001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: FSSAMLRequest.java,v 1.2 2008/06/25 05:46:45 qcheng Exp $
026 * Portions Copyrighted 2014 ForgeRock AS
027 */
028
029package com.sun.identity.federation.message;
030
031import java.text.ParseException;
032import java.util.List;
033import java.util.Collections;
034import java.util.ArrayList;
035
036import org.w3c.dom.Element;
037import org.w3c.dom.Node;
038import org.w3c.dom.NodeList;
039import com.sun.identity.shared.xml.XMLUtils;
040import com.sun.identity.shared.DateUtils;
041import com.sun.identity.saml.protocol.AssertionArtifact;
042import com.sun.identity.saml.protocol.Request;
043import com.sun.identity.saml.common.SAMLConstants;
044import com.sun.identity.saml.common.SAMLException;
045import com.sun.identity.saml.common.SAMLUtils;
046import com.sun.identity.saml.common.SAMLRequestVersionTooHighException;
047import com.sun.identity.saml.common.SAMLRequestVersionTooLowException;
048import com.sun.identity.saml.common.SAMLRequesterException;
049import com.sun.identity.saml.xmlsig.XMLSignatureManager;
050import com.sun.identity.federation.common.*;
051
052/**
053 * This class had methods to create a <code>SAML</code> Request
054 * object from a Document Element and to create Request message
055 * from this object.
056 *
057 * @supported.all.api
058 * @deprecated since 12.0.0
059 */
060@Deprecated
061public class FSSAMLRequest extends Request {
062    
063    /*
064     * Default Constructor.
065     */
066    protected FSSAMLRequest() {}
067    
068    /**
069     * Constructor creates <code>FSSAMLRequest</code> from
070     * the Document Element.
071     *
072     * @param root the Document Element.
073     * @throws SAMLException if there is an error creating this object.
074     */
075    public FSSAMLRequest(Element root) throws SAMLException {
076        // Make sure this is a Request
077        String tag = null;
078        if (root == null) {
079            SAMLUtils.debug.message("FSSAMLRequest(Element): null input.");
080            throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
081                    "nullInput",null);
082        }
083        if (((tag = root.getLocalName()) == null) ||
084                (!tag.equals("Request"))) {
085            SAMLUtils.debug.message("FSSAMLRequest(Element): wrong input");
086            throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
087                    "wrongInput",null);
088        }
089        
090        // Attribute MajorVersion
091        parseMajorVersion(root.getAttribute("MajorVersion"));
092        
093        // Attribute MinorVersion
094        parseMinorVersion(root.getAttribute("MinorVersion"));
095        
096        List signs = XMLUtils.getElementsByTagNameNS1(root,
097                SAMLConstants.XMLSIG_NAMESPACE_URI,
098                SAMLConstants.XMLSIG_ELEMENT_NAME);
099        int signsSize = signs.size();
100        if (signsSize == 1) {
101            XMLSignatureManager manager = XMLSignatureManager.getInstance();
102            if (minorVersion ==
103                    IFSConstants.FF_11_SAML_PROTOCOL_MINOR_VERSION) {
104                valid = manager.verifyXMLSignature(root);
105            } else {
106                valid = manager.verifyXMLSignature(root,
107                        IFSConstants.REQUEST_ID, null);
108            }
109            if (!valid) {
110                if (SAMLUtils.debug.messageEnabled()) {
111                    SAMLUtils.debug.message("FSSAMLRequest(Element): couldn't"
112                            + " verify Request's signature.");
113                }
114            }
115            xmlString = XMLUtils.print(root);
116            signed = true;
117        } else if (signsSize != 0) {
118            if (SAMLUtils.debug.messageEnabled()) {
119                SAMLUtils.debug.message("FSSAMLRequest(Element): included more "
120                        + "than one Signature element.");
121            }
122            throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
123                    "moreElement",null);
124        }
125        
126        // Attribute RequestID
127        requestID = root.getAttribute("RequestID");
128        if ((requestID == null) || (requestID.length() == 0)) {
129            if (SAMLUtils.debug.messageEnabled()) {
130                SAMLUtils.debug.message("FSSAMLRequest(Element): Request "
131                        + "does not have a RequestID.");
132            }
133            String[] args = { IFSConstants.REQUEST_ID };
134            throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
135                    "missingAttribute",args);
136        }
137        
138        // Attribute IssueInstant
139        String instantString = root.getAttribute("IssueInstant");
140        if ((instantString == null) || (instantString.length() == 0)) {
141            SAMLUtils.debug.message("FSSAMLRequest(Element): "
142                    + " missing IssueInstant");
143            String[] args = { IFSConstants.ISSUE_INSTANT };
144            throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
145                    "missingAttribute",args);
146        } else {
147            try {
148                issueInstant = DateUtils.stringToDate(instantString);
149            } catch (ParseException e) {
150                SAMLUtils.debug.message(
151                        "FSSAMLRequest(Element): could not parse IssueInstant",
152                        e);
153                throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
154                        "wrongInput",null);
155            }
156        }
157        
158        // get the contents of the request
159        NodeList contentnl = root.getChildNodes();
160        Node child;
161        String nodeName;
162        String respondWith;
163        for (int i = 0, length = contentnl.getLength(); i < length; i++) {
164            child = contentnl.item(i);
165            if ((nodeName = child.getLocalName()) != null) {
166                if (nodeName.equals("RespondWith")) {
167                    respondWith = XMLUtils.getElementValue((Element) child);
168                    if (respondWith.length() == 0) {
169                        if (SAMLUtils.debug.messageEnabled()) {
170                            SAMLUtils.debug.message("FSSAMLRequest(Element): "
171                                    + "wrong RespondWith value.");
172                        }
173                        throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
174                                "wrongInput",null);
175                    }
176                    if (respondWiths == Collections.EMPTY_LIST) {
177                        respondWiths = new ArrayList();
178                    }
179                    respondWiths.add(respondWith);
180                } else if (nodeName.equals("Signature")) {
181                    signature = (Element) child;
182                } else if (nodeName.equals("AssertionArtifact")) {
183                    // make sure the content has no other elements assigned
184                    if ((contentType != NOT_SUPPORTED) &&
185                            (contentType != ASSERTION_ARTIFACT)) {
186                        if (SAMLUtils.debug.messageEnabled()) {
187                            SAMLUtils.debug.message("FSSAMLRequest(Element): "
188                                    + "contained mixed contents.");
189                        }
190                        throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
191                                "wrongInput",null);
192                    }
193                    contentType = ASSERTION_ARTIFACT;
194                    if (artifacts == Collections.EMPTY_LIST) {
195                        artifacts = new ArrayList();
196                    }
197                    try{
198                        AssertionArtifact newArt = new FSAssertionArtifact(
199                                XMLUtils.getElementValue((Element) child));
200                        artifacts.add(newArt);
201                    }catch (Exception e){
202                        SAMLUtils.debug.error("FSSAMLRequest(Element): ", e);
203                    }
204                } else {
205                    if (SAMLUtils.debug.messageEnabled()) {
206                        SAMLUtils.debug.message("FSSAMLRequest(Element):invalid"
207                                + " node" + nodeName);
208                    }
209                    throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
210                            "wrongInput",null);
211                } // check nodeName
212            } // if nodeName != null
213        } // done for the nodelist loop
214        
215        if (contentType == NOT_SUPPORTED) {
216            SAMLUtils.debug.message("Request: empty content.");
217            throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
218                    "wrongInput",null);
219        }
220    }
221    
222    
223    /**
224     * Sets the <code>MajorVersion</code> by parsing the version string.
225     *
226     * @param majorVer a String representing the <code>MajorVersion</code> to
227     *        be set.
228     * @throws SAMLException when the version mismatches.
229     */
230    private void parseMajorVersion(String majorVer) throws SAMLException {
231        try {
232            majorVersion = Integer.parseInt(majorVer);
233        } catch (NumberFormatException e) {
234            if (SAMLUtils.debug.messageEnabled()) {
235                SAMLUtils.debug.message("FSSAMLRequest(Element): invalid "
236                        + "MajorVersion", e);
237            }
238            throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
239                    "wrongInput",null);
240        }
241        
242        if (majorVersion != SAMLConstants.PROTOCOL_MAJOR_VERSION) {
243            if (majorVersion > SAMLConstants.PROTOCOL_MAJOR_VERSION) {
244                if (SAMLUtils.debug.messageEnabled()) {
245                    SAMLUtils.debug.message("FSSAMLRequest(Element): "
246                            + "MajorVersion of the Request is too high.");
247                }
248                throw new SAMLRequestVersionTooHighException(
249                        FSUtils.BUNDLE_NAME,"requestVersionTooHigh",null);
250            } else {
251                if (SAMLUtils.debug.messageEnabled()) {
252                    SAMLUtils.debug.message("FSSAMLRequest(Element): "
253                            + "MajorVersion of the Request is too low.");
254                }
255                throw new SAMLRequestVersionTooLowException(FSUtils.BUNDLE_NAME,
256                        "requestVersionTooLow",null);
257            }
258        }
259        
260    }
261    
262    /**
263     * Sets the <code>MinorVersion</code> by parsing the version string.
264     *
265     * @param minorVer a String representing the <code>MinorVersion</code> to
266     *        be set.
267     * @throws SAMLException when the version mismatches.
268     */
269    private void parseMinorVersion(String minorVer) throws SAMLException {
270        try {
271            minorVersion = Integer.parseInt(minorVer);
272        } catch (NumberFormatException e) {
273            if (FSUtils.debug.messageEnabled()) {
274                FSUtils.debug.message("Request(Element): invalid "
275                        + "MinorVersion", e);
276            }
277            throw new SAMLRequesterException(FSUtils.BUNDLE_NAME,
278                    "wrongInput",null);
279        }
280        
281        if(minorVersion > IFSConstants.FF_12_SAML_PROTOCOL_MINOR_VERSION) {
282            FSUtils.debug.error("Request(Element): MinorVersion"
283                    + " of the Request is too high.");
284            throw new SAMLRequestVersionTooHighException(FSUtils.BUNDLE_NAME,
285                    "requestVersionTooHigh",null);
286        } else if (minorVersion <
287                IFSConstants.FF_11_SAML_PROTOCOL_MINOR_VERSION) {
288            FSUtils.debug.error("Request(Element): MinorVersion"
289                    + " of the Request is too low.");
290            throw new SAMLRequestVersionTooLowException(FSUtils.BUNDLE_NAME,
291                    "requestVersionTooLow",null);
292        }
293    }
294    
295    /**
296     * Returns the <code>MinorVersion</code> attribute.
297     *
298     * @return the Minor Version.
299     * @see #setMinorVersion(int)
300     */
301    public int getMinorVersion() {
302        return minorVersion;
303    }
304    
305    /**
306     * Sets the <code>MinorVersion</code>.
307     *
308     * @param version the minor version in the assertion.
309     * @see #setMinorVersion(int)
310     */
311    public void setMinorVersion(int version) {
312        minorVersion = version;
313    }
314}