Package org.picketlink.identity.federation.core.wstrust.wrappers

Examples of org.picketlink.identity.federation.core.wstrust.wrappers.Lifetime


                        expires.setValue(StaxParserUtil.getElementText(xmlEventReader));
                        lifeTime.setExpires(expires);
                    } else
                        throw logger.parserUnknownTag(subTag, subEvent.getLocation());

                    responseToken.setLifetime(new Lifetime(lifeTime));
                    EndElement lifeTimeElement = StaxParserUtil.getNextEndElement(xmlEventReader);
                    StaxParserUtil.validate(lifeTimeElement, WSTrustConstants.LIFETIME);
                } else if (tag.equals(WSTrustConstants.TOKEN_TYPE)) {
                    subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
View Full Code Here


        WSTrustRequestContext wstContext = (WSTrustRequestContext) context;
        // generate an id for the new assertion.
        String assertionID = IDGenerator.create("ID_");

        // lifetime and audience restrictions.
        Lifetime lifetime = wstContext.getRequestSecurityToken().getLifetime();
        SAML11AudienceRestrictionCondition restriction = null;
        AppliesTo appliesTo = wstContext.getRequestSecurityToken().getAppliesTo();
        if (appliesTo != null) {
            restriction = new SAML11AudienceRestrictionCondition();
            restriction.add(URI.create(WSTrustUtil.parseAppliesTo(appliesTo)));
        }
        SAML11ConditionsType conditions = new SAML11ConditionsType();
        conditions.setNotBefore(lifetime.getCreated());
        conditions.setNotOnOrAfter(lifetime.getExpires());
        conditions.add(restriction);

        // the assertion principal (default is caller principal)
        Principal principal = wstContext.getCallerPrincipal();

        String confirmationMethod = null;
        KeyInfoType keyInfoType = null;
        // if there is a on-behalf-of principal, we have the sender vouches confirmation method.
        if (wstContext.getOnBehalfOfPrincipal() != null) {
            principal = wstContext.getOnBehalfOfPrincipal();
            confirmationMethod = SAMLUtil.SAML11_SENDER_VOUCHES_URI;
        }
        // if there is a proof-of-possession token in the context, we have the holder of key confirmation method.
        else if (wstContext.getProofTokenInfo() != null) {
            confirmationMethod = SAMLUtil.SAML11_HOLDER_OF_KEY_URI;
            keyInfoType = wstContext.getProofTokenInfo();
        } else
            confirmationMethod = SAMLUtil.SAML11_BEARER_URI;

        SAML11SubjectConfirmationType subjectConfirmation = new SAML11SubjectConfirmationType();
        subjectConfirmation.addConfirmationMethod(URI.create(confirmationMethod));
        // TODO: set the key info.
        if (keyInfoType != null)
            throw logger.notImplementedYet("KeyInfoType");

        // create a subject using the caller principal or on-behalf-of principal.
        String subjectName = principal == null ? "ANONYMOUS" : principal.getName();
        SAML11NameIdentifierType nameId = new SAML11NameIdentifierType(subjectName);
        nameId.setFormat(URI.create(SAML11Constants.FORMAT_UNSPECIFIED));
        SAML11SubjectType subject = new SAML11SubjectType();
        subject.setChoice(new SAML11SubjectType.SAML11SubjectTypeChoice(nameId));
        subject.setSubjectConfirmation(subjectConfirmation);

        // add the subject to an auth statement.
        SAML11AuthenticationStatementType authStatement = new SAML11AuthenticationStatementType(
                URI.create("urn:picketlink:auth"), lifetime.getCreated());
        authStatement.setSubject(subject);

        // TODO: add attribute statements.

        // create the SAML assertion.
        SAML11AssertionType assertion = new SAML11AssertionType(assertionID, lifetime.getCreated());
        assertion.add(authStatement);
        assertion.setConditions(conditions);
        assertion.setIssuer(wstContext.getTokenIssuer());

        // convert the constructed assertion to element.
View Full Code Here

            StaxUtil.writeEndElement(writer);
        }

        // deal with the token lifetime.
        if (requestToken.getLifetime() != null) {
            Lifetime lifetime = requestToken.getLifetime();
            StaxUtil.writeStartElement(this.writer, WSTrustConstants.PREFIX, WSTrustConstants.LIFETIME,
                    WSTrustConstants.BASE_NAMESPACE);
            new WSSecurityWriter(this.writer).writeLifetime(lifetime.getCreated(), lifetime.getExpires());
            StaxUtil.writeEndElement(this.writer);
        }

        // Deal with AppliesTo
        AppliesTo appliesTo = requestToken.getAppliesTo();
View Full Code Here

                        expires.setValue(StaxParserUtil.getElementText(xmlEventReader));
                        lifeTime.setExpires(expires);
                    } else
                        throw new RuntimeException(ErrorCodes.UNKNOWN_TAG + subTag);

                    requestToken.setLifetime(new Lifetime(lifeTime));
                    EndElement lifeTimeElement = StaxParserUtil.getNextEndElement(xmlEventReader);
                    StaxParserUtil.validate(lifeTimeElement, WSTrustConstants.LIFETIME);
                } else if (tag.equals(WSTrustConstants.CANCEL_TARGET)) {
                    subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
                    StaxParserUtil.validate(subEvent, WSTrustConstants.CANCEL_TARGET);
View Full Code Here

        WSTrustRequestContext context = (WSTrustRequestContext) protoContext;
        // generate an id for the new assertion.
        String assertionID = IDGenerator.create("ID_");

        // lifetime and audience restrictions.
        Lifetime lifetime = context.getRequestSecurityToken().getLifetime();
        AudienceRestrictionType restriction = null;
        AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo();
        if (appliesTo != null)
            restriction = SAMLAssertionFactory.createAudienceRestriction(WSTrustUtil.parseAppliesTo(appliesTo));
        ConditionsType conditions = SAMLAssertionFactory.createConditions(lifetime.getCreated(), lifetime.getExpires(),
                restriction);

        // the assertion principal (default is caller principal)
        Principal principal = context.getCallerPrincipal();

        String confirmationMethod = null;
        KeyInfoConfirmationDataType keyInfoDataType = null;
        // if there is a on-behalf-of principal, we have the sender vouches confirmation method.
        if (context.getOnBehalfOfPrincipal() != null) {
            principal = context.getOnBehalfOfPrincipal();
            confirmationMethod = SAMLUtil.SAML2_SENDER_VOUCHES_URI;
        }
        // if there is a proof-of-possession token in the context, we have the holder of key confirmation method.
        else if (context.getProofTokenInfo() != null) {
            confirmationMethod = SAMLUtil.SAML2_HOLDER_OF_KEY_URI;
            keyInfoDataType = SAMLAssertionFactory.createKeyInfoConfirmation(context.getProofTokenInfo());
        } else
            confirmationMethod = SAMLUtil.SAML2_BEARER_URI;

        SubjectConfirmationType subjectConfirmation = SAMLAssertionFactory.createSubjectConfirmation(null, confirmationMethod,
                keyInfoDataType);

        // create a subject using the caller principal or on-behalf-of principal.
        String subjectName = principal == null ? "ANONYMOUS" : principal.getName();
        NameIDType nameID = SAMLAssertionFactory.createNameID(null, "urn:picketlink:identity-federation", subjectName);
        SubjectType subject = SAMLAssertionFactory.createSubject(nameID, subjectConfirmation);

       
        List<StatementAbstractType> statements = new ArrayList<StatementAbstractType>();
       
        // create the attribute statements if necessary.
        Map<String, Object> claimedAttributes = context.getClaimedAttributes();
        if (claimedAttributes != null) {
            statements.add(StatementUtil.createAttributeStatement(claimedAttributes));
        }

        // create an AuthnStatement
        statements.add(StatementUtil.createAuthnStatement(lifetime.getCreated(), confirmationMethod));

        // create the SAML assertion.
        NameIDType issuerID = SAMLAssertionFactory.createNameID(null, null, context.getTokenIssuer());
        AssertionType assertion = SAMLAssertionFactory.createAssertion(assertionID, issuerID, lifetime.getCreated(),
                conditions, subject, statements);

        if (this.attributeProvider != null) {
            AttributeStatementType attributeStatement = this.attributeProvider.getAttributeStatement();
            if (attributeStatement != null) {
View Full Code Here

            StaxUtil.writeEndElement(this.writer);
        }

        // write the token lifetime, if available.
        if (response.getLifetime() != null) {
            Lifetime lifetime = response.getLifetime();
            StaxUtil.writeStartElement(this.writer, WSTrustConstants.PREFIX, WSTrustConstants.LIFETIME,
                    WSTrustConstants.BASE_NAMESPACE);
            new WSSecurityWriter(this.writer).writeLifetime(lifetime.getCreated(), lifetime.getExpires());
            StaxUtil.writeEndElement(this.writer);
        }

        // write the applies-to element, if available.
        if (response.getAppliesTo() != null) {
View Full Code Here

    public static Lifetime createDefaultLifetime(long tokenTimeout) {
        GregorianCalendar created = new GregorianCalendar();
        GregorianCalendar expires = new GregorianCalendar();
        expires.setTimeInMillis(created.getTimeInMillis() + tokenTimeout);

        return new Lifetime(created, expires);
    }
View Full Code Here

        RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
        assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
        RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
        assertEquals("Unexpected response context", "testcontext", response.getContext());
        assertEquals("Unexpected token type", "http://www.tokens.org/SpecialToken", response.getTokenType().toString());
        Lifetime lifetime = response.getLifetime();
        assertNotNull("Unexpected null token lifetime", lifetime);

        // ========================================= Custom Token Validation =========================================//

        RequestedSecurityTokenType requestedToken = response.getRequestedSecurityToken();
View Full Code Here

        RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
        assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
        RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
        assertEquals("Unexpected response context", context, response.getContext());
        assertEquals("Unexpected token type", SAMLUtil.SAML11_TOKEN_TYPE, response.getTokenType().toString());
        Lifetime lifetime = response.getLifetime();
        assertNotNull("Unexpected null token lifetime", lifetime);

        // validate the attached token reference.
        RequestedReferenceType reference = response.getRequestedAttachedReference();
        assertNotNull("Unexpected null attached reference", reference);
        SecurityTokenReferenceType securityRef = reference.getSecurityTokenReference();
        assertNotNull("Unexpected null security reference", securityRef);
        String tokenTypeAttr = securityRef.getOtherAttributes().get(new QName(WSTrustConstants.WSSE11_NS, "TokenType"));
        assertNotNull("Required attribute TokenType is missing", tokenTypeAttr);
        assertEquals("TokenType attribute has an unexpected value", SAMLUtil.SAML11_TOKEN_TYPE, tokenTypeAttr);
        KeyIdentifierType keyId = (KeyIdentifierType) securityRef.getAny().get(0);
        assertEquals("Unexpected key value type", SAMLUtil.SAML11_VALUE_TYPE, keyId.getValueType());
        assertNotNull("Unexpected null key identifier value", keyId.getValue());

        // ====================================== SAMLV1.1 Assertion Validation ======================================//

        RequestedSecurityTokenType requestedToken = response.getRequestedSecurityToken();
        assertNotNull("Unexpected null requested security token", requestedToken);

        // unmarshall the SAMLV1.1 assertion.
        Element assertionElement = (Element) requestedToken.getAny().get(0);
        SAML11AssertionType assertion = SAMLUtil.saml11FromElement(assertionElement);

        // verify the contents of the unmarshalled assertion.
        assertNotNull("Invalid null assertion ID", assertion.getID());
        assertEquals(keyId.getValue().substring(1), assertion.getID());
        assertEquals(lifetime.getCreated(), assertion.getIssueInstant());
        assertEquals(1, assertion.getMajorVersion());
        assertEquals(1, assertion.getMinorVersion());

        // validate the assertion issuer.
        assertNotNull("Unexpected null assertion issuer", assertion.getIssuer());
        assertEquals("Unexpected assertion issuer name", "Test STS", assertion.getIssuer());

        // validate the assertion authentication statement.
        List<SAML11StatementAbstractType> statements = assertion.getStatements();
        assertTrue("At least one statement is expected in a SAMLV1.1 assertion", statements.size() > 0);
        SAML11AuthenticationStatementType authStatement = null;
        for (SAML11StatementAbstractType statement : statements) {
            if (statement instanceof SAML11AuthenticationStatementType) {
                authStatement = (SAML11AuthenticationStatementType) statement;
                break;
            }
        }
        assertNotNull("SAMLV1.1 assertion is missing the authentication statement", authStatement);

        // validate the assertion subject.
        assertNotNull("Unexpected null subject", authStatement.getSubject());
        SAML11SubjectType subject = authStatement.getSubject();

        SAML11NameIdentifierType nameID = subject.getChoice().getNameID();
        assertEquals("Unexpected NameIdentifier format", SAML11Constants.FORMAT_UNSPECIFIED, nameID.getFormat().toString());
        assertEquals("Unexpected NameIdentifier value", principal, nameID.getValue());

        SAML11SubjectConfirmationType subjType = subject.getSubjectConfirmation();
        assertEquals("Unexpected confirmation method", confirmationMethod, subjType.getConfirmationMethod().get(0).toString());

        // validate the assertion conditions.
        assertNotNull("Unexpected null conditions", assertion.getConditions());
        assertEquals(lifetime.getCreated(), assertion.getConditions().getNotBefore());
        assertEquals(lifetime.getExpires(), assertion.getConditions().getNotOnOrAfter());

        assertNotNull("Assertion should have been signed", assertion.getSignature());

        return assertion;
    }
View Full Code Here

        RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
        assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
        RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
        assertEquals("Unexpected response context", context, response.getContext());
        assertEquals("Unexpected token type", SAMLUtil.SAML2_TOKEN_TYPE, response.getTokenType().toString());
        Lifetime lifetime = response.getLifetime();
        assertNotNull("Unexpected null token lifetime", lifetime);

        // validate the attached token reference.
        RequestedReferenceType reference = response.getRequestedAttachedReference();
        assertNotNull("Unexpected null attached reference", reference);
        SecurityTokenReferenceType securityRef = reference.getSecurityTokenReference();
        assertNotNull("Unexpected null security reference", securityRef);
        String tokenTypeAttr = securityRef.getOtherAttributes().get(new QName(WSTrustConstants.WSSE11_NS, "TokenType"));
        assertNotNull("Required attribute TokenType is missing", tokenTypeAttr);
        assertEquals("TokenType attribute has an unexpected value", SAMLUtil.SAML2_TOKEN_TYPE, tokenTypeAttr);
        KeyIdentifierType keyId = (KeyIdentifierType) securityRef.getAny().get(0);
        assertEquals("Unexpected key value type", SAMLUtil.SAML2_VALUE_TYPE, keyId.getValueType());
        assertNotNull("Unexpected null key identifier value", keyId.getValue());

        // ====================================== SAMLV2.0 Assertion Validation ======================================//

        RequestedSecurityTokenType requestedToken = response.getRequestedSecurityToken();
        assertNotNull("Unexpected null requested security token", requestedToken);

        // unmarshall the SAMLV2.0 assertion.
        Element assertionElement = (Element) requestedToken.getAny().get(0);
        AssertionType assertion = SAMLUtil.fromElement(assertionElement);

        // verify the contents of the unmarshalled assertion.
        assertNotNull("Invalid null assertion ID", assertion.getID());
        assertEquals(keyId.getValue().substring(1), assertion.getID());
        assertEquals(lifetime.getCreated(), assertion.getIssueInstant());

        // validate the assertion issuer.
        assertNotNull("Unexpected null assertion issuer", assertion.getIssuer());
        assertEquals("Unexpected assertion issuer name", "Test STS", assertion.getIssuer().getValue());

        // validate the assertion subject.
        assertNotNull("Unexpected null subject", assertion.getSubject());
        SubjectType subject = assertion.getSubject();

        NameIDType nameID = (NameIDType) subject.getSubType().getBaseID();
        assertEquals("Unexpected name id qualifier", "urn:picketlink:identity-federation", nameID.getNameQualifier());
        assertEquals("Unexpected name id value", principal, nameID.getValue());

        SubjectConfirmationType subjType = subject.getConfirmation().get(0);
        assertEquals("Unexpected confirmation method", confirmationMethod, subjType.getMethod());

        // validate the assertion conditions.
        assertNotNull("Unexpected null conditions", assertion.getConditions());
        assertEquals(lifetime.getCreated(), assertion.getConditions().getNotBefore());
        assertEquals(lifetime.getExpires(), assertion.getConditions().getNotOnOrAfter());

        assertNotNull("Assertion should have been signed", assertion.getSignature());

        return assertion;
    }
View Full Code Here

TOP

Related Classes of org.picketlink.identity.federation.core.wstrust.wrappers.Lifetime

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.