je) {
            throw logger.samlAssertionUnmarshallError(je);
        }

        // canceled assertions cannot be renewed.
        if (this.revocationRegistry.isRevoked(SAMLUtil.SAML2_TOKEN_TYPE, oldAssertion.getID()))
            throw logger.samlAssertionRevokedCouldNotRenew(oldAssertion.getID());

        // adjust the lifetime for the renewed assertion.
        ConditionsType conditions = oldAssertion.getConditions();
        conditions.setNotBefore(context.getRequestSecurityToken().getLifetime().getCreated());
        conditions.setNotOnOrAfter(context.getRequestSecurityToken().getLifetime().getExpires());

        // create a new unique ID for the renewed assertion.
        String assertionID = IDGenerator.create("ID_");

        List<StatementAbstractType> statements = new ArrayList<StatementAbstractType>();
        statements.addAll(oldAssertion.getStatements());

        // create the new assertion.
        AssertionType newAssertion = SAMLAssertionFactory.createAssertion(assertionID, oldAssertion.getIssuer(), context
                .getRequestSecurityToken().getLifetime().getCreated(), conditions, oldAssertion.getSubject(), statements);

        // create a security token with the new assertion.
        Element assertionElement = null;
        try {

            throw logger.wsTrustNullValidationTargetError();

        String code = WSTrustConstants.STATUS_CODE_VALID;
        String reason = "SAMLV2.0 Assertion successfuly validated";

        AssertionType assertion = null;
        Element assertionElement = (Element) token.getFirstChild();
        if (!this.isAssertion(assertionElement)) {
            code = WSTrustConstants.STATUS_CODE_INVALID;
            reason = "Validation failure: supplied token is not a SAMLV2.0 Assertion";
        } else {
            try {
                if (logger.isTraceEnabled()) {
                    logger.samlAssertion(DocumentUtil.getNodeAsString(assertionElement));
                }
                assertion = SAMLUtil.fromElement(assertionElement);
            } catch (Exception e) {
                throw logger.samlAssertionUnmarshallError(e);
            }
        }

        // check if the assertion has been canceled before.
        if (this.revocationRegistry.isRevoked(SAMLUtil.SAML2_TOKEN_TYPE, assertion.getID())) {
            code = WSTrustConstants.STATUS_CODE_INVALID;
            reason = "Validation failure: assertion with id " + assertion.getID() + " has been canceled";
        }

        // check the assertion lifetime.
        try {
            if (AssertionUtil.hasExpired(assertion)) {

    }

    public class MyCBH implements CallbackHandler {

        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
            AssertionType assertion = AssertionUtil.createAssertion(IDGenerator.create("ID_"), new NameIDType());

            assertion.setSubject(AssertionUtil.createAssertionSubject("anil"));

            List<String> roles = new ArrayList<String>();
            roles.add("test1");
            roles.add("test2");
            assertion.addStatement(StatementUtil.createAttributeStatement(roles));
            assertion.addStatement(StatementUtil.createAttributeStatement("SomeAttrib", "testX"));

            try {
                SamlCredential cred = new SamlCredential(AssertionUtil.asString(assertion));
                ObjectCallback obj = (ObjectCallback) callbacks[0];
                obj.setCredential(cred);

            boolean sigValid = AssertionUtil.isSignatureValid(assertionElement, publicKey);
            if (!sigValid) {
                throw logger.authSAMLInvalidSignatureError();
            }

            AssertionType assertion = SAMLUtil.fromElement(assertionElement);

            if (AssertionUtil.hasExpired(assertion)) {
                throw logger.authSAMLAssertionExpiredError();
            }
        } catch (NamingException e) {

        String authnContextDeclRef = JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get();

        AuthnStatementType authnStatement = response.createAuthnStatement(authnContextDeclRef, XMLTimeUtil.getIssueInstant());

        // Create an assertion
        AssertionType assertion = response.createAssertion(id, issuerInfo.getIssuer());
        assertion.addStatement(authnStatement);

        KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
        KeyPair kp = kpg.genKeyPair();

        id = IDGenerator.create("ID_"); // regenerate