/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: FSAuthnRequest.java,v 1.4 2008/07/08 06:03:37 exu Exp $
* Portions Copyrighted 2014 ForgeRock AS
*/
/**
* The class <code>FSAuthnRequest</code> is used to create , parse
* <code>AuthnRequest</code> object.
*
* @supported.all.api
* @deprecated since 12.0.0
*/
private boolean isPassive = false;
private boolean forceAuthn = false;
private boolean federate = false;
/**
* Default AuthnRequest construtor
*/
public FSAuthnRequest() {
setIssueInstant(new Date());
}
/**
* Constructor to create <code>FSAuthnRequest</code> object.
*
* @param requestId the request identifier.
* @param respondWiths List of respond withs attributes.
* @param providerID provider id of the requesting provider.
* @param forceAuthn Force Authentication boolean value.
* @param isPassive attribute for IDP to be passive or active.
* @param fed attribute to distingush this request for Federation or SSO
* @param nameIDPolicy Name ID Policy for this request, possible values
* are "none", "onetime", "federated", "any".
* @param protocolProf ProtocolProfile used for the SSO.
* @param authnCxt Authentication Context used for the SSO.
* @param relaySt Relay State i.e. original URL to be redirected after SSO.
* @param authContextCompType AuthContext comparison type.
* @throws <code>FSMsgException</code> on error.
*/
boolean forceAuthn,
boolean isPassive,
boolean fed,
throws FSMsgException {
setIssueInstant(new Date());
for(int i = 0; i < length; i++) {
"RespondWith");
}
}
this.respondWiths = respondWiths;
}
} else {
// random generate one
}
}
this.forceAuthn = forceAuthn;
this.providerId = providerID;
this.nameIDPolicy = nameIDPolicy;
this.protocolProfile = protocolProf;
this.relayState = relaySt;
this.authnContext = authnCxt;
}
/**
* Constructor to create <code>FSAuthnRequest</code> object.
*
* @param root the Document Element object.
* @throws <code>FSMsgException</code> on error.
*/
}
}
// Attribute IssueInstant
+ "missing IssueInstant");
} else {
try {
} catch (ParseException e) {
+ "could not parse IssueInstant", e);
}
}
// Consent attribute
for(int i = 0; i < length; i++) {
respondWiths = new ArrayList();
}
+ "contain only one ProviderID.");
}
if (nameIDPolicy != null &&
) {
federate = true;
}
federate = true;
}
isPassive = true;
} else {
isPassive = false;
}
forceAuthn = true;
} else {
forceAuthn = false;
}
if(protocolProfile != null
+ "should contain only one ProtocolProfile.");
}
}
if (extensions == null) {
extensions = new ArrayList();
}
} else {
+ " node" + nodeName);
}
}
}
//check for signature
if (signsSize == 1) {
signed = true;
} else if (signsSize != 0) {
+ "included more than one Signature element.");
}
//end check for signature
}
/**
* This method translates the request to an XML document String based on
* the Request schema described above.
* NOTE: this is a complete AuthnRequest xml string with RequestID,
* MajorVersion, etc.
*
* @return XML String representing the request.
* @throws FSMsgException if there is an error.
*/
return toXMLString(true, true);
}
/**
* Creates a String representation of the <lib:AuthnRequest> element.
*
* @param includeNS : Determines whether or not the namespace qualifier
* is prepended to the Element when converted
* @param declareNS : Determines whether or not the namespace is declared
* within the Element.
* @return string containing the valid XML for this element.
* @throws FSMsgException if there is an error.
*/
) throws FSMsgException {
}
/**
* Creates a String representation of the <lib:AuthnRequest> element.
*
* @param includeNS Determines whether or not the namespace qualifier
* is prepended to the Element when converted
* @param declareNS Determines whether or not the namespace is declared
* within the Element.
* @param includeHeader Determines whether the output include the xml
* declaration header.
* @return A string containing the valid XML for this element.
* @throws FSMsgException if there is an error.
*/
boolean declareNS,
boolean includeHeader) throws FSMsgException {
return xmlString;
}
+ "providerId is null in the request with requestId:"
+ requestID);
}
+ "couldn't generate RequestID.");
}
}
if (includeHeader) {
}
if (includeNS) {
}
if (declareNS) {
} else {
}
}
}
if (consentURI != null) {
}
if((respondWiths != null) &&
while (i.hasNext()) {
}
}
if (signed) {
if (signatureString != null) {
}
}
}
}
if (affiliationID != null) {
}
if (federate) {
}
}
} else {
if (federate) {
}
}
if (forceAuthn) {
}
if (isPassive) {
}
}
if(assertionConsumerServiceID != null) {
}
if(authnContext != null){
}
}
}
}
if(authContextCompType != null &&
}
}
} else{
}
}
/**
* Returns the <code>FSAuthnRequest</code> object.
*
* @param xml the XML string.
* @return <code>FSAuthnRequest</code> object.
* @throws FSMsgException if there is
* error creating the object.
*/
+ "while parsing input xml string");
}
return new FSAuthnRequest(root);
}
/**
* Returns Signed XML String representation of this object.
*
* @return signed XML String.
*/
return xmlString;
}
/**
* Returns the signature string.
*
* @return the signature string.
*/
return signatureString;
}
/**
* Returns a list of <code>Extension</code> objects.
* Each entry of the list is a <code>Extension</code> object.
*
* @return a list of <code>Extension</code> elements.
* @see #setExtensions(List)
*/
return extensions;
}
/**
* Sets <code>Extension</code> objects.
* Each entry of the list is a <code>Extension</code> object.
*
* @param extensions a list of <code>Extension</code> objects.
* @see #getExtensions
*/
this.extensions = extensions;
}
/**
* Returns the value of Force Authentication attribute.
*
* @return the value of Force Authentication attribute.
*/
public boolean getForceAuthn() {
return forceAuthn;
}
/**
* Sets the value of Force Authentication attribute.
*
* @param forceAuthn value of Force Authentication attribute.
*/
this.forceAuthn = forceAuthn;
}
/**
* Returns the value of the <code>isPassive</code> attribute.
*
* @return value of <code>isPassive</code> attribute.
*/
public boolean getIsPassive() {
return isPassive;
}
/**
* Sets the value of the <code>IsPassive</code> attribute.
*
* @param isPassive value of <code>isPassive</code> attribute.
*/
}
/**
* Returns the value of the <code>Federate</code> attribute.
*
* @return the value fo the <code>Federate</code> attribute.
*/
public boolean getFederate() {
return federate;
}
/**
* Sets the value of the <code>Federate</code> attribute.
*
* @param fed the value of the <code>Federate</code> attribute.
*/
}
/**
* Returns the <code>NameIDPolicy</code> object.
*
* @return the <code>NameIDPolicy</code> object.
* @see #setNameIDPolicy(String)
*/
return nameIDPolicy;
}
/**
* Sets the <code>NameIDPolicy</code> object.
*
* @param nameIDPolicy the new <code>NameIDPolicy</code> object.
* @see #getNameIDPolicy
*/
this.nameIDPolicy = nameIDPolicy;
}
/**
* Returns the value of <code>ProtocolProfile<code> attribute.
*
* @return the value of <code>ProtocolProfile<code> attribute.
* @see #setProtocolProfile(String)
*/
return protocolProfile;
}
/**
* Sets the value of <code>ProtocolProfile<code> attribute.
*
* @param protocolProf the value of <code>ProtocolProfile<code> attribute.
* @see #getProtocolProfile()
*/
}
/**
* Returns the value of RelayState attribute.
*
* @return the value of RelayState attribute.
* @see #setRelayState(String)
*/
return relayState;
}
/**
* Set the value of RelayState attribute.
*
* @param relaySt the value of RelayState attribute.
* @see #getRelayState()
*/
}
/**
* Returns the <code>RequestedAuthnContext</code> object.
*
* @return the <code>RequestedAuthnContext</code> object.
* @see #setAuthnContext(RequestAuthnContext)
*/
return authnContext;
}
/**
* Sets the <code>RequestedAuthnContext</code> object.
*
* @param authnCxt the <code>RequestAuthnContext</code> object.
* @see #getAuthnContext()
*/
}
/**
* Returns the value of <code>ProviderID</code> attribute.
*
* @return the value of <code>ProviderID</code> attribute.
* @see #setProviderId(String).
*/
return providerId;
}
/**
* Sets the value of <code>ProviderID</code> attribute.
*
* @param provId the value of <code>ProviderID</code> attribute.
* @see #getProviderId()
*/
providerId = provId;
}
/**
* Returns the value of AuthContext Comparison attribute.
*
* @return he value of AuthContext Comparison attribute.
* @see #setAuthContextCompType(String)
*/
return authContextCompType;
}
/**
* Sets the value of AuthContext Comparison attribute.
*
* @param authType he value of AuthContext Comparison attribute.
* @see #getAuthContextCompType()
*/
}
/**
* Returns the value of <code>id</code> attribute.
*
* @return the value of <code>id</code> attribute.
* @see #setID(String)
*/
return id;
}
/**
* Sets the value of <code>id</code> attribute.
*
* @param id the value of <code>id</code> attribute.
* @see #getID()
*/
}
/**
* Returns the value of the <code>MinorVersion</code> attribute.
*
* @return the value of the <code>MinorVersion</code> attribute.
* @see #setMinorVersion(int)
*/
public int getMinorVersion() {
return minorVersion;
}
/**
* Sets the value of the <code>MinorVersion</code> attribute.
*
* @param version the value of the <code>MinorVersion</code> attribute.
* @see #getMinorVersion()
*/
}
/**
* Returns the Affliation Identifier.
*
* @return the Affliation Identifier.
* @see #setAffiliationID(String)
*/
return affiliationID;
}
/**
* Sets the Affiliation Identifier.
*
* @param affiliationID the Affiliation Identifier.
* @see #getAffiliationID()
*/
this.affiliationID = affiliationID;
}
/**
* Returns the Assertion Consumer Service Identifier.
*
* @return the Assertion Consumer Service Identifier.
* @see #setAssertionConsumerServiceID(String)
*/
return assertionConsumerServiceID;
}
/**
* Sets the Assertion Consumer Service Identifier.
*
* @param assertionConsumerServiceID the Assertion Consumer
* Service Identifier.
* @see #getAssertionConsumerServiceID
*/
public void setAssertionConsumerServiceID(
}
/**
* Returns the value of <code>consent</code> attribute.
*
* @return the value of <code>consent</code> attribute.
* @see #setConsent(String)
*/
return consentURI;
}
/**
* Sets the value of <code>consent</code> attribute.
*
* @param consentURI the value of <code>consent</code> attribute.
* @see #getConsent()
*/
this.consentURI = consentURI;
}
/**
* Sets the <code>FSScoping</code> object.
*
* @param scoping the <code>FSScoping</code> object.
* @see #getScoping()
*/
}
/**
* Returns the <code>FSScoping</code> object.
*
* @return the <code>FSScoping</code> object.
* @see #setScoping(FSScoping)
*/
return scoping;
}
/**
* Validates the the <code>MajorVersion</code> property in the
* <code>AuthnRequest</code>.
*
* @param majorVer the value of <code>MajorVersion</code> property
* @throws FSMsgException if the <code>MajoorVersion</code>
* is null or is invalid.
*/
try {
} catch (NumberFormatException e) {
+ "MajorVersion", e);
}
}
+ "MajorVersion of the AuthnRequest is too high.");
}
} else {
+ "MajorVersion of the AuthnRequest is too low.");
}
}
}
}
/**
* Validates the the <code>MinorVersion</code> property in the
* <code>AuthnRequest</code>.
*
* @param minorVer the value of <code>MinorVersion</code> property
* @throws FSMsgException if the <code>MinorVersion</code>
* is null or is invalid.
*/
try {
} catch (NumberFormatException e) {
+ "MinorVersion", e);
}
}
" Minor Version of the AuthnRequest is too high.");
}
" Minor Version of the AuthnRequest is too low.");
}
}
}
/**
* Checks the value of the <code>MajorVersion</code> property
* in the <code>AuthnRequest</code>.
*
* @param minorVer the value of <code>MajorVersion</code> property
* @return integer value of <code>MajorVersion</code> property
* @throws FSMsgException if the <code>MajorVersion</code>
* is null or invalid.
*/
throws FSMsgException {
int majorVersion;
}
try {
} catch (NumberFormatException e) {
+ "invalid MajorVersion: " + e.getMessage());
}
}
+ "MajorVersion of the AuthnRequest is too high"
+ majorVersion);
}
} else {
"FSAuthnRequest.checkMajorVersion:MajorVersion of "
+ "the AuthnRequest is too low. " + majorVersion);
}
}
}
return majorVersion;
}
/**
* Checks the value of the <code>MinorVersion</code> property
* in the <code>AuthnRequest</code>.
*
* @param minorVer the value of <code>MinorVersion</code> property
* @return integer value of <code>MinorVersion</code> property
* @throws FSMsgException if the <code>MinorVersion</code>
* is null or invalid.
*/
throws FSMsgException {
int minorVersion;
}
try {
} catch (NumberFormatException e) {
+ "invalid MinorVersion", e);
}
}
return minorVersion;
}
" Minor Version of the AuthnRequest is too high.");
}
} else {
" Minor Version of the AuthnRequest is too low.");
}
}
}
/**
* Returns an URL Encoded Query String.
*
* @return a url encoded query string.
* @throws FSMsgException if there is an error.
*/
+ "providerId is null in the request with requestId:"
+ requestID);
}
+ "couldn't generate RequestID.");
}
}
"FSAuthnRequest.toURLEncodedQueryString: " +
"only one Extension element is allowed and extras " +
" will be removed");
}
}
}
if (consentURI != null) {
}
if(affiliationID != null) {
}
if (issueInstant != null){
} else {
+ "issueInstant missing");
}
if (forceAuthn) {
}
if (isPassive) {
}
if (federate) {
}
}
} else {
if (federate) {
}
}
}
if (authnContext != null) {
}
}
}
if (authContextCompType != null
}
}
}
return urlEncodedAuthnReq.toString();
}
/**
* Returns a Base64 Encoded String.
*
* @return a Base64 Encoded String.
* @throws FSMsgException if there is an error encoding
* the string.
*/
+ "providerId is null in the request with requestId:"
+ requestID);
}
+ "couldn't generate RequestID.");
}
}
}
/**
* Returns <code>FSAuthnRequest</code> object. The
* object is creating by parsing the <code>HttpServletRequest</code>
* object.
*
* @param request the <code>HttpServletRequest</code> object.
* @throws FSMsgException if there is an error
* creating <code>FSAuthnRequest</code> object.
*/
}
}
try{
} catch (ParseException e){
}
} else{
}
retAuthnRequest.forceAuthn = true;
} else {
retAuthnRequest.forceAuthn = false;
}
{
retAuthnRequest.isPassive = true;
} else {
retAuthnRequest.isPassive = false;
}
if (nameIDPolicy != null &&
) {
retAuthnRequest.federate = true;
}
} else {
retAuthnRequest.federate = true;
} else {
retAuthnRequest.federate = false;
}
}
}
}
if(authnContextComparison != null &&
}
}
}
return retAuthnRequest;
}
/**
* Returns <code>FSAuthnRequest</code> object. The object
* is created by parsing an Base64 encode authentication
* request string.
*
* @param encodedReq the encode string
* @throws FSMsgException if there is an error
* creating <code>FSAuthnRequest</code> object.
*/
throws FSMsgException {
"FSAuthnRequest.parseBASE64EncodedString: "
+ "decoded input string: " + decodedAuthnReq);
}
return parseXML(decodedAuthnReq);
} else{
"FSAuthnRequest.parseBASE64EncodedString: "
+ "null String passed in as argument.");
}
}
}
/**
* Signs the Request.
*
* @param certAlias the Certificate Alias.
* @throws XMLSignatureException if <code>FSAuthnRequest</code>
* cannot be signed.
*/
if (signed) {
+ "the assertion is "
+ "already signed.");
}
"alreadySigned",null);
}
throw new SAMLResponderException(
}
try{
this.id, false);
} else if(minorVersion ==
this.getRequestID(), false);
} else {
}
}
signed = true;
xmlString = this.toXMLString(true, true);
} catch(Exception e){
throw new SAMLResponderException(
}
}
/**
* Unsupported Method.
*/
throw new SAMLException(
}
/**
* Sets the Signature of the Element passed.
*
* @param elem the Document Element.
* @return true if success otherwise false.
*/
return super.setSignature(elem);
}
}