Package org.certificateservices.messages.saml2.assertion

Class SAMLAssertionMessageParser

java.lang.Object

org.certificateservices.messages.saml2.BaseSAMLMessageParser

org.certificateservices.messages.saml2.assertion.SAMLAssertionMessageParser

public class SAMLAssertionMessageParser
extends BaseSAMLMessageParser

MessageParser for generating generate SAML 2.0 Assertions. This should be used when generating SAML Assertions that is not connected to CSMessages. For CSMessage related assertions use AssertionPayloadParser. Created by philip on 02/01/17.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	SAMLAssertionMessageParser.EncryptedAssertionXMLConverter	Converter that replaces all decrypted EncryptedAssertion with Assertion

Nested classes/interfaces inherited from class org.certificateservices.messages.saml2.BaseSAMLMessageParser

BaseSAMLMessageParser.AssertionSignatureLocationFinder, BaseSAMLMessageParser.BaseLSResourceResolver, BaseSAMLMessageParser.ConditionLookup, BaseSAMLMessageParser.EncryptedAttributeXMLConverter, BaseSAMLMessageParser.SAMLPSignatureLocationFinder, BaseSAMLMessageParser.SimpleConditionLookup

Field Summary

Fields inherited from class org.certificateservices.messages.saml2.BaseSAMLMessageParser

ASSERTION_NAMESPACE, ASSERTION_XSD_SCHEMA_2_0_RESOURCE_LOCATION, assertionSignatureLocationFinder, cf, customisations, customJAXBClasspath, customSchemaLocations, DEFAULT_SAML_VERSION, dsigOf, messageSecurityProvider, of, PROTOCOL_NAMESPACE, SAMLP_XSD_SCHEMA_2_0_RESOURCE_LOCATION, samlpOf, samlpSignatureLocationFinder, schemaValidator, SETTING_CUSTOM_JAXBCLASSPATH, SETTING_CUSTOM_SCHEMALOCATIONS, systemTime, xmlEncrypter, xmlSigner

Constructor Summary

Constructors

Constructor	Description
SAMLAssertionMessageParser()

Method Summary

Modifier and Type	Method	Description
javax.xml.bind.JAXBElement<AssertionType>	decryptEncryptedAssertion(ContextMessageSecurityProvider.Context context, EncryptedElementType encryptedAssertion, boolean verify)	Method to decrypt an EncryptedAssertion .
org.w3c.dom.Document	decryptEncryptedAssertionToDoc(ContextMessageSecurityProvider.Context context, EncryptedElementType encryptedAssertion)	Method to decrypt an EncryptedAssertion and convert it to Document.
javax.xml.bind.JAXBElement<EncryptedElementType>	genEncryptedAssertion(ContextMessageSecurityProvider.Context context, byte[] assertion, java.util.List<java.security.cert.X509Certificate> reciepients, boolean useKeyId)	Method to create an Encrypt an assertion and create an EncryptedAssertion Element
javax.xml.bind.JAXBElement<AssertionType>	generateSimpleAssertion(java.lang.String issuer, java.util.Date notBefore, java.util.Date notOnOrAfter, java.lang.String subjectId, java.util.List<java.lang.Object> attributes)	Method for generating a simple assertion data structure.
java.lang.String[]	getDefaultSchemaLocations()
java.lang.String	getJAXBPackages()
java.lang.String	getNameSpace()	Method that should return the main namespace of the packate
XMLSigner.OrganisationLookup	getOrganisationLookup()
XMLSigner.SignatureLocationFinder	getSignatureLocationFinder()
protected java.lang.String	lookupSchemaForElement(java.lang.String type, java.lang.String namespaceURI, java.lang.String publicId, java.lang.String systemId, java.lang.String baseURI)	Method to find Schema for a specific element related to the custom schema locations.
javax.xml.bind.JAXBElement<AssertionType>	marshallAndVerifyAssertionDoc(ContextMessageSecurityProvider.Context context, org.w3c.dom.Document assertionDoc, boolean verify)	Method to decrypt an EncryptedAssertion .
void	verifyAssertionSignature(ContextMessageSecurityProvider.Context context, AssertionType assertion)	Method to verify a signature of an assertion in a parsed SAML message.

Methods inherited from class org.certificateservices.messages.saml2.BaseSAMLMessageParser

decryptAssertion, generateSchema, genFailureMessage, genFailureMessage, genSuccessfulSAMLPResponse, getAssertionFromResponseType, getCertificateFromAssertion, getDocumentBuilder, getJAXBContext, getMarshaller, getUnmarshaller, init, init, marshall, marshallAndSign, marshallAndSignSAMLPOrAssertion, marshallDoc, parseMessage, schemaValidate, unmarshall, unmarshallDoc, verifyAssertionConditions, verifyConditions

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SAMLAssertionMessageParser

public SAMLAssertionMessageParser()

Method Detail

getNameSpace

public java.lang.String getNameSpace()

Description copied from class: BaseSAMLMessageParser

Method that should return the main namespace of the packate

Specified by:

getNameSpace in class BaseSAMLMessageParser

getJAXBPackages

public java.lang.String getJAXBPackages()

Specified by:

getJAXBPackages in class BaseSAMLMessageParser

Returns:

all related JAXBPackages.

getDefaultSchemaLocations

public java.lang.String[] getDefaultSchemaLocations()
                                             throws org.xml.sax.SAXException

Specified by:

getDefaultSchemaLocations in class BaseSAMLMessageParser

Returns:

an array of schema locations used by the parser. The string value should point to resources available using getResourceAsStream()

Throws:

org.xml.sax.SAXException

getSignatureLocationFinder

public XMLSigner.SignatureLocationFinder getSignatureLocationFinder()

Specified by:

getSignatureLocationFinder in class BaseSAMLMessageParser

Returns:

returns the implementation locating the signature element of a specific message.

getOrganisationLookup

public XMLSigner.OrganisationLookup getOrganisationLookup()

Specified by:

getOrganisationLookup in class BaseSAMLMessageParser

Returns:

the implementation to lookup related organisation in a specific message.

lookupSchemaForElement

protected java.lang.String lookupSchemaForElement(java.lang.String type,
                                                  java.lang.String namespaceURI,
                                                  java.lang.String publicId,
                                                  java.lang.String systemId,
                                                  java.lang.String baseURI)

Description copied from class: BaseSAMLMessageParser

Method to find Schema for a specific element related to the custom schema locations. The implementation only need to find it's related XSD, the basic datatypes and XML itself are not needed.

Specified by:

lookupSchemaForElement in class BaseSAMLMessageParser

Parameters:

type - The type of the resource being resolved. For XML [XML 1.0] resources (i.e. entities), applications must use the value "http://www.w3.org/TR/REC-xml". For XML Schema [XML Schema Part 1], applications must use the value "http://www.w3.org/2001/XMLSchema". Other types of resources are outside the scope of this specification and therefore should recommend an absolute URI in order to use this method.

namespaceURI - The namespace of the resource being resolved, e.g. the target namespace of the XML Schema [XML Schema Part 1] when resolving XML Schema resources.

publicId - The public identifier of the external entity being referenced, or null if no public identifier was supplied or if the resource is not an entity.

systemId - The system identifier, a URI reference [IETF RFC 2396], of the external resource being referenced, or null if no system identifier was supplied.

baseURI - The absolute base URI of the resource being parsed, or null if there is no base URI.

Returns:

the resource as stream path to related schema XSD, or null if no matching found.

generateSimpleAssertion

public javax.xml.bind.JAXBElement<AssertionType> generateSimpleAssertion(java.lang.String issuer,
                                                                         java.util.Date notBefore,
                                                                         java.util.Date notOnOrAfter,
                                                                         java.lang.String subjectId,
                                                                         java.util.List<java.lang.Object> attributes)
                                                                  throws MessageProcessingException

Method for generating a simple assertion data structure.

Parameters:

issuer - the name if the issuer, set as NameIDType

notBefore - the not before date

notOnOrAfter - the expiration date

subjectId - the name of the subject the assertion is related to.

attributes - a list of attributes or encrypted attributes to add to the assertion.

Returns:

a simply assertion.

Throws:

MessageProcessingException - if internal problems occurred generating the assertion.

genEncryptedAssertion

public javax.xml.bind.JAXBElement<EncryptedElementType> genEncryptedAssertion(ContextMessageSecurityProvider.Context context,
                                                                              byte[] assertion,
                                                                              java.util.List<java.security.cert.X509Certificate> reciepients,
                                                                              boolean useKeyId)
                                                                       throws MessageContentException,
                                                                              MessageProcessingException

Method to create an Encrypt an assertion and create an EncryptedAssertion Element

Parameters:

context - message security related context.

assertion - assertion to encrypt

reciepients - a list of receipients

useKeyId - , use a id of the key used instead of full certificates.

Returns:

an decrypted assertion

Throws:

MessageContentException - if content of message was invalid.

MessageProcessingException - if internal problems occurred parsing the assertions.

decryptEncryptedAssertion

public javax.xml.bind.JAXBElement<AssertionType> decryptEncryptedAssertion(ContextMessageSecurityProvider.Context context,
                                                                           EncryptedElementType encryptedAssertion,
                                                                           boolean verify)
                                                                    throws MessageContentException,
                                                                           MessageProcessingException,
                                                                           NoDecryptionKeyFoundException

Method to decrypt an EncryptedAssertion .

Parameters:

context - message security related context.

encryptedAssertion - the encrypted assertion

verify - if signature if decrypted assertion should be verified.

Returns:

an decrypted assertion

Throws:

MessageContentException - if content of message was invalid.

MessageProcessingException - if internal problems occurred parsing the assertions.

NoDecryptionKeyFoundException - if no key could be found decrypting the assertion.

decryptEncryptedAssertionToDoc

public org.w3c.dom.Document decryptEncryptedAssertionToDoc(ContextMessageSecurityProvider.Context context,
                                                           EncryptedElementType encryptedAssertion)
                                                    throws MessageContentException,
                                                           MessageProcessingException,
                                                           NoDecryptionKeyFoundException

Method to decrypt an EncryptedAssertion and convert it to Document. This method does not verify the signature nor schema. This can be used by calling marshallAndVerifyAssertionDoc() afterwards or just call decryptEncryptedAssertion().

Parameters:

context - message security related context.

encryptedAssertion - the encrypted assertion

Returns:

an decrypted assertion i Document format.

Throws:

MessageContentException - if content of message was invalid.

MessageProcessingException - if internal problems occurred parsing the assertions.

NoDecryptionKeyFoundException - if no key could be found decrypting the assertion.

marshallAndVerifyAssertionDoc

public javax.xml.bind.JAXBElement<AssertionType> marshallAndVerifyAssertionDoc(ContextMessageSecurityProvider.Context context,
                                                                               org.w3c.dom.Document assertionDoc,
                                                                               boolean verify)
                                                                        throws MessageContentException,
                                                                               MessageProcessingException,
                                                                               NoDecryptionKeyFoundException

Method to decrypt an EncryptedAssertion .

Parameters:

context - message security related context.

assertionDoc - the encrypted assertion

verify - if signature if decrypted assertion should be verified.

Returns:

an decrypted assertion

Throws:

MessageContentException - if content of message was invalid.

MessageProcessingException - if internal problems occurred parsing the assertions.

NoDecryptionKeyFoundException - if no key could be found decrypting the assertion.

verifyAssertionSignature

public void verifyAssertionSignature(ContextMessageSecurityProvider.Context context,
                                     AssertionType assertion)
                              throws MessageContentException,
                                     MessageProcessingException

Method to verify a signature of an assertion in a parsed SAML message.

Parameters:

context - message security related context.

assertion - the assertion to verify.

Throws:

MessageContentException - if assertion contained invalid data.

MessageProcessingException - if internal error occurred processing the assertion.