a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: FSAuthenticationStatement.java,v 1.2 2008/06/25 05:46:43 qcheng Exp $
f948ca04a28ccfeed9633bf4b0fb0d2c59c37478David Luna * Portions Copyrighted 2014 ForgeRock AS
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.IFSConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.common.AuthnContext;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.common.FSMsgException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.AuthenticationStatement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.AuthorityBinding;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.SubjectLocality;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The <code>FSAuthenticationStatement</code> element represents an
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * authentication statement by the issuer that it's subject was authenticated
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * by a particular means at a particular time.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.all.api
f948ca04a28ccfeed9633bf4b0fb0d2c59c37478David Luna * @deprecated since 12.0.0
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class FSAuthenticationStatement extends AuthenticationStatement {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected int minorVersion = IFSConstants.FF_11_PROTOCOL_MINOR_VERSION;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Default Constructor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor to create <code>FSAuthenticationStatement</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authMethod the Authentication method in the statement.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authInstant the authentication date in the statement.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param subject the Subject in the statement.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authnContext the Authentication Context.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSMsgException if there is error
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * creating the object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAMLException if the version is incorrect.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthenticationStatement: missing" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AuthnContext");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor for create <code>FSAuthenticationStatement</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authMethod the Authentication method in the statement.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authInstant the authentication date in the statement.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param subject the <code>Subject</code> in the statement.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param subjectLocality the <code>SubjectLocality</code> in the statement.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authorityBinding a List of <code>AuthorityBinding</code> objects.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authnContext the Authentication Context.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSMsgException if there is an error
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * creating the object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAMLException on error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // check if the AuthnContext is null
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthenticationStatement: missing" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AuthnContext.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructs an <code>FSAuthenticationStatement</code> object from a
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Document Element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param element the Document Element object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSMsgException if document element is null
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * or required attributes cannot be retrieved from the element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAMLException on error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public FSAuthenticationStatement(Element element)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthenticationStatement(Element): Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthenticationStatement: null input.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //handle the attributes of AuthenticationStatement
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster NamedNodeMap atts = ((Node)element).getAttributes();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (att.getNodeType() == Node.ATTRIBUTE_NODE) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (attName == null || attName.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthenticationStatement:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Attribute name is either null or empty.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (attName.equals(IFSConstants.AUTHENTICATION_METHOD)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster _authenticationMethod = ((Attr)att).getValue().trim();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (attName.equals(IFSConstants.AUTHENTICATION_INSTANT)){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DateUtils.stringToDate(((Attr)att).getValue());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthenticationStatement:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("wrongDateFormat",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } // end of try...catch
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (attName.equals(IFSConstants.REAUTH_ON_OR_AFTER)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DateUtils.stringToDate(((Attr)att).getValue());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthenticationStatement:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("wrongDateFormat",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (attName.equals(IFSConstants.SESSION_INDEX)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } // end of for loop
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //Handle the children elements of AuthenticationStatement
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (currentNode.getNodeType() == Node.ELEMENT_NODE) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((tagName == null) || tagName.length() == 0 ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthenticationStatement: "+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "The tag name or tag namespace of child" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " element is either null or empty.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (tagName.equals(IFSConstants.AUTH_SUBJECT)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSAuthenticationStatement" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ":should only contain one subject");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (tagName.equals(IFSConstants.SUBJECT_LOCALITY)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSAuthenticationStatement"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Statement: should at most " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "contain one SubjectLocality.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (tagName.equals(IFSConstants.AUTHN_CONTEXT) &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Statement: should not contain more " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "than one AuthnContext element.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (tagName.equals(IFSConstants.AUTHORITY_BINDING)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((_authorityBinding.add(new AuthorityBinding(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSAuthenticationStatement"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ": failed to add to the" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " AuthorityBinding list.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthenticationStatement:"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Wrong element "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } // end of if (currentNode.getNodeType() == Node.ELEMENT_NODE)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } // end of for loop
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } // end of if (nodeCount > 0)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // check if the subject is null
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthenticationStatement should " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "contain one subject.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("missingElement",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthenticationStatement(Element): leaving");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the value of <code>SessionIndex</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the value of </code>SessionIndex</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #setSessionIndex(String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the <code>SessionIndex</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param sessionIndex the value of <code>SessionIndex</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #getSessionIndex
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setSessionIndex(String sessionIndex){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the re-authentication date for this
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * authentication statement.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the re-authentication date for this object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #setReauthenticateOnOrAfter
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets re-authentication date for this authentication
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * statement.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param reauthenticateOnOrAfter the date object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #getReauthenticateOnOrAfter
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setReauthenticateOnOrAfter(Date reauthenticateOnOrAfter){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster this.reauthenticateOnOrAfter = reauthenticateOnOrAfter;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the Authentication Context in this
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * authentication statement.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the Authentication Context object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #setAuthnContext(AuthnContext)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the Authentication Context object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authnContext the Authentication Context object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #getAuthnContext
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setAuthnContext(AuthnContext authnContext){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the value of <code>MinorVersion</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the value of <code>MinorVersion</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #setMinorVersion(int)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the value of <code>MinorVersion</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param version the <code>MinorVersion</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #getMinorVersion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns a String representation of this object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSMsgException if there is an error creating
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the string.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a String representation of this Object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String toXMLString() throws FSMsgException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (toXMLString(true, false));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns a String representation of this object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeNS Determines whether or not the namespace qualifier is
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * prepended to the Element when converted
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param declareNS Determines whether or not the namespace is declared
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * within the Element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return A string containing the valid XML for this object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSMsgException if there is an error creating
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the string.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String toXMLString(boolean includeNS,boolean declareNS)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster result.append(IFSConstants.LEFT_ANGLE).append(prefix)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append(uri).append(IFSConstants.SPACE).append(liburi)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster result.append(IFSConstants.AUTHENTICATION_METHOD).append("=\"")
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster result.append(IFSConstants.AUTHENTICATION_INSTANT).append("=\"")
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append(DateUtils.toUTCDateFormat(_authenticationInstant))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster result.append(IFSConstants.REAUTH_ON_OR_AFTER).append("=\"")
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append(DateUtils.toUTCDateFormat(reauthenticateOnOrAfter))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster result.append(IFSConstants.SESSION_INDEX).append("=\"")
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append(IFSConstants.AUTHENTICATIONSTATEMENT_TYPE)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ((FSSubject)getSubject()).toXMLString(includeNS, false));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster result.append(_subjectLocality.toString(includeNS, false));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((_authorityBinding != null) && (!_authorityBinding.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Iterator iter = this.getAuthorityBinding().iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster result.append(authBinding.toString(includeNS, false));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster result.append(_authnContext.toXMLString(includeNS, false));