Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance. Project price only 1 $
You can buy this project and download/modify it how often you want.
/************************************************************************
* *
* Certificate Service - Messages *
* *
* This software is free software; you can redistribute it and/or *
* modify it under the terms of the GNU Lesser General Public License *
* License as published by the Free Software Foundation; either *
* version 3 of the License, or any later version. *
* *
* See terms of license at gnu.org. *
* *
*************************************************************************/
package org.certificateservices.messages.assertion;
import org.certificateservices.messages.*;
import org.certificateservices.messages.credmanagement.CredManagementPayloadParser;
import org.certificateservices.messages.credmanagement.jaxb.FieldValue;
import org.certificateservices.messages.csmessages.BasePayloadParser;
import org.certificateservices.messages.csmessages.DefaultCSMessageParser;
import org.certificateservices.messages.csmessages.XSDLSInput;
import org.certificateservices.messages.csmessages.jaxb.Approver;
import org.certificateservices.messages.csmessages.jaxb.CSMessage;
import org.certificateservices.messages.saml2.BaseSAMLMessageParser;
import org.certificateservices.messages.saml2.assertion.SAMLAssertionMessageParser;
import org.certificateservices.messages.saml2.assertion.jaxb.*;
import org.certificateservices.messages.saml2.protocol.jaxb.AttributeQueryType;
import org.certificateservices.messages.saml2.protocol.jaxb.ResponseType;
import org.certificateservices.messages.saml2.protocol.jaxb.StatusCodeType;
import org.certificateservices.messages.saml2.protocol.jaxb.StatusType;
import org.certificateservices.messages.utils.*;
import org.certificateservices.messages.xenc.jaxb.EncryptedDataType;
import org.w3c.dom.Document;
import org.w3c.dom.ls.LSInput;
import org.w3c.dom.ls.LSResourceResolver;
import org.xml.sax.SAXException;
import javax.xml.XMLConstants;
import javax.xml.bind.*;
import javax.xml.bind.util.JAXBSource;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Source;
import javax.xml.transform.dom.DOMResult;
import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import javax.xml.validation.Validator;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Properties;
/**
* Assertion Payload Parser used to parse and generate Assertion Tickets such as:
*
*
Distributed Authorization Ticket
*
User Data Ticket
*
Approval Ticket
*
* Uses SAML Core 2.0 and SAMLP 2.0 as underlying message structures.
*
* @author Philip Vendil
*
*/
public class AssertionPayloadParser extends BasePayloadParser {
public static String NAMESPACE = "urn:oasis:names:tc:SAML:2.0:assertion";
public static String SAMLP_NAMESPACE = "urn:oasis:names:tc:SAML:2.0:protocol";
public static String ANY_DESTINATION = "ANY";
private static final String ASSERTION_XSD_SCHEMA_2_0_RESOURCE_LOCATION = "/cs-message-saml-schema-assertion-2.0.xsd";
private static final String SAMLP_XSD_SCHEMA_2_0_RESOURCE_LOCATION = "/cs-message-saml-schema-protocol-2.0.xsd";
private ObjectFactory of = new ObjectFactory();
private org.certificateservices.messages.saml2.protocol.jaxb.ObjectFactory samlpOf = new org.certificateservices.messages.saml2.protocol.jaxb.ObjectFactory();
private static final String[] SUPPORTED_ASSERTION_VERSIONS = {"2.0"};
private static final String DEFAULT_ASSERTION_VERSION = "2.0";
public static final String ATTRIBUTE_NAME_TYPE = "Type";
public static final String ATTRIBUTE_NAME_DISPLAYNAME = "DisplayName";
public static final String ATTRIBUTE_NAME_ROLES = "Roles";
public static final String ATTRIBUTE_NAME_DEPARTMENTS = "Departments";
public static final String ATTRIBUTE_NAME_USERDATA = "UserData";
public static final String ATTRIBUTE_NAME_TOKENTYPE = "TokenType";
public static final String ATTRIBUTE_NAME_DESTINATIONID = "DestinationId";
public static final String ATTRIBUTE_NAME_APPROVALID = "ApprovalId";
public static final String ATTRIBUTE_NAME_APPROVEDREQUESTS = "ApprovedRequests";
public static final String ATTRIBUTE_NAME_APPROVERS = "Approvers";
public static final String ALL_DEPARTMENTS_ATTRIBUTE_VALUE = "ALL_DEPARTMENTS";
private SystemTime systemTime = new DefaultSystemTime();
private XMLEncrypter xmlEncrypter;
private XMLEncrypter userDataXmlEncrypter;
private BaseSAMLMessageParser.EncryptedAttributeXMLConverter encryptedAttributeXMLConverter = new BaseSAMLMessageParser.EncryptedAttributeXMLConverter();
private XMLSigner xmlSigner;
private CertificateFactory cf;
private Validator assertionSchemaValidator;
private SAMLAssertionMessageParser samlAssertionMessageParser = new SAMLAssertionMessageParser();
private BaseSAMLMessageParser.AssertionSignatureLocationFinder assertionSignatureLocationFinder = new BaseSAMLMessageParser.AssertionSignatureLocationFinder();
@Override
public void init(Properties config, MessageSecurityProvider secProv)
throws MessageProcessingException {
super.init(config, secProv);
try {
xmlEncrypter = new XMLEncrypter(secProv, getDocumentBuilder(), getAssertionMarshaller(), getAssertionUnmarshaller());
userDataXmlEncrypter = new XMLEncrypter(secProv, getDocumentBuilder(), getUserDataMarshaller(), getUserDataUnmarshaller());
xmlSigner = new XMLSigner(secProv, true, assertionSignatureLocationFinder, new CSMessageOrganisationLookup());
cf = CertificateFactory.getInstance("X.509");
assertionSchemaValidator = generateUserDataSchema().newValidator();
samlAssertionMessageParser.init(secProv, null);
} catch (Exception e) {
throw new MessageProcessingException("Error initializing JAXB in AssertionPayloadParser: " + e.getMessage(),e);
}
}
/**
* @see org.certificateservices.messages.csmessages.PayloadParser#getNameSpace()
*/
public String getNameSpace() {
return NAMESPACE;
}
/**
* @see org.certificateservices.messages.csmessages.PayloadParser#getJAXBPackage()
*/
public String getJAXBPackage() {
return "org.certificateservices.messages.saml2.assertion.jaxb";
}
/**
* @see org.certificateservices.messages.csmessages.PayloadParser#getSchemaAsInputStream(java.lang.String)
*/
public InputStream getSchemaAsInputStream(String payLoadVersion)
throws MessageContentException, MessageProcessingException {
if(payLoadVersion.equals("2.0")){
return getClass().getResourceAsStream(ASSERTION_XSD_SCHEMA_2_0_RESOURCE_LOCATION);
}
throw new MessageContentException("Error unsupported Assertion version: " + payLoadVersion);
}
@Override
protected String[] getSupportedVersions() {
return SUPPORTED_ASSERTION_VERSIONS;
}
@Override
protected String getDefaultPayloadVersion() {
return DEFAULT_ASSERTION_VERSION;
}
/**
* Method to validate a JAXB Object against Assertion Schema.
*/
public void schemaValidateAssertion(Object assertion) throws MessageContentException{
try {
assertionSchemaValidator.validate(new JAXBSource(getUserDataJAXBContext(),assertion));
} catch (Exception e) {
throw new MessageContentException("Error validating Assertion agains schema: " + e.getMessage(),e);
}
}
/**
* Method to generate a Role Attribute Query message (Distributed Authorization Request) for given subject.
*
* This method will generate an unsigned SAMLP Attribute Query Message
*
* @param subjectId The unique id of the user to look-up, could be UPN or SAM account name depending on implementation.
* @return a generated SAMLP Attribute Query Message
* @throws MessageContentException if given parameters where invalid
* @throws MessageProcessingException if internal error occurred generating the message.
*/
public byte[] genDistributedAuthorizationRequest(String subjectId) throws MessageContentException, MessageProcessingException{
return genAttributeQuery(subjectId, ATTRIBUTE_NAME_ROLES, null);
}
/**
* Method to generate a User Data Attribute Query message (User Data Request) for given subject.
*
* This method will generate an unsigned SAMLP Attribute Query Message
*
* @param subjectId The unique id of the user to look-up, could be UPN or SAM account name depending on implementation.
* @param tokenType token type of the related user data (optional)
* @return a generated SAMLP Attribute Query Message
* @throws MessageContentException if given parameters where invalid
* @throws MessageProcessingException if internal error occurred generating the message.
*/
public byte[] genUserDataRequest(String subjectId, String tokenType) throws MessageContentException, MessageProcessingException{
return genAttributeQuery(subjectId, ATTRIBUTE_NAME_USERDATA, tokenType);
}
public byte[] genDistributedAuthorizationTicket(String inResponseTo, String issuer, Date notBefore, Date notOnOrAfter, String subjectId, List roles, List receipients) throws MessageContentException, MessageProcessingException{
return genDistributedAuthorizationTicket(inResponseTo,issuer,notBefore,notOnOrAfter,subjectId,roles,null, receipients);
}
/**
* Method to generate a Distributed Authorization Ticket with an signed assertion containing the
* subjects Roles encrypted enveloped into a successful SAMLP Response.
*
* @param inResponseTo The ID of the attribute query request
* @param issuer the issuer of the assertion.
* @param notBefore beginning of the validity of the ticket.
* @param notOnOrAfter end validity of the ticket.
* @param subjectId the subject id string having the roles.
* @param roles a list of roles the user has.
* @param departments a list of departments the user belongs to, null for no departments attribute.
* @param receipients list of certificates the roles will be encrypted for.
* @return a generated and signed SAMLP message.
* @throws MessageContentException if parameters where invalid.
* @throws MessageProcessingException if internal problems occurred generated the message.
*/
public byte[] genDistributedAuthorizationTicket(String inResponseTo, String issuer, Date notBefore, Date notOnOrAfter, String subjectId, List roles, List departments,List receipients) throws MessageContentException, MessageProcessingException{
try{
List