AssertionImpl.java revision ccf9d4a5c6453fa9f8b839baeee25147865fbb7d
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakova * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
211c5fb252e0a776baad9a4857ab198659289a4aKristina Sojakova * The contents of this file are subject to the terms
211c5fb252e0a776baad9a4857ab198659289a4aKristina Sojakova * of the Common Development and Distribution License
94e2e03f6efde106de095ef4ea0ec87f74955a31Kristina Sojakova * (the License). You may not use this file except in
211c5fb252e0a776baad9a4857ab198659289a4aKristina Sojakova * compliance with the License.
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakova * You can obtain a copy of the License at
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakova * https://opensso.dev.java.net/public/CDDLv1.0.html or
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * See the License for the specific language governing
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * permission and limitations under the License.
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * When distributing Covered Code, include this CDDL
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * Header Notice in each file and include the License file
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * If applicable, add the following below the CDDL Header,
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * with the fields enclosed by brackets [] replaced by
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * your own identifying information:
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * "Portions Copyrighted [year] [name of copyright owner]"
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * $Id: AssertionImpl.java,v 1.8 2009/05/09 15:43:59 mallas Exp $
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * Portions Copyrighted 2015-2016 ForgeRock AS.
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakovapackage com.sun.identity.saml2.assertion.impl;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakovaimport static org.forgerock.openam.utils.Time.*;
2c47bb55d963ff37dbae4a0a7701274fddb95fc8Christian Maederimport com.sun.identity.shared.xml.XMLUtils;
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakovaimport com.sun.identity.saml2.common.SAML2Constants;
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakovaimport com.sun.identity.saml2.common.SAML2Exception;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakovaimport com.sun.identity.saml2.common.SAML2SDKUtils;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakovaimport com.sun.identity.saml2.assertion.Assertion;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakovaimport com.sun.identity.saml2.assertion.AssertionFactory;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakovaimport com.sun.identity.saml2.assertion.AttributeStatement;
2fa2a7c86b9416f0e1607787e9416e274feb1143Christian Maederimport com.sun.identity.saml2.assertion.AuthnStatement;
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakovaimport com.sun.identity.saml2.assertion.AuthzDecisionStatement;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakovaimport com.sun.identity.saml2.assertion.EncryptedAssertion;
4e3744376d584470e1342cbac9ac27032f2045c3Christian Maederimport com.sun.identity.saml2.assertion.Subject;
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakovaimport com.sun.identity.saml2.assertion.Advice;
4e3744376d584470e1342cbac9ac27032f2045c3Christian Maederimport com.sun.identity.saml2.assertion.Conditions;
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakovaimport com.sun.identity.saml2.assertion.Issuer;
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakovaimport com.sun.identity.saml2.xmlenc.EncManager;
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakovaimport com.sun.identity.saml2.xmlsig.SigManager;
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakova * The <code>Assertion</code> element is a package of information
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakova * that supplies one or more <code>Statement</code> made by an issuer.
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakova * There are three kinds of assertions: Authentication, Authorization Decision,
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakova * and Attribute assertions.
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakovapublic class AssertionImpl implements Assertion {
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova private List<Object> statements = new ArrayList();
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova private List<AuthnStatement> authnStatements = new ArrayList();
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova private List<AuthzDecisionStatement> authzDecisionStatements = new ArrayList();
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova private List<AttributeStatement> attributeStatements = new ArrayList();
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova private boolean isMutable = true;
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_ELEMENT = "Assertion";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_VERSION_ATTR = "Version";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_ID_ATTR = "ID";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_ISSUEINSTANT_ATTR = "IssueInstant";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String XSI_TYPE_ATTR = "xsi:type";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_ISSUER = "Issuer";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_SIGNATURE = "Signature";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_SUBJECT = "Subject";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_CONDITIONS = "Conditions";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_ADVICE = "Advice";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_STATEMENT = "Statement";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_AUTHNSTATEMENT = "AuthnStatement";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_AUTHZDECISIONSTATEMENT =
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova "AuthzDecisionStatement";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public static String ASSERTION_ATTRIBUTESTATEMENT =
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova "AttributeStatement";
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * Default constructor
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * This constructor is used to build <code>Assertion</code> object from a
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * @param xml A <code>java.lang.String</code> representing
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * a <code>Assertion</code> object
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * @exception SAML2Exception if it could not process the XML string
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova public AssertionImpl(String xml) throws SAML2Exception {
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova Document document = XMLUtils.toDOMDocument(xml, SAML2SDKUtils.debug);
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova Element rootElement = document.getDocumentElement();
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova "AssertionImpl.processElement(): invalid XML input");
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
4cfef84218e908a7db4a0bba0927be1397886315Kristina Sojakova "errorObtainingElement"));
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * This constructor is used to build <code>Assertion</code> object from a
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * block of existing XML that has already been built into a DOM.
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * @param element A <code>org.w3c.dom.Element</code> representing
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * DOM tree for <code>Assertion</code> object
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova * @exception SAML2Exception if it could not process the Element
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova public AssertionImpl(Element element) throws SAML2Exception {
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova signedXMLString = XMLUtils.print(element,"UTF-8");
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova private void processElement(Element element) throws SAML2Exception {
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova "AssertionImpl.processElement(): invalid root element");
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
4cfef84218e908a7db4a0bba0927be1397886315Kristina Sojakova "invalid_element"));
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova "AssertionImpl.processElement(): local name missing");
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova "missing_local_name"));
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova if (!elemName.equals(ASSERTION_ELEMENT)) {
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova "AssertionImpl.processElement(): invalid local name " +
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
097b7fb3f8f90e87120d30bf37a1d89fe0ddfaf0Kristina Sojakova "invalid_local_name"));
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakova // starts processing attributes
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakova String attrValue = element.getAttribute(ASSERTION_VERSION_ATTR);
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakova if ((attrValue == null) || (attrValue.length() == 0)) {
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova "AssertionImpl.processElement(): version missing");
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
8b054cade993ef373d564b2d74c9c5a2da48f8b7Kristina Sojakova "missing_assertion_version"));
2ddc9d39235393dca2e40203dde20284db4c3deeKristina Sojakova attrValue = element.getAttribute(ASSERTION_ID_ATTR);
4e3744376d584470e1342cbac9ac27032f2045c3Christian Maeder if ((attrValue == null) || (attrValue.length() == 0)) {
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova "AssertionImpl.processElement(): assertion id missing");
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
b5702fcfbabcc2b13557bc96ed8376133420dc73Kristina Sojakova "missing_assertion_id"));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova attrValue = element.getAttribute(ASSERTION_ISSUEINSTANT_ATTR);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if ((attrValue == null) || (attrValue.length() == 0)) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "AssertionImpl.processElement(): issue instant missing");
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "missing_issue_instant"));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova issueInstant = DateUtils.stringToDate(attrValue);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "AssertionImpl.processElement(): invalid issue instant");
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "invalid_date_format"));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova // starts processing subelements
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "AssertionImpl.processElement(): assertion has no subelements");
887a1999374d1fb3a534e602a8d322de6ef4c8e8Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "missing_subelements"));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova AssertionFactory factory = AssertionFactory.getInstance();
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova while (child.getNodeType() != Node.ELEMENT_NODE) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova SAML2SDKUtils.debug.error("AssertionImpl.processElement():"
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova + " assertion has no subelements");
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "missing_subelements"));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova // The first subelement should be <Issuer>
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if ((childName == null) || (!childName.equals(ASSERTION_ISSUER))) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova SAML2SDKUtils.debug.error("AssertionImpl.processElement():"+
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova " the first element is not <Issuer>");
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "missing_subelement_issuer"));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova issuer = factory.getInstance().createIssuer((Element)child);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova while (child.getNodeType() != Node.ELEMENT_NODE) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova // The next subelement may be <ds:Signature>
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova signature = XMLUtils.print((Element)child);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova while (child.getNodeType() != Node.ELEMENT_NODE) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova // The next subelement may be <Subject>
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova subject = factory.createSubject((Element)child);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova while (child.getNodeType() != Node.ELEMENT_NODE) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova // The next subelement may be <Conditions>
14650c9e129d8dc51ed55b2edc6ec27d9f0f6d00Kristina Sojakova conditions = factory.createConditions((Element)child);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova while (child.getNodeType() != Node.ELEMENT_NODE) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova // The next subelement may be <Advice>
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova advice = factory.createAdvice((Element)child);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova // The next subelements are all statements
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if (child.getNodeType() == Node.ELEMENT_NODE) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if (childName.equals(ASSERTION_AUTHNSTATEMENT)) {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova factory.createAuthnStatement((Element)child));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova createAuthzDecisionStatement((Element)child));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova createAttributeStatement((Element)child));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova signature = XMLUtils.print((Element)child);
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova String type = ((Element)child).getAttribute(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova if (childName.equals(ASSERTION_STATEMENT) &&
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova statements.add(XMLUtils.print((Element)child));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "AssertionImpl.processElement(): " +
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * Returns the version number of the assertion.
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * @return The version number of the assertion.
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * Sets the version number of the assertion.
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * @param version the version number.
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * @exception SAML2Exception if the object is immutable
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova public void setVersion(String version) throws SAML2Exception {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "objectImmutable"));
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * Returns the time when the assertion was issued
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * @return the time of the assertion issued
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * Set the time when the assertion was issued
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * @param issueInstant the issue time of the assertion
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova * @exception SAML2Exception if the object is immutable
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova public void setIssueInstant(Date issueInstant) throws SAML2Exception {
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova throw new SAML2Exception(SAML2SDKUtils.bundle.getString(
9d770d1ea15092156d65e2a89b081eeeb8c6b153Kristina Sojakova "objectImmutable"));
return subject;
if (!isMutable) {
return advice;
if (!isMutable) {
return signature;
return conditions;
if (!isMutable) {
return id;
if (!isMutable) {
return statements;
return authnStatements;
return authzDecisionStatements;
return attributeStatements;
if (!isMutable) {
if (!isMutable) {
throws SAML2Exception {
if (!isMutable) {
if (!isMutable) {
return issuer;
if (!isMutable) {
public boolean isSigned() {
throws SAML2Exception {
public void sign(
) throws SAML2Exception {
toXMLString(true, true),
getID(),
int dataEncStrength,
) throws SAML2Exception {
toXMLString(true, true),
public boolean isTimeValid() {
throws SAML2Exception {
return signedXMLString;
if (declareNS) {
if (includeNSPrefix) {
return this.toXMLString(true, false);
public void makeImmutable() {
if (isMutable) {
isMutable = false;
public boolean isMutable() {
return isMutable;