a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: SecurityAssertion.java,v 1.3 2009/10/01 18:42:07 mallas Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.common.wsse.WSSEConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.soapbinding.SOAPBindingConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.Assertion;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.Conditions;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.Statement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.SubjectConfirmation;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.SubjectStatement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.xmlsig.XMLSignatureManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The <code>SecurityAssertion</code> class provides an extension to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>Assertion</code> class to support <code>ID-WSF</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>ResourceAccessStatement</code> and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>SessionContextStatement</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.all.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class SecurityAssertion extends Assertion {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This constructor creates a <code>SecurityAssertion</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * from a DOM Element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param assertionElement A <code>org.w3c.dom.Element</code> representing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DOM tree for <code>Assertion</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAMLException if it could not process the Element properly,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * implying that there is an error in the sender or in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * element definition.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public SecurityAssertion(org.w3c.dom.Element assertionElement)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructs <code>SecurityAssertion</code> object with the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>assertionID</code>, the issuer, time when assertion issued
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * and a <code>Set</code> of <code>Statement</code>(s) in the assertion.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param assertionID <code>assertionID</code> attribute contained within
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * this <code>Assertion</code> if null, an <code>assertionID</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is generated internally.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param issuer String representing the issuer of this assertion.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param issueInstant time instant of the issue. It has type
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>dateTime</code> which is built in to the W3C XML Schema
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Types specification.if null, current time is used.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param statements Set of <code>Statement</code> objects within this
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>Assertion</code>. It could be of type
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AuthenticationStatement</code>,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AuthorizationDecisionStatement</code> and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AttributeStatement</code>. Each Assertion can have multiple
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * type of statements in it.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAMLException issuer is null or the size of statements is 0.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public SecurityAssertion(String assertionID,java.lang.String issuer,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Date issueInstant, Set statements) throws SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster super(assertionID, issuer, issueInstant, statements);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructs <code>SecurityAssertion</code> object with the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>assertionID</code>, the issuer, time when assertion issued, the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * conditions when creating a new assertion and a <code>Set</code> of
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>Statement</code>(s) in the assertion.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param assertionID String representing <code>AssertionID</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * contained within this <code>Assertion</code> if null its generated
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * internally.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param issuer String representing the issuer of this assertion.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param issueInstant time instant of the issue. It has type
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>dateTime</code> which is built in to the W3C XML
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Schema Types specification. if null current time is used.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param conditions <code>Conditions</code> under which the this
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>Assertion</code> is valid.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param statements Set of <code>Statement</code> objects within this
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>Assertion</code>. It could be of type
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AuthenticationStatement</code>,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AuthorizationDecisionStatement</code> and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AttributeStatement</code>. Each Assertion can have multiple
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * type of statements in it.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAMLException issuer is null or the size of statements is 0.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public SecurityAssertion(String assertionID,java.lang.String issuer,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Date issueInstant, Conditions conditions, Set statements)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster super(assertionID, issuer, issueInstant, conditions, statements);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructs <code>SecurityAssertion</code> object with the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>assertionID</code>, the issuer, time when assertion issued,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the conditions when creating a new assertion, <code>Advice</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * applicable to this <code>Assertion</code> and a <code>Set</code> of
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>Statement</code>(s) in the assertion.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param assertionID <code>AssertionID</code> object contained within this
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>Assertion</code> if null its generated internally.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param issuer String representing the issuer of this assertion.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param issueInstant time instant of the issue. It has type
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>dateTime</code> which is built in to the W3C XML Schema
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Types specification. if null current time is used.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param conditions <code>Conditions</code> under which the this
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>Assertion</code> is valid.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param advice <code>Advice</code> applicable for this
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>Assertion</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param statements Set of <code>Statement</code> objects within this
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>Assertion</code>. It could be of type
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AuthenticationStatement</code>,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AuthorizationDecisionStatement</code> and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AttributeStatement</code>. Each Assertion can have multiple
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * type of statements in it.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAMLException issuer is null or the size of statements is 0.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public SecurityAssertion(String assertionID,java.lang.String issuer,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Date issueInstant, Conditions conditions, Advice advice,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster super(assertionID, issuer, issueInstant, conditions,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the value of the certificate alias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param certAlias the certificate alias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setVerifyingCertAlias(String certAlias) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Return whether the signature is valid.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return true if the signature is valid.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XMLSignatureManager manager = XMLSignatureManager.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SecurityAssertion.isSignatureValid: "+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " signature validation exception", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("SAMLUtils.checkSignatureValid:"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Determines if the <code>SecurityAssertion</code> contains SAML Bearer
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * confirmation method.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return true if the <code>SecurityAssertion</code> contains SAML Bearer
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * confirmation.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (_statements == null || _statements.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!(statement instanceof SubjectStatement)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Subject subject = ((SubjectStatement)statement).getSubject();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SubjectConfirmation sc = subject.getSubjectConfirmation();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set confirmationMethods = sc.getConfirmationMethod();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (confirmationMethods == null || confirmationMethods.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Determines if the <code>SecurityAssertion</code> contains SAML Bearer
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * confirmation method. If it is, return its Subject. Otherwise, return
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Subject if the <code>SecurityAssertion</code> contains SAML
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Bearer confirmation.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (_statements == null || _statements.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!(statement instanceof SubjectStatement)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Subject subject = ((SubjectStatement)statement).getSubject();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SubjectConfirmation sc = subject.getSubjectConfirmation();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set confirmationMethods = sc.getConfirmationMethod();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (confirmationMethods == null || confirmationMethods.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Create a String representation of the element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return A string containing the valid XML for this element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * By default name space name is prepended to the element name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * example <code><saml:Assertion></code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the String representation of this element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // call toString() with includeNS true by default and declareNS false
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return this.toString(true, false);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Creates a String representation of the <code><Assertion></code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeNS if true prepends all elements by their Namespace
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * name example <code><saml:Assertion></code>;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param declareNS if true includes the namespace within the generated
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return A string containing the valid XML for this element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public java.lang.String toString(boolean includeNS, boolean declareNS) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster dateStr = DateUtils.toUTCDateFormat(_issueInstant);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster xml.append("<").append(appendNS).append("Assertion").append(" ").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(NS).append(" ").append("MajorVersion").append("=\"").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(_majorVersion).append("\"").append(" ").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append("MinorVersion").append("=\"").append(_minorVersion).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append("\"").append(" ").append("AssertionID=\"").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(_assertionID.getAssertionIDReference()).append("\"").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(" ").append("Issuer").append("=\"").append(_issuer).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append("\"").append(" ").append("IssueInstant").append("=\"").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster xml.append(_conditions.toString(includeNS, false));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster xml.append(_advice.toString(includeNS, false));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster while (i.hasNext()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String o = SAMLUtils.makeEndElementTagXML("Assertion", includeNS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected boolean processUnknownElement(Element element)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SecurityAssertion.processUnknownElement: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "super returns true");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SecurityAssertion.processUnknownElement: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "super returns false");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (localName.equals("ResourceAccessStatement")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster _statements.add(new ResourceAccessStatement(element));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (localName.equals("SessionContextStatement")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster _statements.add(new SessionContextStatement(element));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Add the <code>Assertion</code> to the Document Element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param headerE the element to be updated.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws Exception if there is an error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void addToParent(Element headerE) throws Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster doc.createElementNS(WSSEConstants.NS_WSSE_WSF11,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster securityE.setAttributeNS(SOAPBindingConstants.NS_XML,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Document assertionDoc = XMLUtils.toDOMDocument(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Element assertionE = assertionDoc.getDocumentElement();