001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: FSAuthenticationStatement.java,v 1.2 2008/06/25 05:46:43 qcheng Exp $
026 * Portions Copyrighted 2014 ForgeRock AS
027 */
028
029package com.sun.identity.federation.message;
030
031import com.sun.identity.federation.common.IFSConstants;
032import com.sun.identity.federation.common.FSUtils;
033import com.sun.identity.federation.message.common.AuthnContext;
034import com.sun.identity.federation.message.common.FSMsgException;
035import com.sun.identity.saml.assertion.AuthenticationStatement;
036import com.sun.identity.saml.assertion.AuthorityBinding;
037import com.sun.identity.saml.assertion.Subject;
038import com.sun.identity.saml.assertion.SubjectLocality;
039import com.sun.identity.saml.common.SAMLConstants;
040import com.sun.identity.saml.common.SAMLException;
041import com.sun.identity.shared.DateUtils;
042import java.text.ParseException;
043import java.util.ArrayList;
044import java.util.Date;
045import java.util.Iterator;
046import java.util.List;
047import org.w3c.dom.Attr;
048import org.w3c.dom.Element;
049import org.w3c.dom.NamedNodeMap;
050import org.w3c.dom.Node;
051import org.w3c.dom.NodeList;
052
053/**
054 * The <code>FSAuthenticationStatement</code> element represents an
055 * authentication statement by the issuer that it's subject was authenticated
056 * by a  particular means at a particular time.
057 *
058 * @supported.all.api
059 * @deprecated since 12.0.0
060 */
061@Deprecated
062
063public class FSAuthenticationStatement extends AuthenticationStatement {
064    
065    protected Date reauthenticateOnOrAfter;
066    protected String sessionIndex = null;
067    protected AuthnContext _authnContext;
068    protected int minorVersion = IFSConstants.FF_11_PROTOCOL_MINOR_VERSION;
069    
070    /**
071     * Default Constructor.
072     */
073    public FSAuthenticationStatement(){
074    }
075    
076    /**
077     * Constructor to create <code>FSAuthenticationStatement</code> object.
078     *
079     * @param authMethod the Authentication method in the statement.
080     * @param authInstant the authentication date in the statement.
081     * @param subject the Subject in the statement.
082     * @param authnContext the Authentication Context.
083     * @throws FSMsgException if there is error
084     *         creating the object.
085     * @throws SAMLException if the version is incorrect.
086     */
087    public FSAuthenticationStatement(
088            String authMethod,
089            Date authInstant,
090            Subject subject,
091            AuthnContext authnContext
092            ) throws FSMsgException, SAMLException {
093        super(authMethod, authInstant, subject);
094        if (authnContext == null) {
095            if (FSUtils.debug.messageEnabled()) {
096                FSUtils.debug.message("FSAuthenticationStatement: missing" +
097                        "AuthnContext");
098            }
099        } else {
100            this._authnContext = authnContext;
101        }
102    }
103    
104    /**
105     * Constructor for create <code>FSAuthenticationStatement</code> object.
106     *
107     * @param authMethod the Authentication method in the statement.
108     * @param authInstant the authentication date in the statement.
109     * @param subject the <code>Subject</code> in the statement.
110     * @param subjectLocality the <code>SubjectLocality</code> in the statement.
111     * @param authorityBinding a List of <code>AuthorityBinding</code> objects.
112     * @param authnContext the Authentication Context.
113     * @throws FSMsgException if there is an error
114     *         creating the object.
115     * @throws SAMLException on error.
116     */
117    public FSAuthenticationStatement(
118            String authMethod,
119            Date authInstant,
120            Subject subject,
121            SubjectLocality subjectLocality,
122            List authorityBinding,
123            AuthnContext authnContext
124            ) throws FSMsgException, SAMLException {
125        super(authMethod,
126                authInstant,
127                subject,
128                subjectLocality,
129                authorityBinding);
130        
131        // check if the AuthnContext is null
132        if (authnContext == null) {
133            if (FSUtils.debug.messageEnabled()) {
134                FSUtils.debug.message("FSAuthenticationStatement: missing" +
135                        "AuthnContext.");
136            }
137        } else {
138            this._authnContext = authnContext;
139        }
140    }
141    
142    /**
143     * Constructs an <code>FSAuthenticationStatement</code> object from a
144     * Document Element.
145     *
146     * @param element the Document Element object.
147     * @throws FSMsgException if document element is null
148     *         or required attributes cannot be retrieved from the element.
149     * @throws SAMLException on error.
150     */
151    public FSAuthenticationStatement(Element element)
152    throws FSMsgException, SAMLException {
153        FSUtils.debug.message("FSAuthenticationStatement(Element):  Called");
154        if (element == null) {
155            FSUtils.debug.message("FSAuthenticationStatement: null input.");
156            throw new FSMsgException("nullInput",null);
157        }
158        int i = 0;
159        //handle the attributes of AuthenticationStatement
160        NamedNodeMap atts = ((Node)element).getAttributes();
161        int attCount = atts.getLength();
162        for (i = 0; i < attCount; i++) {
163            Node att = atts.item(i);
164            if (att.getNodeType() == Node.ATTRIBUTE_NODE) {
165                String attName = att.getLocalName();
166                if (attName == null || attName.length() == 0) {
167                    if (FSUtils.debug.messageEnabled()) {
168                        FSUtils.debug.message("FSAuthenticationStatement:" +
169                                "Attribute name is either null or empty.");
170                    }
171                    throw new FSMsgException("nullInput", null);
172                }
173                if (attName.equals(IFSConstants.AUTHENTICATION_METHOD)) {
174                    _authenticationMethod = ((Attr)att).getValue().trim();
175                } else if (attName.equals(IFSConstants.AUTHENTICATION_INSTANT)){
176                    try {
177                        _authenticationInstant =
178                                DateUtils.stringToDate(((Attr)att).getValue());
179                    } catch (ParseException pe ) {
180                        FSUtils.debug.error("FSAuthenticationStatement:" +
181                                "StringToDate: ", pe);
182                        throw new FSMsgException("wrongDateFormat",null);
183                    } // end of try...catch
184                } else if (attName.equals(IFSConstants.REAUTH_ON_OR_AFTER)) {
185                    try {
186                        reauthenticateOnOrAfter =
187                                DateUtils.stringToDate(((Attr)att).getValue());
188                    } catch (ParseException pe ) {
189                        FSUtils.debug.error("FSAuthenticationStatement:" +
190                                "StringToDate: ", pe);
191                        throw new FSMsgException("wrongDateFormat",null);
192                    }
193                } else if (attName.equals(IFSConstants.SESSION_INDEX)) {
194                    sessionIndex =
195                            ((Attr)att).getValue().trim();
196                }
197            }
198        } // end of for loop
199        //Handle the children elements of AuthenticationStatement
200        NodeList nodes = element.getChildNodes();
201        int nodeCount = nodes.getLength();
202        if (nodeCount > 0) {
203            for (i = 0; i < nodeCount; i++) {
204                Node currentNode = nodes.item(i);
205                if (currentNode.getNodeType() == Node.ELEMENT_NODE) {
206                    String tagName = currentNode.getLocalName();
207                    String tagNS = currentNode.getNamespaceURI();
208                    if ((tagName == null) || tagName.length() == 0 ||
209                            tagNS == null || tagNS.length() == 0) {
210                        if (FSUtils.debug.messageEnabled()) {
211                            FSUtils.debug.message("FSAuthenticationStatement: "+
212                                    "The  tag name or tag namespace of child" +
213                                    " element is either null or empty.");
214                        }
215                        throw new FSMsgException("nullInput",null);
216                    }
217                    if (tagName.equals(IFSConstants.AUTH_SUBJECT)) {
218                        if (this._subject != null) {
219                            if (FSUtils.debug.messageEnabled()) {
220                                FSUtils.debug.message(
221                                        "FSAuthenticationStatement" +
222                                        ":should only contain one subject");
223                            }
224                            throw new FSMsgException("oneElement",null);
225                        } else {
226                            this._subject =
227                                    new FSSubject((Element) currentNode);
228                        }
229                    } else if (tagName.equals(IFSConstants.SUBJECT_LOCALITY)) {
230                        if (_subjectLocality != null) {
231                            if (FSUtils.debug.messageEnabled()) {
232                                FSUtils.debug.message(
233                                        "FSAuthenticationStatement"+
234                                        "Statement: should at most " +
235                                        "contain one SubjectLocality.");
236                            }
237                            throw new FSMsgException("oneElement",null);
238                        } else {
239                            _subjectLocality =
240                                    new SubjectLocality((Element)currentNode);
241                        }
242                    } else if (tagName.equals(IFSConstants.AUTHN_CONTEXT) &&
243                            (tagNS.equals(
244                                    IFSConstants.libertyMessageNamespaceURI)||
245                            tagNS.equals(IFSConstants.FF_12_XML_NS))) {
246                        
247                        if (_authnContext != null) {
248                            if (FSUtils.debug.messageEnabled()) {
249                                FSUtils.debug.message("FSAuthentication"+
250                                        "Statement: should not contain more " +
251                                        "than  one AuthnContext element.");
252                            }
253                            throw new FSMsgException("oneElement",null);
254                        } else {
255                            _authnContext =
256                                    new AuthnContext((Element)currentNode);
257                        }
258                    } else if (tagName.equals(IFSConstants.AUTHORITY_BINDING)) {
259                        if (_authorityBinding == null) {
260                            _authorityBinding = new ArrayList();
261                        }
262                        if ((_authorityBinding.add(new AuthorityBinding(
263                                (Element)currentNode))) == false) {
264                            if (FSUtils.debug.messageEnabled()) {
265                                FSUtils.debug.message(
266                                        "FSAuthenticationStatement"+
267                                        ": failed to add to the" +
268                                        " AuthorityBinding list.");
269                            }
270                            throw new FSMsgException("addListError",null);
271                        }
272                    } else {
273                        if (FSUtils.debug.messageEnabled()) {
274                            FSUtils.debug.message("FSAuthenticationStatement:"+
275                                    "Wrong element "
276                                    + tagName + "included.");
277                        }
278                        throw new FSMsgException("wrongInput",null);
279                    }
280                } // end of if (currentNode.getNodeType() == Node.ELEMENT_NODE)
281            } // end of for loop
282        }  // end of if (nodeCount > 0)
283        // check if the subject is null
284        if (this._subject == null) {
285            if (FSUtils.debug.messageEnabled()) {
286                FSUtils.debug.message("FSAuthenticationStatement should " +
287                        "contain one subject.");
288            }
289            throw new FSMsgException("missingElement",null);
290        }
291        FSUtils.debug.message("FSAuthenticationStatement(Element): leaving");
292    }
293    
294    
295    /**
296     * Returns the value of <code>SessionIndex</code> attribute.
297     *
298     * @return the value of </code>SessionIndex</code> attribute.
299     * @see #setSessionIndex(String)
300     */
301    public String getSessionIndex(){
302        return sessionIndex;
303    }
304    
305    /**
306     * Sets the <code>SessionIndex</code> attribute.
307     *
308     * @param sessionIndex the value of <code>SessionIndex</code> attribute.
309     * @see #getSessionIndex
310     */
311    public void setSessionIndex(String sessionIndex){
312        this.sessionIndex = sessionIndex;
313    }
314    
315    /**
316     * Returns the re-authentication date for this
317     * authentication statement.
318     *
319     * @return the re-authentication date for this object.
320     * @see #setReauthenticateOnOrAfter
321     */
322    public Date getReauthenticateOnOrAfter(){
323        return reauthenticateOnOrAfter;
324    }
325    
326    /**
327     * Sets re-authentication date for this authentication
328     * statement.
329     *
330     * @param reauthenticateOnOrAfter the date object.
331     * @see #getReauthenticateOnOrAfter
332     */
333    public void setReauthenticateOnOrAfter(Date reauthenticateOnOrAfter){
334        this.reauthenticateOnOrAfter = reauthenticateOnOrAfter;
335    }
336    
337    /**
338     * Returns the Authentication Context in this
339     * authentication statement.
340     *
341     * @return the Authentication Context object.
342     * @see #setAuthnContext(AuthnContext)
343     */
344    public AuthnContext getAuthnContext(){
345        return _authnContext;
346    }
347    
348    /**
349     * Sets the Authentication Context object.
350     *
351     * @param authnContext the Authentication Context object.
352     * @see #getAuthnContext
353     */
354    public void setAuthnContext(AuthnContext authnContext){
355        this._authnContext = authnContext;
356    }
357    
358    /**
359     * Returns the value of <code>MinorVersion</code> attribute.
360     *
361     * @return the value of <code>MinorVersion</code> attribute.
362     * @see #setMinorVersion(int)
363     */
364    public int getMinorVersion() {
365        return minorVersion;
366    }
367    
368    /**
369     * Sets the value of <code>MinorVersion</code> attribute.
370     *
371     * @param version the <code>MinorVersion</code> attribute.
372     * @see #getMinorVersion
373     */
374    public void setMinorVersion(int version) {
375        minorVersion = version;
376    }
377    
378    /**
379     * Returns a String representation of this object.
380     *
381     * @throws FSMsgException if there is an error creating
382     *            the string.
383     * @return a String representation of this Object.
384     */
385    public String toXMLString() throws FSMsgException {
386        return (toXMLString(true, false));
387    }
388    
389    /**
390     * Returns a String representation of this object.
391     *
392     * @param includeNS Determines whether or not the namespace qualifier is
393     *                prepended to the Element when converted
394     * @param declareNS Determines whether or not the namespace is declared
395     *                within the Element.
396     * @return A string containing the valid XML for this object.
397     * @throws FSMsgException if there is an error creating
398     *         the string.
399     */
400    public String toXMLString(boolean includeNS,boolean declareNS)
401    throws FSMsgException {
402        StringBuffer result = new StringBuffer(1000);
403        String prefix = "";
404        String libprefix = "";
405        String uri = "";
406        String liburi = "";
407        if (includeNS) {
408            prefix = SAMLConstants.ASSERTION_PREFIX;
409            libprefix = IFSConstants.LIB_PREFIX;
410        }
411        if (declareNS) {
412            if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
413                liburi = IFSConstants.LIB_12_NAMESPACE_STRING;
414            } else {
415                liburi = IFSConstants.LIB_NAMESPACE_STRING;
416            }
417            uri = SAMLConstants.assertionDeclareStr;
418        }
419        
420        result.append(IFSConstants.LEFT_ANGLE).append(prefix)
421        .append(IFSConstants.AUTHENTICATIONSTATEMENT)
422        .append(uri).append(IFSConstants.SPACE).append(liburi)
423        .append(IFSConstants.SPACE);
424        
425        if ((_authenticationMethod != null) &&
426                _authenticationMethod.length() != 0) {
427            result.append(IFSConstants.AUTHENTICATION_METHOD).append("=\"")
428            .append(_authenticationMethod).append("\" ");
429        }
430        
431        if (_authenticationInstant != null) {
432            result.append(IFSConstants.AUTHENTICATION_INSTANT).append("=\"")
433            .append(DateUtils.toUTCDateFormat(_authenticationInstant))
434            .append("\" ");
435        }
436        
437        if (reauthenticateOnOrAfter != null) {
438            result.append(IFSConstants.REAUTH_ON_OR_AFTER).append("=\"")
439            .append(DateUtils.toUTCDateFormat(reauthenticateOnOrAfter))
440            .append("\" ");
441        }
442        
443        if (sessionIndex != null) {
444            result.append(IFSConstants.SESSION_INDEX).append("=\"")
445            .append(sessionIndex).append("\" ");
446        }
447        
448        result.append("xsi:type")
449        .append("=\"")
450        .append(libprefix)
451        .append(IFSConstants.AUTHENTICATIONSTATEMENT_TYPE)
452        .append(IFSConstants.QUOTE)
453        .append(IFSConstants.RIGHT_ANGLE);
454        
455        if (getSubject() != null) {
456            result.append(
457                    ((FSSubject)getSubject()).toXMLString(includeNS, false));
458        }
459        
460        if (_subjectLocality != null) {
461            result.append(_subjectLocality.toString(includeNS, false));
462        }
463        
464        if ((_authorityBinding != null) && (!_authorityBinding.isEmpty())) {
465            Iterator iter = this.getAuthorityBinding().iterator();
466            while (iter.hasNext()) {
467                AuthorityBinding authBinding =
468                        (AuthorityBinding)iter.next();
469                result.append(authBinding.toString(includeNS, false));
470            }
471        }
472        if (_authnContext != null) {
473            result.append(_authnContext.toXMLString(includeNS, false));
474        }
475        result.append(IFSConstants.START_END_ELEMENT).append(prefix)
476        .append(IFSConstants.AUTHENTICATIONSTATEMENT)
477        .append(IFSConstants.RIGHT_ANGLE);
478        return(result.toString());
479    }
480}