SAML11RequestedSecurityToken.java revision a688bcbb4bcff5398fdd29b86f83450257dc0df4
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: SAML11RequestedSecurityToken.java,v 1.7 2009/12/14 23:42:48 mallas Exp $
*
*/
/**
* SAML11RequestedSecurityToken represents a concrete RequestedSecurityToken -
* one containing a SAML 1.1 assertion.
*/
public class SAML11RequestedSecurityToken implements RequestedSecurityToken {
// Just get this system property once - it should never change!
private static boolean removeCarriageReturns =
protected boolean signed = false;
/**
* Creates a SAML11RequestedSecurityToken given a DOM Node
* @param token a DOM Node representing a RequestedSecurityToken
*/
throws WSFederationException {
"SAML11RequestedSecurityToken.SAML11RequestedSecurityToken(Node)";
throw new WSFederationException(
}
if (!(ae.getNamespaceURI().
{
throw new WSFederationException(
}
this.assertionE = ae;
try {
}
catch (SAMLException se)
{
if ( debug.messageEnabled() ) {
"rethrowing",se);
}
throw new WSFederationException(se);
}
if ( debug.messageEnabled() ) {
}
if (signsSize == 1) {
signed = true;
if ( debug.messageEnabled() ) {
}
} else if (signsSize != 0) {
if ( debug.messageEnabled() ) {
"included more than one Signature element.");
}
throw new WSFederationException(
}
}
/**
* Creates a SAML11RequestedSecurityToken.
* @param realm the realm of the entities.
* @param spEntityId service provider entity ID - consumer of the token.
* @param idpEntityId identity provifer entity ID - issuer of the token.
* @param notBeforeSkew number of seconds to subtract from current time
* to form Assertion notBefore time.
* @param effectiveTime length of time, in seconds, from Assertion's
* notBefore time to its notOnOrAfter time.
* @param certAlias alias of the signing certificate. null means do not
* sign the assertion
* @param authMethod mechanism by which the subject authenticated to the
* identity provider
* @param authInstant time at which the subject authenticated to the
* identity provider
* @param ni SAML 1.1 NameIdentitifer for the subject
* @param attributes List of com.sun.identity.saml.assertion.Attribute to
* include in the Assertion
* @throws com.sun.identity.wsfederation.common.WSFederationException in
* case of error.
*/
throws WSFederationException
{
"SAML11RequestedSecurityToken(String*)";
try {
}
{
}
} else {
}
} catch (SAMLException se) {
throw new WSFederationException(se);
}
}
/**
* @return the unique identifier of the RequestedSecurityToken. Maps to the
* SAML 1.1 Assertion's AssertionID
*/
public String getTokenId()
{
return assertion.getAssertionID();
}
/**
* @return the issuer of the RequestedSecurityToken.
*/
{
}
/**
* @return a list of attributes of type
* <code>com.sun.identity.saml.assertion.Attribute</code>
*/
public List getAttributes()
{
if (statement.getStatementType()
== Statement.ATTRIBUTE_STATEMENT) {
break;
}
}
if ( attributeStatement == null ) {
return null;
}
return attributeStatement.getAttribute();
}
/**
* @return the underlying SAML 1.1 Assertion
*/
public Assertion getAssertion()
{
return assertion;
}
/**
* This method marshalls the token, returning a String comprising the
* textual XML representation.
* @return The textual XML representation of the token.
*/
{
if(assertionE != null) {
assertionE));
}
// Pass (true,true) to assertion.toString so we get namespace
if ( removeCarriageReturns )
{
// Xalan uses the line.separator system property when creating
// output - i.e. on Windows, uses \r\n
// We ALWAYS want \n, or signatures break in ADFS - issue # 3927
//
// NOTE - transformer.setOutputProperty(
// "{http://xml.apache.org/xalan}line-separator","\n");
// DOESN'T WORK WITH com.sun.org.apache.xalan.internal
//
// Doing this here rather than in XMLUtils.print(Node, String)
// minimizes the scope of the change.
}
.append("</wst:RequestedSecurityToken>");
}
/**
* Verifies the token's validity, checking the signature, validity period
* etc.
* @param realm the realm of the local entity
* @param hostEntityId the local entity ID
* @param timeskew permitted skew between service provider and identity
* provider clocks, in seconds
* @return a Map of relevant data including Subject and the List of
* Assertions.
* @throws com.sun.identity.wsfederation.common.WSFederationException in
* case of any error - invalid token signature, token expired etc.
*/
int timeskew)
throws WSFederationException
{
// check that assertion issuer is trusted by the local entity
if (! metaManager.isTrustedProvider(
this.getTokenId(),
data,
null);
throw new WSFederationException(
}
{
+ hostEntityId);
throw new WSFederationException("unableToFindSPConfiguration");
}
// By default, we want to sign assertions
: true;
if ( wantAssertionSigned &&
remoteEntityId))) {
// isSignatureValid will log the error
throw new WSFederationException(
}
// TODO: check AudienceRestrictionCondition
if (statement.getStatementType()
break;
}
}
if ( assertionSubject == null ) {
this.getTokenId()};
data,
null);
throw new WSFederationException(
}
// must be valid (timewise)
// isTimeValid will log the error
throw new WSFederationException(
}
// TODO
int authLevel = 0;
if (authLevel >= 0) {
}
if (sessionNotOnOrAfter != null) {
if (maxSessionTime > 0) {
new Long(maxSessionTime));
}
}
if ( debug.messageEnabled() ) {
}
return attrMap;
}
}