AuthnQueryUtil.java revision 449854c2a07b50ea64d9d6a8b03d18d4afeeee43
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: AuthnQueryUtil.java,v 1.8 2008/12/03 00:32:31 hengming Exp $
*
* Portions Copyrighted 2010-2015 ForgeRock AS.
*/
/**
* This class provides methods to send or process <code>AuthnQuery</code>.
*
* @supported.api
*/
public class AuthnQueryUtil {
private AuthnQueryUtil() {
}
/**
* This method sends the <code>AuthnQuery</code> to specifiied
* authentication authority and returns <code>Response</code> coming
* from the authentication authority.
*
* @param authnQuery the <code>AuthnQuery</code> object
* @param authnAuthorityEntityID entity ID of authentication authority
* @param realm the realm of hosted entity
* @param binding the binding
*
* @return the <code>Response</code> object
* @exception SAML2Exception if the operation is not successful
*
* @supported.api
*/
throws SAML2Exception {
try {
} catch (SAML2MetaException sme) {
sme);
throw new SAML2Exception(
}
throw new SAML2Exception(
}
throw new SAML2Exception(
}
break;
}
}
throw new SAML2Exception(
}
} else {
throw new SAML2Exception(
}
}
/**
* This method processes the <code>AuthnQuery</code> coming
* from a requester.
*
* @param authnQuery the <code>AuthnQuery</code> object
* @param request the <code>HttpServletRequest</code> object
* @param response the <code>HttpServletResponse</code> object
* @param authnAuthorityEntityID entity ID of authentication authority
* @param realm the realm of hosted entity
*
* @return the <code>Response</code> object
* @exception SAML2Exception if the operation is not successful
*/
try {
} catch(SAML2Exception se) {
}
try {
} catch (SAML2MetaException sme) {
}
}
}
}
// get assertion for matching authncontext using session
if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
"getting user assertions from DB. user = " + cacheKey);
}
try {
} catch(SAML2TokenRepositoryException se) {
}
assertions = new ArrayList();
assertionStr));
}
}
} else {
}
synchronized (assertions) {
if (!assertion.isTimeValid()) {
"AuthnQueryUtil.processAuthnQuery: " +
" expired.");
}
continue;
}
"AuthnQueryUtil.processAuthnQuery: " +
"authnStmtACClassRef is " +
authnStmtACClassRef + ", sessionIndex = " +
}
if ((qSessionIndex != null) &&
continue;
}
if (requestedAC != null) {
break;
}
} else {
break;
}
}
}
} // end assertion iterator while.
}
if (!returnAssertions.isEmpty()) {
}
return samlResp;
}
boolean includeCert) throws SAML2Exception {
if (signingKey == null) {
throw new SAML2Exception(
}
if (includeCert) {
}
if (signingKey != null) {
}
}
if (!authnQuery.isSigned()) {
"authnQueryNotSigned"));
}
"authnQueryIssuerInvalid"));
}
"authnQueryIssuerNotFound"));
}
Set<X509Certificate> signingCerts = KeyUtil.getVerificationCerts(spSSODesc, spEntityID, SAML2Constants.SP_ROLE);
if (!signingCerts.isEmpty()) {
"AuthnQueryUtil.verifyAuthnQuery: " +
"Signature validity is : " + valid);
}
if (!valid) {
"invalidSignatureAuthnQuery"));
}
} else {
throw new SAML2Exception(
}
}
throws SAML2Exception {
if (signingKey == null) {
throw new SAML2Exception(
}
if (includeCert) {
}
if (signingKey != null) {
}
}
"authnQueryXMLString = " + authnQueryXMLString);
"authnServiceURL= " + authnServiceURL);
}
try {
authnServiceURL, true);
} catch (SOAPException se) {
"AuthnQueryUtil.sendAuthnQuerySOAP: ", se);
throw new SAML2Exception(
}
}
aad);
return response;
}
if ((authnQueryID != null) &&
throw new SAML2Exception(
}
if (respIssuer == null) {
return;
}
"responseIssuerMismatch"));
}
"responseNotSigned"));
}
if (signingCerts.isEmpty()) {
}
"Signature validity is : " + valid);
}
if (!valid) {
"invalidSignatureOnResponse"));
}
if (assertions == null) {
if (assertions == null) {
assertions = new ArrayList<>();
}
}
}
}
return;
}
if (signingCerts.isEmpty()) {
}
"AuthnQueryUtil.verifyResponse: " +
"Signature validity is : " + valid);
}
if (!valid) {
"invalidSignatureOnAssertion"));
}
}
}
}
try {
} catch (SAML2Exception ex) {
}
return null;
}
}
return null;
}
return nameID;
}
}