001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: FSSAMLRequest.java,v 1.2 2008/06/25 05:46:45 qcheng Exp $ 026 * Portions Copyrighted 2014 ForgeRock AS 027 */ 028 029package com.sun.identity.federation.message; 030 031import java.text.ParseException; 032import java.util.List; 033import java.util.Collections; 034import java.util.ArrayList; 035 036import org.w3c.dom.Element; 037import org.w3c.dom.Node; 038import org.w3c.dom.NodeList; 039import com.sun.identity.shared.xml.XMLUtils; 040import com.sun.identity.shared.DateUtils; 041import com.sun.identity.saml.protocol.AssertionArtifact; 042import com.sun.identity.saml.protocol.Request; 043import com.sun.identity.saml.common.SAMLConstants; 044import com.sun.identity.saml.common.SAMLException; 045import com.sun.identity.saml.common.SAMLUtils; 046import com.sun.identity.saml.common.SAMLRequestVersionTooHighException; 047import com.sun.identity.saml.common.SAMLRequestVersionTooLowException; 048import com.sun.identity.saml.common.SAMLRequesterException; 049import com.sun.identity.saml.xmlsig.XMLSignatureManager; 050import com.sun.identity.federation.common.*; 051 052/** 053 * This class had methods to create a <code>SAML</code> Request 054 * object from a Document Element and to create Request message 055 * from this object. 056 * 057 * @supported.all.api 058 * @deprecated since 12.0.0 059 */ 060@Deprecated 061public class FSSAMLRequest extends Request { 062 063 /* 064 * Default Constructor. 065 */ 066 protected FSSAMLRequest() {} 067 068 /** 069 * Constructor creates <code>FSSAMLRequest</code> from 070 * the Document Element. 071 * 072 * @param root the Document Element. 073 * @throws SAMLException if there is an error creating this object. 074 */ 075 public FSSAMLRequest(Element root) throws SAMLException { 076 // Make sure this is a Request 077 String tag = null; 078 if (root == null) { 079 SAMLUtils.debug.message("FSSAMLRequest(Element): null input."); 080 throw new SAMLRequesterException(FSUtils.BUNDLE_NAME, 081 "nullInput",null); 082 } 083 if (((tag = root.getLocalName()) == null) || 084 (!tag.equals("Request"))) { 085 SAMLUtils.debug.message("FSSAMLRequest(Element): wrong input"); 086 throw new SAMLRequesterException(FSUtils.BUNDLE_NAME, 087 "wrongInput",null); 088 } 089 090 // Attribute MajorVersion 091 parseMajorVersion(root.getAttribute("MajorVersion")); 092 093 // Attribute MinorVersion 094 parseMinorVersion(root.getAttribute("MinorVersion")); 095 096 List signs = XMLUtils.getElementsByTagNameNS1(root, 097 SAMLConstants.XMLSIG_NAMESPACE_URI, 098 SAMLConstants.XMLSIG_ELEMENT_NAME); 099 int signsSize = signs.size(); 100 if (signsSize == 1) { 101 XMLSignatureManager manager = XMLSignatureManager.getInstance(); 102 if (minorVersion == 103 IFSConstants.FF_11_SAML_PROTOCOL_MINOR_VERSION) { 104 valid = manager.verifyXMLSignature(root); 105 } else { 106 valid = manager.verifyXMLSignature(root, 107 IFSConstants.REQUEST_ID, null); 108 } 109 if (!valid) { 110 if (SAMLUtils.debug.messageEnabled()) { 111 SAMLUtils.debug.message("FSSAMLRequest(Element): couldn't" 112 + " verify Request's signature."); 113 } 114 } 115 xmlString = XMLUtils.print(root); 116 signed = true; 117 } else if (signsSize != 0) { 118 if (SAMLUtils.debug.messageEnabled()) { 119 SAMLUtils.debug.message("FSSAMLRequest(Element): included more " 120 + "than one Signature element."); 121 } 122 throw new SAMLRequesterException(FSUtils.BUNDLE_NAME, 123 "moreElement",null); 124 } 125 126 // Attribute RequestID 127 requestID = root.getAttribute("RequestID"); 128 if ((requestID == null) || (requestID.length() == 0)) { 129 if (SAMLUtils.debug.messageEnabled()) { 130 SAMLUtils.debug.message("FSSAMLRequest(Element): Request " 131 + "does not have a RequestID."); 132 } 133 String[] args = { IFSConstants.REQUEST_ID }; 134 throw new SAMLRequesterException(FSUtils.BUNDLE_NAME, 135 "missingAttribute",args); 136 } 137 138 // Attribute IssueInstant 139 String instantString = root.getAttribute("IssueInstant"); 140 if ((instantString == null) || (instantString.length() == 0)) { 141 SAMLUtils.debug.message("FSSAMLRequest(Element): " 142 + " missing IssueInstant"); 143 String[] args = { IFSConstants.ISSUE_INSTANT }; 144 throw new SAMLRequesterException(FSUtils.BUNDLE_NAME, 145 "missingAttribute",args); 146 } else { 147 try { 148 issueInstant = DateUtils.stringToDate(instantString); 149 } catch (ParseException e) { 150 SAMLUtils.debug.message( 151 "FSSAMLRequest(Element): could not parse IssueInstant", 152 e); 153 throw new SAMLRequesterException(FSUtils.BUNDLE_NAME, 154 "wrongInput",null); 155 } 156 } 157 158 // get the contents of the request 159 NodeList contentnl = root.getChildNodes(); 160 Node child; 161 String nodeName; 162 String respondWith; 163 for (int i = 0, length = contentnl.getLength(); i < length; i++) { 164 child = contentnl.item(i); 165 if ((nodeName = child.getLocalName()) != null) { 166 if (nodeName.equals("RespondWith")) { 167 respondWith = XMLUtils.getElementValue((Element) child); 168 if (respondWith.length() == 0) { 169 if (SAMLUtils.debug.messageEnabled()) { 170 SAMLUtils.debug.message("FSSAMLRequest(Element): " 171 + "wrong RespondWith value."); 172 } 173 throw new SAMLRequesterException(FSUtils.BUNDLE_NAME, 174 "wrongInput",null); 175 } 176 if (respondWiths == Collections.EMPTY_LIST) { 177 respondWiths = new ArrayList(); 178 } 179 respondWiths.add(respondWith); 180 } else if (nodeName.equals("Signature")) { 181 signature = (Element) child; 182 } else if (nodeName.equals("AssertionArtifact")) { 183 // make sure the content has no other elements assigned 184 if ((contentType != NOT_SUPPORTED) && 185 (contentType != ASSERTION_ARTIFACT)) { 186 if (SAMLUtils.debug.messageEnabled()) { 187 SAMLUtils.debug.message("FSSAMLRequest(Element): " 188 + "contained mixed contents."); 189 } 190 throw new SAMLRequesterException(FSUtils.BUNDLE_NAME, 191 "wrongInput",null); 192 } 193 contentType = ASSERTION_ARTIFACT; 194 if (artifacts == Collections.EMPTY_LIST) { 195 artifacts = new ArrayList(); 196 } 197 try{ 198 AssertionArtifact newArt = new FSAssertionArtifact( 199 XMLUtils.getElementValue((Element) child)); 200 artifacts.add(newArt); 201 }catch (Exception e){ 202 SAMLUtils.debug.error("FSSAMLRequest(Element): ", e); 203 } 204 } else { 205 if (SAMLUtils.debug.messageEnabled()) { 206 SAMLUtils.debug.message("FSSAMLRequest(Element):invalid" 207 + " node" + nodeName); 208 } 209 throw new SAMLRequesterException(FSUtils.BUNDLE_NAME, 210 "wrongInput",null); 211 } // check nodeName 212 } // if nodeName != null 213 } // done for the nodelist loop 214 215 if (contentType == NOT_SUPPORTED) { 216 SAMLUtils.debug.message("Request: empty content."); 217 throw new SAMLRequesterException(FSUtils.BUNDLE_NAME, 218 "wrongInput",null); 219 } 220 } 221 222 223 /** 224 * Sets the <code>MajorVersion</code> by parsing the version string. 225 * 226 * @param majorVer a String representing the <code>MajorVersion</code> to 227 * be set. 228 * @throws SAMLException when the version mismatches. 229 */ 230 private void parseMajorVersion(String majorVer) throws SAMLException { 231 try { 232 majorVersion = Integer.parseInt(majorVer); 233 } catch (NumberFormatException e) { 234 if (SAMLUtils.debug.messageEnabled()) { 235 SAMLUtils.debug.message("FSSAMLRequest(Element): invalid " 236 + "MajorVersion", e); 237 } 238 throw new SAMLRequesterException(FSUtils.BUNDLE_NAME, 239 "wrongInput",null); 240 } 241 242 if (majorVersion != SAMLConstants.PROTOCOL_MAJOR_VERSION) { 243 if (majorVersion > SAMLConstants.PROTOCOL_MAJOR_VERSION) { 244 if (SAMLUtils.debug.messageEnabled()) { 245 SAMLUtils.debug.message("FSSAMLRequest(Element): " 246 + "MajorVersion of the Request is too high."); 247 } 248 throw new SAMLRequestVersionTooHighException( 249 FSUtils.BUNDLE_NAME,"requestVersionTooHigh",null); 250 } else { 251 if (SAMLUtils.debug.messageEnabled()) { 252 SAMLUtils.debug.message("FSSAMLRequest(Element): " 253 + "MajorVersion of the Request is too low."); 254 } 255 throw new SAMLRequestVersionTooLowException(FSUtils.BUNDLE_NAME, 256 "requestVersionTooLow",null); 257 } 258 } 259 260 } 261 262 /** 263 * Sets the <code>MinorVersion</code> by parsing the version string. 264 * 265 * @param minorVer a String representing the <code>MinorVersion</code> to 266 * be set. 267 * @throws SAMLException when the version mismatches. 268 */ 269 private void parseMinorVersion(String minorVer) throws SAMLException { 270 try { 271 minorVersion = Integer.parseInt(minorVer); 272 } catch (NumberFormatException e) { 273 if (FSUtils.debug.messageEnabled()) { 274 FSUtils.debug.message("Request(Element): invalid " 275 + "MinorVersion", e); 276 } 277 throw new SAMLRequesterException(FSUtils.BUNDLE_NAME, 278 "wrongInput",null); 279 } 280 281 if(minorVersion > IFSConstants.FF_12_SAML_PROTOCOL_MINOR_VERSION) { 282 FSUtils.debug.error("Request(Element): MinorVersion" 283 + " of the Request is too high."); 284 throw new SAMLRequestVersionTooHighException(FSUtils.BUNDLE_NAME, 285 "requestVersionTooHigh",null); 286 } else if (minorVersion < 287 IFSConstants.FF_11_SAML_PROTOCOL_MINOR_VERSION) { 288 FSUtils.debug.error("Request(Element): MinorVersion" 289 + " of the Request is too low."); 290 throw new SAMLRequestVersionTooLowException(FSUtils.BUNDLE_NAME, 291 "requestVersionTooLow",null); 292 } 293 } 294 295 /** 296 * Returns the <code>MinorVersion</code> attribute. 297 * 298 * @return the Minor Version. 299 * @see #setMinorVersion(int) 300 */ 301 public int getMinorVersion() { 302 return minorVersion; 303 } 304 305 /** 306 * Sets the <code>MinorVersion</code>. 307 * 308 * @param version the minor version in the assertion. 309 * @see #setMinorVersion(int) 310 */ 311 public void setMinorVersion(int version) { 312 minorVersion = version; 313 } 314}
Copyright © 2010-2017, ForgeRock All Rights Reserved.