a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: AssertionImpl.java,v 1.8 2009/05/09 15:43:59 mallas Exp $
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * Portions Copyrighted 2015 ForgeRock AS.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Constants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Exception;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2SDKUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.Assertion;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.AssertionFactory;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.AttributeStatement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.AuthnStatement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.AuthzDecisionStatement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.EncryptedAssertion;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.Subject;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.Conditions;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.xmlenc.EncManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.xmlsig.SigManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The <code>Assertion</code> element is a package of information
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * that supplies one or more <code>Statement</code> made by an issuer.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * There are three kinds of assertions: Authentication, Authorization Decision,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * and Attribute assertions.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class AssertionImpl implements Assertion {
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings private List<Object> statements = new ArrayList();
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings private List<AuthnStatement> authnStatements = new ArrayList();
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings private List<AuthzDecisionStatement> authzDecisionStatements = new ArrayList();
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings private List<AttributeStatement> attributeStatements = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String ASSERTION_ELEMENT = "Assertion";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String ASSERTION_VERSION_ATTR = "Version";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String ASSERTION_ISSUEINSTANT_ATTR = "IssueInstant";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String XSI_TYPE_ATTR = "xsi:type";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String ASSERTION_ISSUER = "Issuer";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String ASSERTION_SIGNATURE = "Signature";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String ASSERTION_SUBJECT = "Subject";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String ASSERTION_CONDITIONS = "Conditions";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String ASSERTION_ADVICE = "Advice";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String ASSERTION_STATEMENT = "Statement";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String ASSERTION_AUTHNSTATEMENT = "AuthnStatement";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String ASSERTION_AUTHZDECISIONSTATEMENT =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AuthzDecisionStatement";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String ASSERTION_ATTRIBUTESTATEMENT =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeStatement";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Default constructor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This constructor is used to build <code>Assertion</code> object from a
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * XML string.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param xml A <code>java.lang.String</code> representing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * a <code>Assertion</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if it could not process the XML string
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public AssertionImpl(String xml) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Document document = XMLUtils.toDOMDocument(xml, SAML2SDKUtils.debug);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Element rootElement = document.getDocumentElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AssertionImpl.processElement(): invalid XML input");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "errorObtainingElement"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This constructor is used to build <code>Assertion</code> object from a
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * block of existing XML that has already been built into a DOM.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param element A <code>org.w3c.dom.Element</code> representing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DOM tree for <code>Assertion</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if it could not process the Element
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public AssertionImpl(Element element) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster signedXMLString = XMLUtils.print(element,"UTF-8");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void processElement(Element element) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AssertionImpl.processElement(): invalid root element");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "invalid_element"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AssertionImpl.processElement(): local name missing");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "missing_local_name"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AssertionImpl.processElement(): invalid local name " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "invalid_local_name"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // starts processing attributes
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attrValue = element.getAttribute(ASSERTION_VERSION_ATTR);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((attrValue == null) || (attrValue.length() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AssertionImpl.processElement(): version missing");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "missing_assertion_version"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrValue = element.getAttribute(ASSERTION_ID_ATTR);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((attrValue == null) || (attrValue.length() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AssertionImpl.processElement(): assertion id missing");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "missing_assertion_id"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrValue = element.getAttribute(ASSERTION_ISSUEINSTANT_ATTR);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((attrValue == null) || (attrValue.length() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AssertionImpl.processElement(): issue instant missing");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "missing_issue_instant"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster issueInstant = DateUtils.stringToDate(attrValue);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AssertionImpl.processElement(): invalid issue instant");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "invalid_date_format"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // starts processing subelements
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AssertionImpl.processElement(): assertion has no subelements");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "missing_subelements"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AssertionFactory factory = AssertionFactory.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster while (child.getNodeType() != Node.ELEMENT_NODE) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2SDKUtils.debug.error("AssertionImpl.processElement():"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " assertion has no subelements");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "missing_subelements"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // The first subelement should be <Issuer>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((childName == null) || (!childName.equals(ASSERTION_ISSUER))) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2SDKUtils.debug.error("AssertionImpl.processElement():"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " the first element is not <Issuer>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "missing_subelement_issuer"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster issuer = factory.getInstance().createIssuer((Element)child);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster while (child.getNodeType() != Node.ELEMENT_NODE) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // The next subelement may be <ds:Signature>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster while (child.getNodeType() != Node.ELEMENT_NODE) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // The next subelement may be <Subject>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster subject = factory.createSubject((Element)child);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster while (child.getNodeType() != Node.ELEMENT_NODE) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // The next subelement may be <Conditions>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster conditions = factory.createConditions((Element)child);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster while (child.getNodeType() != Node.ELEMENT_NODE) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // The next subelement may be <Advice>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // The next subelements are all statements
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (child.getNodeType() == Node.ELEMENT_NODE) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (childName.equals(ASSERTION_AUTHNSTATEMENT)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster statements.add(XMLUtils.print((Element)child));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AssertionImpl.processElement(): " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the version number of the assertion.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return The version number of the assertion.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the version number of the assertion.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param version the version number.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the object is immutable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setVersion(String version) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "objectImmutable"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the time when the assertion was issued
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the time of the assertion issued
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Set the time when the assertion was issued
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param issueInstant the issue time of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the object is immutable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setIssueInstant(Date issueInstant) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "objectImmutable"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the subject of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the subject of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the subject of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param subject the subject of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the object is immutable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setSubject(Subject subject) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "objectImmutable"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the advice of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the advice of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the advice of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param advice the advice of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the object is immutable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setAdvice(Advice advice) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "objectImmutable"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the signature of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the signature of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the conditions of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the conditions of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the conditions of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param conditions the conditions of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the object is immutable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setConditions(Conditions conditions) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "objectImmutable"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the id of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the id of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the id of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param id the id of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the object is immutable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setID(String id) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "objectImmutable"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the statements of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the statements of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the Authn statements of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the Authn statements of the assertion
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings public List<AuthnStatement> getAuthnStatements() {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the <code>AuthzDecisionStatements</code> of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>AuthzDecisionStatements</code> of the assertion
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings public List<AuthzDecisionStatement> getAuthzDecisionStatements() {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the attribute statements of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the attribute statements of the assertion
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings public List<AttributeStatement> getAttributeStatements() {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the statements of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param statements the statements of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the object is immutable
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings public void setStatements(List<Object> statements) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "objectImmutable"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the <code>AuthnStatements</code> of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param statements the <code>AuthnStatements</code> of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the object is immutable
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings public void setAuthnStatements(List<AuthnStatement> statements) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "objectImmutable"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the <code>AuthzDecisionStatements</code> of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param statements the <code>AuthzDecisionStatements</code> of
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the object is immutable
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings public void setAuthzDecisionStatements(List<AuthzDecisionStatement> statements)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "objectImmutable"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the attribute statements of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param statements the attribute statements of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the object is immutable
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings public void setAttributeStatements(List<AttributeStatement> statements) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "objectImmutable"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the issuer of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the issuer of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the issuer of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param issuer the issuer of the assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the object is immutable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setIssuer(Issuer issuer) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "objectImmutable"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Return whether the assertion is signed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return true if the assertion is signed; false otherwise.
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings public boolean isSignatureValid(Set<X509Certificate> verificationCerts)
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings isSignatureValid = SigManager.getSigInstance().verify(signedXMLString, getID(), verificationCerts);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sign the Assertion.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param privateKey Signing key
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param cert Certificate which contain the public key correlated to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the signing key; It if is not null, then the signature
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * will include the certificate; Otherwise, the signature
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * will not include any certificate
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if it could not sign the assertion.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns an <code>EncryptedAssertion</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param recipientPublicKey Public key used to encrypt the data encryption
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (secret) key, it is the public key of the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * recipient of the XML document to be encrypted.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param dataEncAlgorithm Data encryption algorithm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param dataEncStrength Data encryption strength.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param recipientEntityID Unique identifier of the recipient, it is used
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * as the index to the cached secret key so that
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the key can be reused for the same recipient;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * It can be null in which case the secret key will
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * be generated every time and will not be cached
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * and reused. Note that the generation of a secret
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * key is a relatively expensive operation.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>EncryptedAssertion</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2Exception if error occurs during the encryption process.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Element el = EncManager.getEncInstance().encrypt(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "EncryptedAssertion"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Gets the validity of the assertion evaluating its conditions if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * specified.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return false if conditions is invalid based on it lying between
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>NotBefore</code> (current time inclusive) and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>NotOnOrAfter</code> (current time exclusive) values
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * and true otherwise or if no conditions specified.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return conditions.checkDateValidity(System.currentTimeMillis());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns a String representation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeNSPrefix Determines whether or not the namespace
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * qualifier is prepended to the Element when converted
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param declareNS Determines whether or not the namespace is declared
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * within the Element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return A String representation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if something is wrong during conversion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String toXMLString(boolean includeNSPrefix, boolean declareNS)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((signature != null) && (signedXMLString != null)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sb.append("<").append(appendNS).append(ASSERTION_ELEMENT).append(NS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((version == null) || (version.length() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AssertionImpl.toXMLString(): version missing");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "missing_assertion_version"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sb.append(" ").append(ASSERTION_VERSION_ATTR).append("=\"").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AssertionImpl.toXMLString(): assertion id missing");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "missing_assertion_id"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sb.append(" ").append(ASSERTION_ID_ATTR).append("=\"").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AssertionImpl.toXMLString(): issue instant missing");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "missing_issue_instant"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String instantStr = DateUtils.toUTCDateFormat(issueInstant);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sb.append(" ").append(ASSERTION_ISSUEINSTANT_ATTR).append("=\"").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AssertionImpl.toXMLString(): issuer missing");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "missing_subelement_issuer"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sb.append(issuer.toXMLString(includeNSPrefix, false));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sb.append(subject.toXMLString(includeNSPrefix, false));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sb.append(conditions.toXMLString(includeNSPrefix, false));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sb.append(advice.toXMLString(includeNSPrefix, false));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AuthnStatement st = (AuthnStatement)authnStatements.get(i);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sb.append(st.toXMLString(includeNSPrefix, false));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (AuthzDecisionStatement)authzDecisionStatements.get(i);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sb.append(st.toXMLString(includeNSPrefix, false));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (AttributeStatement)attributeStatements.get(i);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sb.append(st.toXMLString(includeNSPrefix, false));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sb.append("</").append(appendNS).append(ASSERTION_ELEMENT).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //return SAML2Utils.removeNewLineChars(sb.toString());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns a String representation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return A String representation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if something is wrong during conversion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String toXMLString() throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return this.toXMLString(true, false);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Makes the object immutable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authnStatements = Collections.unmodifiableList(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (AuthzDecisionStatement)authzDecisionStatements.get(i);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authzDecisionStatements = Collections.unmodifiableList(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (AttributeStatement)attributeStatements.get(i);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attributeStatements = Collections.unmodifiableList(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster statements = Collections.unmodifiableList(statements);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns true if the object is mutable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return true if the object is mutable