a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: Request.java,v 1.2 2008/06/25 05:47:37 qcheng Exp $
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpotts * Portions Copyrighted 2016 ForgeRock AS.
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpottsimport static org.forgerock.openam.utils.Time.*;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.common.SystemConfigurationUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.AssertionIDReference;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLRequesterException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLRequestVersionTooHighException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLRequestVersionTooLowException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLResponderException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.xmlsig.XMLSignatureManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This <code>Request</code> class represents a Request XML document.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * It extends from the abstract base class <code>AbstractRequest</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.all.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * data members
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected List assertionIDRefs = Collections.EMPTY_LIST;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected List artifacts = Collections.EMPTY_LIST;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Request ID attribute name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static final String REQUEST_ID_ATTRIBUTE = "RequestID";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The request is not supported.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The request is an Authentication Query.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public final static int AUTHENTICATION_QUERY = 0;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The request is an Authorization Decision Query.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public final static int AUTHORIZATION_DECISION_QUERY = 1;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The request is an Assertion ID Reference.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public final static int ASSERTION_ID_REFERENCE = 2;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The request is an Assertion Artifact.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public final static int ASSERTION_ARTIFACT = 3;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The request is an Attribute Query.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructors
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Method to sign the Request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException if could not sign the Request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request.signXML: the request is "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "already signed.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request.signXML: couldn't obtain "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "this site's cert Alias.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("cannotFindCertAlias"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XMLSignatureManager manager = XMLSignatureManager.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((majorVersion == 1) && (minorVersion == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request.signXML: sign with version 1.0");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster signatureString = manager.signXML(this.toString(true, true),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // this block is used for later return of signature element by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // getSignature() method
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XMLUtils.toDOMDocument(signatureString, SAMLUtils.debug)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Document doc = XMLUtils.toDOMDocument(this.toString(true, true),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // sign with SAML 1.1 spec & include cert in KeyInfo
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster signature = manager.signXML(doc, certAlias, null,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster REQUEST_ID_ATTRIBUTE, getRequestID(), true, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This constructor shall only be used at the client side to construct a
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Request object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * NOTE: The content here is just the body for the Request. The
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * constructor will add <code>MajorVersion</code>,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>MinorVersion</code>, etc. to form a complete Request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param respondWiths A List of Strings representing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>RespondWith</code> elements. It could be null when there is
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * no <code><RespondWith></code>. Each string could be prefixed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * by <code>saml:</code>. If it is not prefixed, or prefixed by a
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * prefix other than <code>saml:</code>, <code>saml:</code> will be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * used instead.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param requestId If it's null, the constructor will create one.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param contents A List of objects that are the contents of Request that
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the client wants to send to the server. It could be an
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AuthenticationQuery</code>,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AuthorizationDecisionQuery</code>,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AttributeQuery</code>, 1 or more
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AssertionIDReference</code>, or 1 or more of
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AssertionArtifact</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException if an error occurs.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (int i = 0, length = respondWiths.size(); i < length; i++) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request: wrong input for "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "RespondWith");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (this.respondWiths).add(checkAndGetRespondWith((String)temp));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((requestId != null) && (requestId.length() != 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // random generate one
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("Request: couldn't generate RequestID.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("errorGenerateID"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private String checkAndGetRespondWith(String respondWith)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((respondWith == null) || (respondWith.length() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request: empty RespondWith Value.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (SAMLConstants.ASSERTION_PREFIX + respondWith);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster StringTokenizer st = new StringTokenizer(respondWith, ":");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request: wrong RespondWith value.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request: wrong RespondWith value.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (SAMLConstants.ASSERTION_PREFIX + temp);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Checks the contents of the Request and set the class members accordingly.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Used by this class only.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param contents A List that contains the contents of the request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * it could be a query, 1 or more <code>AssertionIDReference</code>,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * or 1 or more <code>AssertionArtifact</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException when an error occurs during the process.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void parseContents(List contents) throws SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // check contents and set the contentType appropriately
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request: empty content.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // make sure this is the first one on the list
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // and make sure there is no other elements on the list
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request: should contain only"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " one AuthenticationQuery.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (temp instanceof AuthorizationDecisionQuery) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // make sure this is the first one on the list
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // and make sure there is no other elements on the list
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request: should contain only"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " one AuthorizationDecisionQuery.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // make sure this is the first one on the list
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // and make sure there is no other elements on the list
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request: should contain only"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " one AttributeQuery.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (temp instanceof AssertionIDReference) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // if this is not the first element on the list , and if the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // the previously assigned elements are not AssertionIDReference
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request: should contain"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " one or more AssertionIDReference.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (assertionIDRefs == Collections.EMPTY_LIST) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster assertionIDRefs.add((AssertionIDReference) temp);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (temp instanceof AssertionArtifact) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // if this is not the first element on the list, and if the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // previously assigned elements are not AssertionArtifact:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request: should contain "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " one or more AssertionArtifact.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else { // everything else
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request: wrong input.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This constructor shall only be used at the client side to construct a
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Request object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * NOTE: The content here is just the body for the Request. The
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * constructor will add <code>MajorVersion</code>,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>MinorVersion</code>, etc. to form a complete Request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param requestId If it's null, the constructor will create one.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param query A Query to be included in the Request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAMLException if an error occurs.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public Request(String requestId, Query query) throws SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((requestId != null) && (requestId.length() != 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // random generate one
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("Request: couldn't generate RequestID.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("errorGenerateID"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request: empty content.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (query instanceof AuthorizationDecisionQuery) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request: this type of query is not"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " supported.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("queryNotSupported"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This constructor shall only be used at the client side to construct a
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Request object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * NOTE: The content here is just the body for the Request. The
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * constructor will add <code>MajorVersion</code>,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>MinorVersion</code>, etc. to form a complete Request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param requestId If it's null, the constructor will create one.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param contents A List of objects that are the contents of Request that
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the client wants to send to the server. It could be an
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AuthenticationQuery</code>,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AuthorizationDecisionQuery</code>,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AttributeQuery</code>, 1 or more
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AssertionIDReference</code>, or 1 or more of
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AssertionArtifact</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAMLException if an error occurs.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public Request(String requestId, List contents) throws SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // random generate one
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("errorGenerateID"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This method shall only be used at the server side to reconstruct
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * a Request object based on the XML document received from client.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The schema of this XML document is described above.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param xml The Request XML String.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * NOTE: this is a complete SAML request XML string with
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>RequestID</code>, <code>MajorVersion</code>, etc.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Request object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException if an error occurs.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Request parseXML(String xml) throws SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // parse the xml string
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Document doc = XMLUtils.toDOMDocument(xml, SAMLUtils.debug);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param root <code>Request</code> element
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAMLException
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public Request(Element root) throws SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Make sure this is a Request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): null input.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): wrong input");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List signs = XMLUtils.getElementsByTagNameNS1(root,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XMLSignatureManager manager = XMLSignatureManager.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): couldn't verify"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " Request's signature.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): included more than"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " one Signature element.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Attribute RequestID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((requestID == null) || (requestID.length() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): Request doesn't "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "have a RequestID.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("missingAttribute"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Attribute MajorVersion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster parseMajorVersion(requestID, root.getAttribute("MajorVersion"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Attribute MinorVersion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster parseMinorVersion(requestID, root.getAttribute("MinorVersion"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Attribute IssueInstant
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String instantString = root.getAttribute("IssueInstant");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((instantString == null) || (instantString.length() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): missing IssueInstant");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("missingAttribute"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster issueInstant = DateUtils.stringToDate(instantString);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Request(Element): could not parse IssueInstant", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequesterException(SAMLUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "wrongInput"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // get the contents of the request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (int i = 0, length = contentnl.getLength(); i < length; i++) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((nodeName = child.getLocalName()) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster respondWith = XMLUtils.getElementValue((Element) child);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): wrong "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "RespondWith value.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (nodeName.equals("AuthenticationQuery")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // make sure the content is not assigned already
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): should"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "contain only one AuthenticationQuery.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster query = new AuthenticationQuery((Element) child);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (nodeName.equals("AuthorizationDecisionQuery")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // make sure content is not assigned already
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): should"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "contain only one "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "AuthorizationDecisionQuery.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster query = new AuthorizationDecisionQuery((Element) child);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (nodeName.equals("AttributeQuery")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // make sure content is not assigned already
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): should"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "contain only one AttributeQuery.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (nodeName.equals("AssertionIDReference")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // make sure the content has no other elements assigned
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "contained mixed contents.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (assertionIDRefs == Collections.EMPTY_LIST) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (nodeName.equals("AssertionArtifact")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // make sure the content has no other elements assigned
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "contained mixed contents.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): invalid"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } // check nodeName
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } // if nodeName != null
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } // done for the nodelist loop
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request: empty content.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Parse the input and set the majorVersion accordingly.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param majorVer a String representing the MajorVersion to be set.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException when the version mismatchs.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void parseMajorVersion(String reqID, String majorVer)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): invalid "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "MajorVersion", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (majorVersion != SAMLConstants.PROTOCOL_MAJOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (majorVersion > SAMLConstants.PROTOCOL_MAJOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element):MajorVersion of "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "the Request is too high.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequestVersionTooHighException(reqID + "|"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("requestVersionTooHigh"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element):MajorVersion of "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "the Request is too low.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequestVersionTooLowException(reqID + "|"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("requestVersionTooLow"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Parse the input and set the minorVersion accordingly.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param minorVer a String representing the MinorVersion to be set.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException when the version mismatchs.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void parseMinorVersion(String reqID, String minorVer)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): invalid "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "MinorVersion", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (minorVersion > SAMLConstants.PROTOCOL_MINOR_VERSION_ONE) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): MinorVersion"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " of the Request is too high.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequestVersionTooHighException(reqID + "|"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("requestVersionTooHigh"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (minorVersion < SAMLConstants.PROTOCOL_MINOR_VERSION_ZERO) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): MinorVersion"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " of the Request is too low.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLRequestVersionTooLowException( reqID + "|"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("requestVersionTooLow"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This method parses the Query or SubjectQuery represented by a DOM tree
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Node. It then checks and sets data members if it is a supported query,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * such as AuthenticationQuery, AttributeQeury, or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AuthorizationDecisionQuery</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param child A DOM Node to be parsed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException if it's not a supported query.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void parseQuery(Node child) throws SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean found = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((attrName != null) && (attrName.equals("type"))) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (attrValue.equals("AuthenticationQueryType")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): should"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " contain only one AuthenticationQuery.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster query = new AuthenticationQuery((Element) child);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AuthorizationDecisionQueryType")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): should "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "contain one AuthorizationDecisionQuery.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster query = new AuthorizationDecisionQuery((Element) child);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (attrValue.equals("AttributeQueryType")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): should "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "contain one AttributeQuery.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): This type of"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("queryNotSupported"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } // check typevalue
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } // if found type attribute
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } // end attribute for loop
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // if not found type
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Request(Element): missing"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " xsi:type definition in " + child.getLocalName());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Gets the query of the Request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the query included in the request; or null if the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>contentType</code> of the request is not
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AUTHENTICATION_QUERY</code>,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AUTHORIZATION_DECISION_QUERY</code>, or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>ATTRIBUTE_QUERY</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Gets the <code>AssertionIDReference</code>(s) of the Request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a List of <code>AssertionIDReference</code>s included in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * request; or <code>Collections.EMPTY_LIST</code> if the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>contentType</code> of the request is not
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>ASSERTION_ID_REFERENCE</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Gets the <code>AssertionArtifact</code>(s) of the Request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a List of <code>AssertionArtifact</code>s included in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * request; or <code>Collections.EMPTY_LIST</code> if the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>contentType</code> of the request is not
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>ASSERTION_ARTIFACT</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the type of content this Request has.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return The type of the content. The possible values are defined in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Set the signature for the Response.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param elem <code>ds:Signature</code> element
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return true if the operation succeeds.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This method translates the request to an XML document String based on
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the Request schema described above.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * NOTE: this is a complete SAML request XML string with
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>RequestID</code>, <code>MajorVersion</code>, etc.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return An XML String representing the request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return toString(true, true);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns a String representation of the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code><samlp:Request></code> element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeNS Determines whether or not the namespace qualifier
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is prepended to the Element when converted
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param declareNS Determines whether or not the namespace is declared
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * within the Element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return A string containing the valid XML for this element
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String toString(boolean includeNS, boolean declareNS) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns a String representation of the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code><samlp:Request></code> element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeNS Determines whether or not the namespace qualifier
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is prepended to the Element when converted
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param declareNS Determines whether or not the namespace is declared
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * within the Element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeHeader Determines whether the output include the XML
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * declaration header.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return A string containing the valid XML for this element
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster xml.append("<?xml version=\"1.0\" encoding=\"").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(SAMLConstants.DEFAULT_ENCODING).append("\" ?>\n");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String instantString = DateUtils.toUTCDateFormat(issueInstant);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster xml.append("<").append(prefix).append("Request").append(uri).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(" RequestID=\"").append(requestID).append("\"").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(" MajorVersion=\"").append(majorVersion).append("\"").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(" MinorVersion=\"").append(minorVersion).append("\"").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(" IssueInstant=\"").append(instantString).append("\"").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if((respondWiths != null) && (respondWiths != Collections.EMPTY_LIST)){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster while (i.hasNext()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster xml.append("<").append(prefix).append("RespondWith>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (respondWith.startsWith(SAMLConstants.ASSERTION_PREFIX)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster xml.append(checkAndGetRespondWith(respondWith));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("Request.toString: ", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster xml.append("</").append(prefix).append("RespondWith>\n");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster xml.append(((AuthenticationQuery)query).toString(includeNS, false));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster xml.append(((AuthorizationDecisionQuery)query).toString(includeNS,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster xml.append(((AttributeQuery)query).toString(includeNS, false));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster while (j.hasNext()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster toString(true, true));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster while (j.hasNext()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster xml.append("</").append(prefix).append("Request>\n");