AssertionIDRequestUtil.java revision 2265cfe8ee36d40dc946cde472ecd12c61f856b2
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: AssertionIDRequestUtil.java,v 1.8 2009/06/12 22:21:40 mallas Exp $
*
*/
/*
* Portions Copyrighted 2013-2014 ForgeRock AS
*/
/**
* This class provides methods to send or process
* <code>AssertionIDRequest</code>.
*
* @supported.api
*/
public class AssertionIDRequestUtil {
private AssertionIDRequestUtil() {
}
/**
* Sends the <code>AssertionIDRequest</code> to specifiied Assertion ID
* Request Service and returns <code>Response</code> coming from the
* Assertion ID Request Service.
*
* @param assertionIDRequest the <code>AssertionIDRequest</code> object
* @param samlAuthorityEntityID entity ID of SAML authority
* @param role SAML authority role, for example,
* <code>SAML2Constants.ATTR_AUTH_ROLE</code>,
* <code>SAML2Constants.AUTHN_AUTH_ROLE</code> or
* <code>SAML2Constants.IDP_ROLE</code>
* @param realm the realm of hosted entity
* @param binding the binding
*
* @return the <code>Response</code> object
* @exception SAML2Exception if the operation is not successful
*
* @supported.api
*/
public static Response sendAssertionIDRequest(
} else {
throw new SAML2Exception(
}
}
/**
* Sends the Assertion ID to specifiied Assertion ID Request Service and
* returns <code>Assertion</code> coming from the Assertion ID Request
* Service.
*
* @param assertionID the asssertionID</code> object
* @param samlAuthorityEntityID entity ID of SAML authority
* @param role SAML authority role, for example,
* <code>SAML2Constants.ATTR_AUTH_ROLE</code>,
* <code>SAML2Constants.AUTHN_AUTH_ROLE</code> or
* <code>SAML2Constants.IDP_ROLE</code>
* @param realm the realm of hosted entity
*
* @return the <code>Assertion</code> object
* @exception SAML2Exception if the operation is not successful
*
* @supported.api
*/
public static Assertion sendAssertionIDRequestURI(
} else {
}
try {
} catch (MalformedURLException me) {
}
try {
conn.setInstanceFollowRedirects(false);
conn.setUseCaches(false);
conn.setDoOutput(false);
"AssertionIDRequestUtil.sendAssertionIDRequestURI: " +
}
return null;
}
"AssertionIDRequestUtil.sendAssertionIDRequestURI: " +
"Content type = " + contentType);
}
if ((contentType == null) ||
return null;
}
"AssertionIDRequestUtil.sendAssertionIDRequestURI: " +
"Content length = " + contentLength);
}
byte content[] = new byte[2048];
if (contentLength != -1) {
int left;
while (totalRead < contentLength) {
if (read == -1) {
// We need to close connection !!
break;
} else {
if (read > 0) {
}
}
}
} else {
int numbytes;
int totalRead = 0;
while (true) {
if (numbytes == -1) {
break;
}
}
}
} catch (IOException ioex) {
"AssertionIDRequest.sendAssertionIDRequestURI:", ioex);
}
}
/**
* Gets assertion ID from URI and returns assertion if found.
*
* @param request the <code>HttpServletRequest</code> object
* @param response the <code>HttpServletResponse</code> object
* @param samlAuthorityEntityID entity ID of SAML authority
* @param role SAML authority role
* @param realm the realm of hosted entity
*
* @exception IOException if response can't be sent
*/
if (assertionID == null) {
return;
}
try {
} catch (SAML2Exception ex) {
return;
}
try {
} catch (SAML2Exception ex) {
return;
}
"invalidAssertionID",
return;
}
try {
} catch (SAML2Exception ex) {
"processAssertionIDRequestURI:", ex);
}
return;
}
try {
} catch(UnsupportedEncodingException ueex) {
"processAssertionIDRequestURI:", ueex);
}
return;
}
try {
} catch (IOException ioex) {
"processAssertionIDRequestURI:", ioex);
} finally {
try {
} catch (IOException ioex) {
"processAssertionIDRequestURI:", ioex);
}
}
}
}
/**
* This method processes the <code>AssertionIDRequest</code> coming
* from a requester.
*
* @param assertionIDRequest the <code>AssertionIDRequest</code> object
* @param request the <code>HttpServletRequest</code> object
* @param response the <code>HttpServletResponse</code> object
* @param samlAuthorityEntityID entity ID of SAML authority
* @param role the role of SAML authority
* @param realm the realm of SAML authority
* @return the <code>Response</code> object
* @exception SAML2Exception if the operation is not successful
*/
public static Response processAssertionIDRequest(
try {
} catch(SAML2Exception se) {
"processAssertionIDRequest:", se);
}
try {
}
} catch (SAML2MetaException sme) {
"processAssertionIDRequest:", sme);
}
"samlAuthorityNotFound"), samlAuthorityEntityID);
}
"processAssertionIDRequest: " +
"reading assertion from DB. ID = " + assertionID);
}
try {
} catch(StoreException se) {
"processAssertionIDRequest: " +
}
if (assertionStr != null) {
}
}
if (returnAssertions == null) {
returnAssertions = new ArrayList();
}
}
}
return samlResp;
}
private static RoleDescriptorType getRoleDescriptorAndLocation(
try {
"unsupportedRole"));
"idpNotFound"));
}
"authnAuthorityNotFound"));
}
"attrAuthorityNotFound"));
}
} else {
"unsupportedRole"));
}
} catch (SAML2MetaException sme) {
"AssertionIDRequest.getRoleDescriptorAndLocation:", sme);
"metaDataError"));
}
throw new SAML2Exception(
}
throw new SAML2Exception(
}
break;
}
}
throw new SAML2Exception(
}
return roled;
}
private static void signAssertionIDRequest(
if (includeCert) {
}
if (signingKey != null) {
}
}
private static void verifyAssertionIDRequest(
"assertionIDRequestIssuerInvalid"));
}
"assertionIDRequestIssuerNotFound"));
}
if (signingCert != null) {
"AssertionIDRequestUtil.verifyAssertionIDRequest: " +
"Signature validity is : " + valid);
}
if (!valid) {
"invalidSignatureAssertionIDRequest"));
}
} else {
throw new SAML2Exception(
}
}
boolean includeCert) throws SAML2Exception {
String encryptedKeyPass = SAML2Utils.getSigningCertEncryptedKeyPass(realm, samlAuthorityEntityID, role);
} else {
}
if (includeCert) {
}
if (signingKey != null) {
}
}
try {
}
} catch (SAML2MetaException sme) {
"AssertionIDRequestUtil.getSSOConfig:", sme);
}
}
}
private static Response sendAssertionIDRequestBySOAP(
throws SAML2Exception {
"AssertionIDRequestUtil.sendAssertionIDRequestBySOAP: " +
"assertionIDRequest = " + aIDReqStr);
"AssertionIDRequestUtil.sendAssertionIDRequestBySOAP: " +
"location = " + location);
}
role);
try {
} catch (SOAPException se) {
"AssertionIDRequestUtil.sendAssertionIDRequestBySOAP:", se);
throw new SAML2Exception(
}
"AssertionIDRequestUtil.sendAssertionIDRequestBySOAP: " +
}
return response;
}
"invalidInResponseToAssertionIDRequest"));
}
if (respIssuer == null) {
return;
}
"responseIssuerMismatch"));
}
if (signingCert != null) {
"AssertionIDRequestUtil .verifyResponse: " +
"Signature validity is : " + valid);
}
if (!valid) {
"invalidSignatureOnResponse"));
}
} else {
throw new SAML2Exception(
}
}
private static AssertionIDRequestMapper getAssertionIDRequestMapper(
throws SAML2Exception {
try {
if (aidReqMapperName == null) {
"AssertionIDRequestUtil.getAssertionIDRequestMapper:" +
" use "+ aidReqMapperName);
}
}
if (aidReqMapper == null) {
} else {
"AssertionIDRequestUtil.getAssertionIDRequestMapper:" +
" got the AssertionIDRequestMapper from cache");
}
}
"AssertionIDRequestUtil.getAssertionIDRequestMapper:", ex);
throw new SAML2Exception(ex);
}
return aidReqMapper;
}
}