a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: FSSAMLRequest.java,v 1.2 2008/06/25 05:46:45 qcheng Exp $
f948ca04a28ccfeed9633bf4b0fb0d2c59c37478David Luna * Portions Copyrighted 2014 ForgeRock AS
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.protocol.AssertionArtifact;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLRequestVersionTooHighException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLRequestVersionTooLowException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLRequesterException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.xmlsig.XMLSignatureManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This class had methods to create a <code>SAML</code> Request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * object from a Document Element and to create Request message
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * from this object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.all.api
f948ca04a28ccfeed9633bf4b0fb0d2c59c37478David Luna * @deprecated since 12.0.0
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Default Constructor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor creates <code>FSSAMLRequest</code> from
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the Document Element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param root the Document Element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAMLException if there is an error creating this object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public FSSAMLRequest(Element root) throws SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Make sure this is a Request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("FSSAMLRequest(Element): null input.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("FSSAMLRequest(Element): wrong input");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Attribute MajorVersion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster parseMajorVersion(root.getAttribute("MajorVersion"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Attribute MinorVersion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster parseMinorVersion(root.getAttribute("MinorVersion"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List signs = XMLUtils.getElementsByTagNameNS1(root,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XMLSignatureManager manager = XMLSignatureManager.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IFSConstants.FF_11_SAML_PROTOCOL_MINOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("FSSAMLRequest(Element): couldn't"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " verify Request's signature.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("FSSAMLRequest(Element): included more "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "than one Signature element.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Attribute RequestID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((requestID == null) || (requestID.length() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("FSSAMLRequest(Element): Request "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "does not have a RequestID.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Attribute IssueInstant
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String instantString = root.getAttribute("IssueInstant");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((instantString == null) || (instantString.length() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("FSSAMLRequest(Element): "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " missing IssueInstant");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] args = { IFSConstants.ISSUE_INSTANT };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster issueInstant = DateUtils.stringToDate(instantString);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSAMLRequest(Element): could not parse IssueInstant",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // get the contents of the request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (int i = 0, length = contentnl.getLength(); i < length; i++) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((nodeName = child.getLocalName()) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster respondWith = XMLUtils.getElementValue((Element) child);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("FSSAMLRequest(Element): "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "wrong RespondWith value.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (nodeName.equals("AssertionArtifact")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // make sure the content has no other elements assigned
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("FSSAMLRequest(Element): "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "contained mixed contents.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AssertionArtifact newArt = new FSAssertionArtifact(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("FSSAMLRequest(Element): ", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("FSSAMLRequest(Element):invalid"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } // check nodeName
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } // if nodeName != null
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } // done for the nodelist loop
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request: empty content.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the <code>MajorVersion</code> by parsing the version string.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param majorVer a String representing the <code>MajorVersion</code> to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAMLException when the version mismatches.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void parseMajorVersion(String majorVer) throws SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("FSSAMLRequest(Element): invalid "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "MajorVersion", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (majorVersion != SAMLConstants.PROTOCOL_MAJOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (majorVersion > SAMLConstants.PROTOCOL_MAJOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("FSSAMLRequest(Element): "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "MajorVersion of the Request is too high.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.BUNDLE_NAME,"requestVersionTooHigh",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("FSSAMLRequest(Element): "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "MajorVersion of the Request is too low.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequestVersionTooLowException(FSUtils.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the <code>MinorVersion</code> by parsing the version string.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param minorVer a String representing the <code>MinorVersion</code> to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAMLException when the version mismatches.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void parseMinorVersion(String minorVer) throws SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Request(Element): invalid "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "MinorVersion", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(minorVersion > IFSConstants.FF_12_SAML_PROTOCOL_MINOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("Request(Element): MinorVersion"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " of the Request is too high.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequestVersionTooHighException(FSUtils.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IFSConstants.FF_11_SAML_PROTOCOL_MINOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("Request(Element): MinorVersion"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " of the Request is too low.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequestVersionTooLowException(FSUtils.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the <code>MinorVersion</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the Minor Version.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #setMinorVersion(int)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the <code>MinorVersion</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param version the minor version in the assertion.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #setMinorVersion(int)