/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: SAML2SDKUtils.java,v 1.12 2008/08/31 05:49:48 bina Exp $
*
* Portions copyright 2014 ForgeRock AS.
*
*/
/**
* The <code>SAML2SDKUtils</code> contains utility methods for SAML 2.0
* implementation.
*
* @supported.all.api
*/
public class SAML2SDKUtils {
//
// This utility class will be run on client side as well,
// so DO NOT add any static block which will not run on client side.
//
// The debugging instances
// SAML2 Resource bundle
// The resource bundle for SAML 2.0 implementation.
/**
* Defines mapping between interface and implementation class,
* the properties are read from AMConfig.properties in following format:
* com.sun.identity.saml2.sdk.mapping.<interface>=<implementation_class>
* e.g.
* com.sun.identity.saml2.sdk.mapping.Assertion=com.xxx.saml2.AssertionImpl
*/
// define constants for the interface names
"AuthzDecisionStatement";
"KeyInfoConfirmationData";
"SubjectConfirmationData";
"RequestedAuthnContext";
/**
* List of Interfaces in assertion and protocol packages which could have
* customized implementation
*/
/**
* Class array for Artifact constructor
*/
/**
* Class array for String as parameter
*/
/**
* Class array for Element as parameter
*/
static {
// initialize class mapper
for (int i = 0; i < len; i++) {
try {
// try it out
if (debug.messageEnabled()) {
+ "=" + implClass);
}
}
} catch (ClassNotFoundException cnfe) {
}
}
}
/**
* Protected contstructor.
*/
protected SAML2SDKUtils() {}
/**
* Returns default object instance for a given interface.
* @param iName name of the interface.
* @return object instance corresponding to the interface implementation.
* return null if the object instance could not be obtained.
*/
return null;
} else {
try {
return implClass.newInstance();
} catch (InstantiationException ie) {
} catch (IllegalAccessException iae) {
}
return null;
}
}
/**
* Returns new object instance taking String parameter in constructor.
* @param iName name of the interface.
* @param value String value to be used as parameter in constructor.
* @return object instance corresponding to the interface implementation.
* return null if the object instance could not be obtained.
*/
return null;
} else {
if (debug.messageEnabled()) {
+ "impl (String) instance for " + iName);
}
}
}
/**
* Returns new object instance taking Element parameter in constructor.
* @param iName name of the interface.
* @param value Element value to be used as parameter in constructor.
* @return object instance corresponding to the interface implementation.
* return null if the object instance could not be obtained.
*/
return null;
} else {
if (debug.messageEnabled()) {
+ "impl instance (Element) for " + iName);
}
}
}
/**
* Returns new object instance with given parameters.
* @param iName name of the interface.
* @param typecode type code.
* @param endpointIndex end point index.
* @param sourceID source ID.
* @param messageHandle message handler.
* @return object instance corresponding to the interface implementation.
* return null if the object instance could not be obtained.
*/
return null;
} else {
if (debug.messageEnabled()) {
+ "impl (4) instance for " + iName);
}
}
}
/**
* Returns new object instance with given parameter in constructor.
* @param impl Class instance.
* @param paramObj Class array for constructor parameters.
* @param valueObj Object array for values of constructor parameters.
* @return object instance corresponding to the interface implementation.
* return null if the object instance could not be obtained.
*/
try {
} catch (NoSuchMethodException nsme) {
nsme);
} catch (SecurityException se) {
se);
} catch (InstantiationException ie) {
ie);
} catch (IllegalAccessException iae) {
iae);
} catch (IllegalArgumentException iae) {
iae);
} catch (InvocationTargetException ite) {
ite);
}
return null;
}
/**
* Verifies if an element is a type of a specific statement.
* Currently, this method is used by class AuthnStatementImpl,
* AuthzDecisionStatement and AttributeStatementImpl.
* @param element a DOM Element which needs to be verified.
* @param statementname A specific name of a statement, for example,
* AuthnStatement, AuthzStatement or AttributeStatement
* @return <code>true</code> if the element is of the specific type;
* <code>false</code> otherwise.
*/
return false;
}
return false;
for (int j = 0; j < len; j++) {
return true;
}
}
return true;
}
return false;
}
/**
* Converts byte array to String.
*
* @param bytes Byte Array to be converted.
* @return result of the conversion.
*/
}
}
/**
* Converts integer to byte array.
*
* @param i an integer value between 0 and 65535.
* @return a byte array whose length is 2.
* @throws SAML2Exception if the input is not between 0 and 65535.
*/
public static byte[] intToTwoBytes(int i)
throws SAML2Exception {
if (i < 0 || i > 65535) {
throw new SAML2Exception(
}
//System.out.println("Original="+hexStr);
if (len > 4) {
} else {
switch (len) {
case 1:
break;
case 2:
break;
case 3:
break;
default:
}
}
return bytes;
}
/**
* Converts two bytes to an integer.
*
* @param bytes byte array whose length is 2.
* @return an integer value between 0 and 65535.
* @throws SAML2Exception if the input is null or the length is not 2.
*/
throws SAML2Exception {
+ "not 2.");
}
if (len0 > 2) {
} else {
}
if (len1 > 2) {
} else if (len1 == 1) {
} else {
}
return i;
}
/**
* Generates message handle used in an <code>Artifact</code>.
*
* @return String format of 20-byte sequence identifying
* a message.
*/
return null;
}
return byteArrayToString(bytes);
}
/**
* Converts String to Byte Array.
*
* @param input String to be converted.
* @return result of the conversion.
*/
}
return bytes;
}
/**
* Converts byte array to <code>Hex</code> String.
*
* @param byteArray Byte Array to be converted.
* @return result of the conversion.
*/
int onebyte;
for (int i=0; i < readBytes; i++) {
}
}
/**
* Converts <code>Hex</code> String to Byte Array.
*
* @param hexString <code>Hex</code> String to be converted.
* @return result of the conversion.
*/
byteArray[j] =
byteValue();
i++;
}
return byteArray;
}
/**
* Generates ID.
* @return ID value.
*/
return null;
}
}
/**
* Gets the Discovery bootstrap resource offering in an attribute
* statement. After a single sign-on with an Identity Provider, a service
* provider may get Discovery service esource Offerings through a SAML2
* assertion. This APIs helps in retrieving the resource offerings
* if the user has been authenticated through the SAML2 SSO. It will
* need to have a valid single sign on token (generated through the
* SAML2 SSO).
*
* @param request <code>HttpServletRequest</code> associated with a user
* session.
* @return <code>ResourceOffering</code> Discovery Resource Offering,
* null if there is any failure or if there is not one
*/
if (debug.messageEnabled()) {
"Offerings: null Input params");
}
return null;
}
try {
return null;
}
return new ResourceOffering(
" Exception while retrieving discovery boot strap info.", ex);
return null;
}
}
/**
* Gets the Discovery bootstrap credentials.
* After a single sign-on with an Identity Provider, a service
* provider may get Discovery bootstrap resource offerings and credentials
* through a SAML assertion. This APIs helps in retrieving the credentials
* if the user has been authenticated through the SAML2 SSO. It will
* need to have a valid single sign on token (generated through the
* SAML2 SSO).
*
* @param request <code>HttpServletRequest</code> associated with a user
* session.
* @return <code>List</code> of <code>SecurityAssertions</code>,
* null if there is any failure or if there is not one
*/
if (debug.messageEnabled()) {
" null Input params");
}
return null;
}
try {
return null;
}
.getDocumentElement());
}
return securityAssertions;
return null;
}
}
/**
* Creates <code>SOAPMessage</code> with the input XML String
* as message body.
* @param xmlString XML string to be put into <code>SOAPMessage</code> body.
* @return newly created <code>SOAPMessage</code>.
* @exception SOAPException if it cannot create the
* <code>SOAPMessage</code>.
*/
throws SOAPException, SAML2Exception {
if (debug.messageEnabled()) {
}
append("<").
append(":Body>").
if (debug.messageEnabled()) {
}
}
/**
* Fills in basic auth user and password inside the location URL
* if configuration is done properly
* @param config Either an SPSSOConfigElement object , an
* IDPSSOConfigElement object or PEPConfigElement.
* @param locationURL The original location URL which is to be
* inserted with user:password@ before the
* hostname part and after //
* @return The modified location URL with the basic auth user
* and password if configured properly
*/
return locationURL;
}
return locationURL;
}
return locationURL;
}
return locationURL;
}
return locationURL;
}
if (u == null) {
return locationURL;
}
u = u.trim();
if (u.length() == 0) {
return locationURL;
}
}
if (p == null) {
p = "";
}
}
/**
* Converts a value of XML boolean type to Boolean object.
*
* @param str a value of XML boolean type
* @return a Boolean object.
* @throws SAML2Exception if there is a syntax error
*/
return null;
}
}
}
"invalidXMLBooleanValue"));
}
/**
* Removes deployment URI from the pass down string. i.e.
* from "/opensso/ArtifactResolver/metaAlias/idp" to
* "/ArtifactResolver/metaAlias/idp".
* @param uri the URI string which the deployment uri is to be removed
* return string without deployment uri
*/
return uri;
}
if (loc == -1) {
return null;
} else {
}
}
/**
* Returns the boolean value as a <code>Boolean</code> object.
*
* @param value boolean value true or false.
*
*/
}
/**
* If enabled, decodes the provided XML element and prints it out to the decryption debug log.
* @param callerName String representing the name of the calling method.
* @param xmlElement String representing an XML document with decrypted
* data.
*/
}
}
/**
* Tells whether SAML SP decryption debug mode is enabled.
*
* @return <code>true</code> if SAML decryption debug mode is enabled, or <code>false</code> otherwise or if the
* property is not found.
*/
public static boolean isSAMLDecryptionDebugEnabled() {
}
}