001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: FSAssertion.java,v 1.2 2008/06/25 05:46:43 qcheng Exp $
026 * Portions Copyrighted 2014 ForgeRock AS
027 */
028
029
030package com.sun.identity.federation.message;
031
032import com.sun.identity.federation.common.FSUtils;
033import com.sun.identity.federation.common.IFSConstants;
034import com.sun.identity.federation.message.common.FSMsgException;
035import com.sun.identity.saml.assertion.Advice;
036import com.sun.identity.saml.assertion.Assertion;
037import com.sun.identity.saml.assertion.AttributeStatement;
038import com.sun.identity.saml.assertion.AuthorizationDecisionStatement;
039import com.sun.identity.saml.assertion.Conditions;
040import com.sun.identity.saml.assertion.Statement;
041import com.sun.identity.saml.common.SAMLConstants;
042import com.sun.identity.saml.common.SAMLException;
043import com.sun.identity.saml.common.SAMLResponderException;
044import com.sun.identity.saml.common.SAMLVersionMismatchException;
045import com.sun.identity.saml.xmlsig.XMLSignatureManager;
046import com.sun.identity.liberty.ws.security.SecurityAssertion;
047import com.sun.identity.shared.DateUtils;
048import com.sun.identity.shared.xml.XMLUtils;
049import java.text.ParseException;
050import java.util.ArrayList;
051import java.util.Date;
052import java.util.Iterator;
053import java.util.List;
054import java.util.Set;
055import org.w3c.dom.Element;
056import org.w3c.dom.Node;
057import org.w3c.dom.NodeList;
058
059/**
060 * The class <code>FSAssertion</code> creates and parses Liberty
061 * <code>Assertion</code> during the Single Sign-On process.
062 * This class extends from SAML Assertion.
063 *
064 * @supported.all.api
065 * @deprecated since 12.0.0
066 */
067@Deprecated
068public class FSAssertion extends Assertion {
069    
070    /**
071     * The Document Element of this object.
072     */
073    private Element domElement;
074    
075    /**
076     * The <code>SAMLConstants</code> object.
077     */
078    static SAMLConstants sc;
079    
080    /**
081     * The value of the <code>id</code> attribute in the <code>Assertion</code>.
082     */
083    protected String id;
084    
085    /**
086     * The value of the <code>MinorVersion</Version> attribute in
087     * the <code>Assertion</code>.
088     */
089    protected int minorVersion = IFSConstants.FF_11_ASSERTION_MINOR_VERSION;
090    
091    /**
092     * List of Security <code>Assertions</code>.
093     */
094    private List securityAssertions;
095    
096    /**
097     * The value of the <code>InResponseTo</code> attribute in the
098     * <code>Assertion</code>.
099     */
100    protected String inResponseTo ;
101    
102    /**
103     * Constructor to create an <code>FSAssertion</code> object
104     * from the Document Element.
105     *
106     * @param assertionElement the <code>Assertion</code> Document Element.
107     * @throws FSMsgException if the document element is null
108     *         or cannot be retrieved.
109     * @throws SAMLException if the SAML Assertion version is
110     *         incorrect
111     */
112    public FSAssertion(Element assertionElement )
113    throws FSMsgException, SAMLException {
114        FSUtils.debug.message("FSAssertion(Element):  Called");
115        Element elt = (Element) assertionElement;
116        String eltName = elt.getLocalName();
117        if (eltName == null)  {
118            if (FSUtils.debug.messageEnabled()) {
119                FSUtils.debug.message("FSAssertion: local name missing");
120            }
121            throw new FSMsgException("nullInput", null) ;
122        }
123        if (!(eltName.equals(IFSConstants.ASSERTION)))  {
124            if (FSUtils.debug.messageEnabled()) {
125                FSUtils.debug.message("FSAssertion: invalid root element");
126            }
127            String[] args = { eltName };
128            throw new FSMsgException("invalidElement" , args) ;
129        }
130        domElement = assertionElement;
131        id = elt.getAttribute(IFSConstants.ID);
132        String read = elt.getAttribute(IFSConstants.MAJOR_VERSION);
133        if ((read == null) || (read.length() == 0)) {
134            if (FSUtils.debug.messageEnabled()) {
135                FSUtils.debug.message("FSAssertion: MajorVersion missing");
136            }
137            String[] args = { "MajorVersion" };
138            throw new FSMsgException("missingAttribute", args);
139        } else  {
140            int ver = 0;
141            try {
142                ver = Integer.parseInt(read);
143            } catch ( NumberFormatException ne ) {
144                FSUtils.debug.error("FSAssertion: invalid integer " +
145                        "in MajorVersion", ne);
146                throw new FSMsgException("invalidNumber",null);
147            }
148            if (ver != sc.ASSERTION_MAJOR_VERSION) {
149                if(ver < sc.ASSERTION_MAJOR_VERSION) {
150                    FSUtils.debug.error("FSAssertion: MajorVersion too low");
151                    throw new SAMLVersionMismatchException(FSUtils.BUNDLE_NAME,
152                            "assertionVersionTooLow",null);
153                } else if (ver > sc.ASSERTION_MAJOR_VERSION) {
154                    FSUtils.debug.error("FSAssertion: MajorVersion too high");
155                    throw new SAMLVersionMismatchException(FSUtils.BUNDLE_NAME,
156                            "assertionVersionTooHigh",null);
157                }
158            }
159        }
160        read = elt.getAttribute(IFSConstants.MINOR_VERSION);
161        if ((read == null) || (read.length() == 0)) {
162            FSUtils.debug.error("FSAssertion: MinorVersion missing");
163            String[] args = { "MinorVersion" };
164            throw new FSMsgException("missingAttribute",args);
165        } else  {
166            try {
167                minorVersion = Integer.parseInt(read);
168            } catch ( NumberFormatException ne ) {
169                FSUtils.debug.error(
170                        "FSAssertion: invalid integer in MinorVersion", ne);
171                throw new FSMsgException("invalidNumber",null);
172            }
173            if (minorVersion < IFSConstants.FF_11_ASSERTION_MINOR_VERSION) {
174                FSUtils.debug.error("FSAssertion: MinorVersion too low");
175                throw new SAMLVersionMismatchException(FSUtils.BUNDLE_NAME,
176                        "assertionVersionTooLow",null);
177            } else if (minorVersion >
178                    IFSConstants.FF_12_POST_ASSERTION_MINOR_VERSION) {
179                FSUtils.debug.error("FSAssertion: MinorVersion too high");
180                throw new SAMLVersionMismatchException(FSUtils.BUNDLE_NAME,
181                        "assertionMinorVersionTooHigh",null);
182            }
183        }
184        read = elt.getAttribute(IFSConstants.ASSERTION_ID);
185        if ((read == null) || (read.length() == 0)) {
186            if (FSUtils.debug.messageEnabled()) {
187                FSUtils.debug.message("FSAssertion: AssertionID missing");
188            }
189            String[] args = { IFSConstants.ASSERTION_ID };
190            throw new FSMsgException("missingAttribute",args);
191        } else {
192            setAssertionID(read);
193        }
194        read = elt.getAttribute(IFSConstants.ISSUER);
195        if ((read == null) || (read.length() == 0)) {
196            if (FSUtils.debug.messageEnabled()) {
197                FSUtils.debug.message("FSAssertion: Issuer missing");
198            }
199            String[] args = { IFSConstants.ISSUER };
200            throw new FSMsgException("missingAttribute",args);
201        } else {
202            setIssuer(read);
203        }
204        read = elt.getAttribute(IFSConstants.IN_RESPONSE_TO);
205        if ((read == null) || (read.length() == 0)) {
206            if (FSUtils.debug.messageEnabled())  {
207                FSUtils.debug.message("FSAssertion: InResponseTo missing");
208            }
209            String[] args = { IFSConstants.IN_RESPONSE_TO };
210            throw new FSMsgException("missingAttribute",args);
211        } else  {
212            inResponseTo = read;
213        }
214        read = elt.getAttribute(IFSConstants.ISSUE_INSTANT);
215        if ((read == null) || (read.length() == 0)) {
216            if (FSUtils.debug.messageEnabled())  {
217                FSUtils.debug.message("FSAssertion: IssueInstant missing");
218            }
219            String[] args = { IFSConstants.ISSUE_INSTANT };
220            throw new FSMsgException("missingAttribute",args);
221        } else  {
222            try {
223                setIssueInstant(DateUtils.stringToDate(read));
224            } catch (ParseException pe) {
225                FSUtils.debug.message(
226                        "FSAssertion: could not parse IssueInstant", pe);
227                throw new FSMsgException("wrongInput",null);
228            }
229        }
230        boolean statementFound = false;
231        NodeList nl = assertionElement.getChildNodes();
232        int length = nl.getLength();
233        for (int n=0; n<length; n++) {
234            Node child = (Node)nl.item(n);
235            if (child.getNodeType() != Node.ELEMENT_NODE) continue;
236            String childName = child.getLocalName();
237            if (childName.equals(IFSConstants.CONDITIONS)){
238                setConditions(new Conditions((Element)child));
239            } else if (childName.equals(IFSConstants.ADVICE)){
240                /**
241                 * The SAML Advice could not parse this advice as it does not
242                 * anything about Resource Access Statement. Hence commenting
243                 * the following and parsing in this assertion only. Currently
244                 * the FSAssertion does not have any advice element besides for
245                 * the credential.
246                 */
247                parseAdvice((Element)child);
248            } else if (childName.equals(IFSConstants.AUTHENTICATIONSTATEMENT)) {
249                addStatement(new FSAuthenticationStatement((Element)child));
250                statementFound=true;
251            } else if (childName.equals(IFSConstants.AUTHZDECISIONSTATEMENT)) {
252                addStatement(new AuthorizationDecisionStatement(
253                        (Element)child));
254                statementFound=true;
255            } else if (childName.equals(IFSConstants.ATTRIBUTESTATEMENT)) {
256                addStatement(new AttributeStatement((Element)child));
257                statementFound=true;
258            } else if (childName.equals(IFSConstants.SIGNATURE)) {
259                if (FSUtils.debug.messageEnabled()) {
260                    FSUtils.debug.message("FSAssertion: Signature found");
261                }
262            } else {
263                if (FSUtils.debug.messageEnabled()) {
264                    FSUtils.debug.message(
265                            "FSAssertion: invalid element in Assertion");
266                }
267                throw new FSMsgException("invalidElement", null);
268            }
269        }
270        //check for signature
271        List signs = XMLUtils.getElementsByTagNameNS1(assertionElement,
272                SAMLConstants.XMLSIG_NAMESPACE_URI,
273                SAMLConstants.XMLSIG_ELEMENT_NAME);
274        int signsSize = signs.size();
275        if (signsSize == 1) {
276            Element elem = (Element)signs.get(0);
277            setSignature(elem);
278            xmlString = XMLUtils.print(assertionElement);
279            signed = true;
280        } else if (signsSize != 0) {
281            if (FSUtils.debug.messageEnabled()) {
282                FSUtils.debug.message("FSAssertion(Element): included more than"
283                        + " one Signature element.");
284            }
285            throw new FSMsgException("moreElement", null);
286        }
287        //end check for signature
288        if (!statementFound) {
289            if (FSUtils.debug.messageEnabled()) {
290                FSUtils.debug.message("Assertion: mandatory statement missing");
291            }
292            throw new FSMsgException("missingStatement",null);
293        }
294        FSUtils.debug.message("FSAssertion(Element): leaving");
295    }
296    
297    /**
298     * Constructor to create <code>FSAssertion</code> object.
299     *
300     * @param assertionID the <code>AssertionID</code> element.
301     * @param issuer the <code>Issuer</code> element.
302     * @param issueInstant the <code>IssueInstant</code> element.
303     * @param statements the <code>Statement</code> elements.
304     *        List of statements that need to be added in assertion.
305     * @param inResponseTo value of <code>InResponseTo</code> attribute in the
306     *        assertion.
307     * @throws FSMsgException if the document element is null
308     *         or cannot be retrieved.
309     * @throws SAMLException if the SAML Assertion version is
310     *         incorrect.
311     */
312    public FSAssertion(String assertionID,String issuer,Date issueInstant,
313            Set statements,String inResponseTo)
314            throws FSMsgException, SAMLException {
315        super(assertionID, issuer, issueInstant, statements);
316        this.inResponseTo = inResponseTo;
317    }
318    
319    /**
320     * Constructor to create <code>FSAssertion</code> object.
321     *
322     * @param assertionID the <code>AssertionID</code> element.
323     * @param issuer the <code>Issuer</code> element.
324     * @param issueInstant the <code>IssueInstant</code> element.
325     * @param conditions the <code>Conditions</code> object.
326     * @param statements the <code>Statement</code> elements.
327     *        List of statements that need to be added in assertion.
328     * @param inResponseTo value of <code>InResponseTo</code> attribute in
329     *        the assertion.
330     * @throws FSMsgException if the document element is null
331     *         or cannot be retrieved.
332     * @throws SAMLException if the SAML Assertion version is
333     *         incorrect.
334     */
335    public FSAssertion(String assertionID,String issuer,Date issueInstant,
336            Conditions conditions,Set statements,String inResponseTo)
337            throws FSMsgException, SAMLException {
338        super(assertionID, issuer, issueInstant, conditions, statements);
339        this.inResponseTo = inResponseTo;
340    }
341    
342    /**
343     * Constructor to create an <code>FSAssertion</code> object.
344     *
345     * @param assertionID the <code>AssertionID</code> element.
346     * @param issuer the <code>Issuer</code> element.
347     * @param issueInstant the <code>IssueInstant</code> element.
348     * @param conditions the <code>Conditions</code> object.
349     * @param advice the <code>Advice</code> object.
350     * @param statements the <code>Statement</code> elements.
351     *        List of statements that need to be added in assertion.
352     * @param inResponseTo value of <code>InResponseTo</code> attribute
353     *        in the assertion.
354     * @throws FSMsgException if the document element is null
355     *         or cannot be retrieved.
356     * @throws SAMLException if the SAML Assertion version is
357     *         incorrect.
358     */
359    public FSAssertion(String assertionID,String issuer,Date issueInstant,
360            Conditions conditions,Advice advice,Set statements,
361            String inResponseTo)
362            throws FSMsgException, SAMLException {
363        super(assertionID, issuer, issueInstant,conditions, advice, statements);
364        this.inResponseTo = inResponseTo;
365    }
366    
367    /**
368     * Returns value of <code>id</code> attribute.
369     *
370     * @return value of <code>id</code> attribute.
371     * @see #setID(String)
372     */
373    public String getID(){
374        return id;
375    }
376    
377    /**
378     * Sets  value of <code>id<code> attribute.
379     *
380     * @param id value of <code>id</code> attribute.
381     * @see #getID
382     */
383    public void setID(String id){
384        this.id = id;
385    }
386    
387    /**
388     * Returns the <code>MinorVersion</code> attribute.
389     *
390     * @return the <code>MinorVersion</code> attribute.
391     * @see #setMinorVersion(int)
392     */
393    public int getMinorVersion() {
394        return minorVersion;
395    }
396    
397    /**
398     * Sets the <code>MinorVersion</code> attribute.
399     *
400     * @param version the <code>MinorVersion</code> attribute.
401     * @see #getMinorVersion
402     */
403    public void setMinorVersion(int version) {
404        minorVersion = version;
405    }
406    
407    /**
408     * Returns the Document Element for this object.
409     *
410     * @return the Document Element for this object.
411     */
412    public Element getDOMElement() {
413        return domElement;
414    }
415    
416    /**
417     * Returns the value of <code>InResponseTo</code> attribute.
418     *
419     * @return the value of <code>InResponseTo</code> attribute.
420     * @see #setInResponseTo(String)
421     */
422    public String getInResponseTo() {
423        return inResponseTo;
424    }
425    
426    /**
427     * Sets the value of <code>InResponseTo</code> attribute.
428     *
429     * @param inResponseTo value of <code>InResponseTo</code> attribute.
430     * @see #getInResponseTo
431     */
432    public void setInResponseTo(String inResponseTo) {
433        this.inResponseTo = inResponseTo;
434    }
435    
436    /**
437     * Returns Signed XML String.
438     *
439     * @return Signed XML String.
440     */
441    public String getSignedXMLString(){
442        return xmlString;
443    }
444    
445    /**
446     * Returns the <code>Signature</code> string.
447     *
448     * @return the <code>Signature</code> string.
449     */
450    public String getSignatureString(){
451        return signatureString;
452    }
453    
454    /**
455     * Checks validity of time in the assertion.
456     *
457     * @return true if time is valid otherwise false.
458     */
459    public boolean isTimeValid() {
460        boolean isTimeValid = true;
461        Conditions conditions = getConditions();
462        if (conditions != null)  {
463            isTimeValid = conditions.checkDateValidity(
464                    System.currentTimeMillis());
465        }
466        return isTimeValid;
467    }
468    
469    /**
470     * Adds the <code>Statement</code> object to the
471     * Statment's object Set.
472     *
473     * @param statement the <code>Statement</code> object.
474     * @return false if statement is null else true.
475     */
476    public boolean addStatement(Statement statement) {
477        boolean addedStmt = false;
478        if (statement != null) {
479            super.addStatement(statement);
480            addedStmt = true;
481        }
482        return addedStmt;
483    }
484    
485    /**
486     * Returns a <code>XML</code> String representation of this object.
487     *
488     * @return a String representation of this Object.
489     * @throws FSMsgException if there is an error creating
490     *         the <code>XML</code> string.
491     */
492    
493    public String toXMLString() throws FSMsgException {
494        return this.toXMLString(true, true);
495    }
496    
497    /**
498     * Returns a <code>XML</code> String representation of this object.
499     *
500     * @param includeNS determines whether or not the namespace qualifier is
501     *                prepended to the Element when converted
502     * @param declareNS determines whether or not the namespace is declared
503     *                within the Element.
504     * @return a string containing the valid <code>XML</code> for this object.
505     * @throws FSMsgException if there is an error creating
506     *         the <code>XML</code> string.
507     */
508    
509    public java.lang.String toXMLString(boolean includeNS,boolean declareNS)
510    throws FSMsgException {
511        StringBuffer xml = new StringBuffer(3000);
512        String NS="";
513        String appendNS="";
514        String libNS="";
515        String libAppendNS="";
516        String uriXSI="";
517        if (declareNS) {
518            NS=sc.assertionDeclareStr;
519            if(minorVersion == IFSConstants.FF_12_POST_ASSERTION_MINOR_VERSION
520                    || minorVersion ==
521                    IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION) {
522                libNS = IFSConstants.LIB_12_NAMESPACE_STRING;
523            } else {
524                libNS = IFSConstants.LIB_NAMESPACE_STRING;
525            }
526            uriXSI = IFSConstants.XSI_NAMESPACE_STRING;
527        }
528        if (includeNS) {
529            appendNS= SAMLConstants.ASSERTION_PREFIX;
530            libAppendNS = IFSConstants.LIB_PREFIX;
531        }
532        String dateStr = null;
533        if (getIssueInstant() != null)  {
534            dateStr = DateUtils.toUTCDateFormat(getIssueInstant());
535        }
536        xml.append(IFSConstants.LEFT_ANGLE)
537        .append(appendNS).append(IFSConstants.ASSERTION)
538        .append(IFSConstants.SPACE)
539        .append(NS).append(IFSConstants.SPACE).append(uriXSI)
540        .append(IFSConstants.SPACE).append(libNS)
541        .append(IFSConstants.SPACE);
542        
543        if (minorVersion == IFSConstants.FF_11_ASSERTION_MINOR_VERSION &&
544                id != null && !(id.length() == 0)) {
545            xml.append(IFSConstants.SPACE).append(IFSConstants.ID)
546            .append(IFSConstants.EQUAL_TO).append(IFSConstants.QUOTE)
547            .append(id).append(IFSConstants.QUOTE)
548            .append(IFSConstants.SPACE);
549        }
550        xml.append(IFSConstants.MAJOR_VERSION)
551        .append(IFSConstants.EQUAL_TO).append(IFSConstants.QUOTE)
552        .append(getMajorVersion()).append(IFSConstants.QUOTE)
553        .append(IFSConstants.SPACE).append(IFSConstants.MINOR_VERSION)
554        .append(IFSConstants.EQUAL_TO).append(IFSConstants.QUOTE)
555        .append(minorVersion).append(IFSConstants.QUOTE)
556        .append(IFSConstants.SPACE).append(IFSConstants.ASSERTION_ID)
557        .append(IFSConstants.EQUAL_TO).append(IFSConstants.QUOTE)
558        .append(getAssertionID()).append(IFSConstants.QUOTE)
559        .append(IFSConstants.SPACE).append(IFSConstants.ISSUER)
560        .append(IFSConstants.EQUAL_TO).append(IFSConstants.QUOTE)
561        .append(getIssuer()).append(IFSConstants.QUOTE)
562        .append(IFSConstants.SPACE).append(IFSConstants.ISSUE_INSTANT)
563        .append(IFSConstants.EQUAL_TO).append(IFSConstants.QUOTE)
564        .append(dateStr).append(IFSConstants.QUOTE)
565        .append(IFSConstants.SPACE).append(IFSConstants.IN_RESPONSE_TO)
566        .append(IFSConstants.EQUAL_TO).append(IFSConstants.QUOTE)
567        .append(inResponseTo).append(IFSConstants.QUOTE)
568        .append(IFSConstants.SPACE)
569        .append(IFSConstants.XSI_TYPE)
570        .append(IFSConstants.EQUAL_TO).append(IFSConstants.QUOTE)
571        .append(libAppendNS)
572        .append(IFSConstants.ASSERTION_TYPE).append(IFSConstants.QUOTE)
573        .append(IFSConstants.RIGHT_ANGLE).append(sc.NL);
574        
575        if (getConditions() != null) {
576            xml.append(getConditions().toString(includeNS, false));
577        }
578        if (getAdvice() != null) {
579            xml.append(getAdvice().toString(includeNS, false));
580        }
581        
582        Iterator i = getStatement().iterator();
583        while (i.hasNext()) {
584            Statement st = (Statement)i.next();
585            if(st instanceof FSAuthenticationStatement){
586                xml.append(((FSAuthenticationStatement)st).toXMLString(
587                        includeNS, false));
588            } else if(st instanceof AttributeStatement) {
589                xml.append(((AttributeStatement)st).toString(includeNS, false));
590            }
591        }
592        if (signed) {
593            if (signatureString != null) {
594                xml.append(signatureString);
595            } else if (signature != null) {
596                signatureString = XMLUtils.print(signature);
597                xml.append(signatureString);
598            }
599        }
600        xml.append(IFSConstants.START_END_ELEMENT)
601        .append(appendNS).append(IFSConstants.ASSERTION)
602        .append(IFSConstants.RIGHT_ANGLE)
603        .append(IFSConstants.NL);
604        
605        return xml.toString();
606    }
607    
608    /**
609     * Signs the <code>Assertion</code>.
610     *
611     * @param certAlias the alias/name of the certificate.
612     * @throws SAMLException if <code>FSAssertion</code>
613     *            cannot be signed.
614     */
615    public void signXML(String certAlias) throws SAMLException {
616        FSUtils.debug.message("FSAssertion.signXML: Called");
617        if (signed) {
618            if (FSUtils.debug.messageEnabled()) {
619                FSUtils.debug.message("FSAssertion.signXML: the assertion is "
620                        + "already signed.");
621            }
622            throw new SAMLResponderException(
623                    FSUtils.BUNDLE_NAME,"alreadySigned",null);
624        }
625        if (certAlias == null || certAlias.length() == 0) {
626            throw new SAMLResponderException(FSUtils.BUNDLE_NAME,
627                    "cannotFindCertAlias",null);
628        }
629        
630        try {
631            XMLSignatureManager manager = XMLSignatureManager.getInstance();
632            if (minorVersion == IFSConstants.FF_11_ASSERTION_MINOR_VERSION) {
633                signatureString = manager.signXML(this.toXMLString(true, true),
634                        certAlias, (String) null,
635                        IFSConstants.ID, this.id,
636                        false);
637            } else if (minorVersion ==
638                    IFSConstants.FF_12_POST_ASSERTION_MINOR_VERSION
639                    || minorVersion ==
640                    IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION) {
641                signatureString =
642                        manager.signXML(this.toXMLString(true, true),
643                        certAlias, (String) null,
644                        IFSConstants.ASSERTION_ID,
645                        this.getAssertionID(), false);
646            } else {
647                if (FSUtils.debug.messageEnabled()) {
648                    FSUtils.debug.message("invalid minor version.");
649                }
650            }
651            signature = XMLUtils.toDOMDocument(signatureString, FSUtils.debug)
652            .getDocumentElement();
653            signed = true;
654            xmlString = this.toXMLString(true, true);
655        } catch(Exception e){
656            FSUtils.debug.message(" Exception :" + e.getMessage());
657            throw new SAMLResponderException(e);
658        }
659    }
660    
661    /**
662     * Sets the <code>Element's</code> signature.
663     *
664     * @param elem the <code>Element</code> object
665     * @return true if signature is set otherwise false
666     */
667    public boolean setSignature(Element elem) {
668        signatureString = XMLUtils.print(elem);
669        return super.setSignature(elem);
670    }
671    
672    /**
673     * Parses the advice element to extract the Security <code>Assertion</code>.
674     *
675     * @param element the <code>Advice</code> Element.
676     */
677    public void parseAdvice(Element element) {
678        NodeList nl = element.getChildNodes();
679        int length = nl.getLength();
680        for (int n=0; n<length; n++) {
681            Node child = (Node)nl.item(n);
682            if (child.getNodeType() != Node.ELEMENT_NODE) {
683                continue;
684            }
685            String childName = child.getLocalName();
686            if (childName.equals("Assertion")) {
687                try {
688                    if (securityAssertions == null) {
689                        securityAssertions = new ArrayList();
690                    }
691                    securityAssertions.add(
692                            new SecurityAssertion((Element)child));
693                } catch (Exception ex) {
694                    FSUtils.debug.error("FSAssertion.parseAdvice: Error in" +
695                            "parsing security assertion", ex);
696                }
697            }
698        }
699        if ((securityAssertions != null) && (!securityAssertions.isEmpty())) {
700            _advice = new Advice(null, securityAssertions, null);
701        }
702    }
703    
704    /**
705     * Returns the discovery service credentials from the boot strap.
706     *
707     * @return the discovery service credentials from the boot strap.
708     */
709    public List getDiscoveryCredential() {
710        return securityAssertions;
711    }
712}




























































Copyright © 2010-2017, ForgeRock All Rights Reserved.