Package org.picketlink.identity.federation.saml.v1.assertion

Examples of org.picketlink.identity.federation.saml.v1.assertion.SAML11AudienceRestrictionCondition


        Element oldAssertionElement = (Element) token.getFirstChild();
        if (!this.isSAMLAssertion(oldAssertionElement))
            throw logger.assertionInvalidError();

        // get the JAXB representation of the old assertion.
        SAML11AssertionType oldAssertion = null;
        try {
            oldAssertion = SAMLUtil.saml11FromElement(oldAssertionElement);
        } catch (Exception je) {
            throw logger.samlAssertionUnmarshallError(je);
        }

        // canceled assertions cannot be renewed.
        if (this.revocationRegistry.isRevoked(SAMLUtil.SAML11_TOKEN_TYPE, oldAssertion.getID()))
            throw logger.samlAssertionRevokedCouldNotRenew(oldAssertion.getID());

        // adjust the lifetime for the renewed assertion.
        SAML11ConditionsType conditions = oldAssertion.getConditions();
        conditions.setNotBefore(wstContext.getRequestSecurityToken().getLifetime().getCreated());
        conditions.setNotOnOrAfter(wstContext.getRequestSecurityToken().getLifetime().getExpires());

        // create a new unique ID for the renewed assertion.
        String assertionID = IDGenerator.create("ID_");

        // get the list of all assertion statements - should include the auth statement that contains the subject.
        List<SAML11StatementAbstractType> statements = new ArrayList<SAML11StatementAbstractType>();
        statements.addAll(oldAssertion.getStatements());

        // create the new assertion.
        SAML11AssertionType newAssertion = new SAML11AssertionType(assertionID, conditions.getNotBefore());
        newAssertion.addAllStatements(statements);
        newAssertion.setConditions(conditions);
        newAssertion.setIssuer(wstContext.getTokenIssuer());

        // create a security token with the new assertion.
        Element assertionElement = null;
        try {
            assertionElement = SAMLUtil.toElement(newAssertion);
View Full Code Here


            throw logger.wsTrustNullValidationTargetError();

        String code = WSTrustConstants.STATUS_CODE_VALID;
        String reason = "SAMLV1.1 Assertion successfuly validated";

        SAML11AssertionType assertion = null;
        Element assertionElement = (Element) token.getFirstChild();
        if (!this.isSAMLAssertion(assertionElement)) {
            code = WSTrustConstants.STATUS_CODE_INVALID;
            reason = "Validation failure: supplied token is not a SAMLV1.1 Assertion";
        } else {
            try {
                assertion = SAMLUtil.saml11FromElement(assertionElement);
            } catch (Exception e) {
                throw logger.samlAssertionUnmarshallError(e);
            }
        }

        // check if the assertion has been canceled before.
        if (this.revocationRegistry.isRevoked(SAMLUtil.SAML11_TOKEN_TYPE, assertion.getID())) {
            code = WSTrustConstants.STATUS_CODE_INVALID;
            reason = "Validation failure: assertion with id " + assertion.getID() + " has been canceled";
        }

        // check the assertion lifetime.
        try {
            if (AssertionUtil.hasExpired(assertion)) {
View Full Code Here

    public void testSAML11Assertion() throws Exception {
        ClassLoader tcl = Thread.currentThread().getContextClassLoader();
        InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-assertion.xml");

        SAMLParser parser = new SAMLParser();
        SAML11AssertionType assertion = (SAML11AssertionType) parser.parse(configStream);
        assertNotNull(assertion);

        // Validate assertion
        assertEquals(1, assertion.getMajorVersion());
        assertEquals(1, assertion.getMinorVersion());
        assertEquals("buGxcG4gILg5NlocyLccDz6iXrUa", assertion.getID());
        assertEquals("https://idp.example.org/saml", assertion.getIssuer());
        assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:37.795Z"), assertion.getIssueInstant());

        SAML11ConditionsType conditions = assertion.getConditions();
        assertEquals(XMLTimeUtil.parse("2002-06-19T17:00:37.795Z"), conditions.getNotBefore());
        assertEquals(XMLTimeUtil.parse("2002-06-19T17:10:37.795Z"), conditions.getNotOnOrAfter());

        SAML11AuthenticationStatementType stat = (SAML11AuthenticationStatementType) assertion.getStatements().get(0);
        assertEquals("urn:oasis:names:tc:SAML:1.0:am:password", stat.getAuthenticationMethod().toString());
        assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:17.706Z"), stat.getAuthenticationInstant());

        SAML11SubjectType subject = stat.getSubject();
        SAML11SubjectType.SAML11SubjectTypeChoice choice = subject.getChoice();
View Full Code Here

    public void testSAML11AssertionWithAttributeStatements() throws Exception {
        ClassLoader tcl = Thread.currentThread().getContextClassLoader();
        InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-assertion-attribstat.xml");

        SAMLParser parser = new SAMLParser();
        SAML11AssertionType assertion = (SAML11AssertionType) parser.parse(configStream);
        assertNotNull(assertion);

        // Validate assertion
        assertEquals(1, assertion.getMajorVersion());
        assertEquals(1, assertion.getMinorVersion());
        assertEquals("buGxcG4gILg5NlocyLccDz6iXrUb", assertion.getID());
        assertEquals("https://idp.example.org/saml", assertion.getIssuer());
        assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:37.795Z"), assertion.getIssueInstant());

        SAML11ConditionsType conditions = assertion.getConditions();
        assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:37.795Z"), conditions.getNotBefore());
        assertEquals(XMLTimeUtil.parse("2002-06-19T17:15:37.795Z"), conditions.getNotOnOrAfter());

        SAML11AuthenticationStatementType stat = (SAML11AuthenticationStatementType) assertion.getStatements().get(0);
        assertEquals("urn:oasis:names:tc:SAML:1.0:am:password", stat.getAuthenticationMethod().toString());
        assertEquals(XMLTimeUtil.parse("2002-06-19T17:08:37.795Z"), stat.getAuthenticationInstant());

        SAML11SubjectType subject = stat.getSubject();
        SAML11SubjectType.SAML11SubjectTypeChoice choice = subject.getChoice();
        assertEquals("user@idp.example.org", choice.getNameID().getValue());
        assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", choice.getNameID().getFormat().toString());

        SAML11SubjectConfirmationType subjectConfirm = subject.getSubjectConfirmation();
        URI confirmationMethod = subjectConfirm.getConfirmationMethod().get(0);
        assertEquals("urn:oasis:names:tc:SAML:1.0:cm:bearer", confirmationMethod.toString());

        SAML11AttributeStatementType attribStat = (SAML11AttributeStatementType) assertion.getStatements().get(1);
        assertNotNull(attribStat);
        subject = attribStat.getSubject();

        choice = subject.getChoice();
        assertEquals("user@idp.example.org", choice.getNameID().getValue());
View Full Code Here

    public void testSAML11AssertionWithAuthzDecisionStatement() throws Exception {
        ClassLoader tcl = Thread.currentThread().getContextClassLoader();
        InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-assertion-authzdecision.xml");

        SAMLParser parser = new SAMLParser();
        SAML11AssertionType assertion = (SAML11AssertionType) parser.parse(configStream);
        assertNotNull(assertion);

        // Validate assertion
        assertEquals(1, assertion.getMajorVersion());
        assertEquals(1, assertion.getMinorVersion());
        assertEquals("buGxcG4gILg5NlocyLccDz6iXrUb", assertion.getID());
        assertEquals("https://idp.example.org/saml", assertion.getIssuer());
        assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:37.795Z"), assertion.getIssueInstant());

        SAML11ConditionsType conditions = assertion.getConditions();
        assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:37.795Z"), conditions.getNotBefore());
        assertEquals(XMLTimeUtil.parse("2002-06-19T17:15:37.795Z"), conditions.getNotOnOrAfter());

        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        // Lets do the writing
View Full Code Here

    public void testSAML11AssertionWithAuthAndAuthz() throws Exception {
        ClassLoader tcl = Thread.currentThread().getContextClassLoader();
        InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-assertion-auth-authz.xml");

        SAMLParser parser = new SAMLParser();
        SAML11AssertionType assertion = (SAML11AssertionType) parser.parse(configStream);
        assertNotNull(assertion);

        // Validate assertion
        assertEquals(1, assertion.getMajorVersion());
        assertEquals(1, assertion.getMinorVersion());
        assertEquals("_e5c23ff7a3889e12fa01802a47331653", assertion.getID());
        assertEquals("localhost", assertion.getIssuer());
        assertEquals(XMLTimeUtil.parse("2008-12-10T14:12:14.817Z"), assertion.getIssueInstant());

        SAML11ConditionsType conditions = assertion.getConditions();
        assertEquals(XMLTimeUtil.parse("2008-12-10T14:12:14.817Z"), conditions.getNotBefore());
        assertEquals(XMLTimeUtil.parse("2008-12-10T14:12:44.817Z"), conditions.getNotOnOrAfter());
        List<SAML11ConditionAbstractType> theConditions = conditions.get();
        assertEquals(1, theConditions.size());
        SAML11AudienceRestrictionCondition restrictCond = (SAML11AudienceRestrictionCondition) theConditions.get(0);
        assertEquals("https://some-service.example.com/app/", restrictCond.get().get(0).toString());

        List<SAML11StatementAbstractType> statements = assertion.getStatements();
        assertEquals(2, statements.size());

        SAML11AttributeStatementType attrStat = (SAML11AttributeStatementType) statements.get(0);
        SAML11SubjectType subject = attrStat.getSubject();
        SAML11SubjectTypeChoice choice = subject.getChoice();
View Full Code Here

    public void testSAML11AssertionWithKeyInfo() throws Exception {
        ClassLoader tcl = Thread.currentThread().getContextClassLoader();
        InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-assertion-keyinfo.xml");

        SAMLParser parser = new SAMLParser();
        SAML11AssertionType assertion = (SAML11AssertionType) parser.parse(configStream);
        assertNotNull(assertion);

        // Validate assertion
        assertEquals(1, assertion.getMajorVersion());
        assertEquals(1, assertion.getMinorVersion());
        assertEquals("s69f7e2599d4eb0c548782432bf", assertion.getID());
        assertEquals("http://jboss.org/test", assertion.getIssuer());
        assertEquals(XMLTimeUtil.parse("2006-05-24T05:52:32Z"), assertion.getIssueInstant());

        List<SAML11StatementAbstractType> statements = assertion.getStatements();
        assertEquals(1, statements.size());
        SAML11AuthenticationStatementType authStat = (SAML11AuthenticationStatementType) statements.get(0);
        assertEquals(XMLTimeUtil.parse("2006-05-24T05:52:30Z"), authStat.getAuthenticationInstant());
        assertEquals("urn:picketlink:auth", authStat.getAuthenticationMethod().toString());
        SAML11SubjectType subject = authStat.getSubject();
        SAML11SubjectTypeChoice choice = subject.getChoice();
        SAML11NameIdentifierType nameID = choice.getNameID();
        assertEquals("anil", nameID.getValue());
        SAML11SubjectConfirmationType subjConf = subject.getSubjectConfirmation();
        URI confirmationMethod = subjConf.getConfirmationMethod().get(0);
        assertEquals("urn:oasis:names:tc:SAML:1.0:cm:holder-of-key", confirmationMethod.toString());
        assertNotNull(subjConf.getKeyInfo());

        Element sig = assertion.getSignature();
        assertNotNull(sig);

        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        // Lets do the writing
        SAML11AssertionWriter writer = new SAML11AssertionWriter(StaxUtil.getXMLStreamWriter(baos));
View Full Code Here

    public static List<String> getRoles(SAML11AssertionType assertion, List<String> roleKeys) {
        List<String> roles = new ArrayList<String>();
        List<SAML11StatementAbstractType> statements = assertion.getStatements();
        for (SAML11StatementAbstractType statement : statements) {
            if (statement instanceof SAML11AttributeStatementType) {
                SAML11AttributeStatementType attributeStatement = (SAML11AttributeStatementType) statement;
                List<SAML11AttributeType> attributes = attributeStatement.get();
                for (SAML11AttributeType attr : attributes) {
                    if (roleKeys != null && roleKeys.size() > 0) {
                        if (!roleKeys.contains(attr.getAttributeName()))
                            continue;
                    }
View Full Code Here

            } else if (SAML11Constants.AUTHENTICATION_STATEMENT.equals(tag)) {
                startElement = (StartElement) xmlEvent;
                SAML11AuthenticationStatementType authStat = SAML11ParserUtil.parseAuthenticationStatement(xmlEventReader);
                assertion.add(authStat);
            } else if (SAML11Constants.ATTRIBUTE_STATEMENT.equalsIgnoreCase(tag)) {
                SAML11AttributeStatementType attributeStatementType = SAML11ParserUtil
                        .parseSAML11AttributeStatement(xmlEventReader);
                assertion.add(attributeStatementType);
            } else if (SAML11Constants.AUTHORIZATION_DECISION_STATEMENT.equalsIgnoreCase(tag)) {
                SAML11AuthorizationDecisionStatementType authzStat = SAML11ParserUtil
                        .parseSAML11AuthorizationDecisionStatement(xmlEventReader);
View Full Code Here

     * @return
     * @throws ParsingException
     */
    public static SAML11AttributeStatementType parseSAML11AttributeStatement(XMLEventReader xmlEventReader)
            throws ParsingException {
        SAML11AttributeStatementType attributeStatementType = new SAML11AttributeStatementType();

        StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
        String ATTRIBSTATEMT = JBossSAMLConstants.ATTRIBUTE_STATEMENT.get();
        StaxParserUtil.validate(startElement, ATTRIBSTATEMT);

        while (xmlEventReader.hasNext()) {
            XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
            if (xmlEvent instanceof EndElement) {
                EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
                StaxParserUtil.validate(endElement, JBossSAMLConstants.ATTRIBUTE_STATEMENT.get());
                break;
            }
            // Get the next start element
            startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
            String tag = startElement.getName().getLocalPart();
            if (JBossSAMLConstants.ATTRIBUTE.get().equals(tag)) {
                SAML11AttributeType attribute = parseSAML11Attribute(xmlEventReader);
                attributeStatementType.add(attribute);
            } else if (JBossSAMLConstants.SUBJECT.get().equals(tag)) {
                SAML11SubjectParser parser = new SAML11SubjectParser();
                SAML11SubjectType subject = (SAML11SubjectType) parser.parse(xmlEventReader);
                attributeStatementType.setSubject(subject);
            } else
                throw logger.parserUnknownTag(tag, startElement.getLocation());
        }
        return attributeStatementType;
    }
View Full Code Here

TOP

Related Classes of org.picketlink.identity.federation.saml.v1.assertion.SAML11AudienceRestrictionCondition

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.