AssertionImpl.java revision ccf9d4a5c6453fa9f8b839baeee25147865fbb7d
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakova/*
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakova * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova *
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
94e2e03f6efde106de095ef4ea0ec87f74955a31Kristina Sojakova *
211c5fb252e0a776baad9a4857ab198659289a4aKristina Sojakova * The contents of this file are subject to the terms
211c5fb252e0a776baad9a4857ab198659289a4aKristina Sojakova * of the Common Development and Distribution License
94e2e03f6efde106de095ef4ea0ec87f74955a31Kristina Sojakova * (the License). You may not use this file except in
211c5fb252e0a776baad9a4857ab198659289a4aKristina Sojakova * compliance with the License.
211c5fb252e0a776baad9a4857ab198659289a4aKristina Sojakova *
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakova * You can obtain a copy of the License at
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakova * https://opensso.dev.java.net/public/CDDLv1.0.html or
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * opensso/legal/CDDLv1.0.txt
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * See the License for the specific language governing
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * permission and limitations under the License.
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova *
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * When distributing Covered Code, include this CDDL
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * Header Notice in each file and include the License file
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * at opensso/legal/CDDLv1.0.txt.
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * If applicable, add the following below the CDDL Header,
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * with the fields enclosed by brackets [] replaced by
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * your own identifying information:
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * "Portions Copyrighted [year] [name of copyright owner]"
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova *
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * $Id: AssertionImpl.java,v 1.8 2009/05/09 15:43:59 mallas Exp $
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova *
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * Portions Copyrighted 2015-2016 ForgeRock AS.
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova */
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakovapackage com.sun.identity.saml2.assertion.impl;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakovaimport static org.forgerock.openam.utils.Time.*;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakovaimport org.w3c.dom.Document;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakovaimport org.w3c.dom.Element;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakovaimport org.w3c.dom.Node;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakovaimport org.w3c.dom.NodeList;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakovaimport java.util.Collections;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakovaimport java.util.Date;
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakovaimport java.util.List;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakovaimport java.util.ArrayList;
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakovaimport java.text.ParseException;
2c47bb55d963ff37dbae4a0a7701274fddb95fc8Christian Maederimport java.security.Key;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakovaimport java.security.PrivateKey;
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakovaimport java.security.cert.X509Certificate;
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakovaimport java.util.Set;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova
2c47bb55d963ff37dbae4a0a7701274fddb95fc8Christian Maederimport com.sun.identity.shared.xml.XMLUtils;
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakovaimport com.sun.identity.shared.DateUtils;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakovaimport com.sun.identity.saml2.common.SAML2Constants;
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakovaimport com.sun.identity.saml2.common.SAML2Exception;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakovaimport com.sun.identity.saml2.common.SAML2SDKUtils;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakovaimport com.sun.identity.saml2.assertion.Assertion;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakovaimport com.sun.identity.saml2.assertion.AssertionFactory;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakovaimport com.sun.identity.saml2.assertion.AttributeStatement;
2fa2a7c86b9416f0e1607787e9416e274feb1143Christian Maederimport com.sun.identity.saml2.assertion.AuthnStatement;
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakovaimport com.sun.identity.saml2.assertion.AuthzDecisionStatement;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakovaimport com.sun.identity.saml2.assertion.EncryptedAssertion;
4e3744376d584470e1342cbac9ac27032f2045c3Christian Maederimport com.sun.identity.saml2.assertion.Subject;
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakovaimport com.sun.identity.saml2.assertion.Advice;
4e3744376d584470e1342cbac9ac27032f2045c3Christian Maederimport com.sun.identity.saml2.assertion.Conditions;
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakovaimport com.sun.identity.saml2.assertion.Issuer;
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakovaimport com.sun.identity.saml2.xmlenc.EncManager;
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakovaimport com.sun.identity.saml2.xmlsig.SigManager;
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakova
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakova/**
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakova * The <code>Assertion</code> element is a package of information
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakova * that supplies one or more <code>Statement</code> made by an issuer.
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakova * There are three kinds of assertions: Authentication, Authorization Decision,
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakova * and Attribute assertions.
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakova */
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakovapublic class AssertionImpl implements Assertion {
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova private String version;
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakova private Date issueInstant;
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakova private Subject subject;
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakova private Advice advice;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova private String signature;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova private Conditions conditions;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova private String id;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova private List<Object> statements = new ArrayList();
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova private List<AuthnStatement> authnStatements = new ArrayList();
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova private List<AuthzDecisionStatement> authzDecisionStatements = new ArrayList();
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova private List<AttributeStatement> attributeStatements = new ArrayList();
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova private Issuer issuer;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova private boolean isMutable = true;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova private String signedXMLString = null;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova private Boolean isSignatureValid = null;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_ELEMENT = "Assertion";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_VERSION_ATTR = "Version";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_ID_ATTR = "ID";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_ISSUEINSTANT_ATTR = "IssueInstant";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String XSI_TYPE_ATTR = "xsi:type";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_ISSUER = "Issuer";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_SIGNATURE = "Signature";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_SUBJECT = "Subject";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_CONDITIONS = "Conditions";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_ADVICE = "Advice";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_STATEMENT = "Statement";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_AUTHNSTATEMENT = "AuthnStatement";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_AUTHZDECISIONSTATEMENT =
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova "AuthzDecisionStatement";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_ATTRIBUTESTATEMENT =
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova "AttributeStatement";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova /**
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * Default constructor
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova */
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public AssertionImpl() {
2fa2a7c86b9416f0e1607787e9416e274feb1143Christian Maeder }
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova /**
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * This constructor is used to build <code>Assertion</code> object from a
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * XML string.
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova *
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * @param xml A <code>java.lang.String</code> representing
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * a <code>Assertion</code> object
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * @exception SAML2Exception if it could not process the XML string
4cfef84218e908a7db4a0bba0927be1397886315Kristina Sojakova */
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova public AssertionImpl(String xml) throws SAML2Exception {
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova Document document = XMLUtils.toDOMDocument(xml, SAML2SDKUtils.debug);
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova if (document != null) {
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova Element rootElement = document.getDocumentElement();
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova processElement(rootElement);
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova makeImmutable();
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova } else {
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova SAML2SDKUtils.debug.error(
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova "AssertionImpl.processElement(): invalid XML input");
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
4cfef84218e908a7db4a0bba0927be1397886315Kristina Sojakova "errorObtainingElement"));
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova }
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova if (signature != null) {
4cfef84218e908a7db4a0bba0927be1397886315Kristina Sojakova signedXMLString = xml;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova }
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova }
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova /**
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * This constructor is used to build <code>Assertion</code> object from a
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * block of existing XML that has already been built into a DOM.
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova *
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * @param element A <code>org.w3c.dom.Element</code> representing
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * DOM tree for <code>Assertion</code> object
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * @exception SAML2Exception if it could not process the Element
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova */
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public AssertionImpl(Element element) throws SAML2Exception {
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova processElement(element);
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova makeImmutable();
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova if (signature != null) {
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova signedXMLString = XMLUtils.print(element,"UTF-8");
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova }
4cfef84218e908a7db4a0bba0927be1397886315Kristina Sojakova }
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova private void processElement(Element element) throws SAML2Exception {
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova if (element == null) {
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova SAML2SDKUtils.debug.error(
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova "AssertionImpl.processElement(): invalid root element");
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
4cfef84218e908a7db4a0bba0927be1397886315Kristina Sojakova "invalid_element"));
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova }
4cfef84218e908a7db4a0bba0927be1397886315Kristina Sojakova String elemName = element.getLocalName();
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova if (elemName == null) {
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova SAML2SDKUtils.debug.error(
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova "AssertionImpl.processElement(): local name missing");
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova "missing_local_name"));
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova }
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova if (!elemName.equals(ASSERTION_ELEMENT)) {
4cfef84218e908a7db4a0bba0927be1397886315Kristina Sojakova SAML2SDKUtils.debug.error(
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova "AssertionImpl.processElement(): invalid local name " +
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova elemName);
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova "invalid_local_name"));
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova }
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakova
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakova // starts processing attributes
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakova String attrValue = element.getAttribute(ASSERTION_VERSION_ATTR);
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakova if ((attrValue == null) || (attrValue.length() == 0)) {
4e3744376d584470e1342cbac9ac27032f2045c3Christian Maeder SAML2SDKUtils.debug.error(
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova "AssertionImpl.processElement(): version missing");
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakova "missing_assertion_version"));
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakova }
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakova version = attrValue;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakova attrValue = element.getAttribute(ASSERTION_ID_ATTR);
4e3744376d584470e1342cbac9ac27032f2045c3Christian Maeder if ((attrValue == null) || (attrValue.length() == 0)) {
4e3744376d584470e1342cbac9ac27032f2045c3Christian Maeder SAML2SDKUtils.debug.error(
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova "AssertionImpl.processElement(): assertion id missing");
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova "missing_assertion_id"));
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova }
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova id = attrValue;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova attrValue = element.getAttribute(ASSERTION_ISSUEINSTANT_ATTR);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if ((attrValue == null) || (attrValue.length() == 0)) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova SAML2SDKUtils.debug.error(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "AssertionImpl.processElement(): issue instant missing");
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "missing_issue_instant"));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova try {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova issueInstant = DateUtils.stringToDate(attrValue);
887a1999374d1fb3a534e602a8d322de6ef4c8e8Kristina Sojakova } catch (ParseException pe) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova SAML2SDKUtils.debug.error(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "AssertionImpl.processElement(): invalid issue instant");
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "invalid_date_format"));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova // starts processing subelements
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova NodeList nodes = element.getChildNodes();
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova int numOfNodes = nodes.getLength();
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if (numOfNodes < 1) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova SAML2SDKUtils.debug.error(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "AssertionImpl.processElement(): assertion has no subelements");
887a1999374d1fb3a534e602a8d322de6ef4c8e8Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "missing_subelements"));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova AssertionFactory factory = AssertionFactory.getInstance();
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova int nextElem = 0;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova Node child = (Node)nodes.item(nextElem);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova while (child.getNodeType() != Node.ELEMENT_NODE) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if (++nextElem >= numOfNodes) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova SAML2SDKUtils.debug.error("AssertionImpl.processElement():"
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova + " assertion has no subelements");
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "missing_subelements"));
887a1999374d1fb3a534e602a8d322de6ef4c8e8Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova child = (Node)nodes.item(nextElem);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova // The first subelement should be <Issuer>
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova String childName = child.getLocalName();
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if ((childName == null) || (!childName.equals(ASSERTION_ISSUER))) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova SAML2SDKUtils.debug.error("AssertionImpl.processElement():"+
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova " the first element is not <Issuer>");
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "missing_subelement_issuer"));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova issuer = factory.getInstance().createIssuer((Element)child);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if (++nextElem >= numOfNodes) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova return;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova child = (Node)nodes.item(nextElem);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova while (child.getNodeType() != Node.ELEMENT_NODE) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if (++nextElem >= numOfNodes) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova return;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova child = (Node)nodes.item(nextElem);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova // The next subelement may be <ds:Signature>
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova childName = child.getLocalName();
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if ((childName != null) &&
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova childName.equals(ASSERTION_SIGNATURE)) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova signature = XMLUtils.print((Element)child);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if (++nextElem >= numOfNodes) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova return;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova child = (Node)nodes.item(nextElem);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova while (child.getNodeType() != Node.ELEMENT_NODE) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if (++nextElem >= numOfNodes) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova return;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova child = (Node)nodes.item(nextElem);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova childName = child.getLocalName();
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova } else {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova signature = null;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova // The next subelement may be <Subject>
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if ((childName != null) &&
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova childName.equals(ASSERTION_SUBJECT)) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova subject = factory.createSubject((Element)child);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if (++nextElem >= numOfNodes) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova return;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova child = (Node)nodes.item(nextElem);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova while (child.getNodeType() != Node.ELEMENT_NODE) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if (++nextElem >= numOfNodes) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova return;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova child = (Node)nodes.item(nextElem);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova childName = child.getLocalName();
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova } else {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova subject = null;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova // The next subelement may be <Conditions>
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if ((childName != null) &&
14650c9e129d8dc51ed55b2edc6ec27d9f0f6d00Kristina Sojakova childName.equals(ASSERTION_CONDITIONS)) {
14650c9e129d8dc51ed55b2edc6ec27d9f0f6d00Kristina Sojakova conditions = factory.createConditions((Element)child);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if (++nextElem >= numOfNodes) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova return;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova child = (Node)nodes.item(nextElem);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova while (child.getNodeType() != Node.ELEMENT_NODE) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if (++nextElem >= numOfNodes) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova return;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova child = (Node)nodes.item(nextElem);
14650c9e129d8dc51ed55b2edc6ec27d9f0f6d00Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova childName = child.getLocalName();
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova } else {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova conditions = null;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova // The next subelement may be <Advice>
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if ((childName != null) &&
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova childName.equals(ASSERTION_ADVICE)) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova advice = factory.createAdvice((Element)child);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova nextElem++;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova } else {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova advice = null;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
14650c9e129d8dc51ed55b2edc6ec27d9f0f6d00Kristina Sojakova
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova // The next subelements are all statements
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova while (nextElem < numOfNodes) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova child = (Node)nodes.item(nextElem);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if (child.getNodeType() == Node.ELEMENT_NODE) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova childName = child.getLocalName();
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if (childName != null) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if (childName.equals(ASSERTION_AUTHNSTATEMENT)) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova authnStatements.add(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova factory.createAuthnStatement((Element)child));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova } else if (childName.equals(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova ASSERTION_AUTHZDECISIONSTATEMENT)) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova authzDecisionStatements.add(factory.
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova createAuthzDecisionStatement((Element)child));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova } else if (childName.equals(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova ASSERTION_ATTRIBUTESTATEMENT)) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova attributeStatements.add(factory.
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova createAttributeStatement((Element)child));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova } else if ((childName != null) &&
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova childName.equals(ASSERTION_SIGNATURE)) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova signature = XMLUtils.print((Element)child);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova } else {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova String type = ((Element)child).getAttribute(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova XSI_TYPE_ATTR);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if (childName.equals(ASSERTION_STATEMENT) &&
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova (type != null && type.length() > 0)) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova statements.add(XMLUtils.print((Element)child));
df31d6f25f90e5112184f4eb60c8d3c7b116ca2dKristina Sojakova } else {
df31d6f25f90e5112184f4eb60c8d3c7b116ca2dKristina Sojakova SAML2SDKUtils.debug.error(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "AssertionImpl.processElement(): " +
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "unexpected subelement " + childName);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova getString("unexpected_subelement"));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova nextElem++;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
887a1999374d1fb3a534e602a8d322de6ef4c8e8Kristina Sojakova
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova /**
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * Returns the version number of the assertion.
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova *
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * @return The version number of the assertion.
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova */
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova @Override
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova public String getVersion() {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova return version;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova /**
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * Sets the version number of the assertion.
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova *
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * @param version the version number.
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * @exception SAML2Exception if the object is immutable
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova */
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova @Override
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova public void setVersion(String version) throws SAML2Exception {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if (!isMutable) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "objectImmutable"));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova this.version = version;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova /**
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * Returns the time when the assertion was issued
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova *
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * @return the time of the assertion issued
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova */
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova @Override
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova public Date getIssueInstant() {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova return issueInstant;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova /**
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * Set the time when the assertion was issued
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova *
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * @param issueInstant the issue time of the assertion
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * @exception SAML2Exception if the object is immutable
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova */
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova @Override
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova public void setIssueInstant(Date issueInstant) throws SAML2Exception {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if (!isMutable) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "objectImmutable"));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova }
this.issueInstant = issueInstant;
}
/**
* Returns the subject of the assertion
*
* @return the subject of the assertion
*/
@Override
public Subject getSubject() {
return subject;
}
/**
* Sets the subject of the assertion
*
* @param subject the subject of the assertion
* @exception SAML2Exception if the object is immutable
*/
public void setSubject(Subject subject) throws SAML2Exception {
if (!isMutable) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
"objectImmutable"));
}
this.subject = subject;
}
/**
* Returns the advice of the assertion
*
* @return the advice of the assertion
*/
@Override
public Advice getAdvice() {
return advice;
}
/**
* Sets the advice of the assertion
*
* @param advice the advice of the assertion
* @exception SAML2Exception if the object is immutable
*/
@Override
public void setAdvice(Advice advice) throws SAML2Exception {
if (!isMutable) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
"objectImmutable"));
}
this.advice = advice;
}
/**
* Returns the signature of the assertion
*
* @return the signature of the assertion
*/
@Override
public String getSignature() {
return signature;
}
/**
* Returns the conditions of the assertion
*
* @return the conditions of the assertion
*/
@Override
public Conditions getConditions() {
return conditions;
}
/**
* Sets the conditions of the assertion
*
* @param conditions the conditions of the assertion
* @exception SAML2Exception if the object is immutable
*/
@Override
public void setConditions(Conditions conditions) throws SAML2Exception {
if (!isMutable) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
"objectImmutable"));
}
this.conditions = conditions;
}
/**
* Returns the id of the assertion
*
* @return the id of the assertion
*/
@Override
public String getID() {
return id;
}
/**
* Sets the id of the assertion
*
* @param id the id of the assertion
* @exception SAML2Exception if the object is immutable
*/
@Override
public void setID(String id) throws SAML2Exception {
if (!isMutable) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
"objectImmutable"));
}
this.id = id;
}
/**
* Returns the statements of the assertion
*
* @return the statements of the assertion
*/
@Override
public List<Object> getStatements() {
return statements;
}
/**
* Returns the Authn statements of the assertion
*
* @return the Authn statements of the assertion
*/
@Override
public List<AuthnStatement> getAuthnStatements() {
return authnStatements;
}
/**
* Returns the <code>AuthzDecisionStatements</code> of the assertion
*
* @return the <code>AuthzDecisionStatements</code> of the assertion
*/
@Override
public List<AuthzDecisionStatement> getAuthzDecisionStatements() {
return authzDecisionStatements;
}
/**
* Returns the attribute statements of the assertion
*
* @return the attribute statements of the assertion
*/
@Override
public List<AttributeStatement> getAttributeStatements() {
return attributeStatements;
}
/**
* Sets the statements of the assertion
*
* @param statements the statements of the assertion
* @exception SAML2Exception if the object is immutable
*/
@Override
public void setStatements(List<Object> statements) throws SAML2Exception {
if (!isMutable) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
"objectImmutable"));
}
this.statements = statements;
}
/**
* Sets the <code>AuthnStatements</code> of the assertion
*
* @param statements the <code>AuthnStatements</code> of the assertion
* @exception SAML2Exception if the object is immutable
*/
@Override
public void setAuthnStatements(List<AuthnStatement> statements) throws SAML2Exception {
if (!isMutable) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
"objectImmutable"));
}
authnStatements = statements;
}
/**
* Sets the <code>AuthzDecisionStatements</code> of the assertion
*
* @param statements the <code>AuthzDecisionStatements</code> of
* the assertion
* @exception SAML2Exception if the object is immutable
*/
@Override
public void setAuthzDecisionStatements(List<AuthzDecisionStatement> statements)
throws SAML2Exception {
if (!isMutable) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
"objectImmutable"));
}
authzDecisionStatements = statements;
}
/**
* Sets the attribute statements of the assertion
*
* @param statements the attribute statements of the assertion
* @exception SAML2Exception if the object is immutable
*/
@Override
public void setAttributeStatements(List<AttributeStatement> statements) throws SAML2Exception {
if (!isMutable) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
"objectImmutable"));
}
attributeStatements = statements;
}
/**
* Returns the issuer of the assertion
*
* @return the issuer of the assertion
*/
@Override
public Issuer getIssuer() {
return issuer;
}
/**
* Sets the issuer of the assertion
*
* @param issuer the issuer of the assertion
* @exception SAML2Exception if the object is immutable
*/
@Override
public void setIssuer(Issuer issuer) throws SAML2Exception {
if (!isMutable) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
"objectImmutable"));
}
this.issuer = issuer;
}
/**
* Return whether the assertion is signed
*
* @return true if the assertion is signed; false otherwise.
*/
@Override
public boolean isSigned() {
return (signature != null);
}
@Override
public boolean isSignatureValid(Set<X509Certificate> verificationCerts)
throws SAML2Exception {
if (isSignatureValid == null) {
if (signedXMLString == null) {
signedXMLString = toXMLString(true, true);
}
isSignatureValid = SigManager.getSigInstance().verify(signedXMLString, getID(), verificationCerts);
}
return isSignatureValid.booleanValue();
}
/**
* Sign the Assertion.
*
* @param privateKey Signing key
* @param cert Certificate which contain the public key correlated to
* the signing key; It if is not null, then the signature
* will include the certificate; Otherwise, the signature
* will not include any certificate
* @exception SAML2Exception if it could not sign the assertion.
*/
@Override
public void sign(
PrivateKey privateKey,
X509Certificate cert
) throws SAML2Exception {
Element signatureElement =
SigManager.getSigInstance().sign(
toXMLString(true, true),
getID(),
privateKey,
cert
);
signature = XMLUtils.print(signatureElement);
signedXMLString = XMLUtils.print(
signatureElement.getOwnerDocument().
getDocumentElement(), "UTF-8");
makeImmutable();
}
/**
* Returns an <code>EncryptedAssertion</code> object.
*
* @param recipientPublicKey Public key used to encrypt the data encryption
* (secret) key, it is the public key of the
* recipient of the XML document to be encrypted.
* @param dataEncAlgorithm Data encryption algorithm.
* @param dataEncStrength Data encryption strength.
* @param recipientEntityID Unique identifier of the recipient, it is used
* as the index to the cached secret key so that
* the key can be reused for the same recipient;
* It can be null in which case the secret key will
* be generated every time and will not be cached
* and reused. Note that the generation of a secret
* key is a relatively expensive operation.
* @return <code>EncryptedAssertion</code> object
* @throws SAML2Exception if error occurs during the encryption process.
*/
@Override
public EncryptedAssertion encrypt(
Key recipientPublicKey,
String dataEncAlgorithm,
int dataEncStrength,
String recipientEntityID
) throws SAML2Exception {
Element el = EncManager.getEncInstance().encrypt(
toXMLString(true, true),
recipientPublicKey,
dataEncAlgorithm,
dataEncStrength,
recipientEntityID,
"EncryptedAssertion"
);
return AssertionFactory.getInstance().
createEncryptedAssertion(el);
}
/**
* Gets the validity of the assertion evaluating its conditions if
* specified.
*
* @return false if conditions is invalid based on it lying between
* <code>NotBefore</code> (current time inclusive) and
* <code>NotOnOrAfter</code> (current time exclusive) values
* and true otherwise or if no conditions specified.
*/
@Override
public boolean isTimeValid() {
if (conditions == null) {
return true;
}
else {
return conditions.checkDateValidity(currentTimeMillis());
}
}
/**
* Returns a String representation
* @param includeNSPrefix Determines whether or not the namespace
* qualifier is prepended to the Element when converted
* @param declareNS Determines whether or not the namespace is declared
* within the Element.
* @return A String representation
* @exception SAML2Exception if something is wrong during conversion
*/
@Override
public String toXMLString(boolean includeNSPrefix, boolean declareNS)
throws SAML2Exception {
if ((signature != null) && (signedXMLString != null)) {
return signedXMLString;
}
StringBuffer sb = new StringBuffer(2000);
String NS = "";
String appendNS = "";
if (declareNS) {
NS = SAML2Constants.ASSERTION_DECLARE_STR;
}
if (includeNSPrefix) {
appendNS = SAML2Constants.ASSERTION_PREFIX;
}
sb.append("<").append(appendNS).append(ASSERTION_ELEMENT).append(NS);
if ((version == null) || (version.length() == 0)) {
SAML2SDKUtils.debug.error(
"AssertionImpl.toXMLString(): version missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
"missing_assertion_version"));
}
sb.append(" ").append(ASSERTION_VERSION_ATTR).append("=\"").
append(version).append("\"");
if ((id == null) || (id.length() == 0)) {
SAML2SDKUtils.debug.error(
"AssertionImpl.toXMLString(): assertion id missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
"missing_assertion_id"));
}
sb.append(" ").append(ASSERTION_ID_ATTR).append("=\"").
append(id).append("\"");
if (issueInstant == null) {
SAML2SDKUtils.debug.error(
"AssertionImpl.toXMLString(): issue instant missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
"missing_issue_instant"));
}
String instantStr = DateUtils.toUTCDateFormat(issueInstant);
sb.append(" ").append(ASSERTION_ISSUEINSTANT_ATTR).append("=\"").
append(instantStr).append("\"").append(">\n");
if (issuer == null) {
SAML2SDKUtils.debug.error(
"AssertionImpl.toXMLString(): issuer missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
"missing_subelement_issuer"));
}
sb.append(issuer.toXMLString(includeNSPrefix, false));
if (signature != null) {
sb.append(signature);
}
if (subject != null) {
sb.append(subject.toXMLString(includeNSPrefix, false));
}
if (conditions != null) {
sb.append(conditions.toXMLString(includeNSPrefix, false));
}
if (advice != null) {
sb.append(advice.toXMLString(includeNSPrefix, false));
}
int length = 0;
if (statements != null) {
length = statements.size();
for (int i = 0; i < length; i++) {
String str = (String)statements.get(i);
sb.append(str);
}
}
if (authnStatements != null) {
length = authnStatements.size();
for (int i = 0; i < length; i++) {
AuthnStatement st = (AuthnStatement)authnStatements.get(i);
sb.append(st.toXMLString(includeNSPrefix, false));
}
}
if (authzDecisionStatements != null) {
length = authzDecisionStatements.size();
for (int i = 0; i < length; i++) {
AuthzDecisionStatement st =
(AuthzDecisionStatement)authzDecisionStatements.get(i);
sb.append(st.toXMLString(includeNSPrefix, false));
}
}
if (attributeStatements != null) {
length = attributeStatements.size();
for (int i = 0; i < length; i++) {
AttributeStatement st =
(AttributeStatement)attributeStatements.get(i);
sb.append(st.toXMLString(includeNSPrefix, false));
}
}
sb.append("</").append(appendNS).append(ASSERTION_ELEMENT).
append(">\n");
//return SAML2Utils.removeNewLineChars(sb.toString());
return sb.toString();
}
/**
* Returns a String representation
*
* @return A String representation
* @exception SAML2Exception if something is wrong during conversion
*/
@Override
public String toXMLString() throws SAML2Exception {
return this.toXMLString(true, false);
}
/**
* Makes the object immutable
*/
@Override
public void makeImmutable() {
if (isMutable) {
if (authnStatements != null) {
int length = authnStatements.size();
for (int i = 0; i < length; i++) {
AuthnStatement authn =
(AuthnStatement)authnStatements.get(i);
authn.makeImmutable();
}
authnStatements = Collections.unmodifiableList(
authnStatements);
}
if (authzDecisionStatements != null) {
int length = authzDecisionStatements.size();
for (int i = 0; i < length; i++) {
AuthzDecisionStatement authz =
(AuthzDecisionStatement)authzDecisionStatements.get(i);
authz.makeImmutable();
}
authzDecisionStatements = Collections.unmodifiableList(
authzDecisionStatements);
}
if (attributeStatements != null) {
int length = attributeStatements.size();
for (int i = 0; i < length; i++) {
AttributeStatement attr =
(AttributeStatement)attributeStatements.get(i);
attr.makeImmutable();
}
attributeStatements = Collections.unmodifiableList(
attributeStatements);
}
if (statements != null) {
statements = Collections.unmodifiableList(statements);
}
if (conditions != null) {
conditions.makeImmutable();
}
if (issuer != null) {
issuer.makeImmutable();
}
if (subject != null) {
subject.makeImmutable();
}
if (advice != null) {
advice.makeImmutable();
}
isMutable = false;
}
}
/**
* Returns true if the object is mutable
*
* @return true if the object is mutable
*/
@Override
public boolean isMutable() {
return isMutable;
}
}