001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: FSAssertion.java,v 1.2 2008/06/25 05:46:43 qcheng Exp $ 026 * Portions Copyrighted 2014 ForgeRock AS 027 */ 028 029 030package com.sun.identity.federation.message; 031 032import com.sun.identity.federation.common.FSUtils; 033import com.sun.identity.federation.common.IFSConstants; 034import com.sun.identity.federation.message.common.FSMsgException; 035import com.sun.identity.saml.assertion.Advice; 036import com.sun.identity.saml.assertion.Assertion; 037import com.sun.identity.saml.assertion.AttributeStatement; 038import com.sun.identity.saml.assertion.AuthorizationDecisionStatement; 039import com.sun.identity.saml.assertion.Conditions; 040import com.sun.identity.saml.assertion.Statement; 041import com.sun.identity.saml.common.SAMLConstants; 042import com.sun.identity.saml.common.SAMLException; 043import com.sun.identity.saml.common.SAMLResponderException; 044import com.sun.identity.saml.common.SAMLVersionMismatchException; 045import com.sun.identity.saml.xmlsig.XMLSignatureManager; 046import com.sun.identity.liberty.ws.security.SecurityAssertion; 047import com.sun.identity.shared.DateUtils; 048import com.sun.identity.shared.xml.XMLUtils; 049import java.text.ParseException; 050import java.util.ArrayList; 051import java.util.Date; 052import java.util.Iterator; 053import java.util.List; 054import java.util.Set; 055import org.w3c.dom.Element; 056import org.w3c.dom.Node; 057import org.w3c.dom.NodeList; 058 059/** 060 * The class <code>FSAssertion</code> creates and parses Liberty 061 * <code>Assertion</code> during the Single Sign-On process. 062 * This class extends from SAML Assertion. 063 * 064 * @supported.all.api 065 * @deprecated since 12.0.0 066 */ 067@Deprecated 068public class FSAssertion extends Assertion { 069 070 /** 071 * The Document Element of this object. 072 */ 073 private Element domElement; 074 075 /** 076 * The <code>SAMLConstants</code> object. 077 */ 078 static SAMLConstants sc; 079 080 /** 081 * The value of the <code>id</code> attribute in the <code>Assertion</code>. 082 */ 083 protected String id; 084 085 /** 086 * The value of the <code>MinorVersion</Version> attribute in 087 * the <code>Assertion</code>. 088 */ 089 protected int minorVersion = IFSConstants.FF_11_ASSERTION_MINOR_VERSION; 090 091 /** 092 * List of Security <code>Assertions</code>. 093 */ 094 private List securityAssertions; 095 096 /** 097 * The value of the <code>InResponseTo</code> attribute in the 098 * <code>Assertion</code>. 099 */ 100 protected String inResponseTo ; 101 102 /** 103 * Constructor to create an <code>FSAssertion</code> object 104 * from the Document Element. 105 * 106 * @param assertionElement the <code>Assertion</code> Document Element. 107 * @throws FSMsgException if the document element is null 108 * or cannot be retrieved. 109 * @throws SAMLException if the SAML Assertion version is 110 * incorrect 111 */ 112 public FSAssertion(Element assertionElement ) 113 throws FSMsgException, SAMLException { 114 FSUtils.debug.message("FSAssertion(Element): Called"); 115 Element elt = (Element) assertionElement; 116 String eltName = elt.getLocalName(); 117 if (eltName == null) { 118 if (FSUtils.debug.messageEnabled()) { 119 FSUtils.debug.message("FSAssertion: local name missing"); 120 } 121 throw new FSMsgException("nullInput", null) ; 122 } 123 if (!(eltName.equals(IFSConstants.ASSERTION))) { 124 if (FSUtils.debug.messageEnabled()) { 125 FSUtils.debug.message("FSAssertion: invalid root element"); 126 } 127 String[] args = { eltName }; 128 throw new FSMsgException("invalidElement" , args) ; 129 } 130 domElement = assertionElement; 131 id = elt.getAttribute(IFSConstants.ID); 132 String read = elt.getAttribute(IFSConstants.MAJOR_VERSION); 133 if ((read == null) || (read.length() == 0)) { 134 if (FSUtils.debug.messageEnabled()) { 135 FSUtils.debug.message("FSAssertion: MajorVersion missing"); 136 } 137 String[] args = { "MajorVersion" }; 138 throw new FSMsgException("missingAttribute", args); 139 } else { 140 int ver = 0; 141 try { 142 ver = Integer.parseInt(read); 143 } catch ( NumberFormatException ne ) { 144 FSUtils.debug.error("FSAssertion: invalid integer " + 145 "in MajorVersion", ne); 146 throw new FSMsgException("invalidNumber",null); 147 } 148 if (ver != sc.ASSERTION_MAJOR_VERSION) { 149 if(ver < sc.ASSERTION_MAJOR_VERSION) { 150 FSUtils.debug.error("FSAssertion: MajorVersion too low"); 151 throw new SAMLVersionMismatchException(FSUtils.BUNDLE_NAME, 152 "assertionVersionTooLow",null); 153 } else if (ver > sc.ASSERTION_MAJOR_VERSION) { 154 FSUtils.debug.error("FSAssertion: MajorVersion too high"); 155 throw new SAMLVersionMismatchException(FSUtils.BUNDLE_NAME, 156 "assertionVersionTooHigh",null); 157 } 158 } 159 } 160 read = elt.getAttribute(IFSConstants.MINOR_VERSION); 161 if ((read == null) || (read.length() == 0)) { 162 FSUtils.debug.error("FSAssertion: MinorVersion missing"); 163 String[] args = { "MinorVersion" }; 164 throw new FSMsgException("missingAttribute",args); 165 } else { 166 try { 167 minorVersion = Integer.parseInt(read); 168 } catch ( NumberFormatException ne ) { 169 FSUtils.debug.error( 170 "FSAssertion: invalid integer in MinorVersion", ne); 171 throw new FSMsgException("invalidNumber",null); 172 } 173 if (minorVersion < IFSConstants.FF_11_ASSERTION_MINOR_VERSION) { 174 FSUtils.debug.error("FSAssertion: MinorVersion too low"); 175 throw new SAMLVersionMismatchException(FSUtils.BUNDLE_NAME, 176 "assertionVersionTooLow",null); 177 } else if (minorVersion > 178 IFSConstants.FF_12_POST_ASSERTION_MINOR_VERSION) { 179 FSUtils.debug.error("FSAssertion: MinorVersion too high"); 180 throw new SAMLVersionMismatchException(FSUtils.BUNDLE_NAME, 181 "assertionMinorVersionTooHigh",null); 182 } 183 } 184 read = elt.getAttribute(IFSConstants.ASSERTION_ID); 185 if ((read == null) || (read.length() == 0)) { 186 if (FSUtils.debug.messageEnabled()) { 187 FSUtils.debug.message("FSAssertion: AssertionID missing"); 188 } 189 String[] args = { IFSConstants.ASSERTION_ID }; 190 throw new FSMsgException("missingAttribute",args); 191 } else { 192 setAssertionID(read); 193 } 194 read = elt.getAttribute(IFSConstants.ISSUER); 195 if ((read == null) || (read.length() == 0)) { 196 if (FSUtils.debug.messageEnabled()) { 197 FSUtils.debug.message("FSAssertion: Issuer missing"); 198 } 199 String[] args = { IFSConstants.ISSUER }; 200 throw new FSMsgException("missingAttribute",args); 201 } else { 202 setIssuer(read); 203 } 204 read = elt.getAttribute(IFSConstants.IN_RESPONSE_TO); 205 if ((read == null) || (read.length() == 0)) { 206 if (FSUtils.debug.messageEnabled()) { 207 FSUtils.debug.message("FSAssertion: InResponseTo missing"); 208 } 209 String[] args = { IFSConstants.IN_RESPONSE_TO }; 210 throw new FSMsgException("missingAttribute",args); 211 } else { 212 inResponseTo = read; 213 } 214 read = elt.getAttribute(IFSConstants.ISSUE_INSTANT); 215 if ((read == null) || (read.length() == 0)) { 216 if (FSUtils.debug.messageEnabled()) { 217 FSUtils.debug.message("FSAssertion: IssueInstant missing"); 218 } 219 String[] args = { IFSConstants.ISSUE_INSTANT }; 220 throw new FSMsgException("missingAttribute",args); 221 } else { 222 try { 223 setIssueInstant(DateUtils.stringToDate(read)); 224 } catch (ParseException pe) { 225 FSUtils.debug.message( 226 "FSAssertion: could not parse IssueInstant", pe); 227 throw new FSMsgException("wrongInput",null); 228 } 229 } 230 boolean statementFound = false; 231 NodeList nl = assertionElement.getChildNodes(); 232 int length = nl.getLength(); 233 for (int n=0; n<length; n++) { 234 Node child = (Node)nl.item(n); 235 if (child.getNodeType() != Node.ELEMENT_NODE) continue; 236 String childName = child.getLocalName(); 237 if (childName.equals(IFSConstants.CONDITIONS)){ 238 setConditions(new Conditions((Element)child)); 239 } else if (childName.equals(IFSConstants.ADVICE)){ 240 /** 241 * The SAML Advice could not parse this advice as it does not 242 * anything about Resource Access Statement. Hence commenting 243 * the following and parsing in this assertion only. Currently 244 * the FSAssertion does not have any advice element besides for 245 * the credential. 246 */ 247 parseAdvice((Element)child); 248 } else if (childName.equals(IFSConstants.AUTHENTICATIONSTATEMENT)) { 249 addStatement(new FSAuthenticationStatement((Element)child)); 250 statementFound=true; 251 } else if (childName.equals(IFSConstants.AUTHZDECISIONSTATEMENT)) { 252 addStatement(new AuthorizationDecisionStatement( 253 (Element)child)); 254 statementFound=true; 255 } else if (childName.equals(IFSConstants.ATTRIBUTESTATEMENT)) { 256 addStatement(new AttributeStatement((Element)child)); 257 statementFound=true; 258 } else if (childName.equals(IFSConstants.SIGNATURE)) { 259 if (FSUtils.debug.messageEnabled()) { 260 FSUtils.debug.message("FSAssertion: Signature found"); 261 } 262 } else { 263 if (FSUtils.debug.messageEnabled()) { 264 FSUtils.debug.message( 265 "FSAssertion: invalid element in Assertion"); 266 } 267 throw new FSMsgException("invalidElement", null); 268 } 269 } 270 //check for signature 271 List signs = XMLUtils.getElementsByTagNameNS1(assertionElement, 272 SAMLConstants.XMLSIG_NAMESPACE_URI, 273 SAMLConstants.XMLSIG_ELEMENT_NAME); 274 int signsSize = signs.size(); 275 if (signsSize == 1) { 276 Element elem = (Element)signs.get(0); 277 setSignature(elem); 278 xmlString = XMLUtils.print(assertionElement); 279 signed = true; 280 } else if (signsSize != 0) { 281 if (FSUtils.debug.messageEnabled()) { 282 FSUtils.debug.message("FSAssertion(Element): included more than" 283 + " one Signature element."); 284 } 285 throw new FSMsgException("moreElement", null); 286 } 287 //end check for signature 288 if (!statementFound) { 289 if (FSUtils.debug.messageEnabled()) { 290 FSUtils.debug.message("Assertion: mandatory statement missing"); 291 } 292 throw new FSMsgException("missingStatement",null); 293 } 294 FSUtils.debug.message("FSAssertion(Element): leaving"); 295 } 296 297 /** 298 * Constructor to create <code>FSAssertion</code> object. 299 * 300 * @param assertionID the <code>AssertionID</code> element. 301 * @param issuer the <code>Issuer</code> element. 302 * @param issueInstant the <code>IssueInstant</code> element. 303 * @param statements the <code>Statement</code> elements. 304 * List of statements that need to be added in assertion. 305 * @param inResponseTo value of <code>InResponseTo</code> attribute in the 306 * assertion. 307 * @throws FSMsgException if the document element is null 308 * or cannot be retrieved. 309 * @throws SAMLException if the SAML Assertion version is 310 * incorrect. 311 */ 312 public FSAssertion(String assertionID,String issuer,Date issueInstant, 313 Set statements,String inResponseTo) 314 throws FSMsgException, SAMLException { 315 super(assertionID, issuer, issueInstant, statements); 316 this.inResponseTo = inResponseTo; 317 } 318 319 /** 320 * Constructor to create <code>FSAssertion</code> object. 321 * 322 * @param assertionID the <code>AssertionID</code> element. 323 * @param issuer the <code>Issuer</code> element. 324 * @param issueInstant the <code>IssueInstant</code> element. 325 * @param conditions the <code>Conditions</code> object. 326 * @param statements the <code>Statement</code> elements. 327 * List of statements that need to be added in assertion. 328 * @param inResponseTo value of <code>InResponseTo</code> attribute in 329 * the assertion. 330 * @throws FSMsgException if the document element is null 331 * or cannot be retrieved. 332 * @throws SAMLException if the SAML Assertion version is 333 * incorrect. 334 */ 335 public FSAssertion(String assertionID,String issuer,Date issueInstant, 336 Conditions conditions,Set statements,String inResponseTo) 337 throws FSMsgException, SAMLException { 338 super(assertionID, issuer, issueInstant, conditions, statements); 339 this.inResponseTo = inResponseTo; 340 } 341 342 /** 343 * Constructor to create an <code>FSAssertion</code> object. 344 * 345 * @param assertionID the <code>AssertionID</code> element. 346 * @param issuer the <code>Issuer</code> element. 347 * @param issueInstant the <code>IssueInstant</code> element. 348 * @param conditions the <code>Conditions</code> object. 349 * @param advice the <code>Advice</code> object. 350 * @param statements the <code>Statement</code> elements. 351 * List of statements that need to be added in assertion. 352 * @param inResponseTo value of <code>InResponseTo</code> attribute 353 * in the assertion. 354 * @throws FSMsgException if the document element is null 355 * or cannot be retrieved. 356 * @throws SAMLException if the SAML Assertion version is 357 * incorrect. 358 */ 359 public FSAssertion(String assertionID,String issuer,Date issueInstant, 360 Conditions conditions,Advice advice,Set statements, 361 String inResponseTo) 362 throws FSMsgException, SAMLException { 363 super(assertionID, issuer, issueInstant,conditions, advice, statements); 364 this.inResponseTo = inResponseTo; 365 } 366 367 /** 368 * Returns value of <code>id</code> attribute. 369 * 370 * @return value of <code>id</code> attribute. 371 * @see #setID(String) 372 */ 373 public String getID(){ 374 return id; 375 } 376 377 /** 378 * Sets value of <code>id<code> attribute. 379 * 380 * @param id value of <code>id</code> attribute. 381 * @see #getID 382 */ 383 public void setID(String id){ 384 this.id = id; 385 } 386 387 /** 388 * Returns the <code>MinorVersion</code> attribute. 389 * 390 * @return the <code>MinorVersion</code> attribute. 391 * @see #setMinorVersion(int) 392 */ 393 public int getMinorVersion() { 394 return minorVersion; 395 } 396 397 /** 398 * Sets the <code>MinorVersion</code> attribute. 399 * 400 * @param version the <code>MinorVersion</code> attribute. 401 * @see #getMinorVersion 402 */ 403 public void setMinorVersion(int version) { 404 minorVersion = version; 405 } 406 407 /** 408 * Returns the Document Element for this object. 409 * 410 * @return the Document Element for this object. 411 */ 412 public Element getDOMElement() { 413 return domElement; 414 } 415 416 /** 417 * Returns the value of <code>InResponseTo</code> attribute. 418 * 419 * @return the value of <code>InResponseTo</code> attribute. 420 * @see #setInResponseTo(String) 421 */ 422 public String getInResponseTo() { 423 return inResponseTo; 424 } 425 426 /** 427 * Sets the value of <code>InResponseTo</code> attribute. 428 * 429 * @param inResponseTo value of <code>InResponseTo</code> attribute. 430 * @see #getInResponseTo 431 */ 432 public void setInResponseTo(String inResponseTo) { 433 this.inResponseTo = inResponseTo; 434 } 435 436 /** 437 * Returns Signed XML String. 438 * 439 * @return Signed XML String. 440 */ 441 public String getSignedXMLString(){ 442 return xmlString; 443 } 444 445 /** 446 * Returns the <code>Signature</code> string. 447 * 448 * @return the <code>Signature</code> string. 449 */ 450 public String getSignatureString(){ 451 return signatureString; 452 } 453 454 /** 455 * Checks validity of time in the assertion. 456 * 457 * @return true if time is valid otherwise false. 458 */ 459 public boolean isTimeValid() { 460 boolean isTimeValid = true; 461 Conditions conditions = getConditions(); 462 if (conditions != null) { 463 isTimeValid = conditions.checkDateValidity( 464 System.currentTimeMillis()); 465 } 466 return isTimeValid; 467 } 468 469 /** 470 * Adds the <code>Statement</code> object to the 471 * Statment's object Set. 472 * 473 * @param statement the <code>Statement</code> object. 474 * @return false if statement is null else true. 475 */ 476 public boolean addStatement(Statement statement) { 477 boolean addedStmt = false; 478 if (statement != null) { 479 super.addStatement(statement); 480 addedStmt = true; 481 } 482 return addedStmt; 483 } 484 485 /** 486 * Returns a <code>XML</code> String representation of this object. 487 * 488 * @return a String representation of this Object. 489 * @throws FSMsgException if there is an error creating 490 * the <code>XML</code> string. 491 */ 492 493 public String toXMLString() throws FSMsgException { 494 return this.toXMLString(true, true); 495 } 496 497 /** 498 * Returns a <code>XML</code> String representation of this object. 499 * 500 * @param includeNS determines whether or not the namespace qualifier is 501 * prepended to the Element when converted 502 * @param declareNS determines whether or not the namespace is declared 503 * within the Element. 504 * @return a string containing the valid <code>XML</code> for this object. 505 * @throws FSMsgException if there is an error creating 506 * the <code>XML</code> string. 507 */ 508 509 public java.lang.String toXMLString(boolean includeNS,boolean declareNS) 510 throws FSMsgException { 511 StringBuffer xml = new StringBuffer(3000); 512 String NS=""; 513 String appendNS=""; 514 String libNS=""; 515 String libAppendNS=""; 516 String uriXSI=""; 517 if (declareNS) { 518 NS=sc.assertionDeclareStr; 519 if(minorVersion == IFSConstants.FF_12_POST_ASSERTION_MINOR_VERSION 520 || minorVersion == 521 IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION) { 522 libNS = IFSConstants.LIB_12_NAMESPACE_STRING; 523 } else { 524 libNS = IFSConstants.LIB_NAMESPACE_STRING; 525 } 526 uriXSI = IFSConstants.XSI_NAMESPACE_STRING; 527 } 528 if (includeNS) { 529 appendNS= SAMLConstants.ASSERTION_PREFIX; 530 libAppendNS = IFSConstants.LIB_PREFIX; 531 } 532 String dateStr = null; 533 if (getIssueInstant() != null) { 534 dateStr = DateUtils.toUTCDateFormat(getIssueInstant()); 535 } 536 xml.append(IFSConstants.LEFT_ANGLE) 537 .append(appendNS).append(IFSConstants.ASSERTION) 538 .append(IFSConstants.SPACE) 539 .append(NS).append(IFSConstants.SPACE).append(uriXSI) 540 .append(IFSConstants.SPACE).append(libNS) 541 .append(IFSConstants.SPACE); 542 543 if (minorVersion == IFSConstants.FF_11_ASSERTION_MINOR_VERSION && 544 id != null && !(id.length() == 0)) { 545 xml.append(IFSConstants.SPACE).append(IFSConstants.ID) 546 .append(IFSConstants.EQUAL_TO).append(IFSConstants.QUOTE) 547 .append(id).append(IFSConstants.QUOTE) 548 .append(IFSConstants.SPACE); 549 } 550 xml.append(IFSConstants.MAJOR_VERSION) 551 .append(IFSConstants.EQUAL_TO).append(IFSConstants.QUOTE) 552 .append(getMajorVersion()).append(IFSConstants.QUOTE) 553 .append(IFSConstants.SPACE).append(IFSConstants.MINOR_VERSION) 554 .append(IFSConstants.EQUAL_TO).append(IFSConstants.QUOTE) 555 .append(minorVersion).append(IFSConstants.QUOTE) 556 .append(IFSConstants.SPACE).append(IFSConstants.ASSERTION_ID) 557 .append(IFSConstants.EQUAL_TO).append(IFSConstants.QUOTE) 558 .append(getAssertionID()).append(IFSConstants.QUOTE) 559 .append(IFSConstants.SPACE).append(IFSConstants.ISSUER) 560 .append(IFSConstants.EQUAL_TO).append(IFSConstants.QUOTE) 561 .append(getIssuer()).append(IFSConstants.QUOTE) 562 .append(IFSConstants.SPACE).append(IFSConstants.ISSUE_INSTANT) 563 .append(IFSConstants.EQUAL_TO).append(IFSConstants.QUOTE) 564 .append(dateStr).append(IFSConstants.QUOTE) 565 .append(IFSConstants.SPACE).append(IFSConstants.IN_RESPONSE_TO) 566 .append(IFSConstants.EQUAL_TO).append(IFSConstants.QUOTE) 567 .append(inResponseTo).append(IFSConstants.QUOTE) 568 .append(IFSConstants.SPACE) 569 .append(IFSConstants.XSI_TYPE) 570 .append(IFSConstants.EQUAL_TO).append(IFSConstants.QUOTE) 571 .append(libAppendNS) 572 .append(IFSConstants.ASSERTION_TYPE).append(IFSConstants.QUOTE) 573 .append(IFSConstants.RIGHT_ANGLE).append(sc.NL); 574 575 if (getConditions() != null) { 576 xml.append(getConditions().toString(includeNS, false)); 577 } 578 if (getAdvice() != null) { 579 xml.append(getAdvice().toString(includeNS, false)); 580 } 581 582 Iterator i = getStatement().iterator(); 583 while (i.hasNext()) { 584 Statement st = (Statement)i.next(); 585 if(st instanceof FSAuthenticationStatement){ 586 xml.append(((FSAuthenticationStatement)st).toXMLString( 587 includeNS, false)); 588 } else if(st instanceof AttributeStatement) { 589 xml.append(((AttributeStatement)st).toString(includeNS, false)); 590 } 591 } 592 if (signed) { 593 if (signatureString != null) { 594 xml.append(signatureString); 595 } else if (signature != null) { 596 signatureString = XMLUtils.print(signature); 597 xml.append(signatureString); 598 } 599 } 600 xml.append(IFSConstants.START_END_ELEMENT) 601 .append(appendNS).append(IFSConstants.ASSERTION) 602 .append(IFSConstants.RIGHT_ANGLE) 603 .append(IFSConstants.NL); 604 605 return xml.toString(); 606 } 607 608 /** 609 * Signs the <code>Assertion</code>. 610 * 611 * @param certAlias the alias/name of the certificate. 612 * @throws SAMLException if <code>FSAssertion</code> 613 * cannot be signed. 614 */ 615 public void signXML(String certAlias) throws SAMLException { 616 FSUtils.debug.message("FSAssertion.signXML: Called"); 617 if (signed) { 618 if (FSUtils.debug.messageEnabled()) { 619 FSUtils.debug.message("FSAssertion.signXML: the assertion is " 620 + "already signed."); 621 } 622 throw new SAMLResponderException( 623 FSUtils.BUNDLE_NAME,"alreadySigned",null); 624 } 625 if (certAlias == null || certAlias.length() == 0) { 626 throw new SAMLResponderException(FSUtils.BUNDLE_NAME, 627 "cannotFindCertAlias",null); 628 } 629 630 try { 631 XMLSignatureManager manager = XMLSignatureManager.getInstance(); 632 if (minorVersion == IFSConstants.FF_11_ASSERTION_MINOR_VERSION) { 633 signatureString = manager.signXML(this.toXMLString(true, true), 634 certAlias, (String) null, 635 IFSConstants.ID, this.id, 636 false); 637 } else if (minorVersion == 638 IFSConstants.FF_12_POST_ASSERTION_MINOR_VERSION 639 || minorVersion == 640 IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION) { 641 signatureString = 642 manager.signXML(this.toXMLString(true, true), 643 certAlias, (String) null, 644 IFSConstants.ASSERTION_ID, 645 this.getAssertionID(), false); 646 } else { 647 if (FSUtils.debug.messageEnabled()) { 648 FSUtils.debug.message("invalid minor version."); 649 } 650 } 651 signature = XMLUtils.toDOMDocument(signatureString, FSUtils.debug) 652 .getDocumentElement(); 653 signed = true; 654 xmlString = this.toXMLString(true, true); 655 } catch(Exception e){ 656 FSUtils.debug.message(" Exception :" + e.getMessage()); 657 throw new SAMLResponderException(e); 658 } 659 } 660 661 /** 662 * Sets the <code>Element's</code> signature. 663 * 664 * @param elem the <code>Element</code> object 665 * @return true if signature is set otherwise false 666 */ 667 public boolean setSignature(Element elem) { 668 signatureString = XMLUtils.print(elem); 669 return super.setSignature(elem); 670 } 671 672 /** 673 * Parses the advice element to extract the Security <code>Assertion</code>. 674 * 675 * @param element the <code>Advice</code> Element. 676 */ 677 public void parseAdvice(Element element) { 678 NodeList nl = element.getChildNodes(); 679 int length = nl.getLength(); 680 for (int n=0; n<length; n++) { 681 Node child = (Node)nl.item(n); 682 if (child.getNodeType() != Node.ELEMENT_NODE) { 683 continue; 684 } 685 String childName = child.getLocalName(); 686 if (childName.equals("Assertion")) { 687 try { 688 if (securityAssertions == null) { 689 securityAssertions = new ArrayList(); 690 } 691 securityAssertions.add( 692 new SecurityAssertion((Element)child)); 693 } catch (Exception ex) { 694 FSUtils.debug.error("FSAssertion.parseAdvice: Error in" + 695 "parsing security assertion", ex); 696 } 697 } 698 } 699 if ((securityAssertions != null) && (!securityAssertions.isEmpty())) { 700 _advice = new Advice(null, securityAssertions, null); 701 } 702 } 703 704 /** 705 * Returns the discovery service credentials from the boot strap. 706 * 707 * @return the discovery service credentials from the boot strap. 708 */ 709 public List getDiscoveryCredential() { 710 return securityAssertions; 711 } 712}
Copyright © 2010-2017, ForgeRock All Rights Reserved.