/** * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved * * The contents of this file are subject to the terms * of the Common Development and Distribution License * (the License). You may not use this file except in * compliance with the License. * * You can obtain a copy of the License at * https://opensso.dev.java.net/public/CDDLv1.0.html or * opensso/legal/CDDLv1.0.txt * See the License for the specific language governing * permission and limitations under the License. * * When distributing Covered Code, include this CDDL * Header Notice in each file and include the License file * at opensso/legal/CDDLv1.0.txt. * If applicable, add the following below the CDDL Header, * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * * * */ package com.sun.identity.fedlet.ag; import com.sun.identity.saml.xmlsig.KeyProvider; import com.sun.identity.saml2.assertion.*; import com.sun.identity.saml2.protocol.*; import com.sun.identity.saml2.common.SAML2Constants; import com.sun.identity.saml2.common.SAML2Exception; import com.sun.identity.saml2.common.SAML2Utils; import com.sun.identity.saml2.key.KeyUtil; import java.util.ArrayList; import java.util.Date; import java.util.List; import java.util.logging.Level; import java.util.logging.Logger; /** *This class is used to generate the SAML reponse and return a string * */ public class AssertionGen { /** *Generate SAML response and return the xml string * */ public String getResponse(String [] attrName, String [] attrValue){ try { Response res = ProtocolFactory.getInstance().createResponse(); List assertionList = new ArrayList(); Status status = ProtocolFactory.getInstance().createStatus(); StatusCode scode = ProtocolFactory.getInstance().createStatusCode(); MetaDataParser lparser = new MetaDataParser(); String IDPEntityID = lparser.getIDPEntityID(); String SPEntityID = lparser.getSPEntityID(); Assertion assertion = getAssertion(attrName, attrValue); assertionList.add(assertion); res.setAssertion(assertionList); res.setID(SAML2Utils.generateID()); res.setVersion(SAML2Constants.VERSION_2_0); res.setIssueInstant(new Date()); scode.setValue(SAML2Constants.SUCCESS); status.setStatusCode(scode); res.setStatus(status); Issuer issuer = AssertionFactory.getInstance().createIssuer(); issuer.setValue(IDPEntityID); res.setIssuer(issuer); res.setDestination(SPEntityID); return res.toXMLString(true, true); } catch (SAML2Exception ex) { Logger.getLogger(AssertionGen.class.getName()).log(Level.SEVERE, null, ex); } return null; } /** *Generate SAML arrestion and return Assertion object * */ private Assertion getAssertion(String [] attrName, String [] attrValue) { Assertion assertion = AssertionFactory.getInstance().createAssertion(); MetaDataParser lparser = new MetaDataParser(); String IDPEntityID = lparser.getIDPEntityID(); String SPEntityID = lparser.getSPEntityID(); String SPBaseUrl = lparser.getSPbaseUrl(); try { assertion.setID(SAML2Utils.generateID()); assertion.setVersion(SAML2Constants.VERSION_2_0); assertion.setIssueInstant(new Date()); Issuer issuer = AssertionFactory.getInstance().createIssuer(); issuer.setValue(IDPEntityID); assertion.setIssuer(issuer); assertion.setAuthnStatements(getAuthStatementList()); assertion.setSubject(getSubject(SPEntityID, SPBaseUrl, IDPEntityID)); assertion.setConditions(getCondition(SPEntityID)); if(attrName.length > 0 && !attrName[0].equals("null")) assertion.setAttributeStatements(getAttributeList(attrName, attrValue)); KeyProvider kp = KeyUtil.getKeyProviderInstance(); assertion.sign(kp.getPrivateKey("test"),kp.getX509Certificate("test")); return assertion; } catch (SAML2Exception ex) { Logger.getLogger(AssertionGen.class.getName()).log(Level.SEVERE, null, ex); } return assertion; } /** *Add attributes to the SAML assertion * */ private List getAttributeList(String [] attrName, String [] attrValue) throws SAML2Exception{ List attrStatementList = new ArrayList(); AttributeStatement attrStatement = AssertionFactory.getInstance().createAttributeStatement(); List AttributeList = new ArrayList(); for(int i = 0; i < attrName.length; i++){ Attribute attribute = AssertionFactory.getInstance().createAttribute(); List AttributeValueList = new ArrayList(); attribute.setName(attrName[i]); AttributeValueList.add(attrValue[i]); attribute.setAttributeValueString(AttributeValueList); AttributeList.add(attribute); } attrStatement.setAttribute(AttributeList); attrStatementList.add(attrStatement); return attrStatementList; } /** *Generate auth statements and retun a list of auth statements * */ private List getAuthStatementList(){ AuthnStatement authnStatement = AssertionFactory.getInstance().createAuthnStatement(); AuthnContext authnContext = AssertionFactory.getInstance().createAuthnContext(); List AuthStatementList = new ArrayList(); try { authnContext.setAuthnContextClassRef(SAML2Constants.CLASSREF_PASSWORD_PROTECTED_TRANSPORT); authnStatement.setAuthnContext(authnContext); authnStatement.setAuthnInstant(new Date()); authnStatement.setSessionIndex("session_index"); AuthStatementList.add(authnStatement); } catch (SAML2Exception ex) { Logger.getLogger(AssertionGen.class.getName()).log(Level.SEVERE, null, ex); } return AuthStatementList; } /** *Add subject to the SAML assertion * */ private Subject getSubject(String SPEntityID, String SPBaseUrl, String IDPEntutyID){ Subject subject = AssertionFactory.getInstance().createSubject(); try { NameID nameID = AssertionFactory.getInstance().createNameID(); SubjectConfirmation sc = AssertionFactory.getInstance().createSubjectConfirmation(); List SubjectConformationList = new ArrayList(); nameID.setFormat(SAML2Constants.NAMEID_TRANSIENT_FORMAT); nameID.setNameQualifier(IDPEntutyID); nameID.setSPNameQualifier(SPEntityID); nameID.setValue("nameidvalue"); subject.setNameID(nameID); sc.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_BEARER); int effectiveTime = SAML2Constants.ASSERTION_EFFECTIVE_TIME; Date date = new Date(); date.setTime(date.getTime() + effectiveTime * 1000); SubjectConfirmationData scd = AssertionFactory.getInstance().createSubjectConfirmationData(); scd.setRecipient(SPBaseUrl); scd.setNotOnOrAfter(date); sc.setSubjectConfirmationData(scd); SubjectConformationList.add(sc); subject.setSubjectConfirmation(SubjectConformationList); return subject; } catch (SAML2Exception ex) { Logger.getLogger(AssertionGen.class.getName()).log(Level.SEVERE, null, ex); } return subject; } /** *Add condition to the SAML assertion * */ private Conditions getCondition(String SPEntityID){ Conditions conditions = AssertionFactory.getInstance().createConditions(); AudienceRestriction ar= AssertionFactory.getInstance().createAudienceRestriction(); List SPIDList = new ArrayList(); List ARList = new ArrayList(); try { conditions.setNotBefore(new Date()); SPIDList.add(SPEntityID); ar.setAudience(SPIDList); ARList.add(ar); conditions.setAudienceRestrictions(ARList); } catch (SAML2Exception ex) { Logger.getLogger(AssertionGen.class.getName()).log(Level.SEVERE, null, ex); } return conditions; } }