Package org.certificateservices.messages.saml2

Class BaseSAMLMessageParser

    • Field Detail

      • SETTING_CUSTOM_JAXBCLASSPATH

        public static java.lang.String SETTING_CUSTOM_JAXBCLASSPATH
        A ':' separated string containing package paths to JAXB libraries used with extensions to the parser.

      • SETTING_CUSTOM_SCHEMALOCATIONS

        public static java.lang.String SETTING_CUSTOM_SCHEMALOCATIONS
        A ':' separated string containing the resource path to custom schemas used during validation. Each path should be found using the getResourceAsStream method, so the schema might be placed inside a Jar on the classpath.

      • ASSERTION_NAMESPACE

        public static java.lang.String ASSERTION_NAMESPACE

      • PROTOCOL_NAMESPACE

        public static java.lang.String PROTOCOL_NAMESPACE

      • DEFAULT_SAML_VERSION

        public static java.lang.String DEFAULT_SAML_VERSION

      • ASSERTION_XSD_SCHEMA_2_0_RESOURCE_LOCATION

        public static final java.lang.String ASSERTION_XSD_SCHEMA_2_0_RESOURCE_LOCATION
        See Also:
        Constant Field Values

      • SAMLP_XSD_SCHEMA_2_0_RESOURCE_LOCATION

        public static final java.lang.String SAMLP_XSD_SCHEMA_2_0_RESOURCE_LOCATION
        See Also:
        Constant Field Values

      • customJAXBClasspath

        protected java.lang.String customJAXBClasspath

      • customSchemaLocations

        protected java.lang.String[] customSchemaLocations

      • cf

        protected java.security.cert.CertificateFactory cf

      • schemaValidator

        protected javax.xml.validation.Validator schemaValidator

    • Constructor Detail

      • BaseSAMLMessageParser

        public BaseSAMLMessageParser()

    • Method Detail

      • init

        public void init​(MessageSecurityProvider secProv,
                 SAMLParserCustomisations customisations)
          throws MessageProcessingException
        Method to initialise the parser using standard XSDs and extra XSD used for extentions.
        Parameters:
        secProv - Message Security Provider to use. If context is not default must a ContextMessageSecurityProvider be specified.
        customisations - implementation to specify non-SAML core JAXB extensions.
        Throws:
        MessageProcessingException - if internal problems occurred setting up the SAMLMessageParser.

      • getNameSpace

        public abstract java.lang.String getNameSpace()
        Method that should return the main namespace of the packate

      • getJAXBPackages

        protected abstract java.lang.String getJAXBPackages()
        Returns:
        all related JAXBPackages.

      • getDefaultSchemaLocations

        protected abstract java.lang.String[] getDefaultSchemaLocations()
                                                         throws org.xml.sax.SAXException
        Returns:
        an array of schema locations used by the parser. The string value should point to resources available using getResourceAsStream()
        Throws:
        org.xml.sax.SAXException

      • getSignatureLocationFinder

        protected abstract XMLSigner.SignatureLocationFinder getSignatureLocationFinder()
        Returns:
        returns the implementation locating the signature element of a specific message.

      • getOrganisationLookup

        protected abstract XMLSigner.OrganisationLookup getOrganisationLookup()
        Returns:
        the implementation to lookup related organisation in a specific message.

      • lookupSchemaForElement

        protected abstract java.lang.String lookupSchemaForElement​(java.lang.String type,
                                                           java.lang.String namespaceURI,
                                                           java.lang.String publicId,
                                                           java.lang.String systemId,
                                                           java.lang.String baseURI)
        Method to find Schema for a specific element related to the custom schema locations. The implementation only need to find it's related XSD, the basic datatypes and XML itself are not needed.
        Parameters:
        type - The type of the resource being resolved. For XML [XML 1.0] resources (i.e. entities), applications must use the value "http://www.w3.org/TR/REC-xml". For XML Schema [XML Schema Part 1], applications must use the value "http://www.w3.org/2001/XMLSchema". Other types of resources are outside the scope of this specification and therefore should recommend an absolute URI in order to use this method.
        namespaceURI - The namespace of the resource being resolved, e.g. the target namespace of the XML Schema [XML Schema Part 1] when resolving XML Schema resources.
        publicId - The public identifier of the external entity being referenced, or null if no public identifier was supplied or if the resource is not an entity.
        systemId - The system identifier, a URI reference [IETF RFC 2396], of the external resource being referenced, or null if no system identifier was supplied.
        baseURI - The absolute base URI of the resource being parsed, or null if there is no base URI.
        Returns:
        the resource as stream path to related schema XSD, or null if no matching found.

      • generateSchema

        public javax.xml.validation.Schema generateSchema()
                                           throws org.xml.sax.SAXException
        Throws:
        org.xml.sax.SAXException

      • genFailureMessage

        public byte[] genFailureMessage​(ContextMessageSecurityProvider.Context context,
                                java.lang.String inResponseTo,
                                NameIDType issuer,
                                java.lang.String destination,
                                java.lang.String consent,
                                ExtensionsType extensions,
                                ResponseStatusCodes statusCode,
                                java.lang.String failureMessage,
                                boolean signSAMLPResponse)
                         throws MessageContentException,
                                MessageProcessingException
        Method to generate a general SAMLP failure message.
        Parameters:
        context - message security related context.
        inResponseTo - the ID of the request, null if message was unreadable
        issuer - Identifies the entity that generated the response message. (Optional, null for no issuer)
        destination - A URI reference indicating the address to which this response has been sent. This is useful to prevent malicious forwarding of responses to unintended recipients, a protection that is required by some protocol bindings. If it is present, the actual recipient MUST check that the URI reference identifies the location at which the message was received. If it does not, the response MUST be discarded. Some protocol bindings may require the use of this attribute. (Optional, null for no destination)
        consent - Indicates whether or not (and under what conditions) consent has been obtained from a principal in the sending of this response. See Section 8.4 for some URI references that MAY be used as the value of the Consent attribute and their associated descriptions. If no Consent value is provided, the identifier urn:oasis:names:tc:SAML:2.0:consent:unspecified (see Section 8.4.1) is in effect.
        extensions - This extension point contains optional protocol message extension elements that are agreed on between the communicating parties. . No extension schema is required in order to make use of this extension point, and even if one is provided, the lax validation setting does not impose a requirement for the extension to be valid. SAML extension elements MUST be namespace-qualified in a non-SAML-defined namespace. (Optional, null for no extensions)
        statusCode - the failure code to respond to (Required)
        failureMessage - a descriptive failure message, may be null.
        signSAMLPResponse - if the response should be signed.
        Returns:
        a SAMLP failure message.
        Throws:
        MessageContentException - if parameters where invalid.
        MessageProcessingException - if internal problems occurred generated the message.

      • getAssertionFromResponseType

        public javax.xml.bind.JAXBElement<AssertionType> getAssertionFromResponseType​(ResponseType responseType)
        Help method to extract a Assertion to be included in a CSMessasge from a response type
        Parameters:
        responseType - the response type to extract from, never null.
        Returns:
        the first assertion type of null if no assertion was found.

      • verifyAssertionConditions

        public void verifyAssertionConditions​(AssertionType assertionType,
                                      BaseSAMLMessageParser.ConditionLookup conditionLookup)
                               throws MessageContentException
        Method that verifies the notBefore and notOnOrAfter conditions, all other conditions set in an assertion is ignored.
        Parameters:
        assertionType - the assertion to verify
        conditionLookup - implementation to check a specific set of conditions.
        Throws:
        MessageContentException - if conditions wasn't met.

      • genSuccessfulSAMLPResponse

        public javax.xml.bind.JAXBElement<ResponseType> genSuccessfulSAMLPResponse​(java.lang.String inResponseTo,
                                                                           javax.xml.bind.JAXBElement<AssertionType> assertion)
                                                                    throws MessageProcessingException
        Generates a simple basic SAMLP response containing one unencrypted assertion.
        Parameters:
        inResponseTo - the request id.
        assertion - the unencrypted assertion to add to teh response.
        Returns:
        a successful SAMLPResponse.
        Throws:
        MessageProcessingException - if internal problems occurred generating the message.

      • getJAXBContext

        protected javax.xml.bind.JAXBContext getJAXBContext()
                                             throws javax.xml.bind.JAXBException
        Help method maintaining the JAXB Context.
        Throws:
        javax.xml.bind.JAXBException

      • marshall

        public byte[] marshall​(java.lang.Object message)
                throws MessageProcessingException
        Help method to marshall a message without signing it.
        Parameters:
        message - the message to marshall into a XML byte array.
        Returns:
        the marshalled byte array
        Throws:
        MessageProcessingException - if problem occurred marshalling the message.

      • marshallAndSignSAMLPOrAssertion

        protected byte[] marshallAndSignSAMLPOrAssertion​(ContextMessageSecurityProvider.Context context,
                                                 javax.xml.bind.JAXBElement<?> message,
                                                 boolean signAssertion,
                                                 boolean signSAMLP)
                                          throws MessageProcessingException,
                                                 MessageContentException
        Help method to marshall and sign an Assertion, either standalone or inside a SAMLP Response Method that generates the signature and marshalls the message to byte array in UTF-8 format.
        Parameters:
        context - the message security context to use.
        message - a Assertion or Response (SAMLP) structure.
        Returns:
        a marshalled and signed message.
        Throws:
        MessageProcessingException - if problems occurred when processing the message.
        MessageContentException - if unsupported version is detected in message.

      • getMarshaller

        protected javax.xml.bind.Marshaller getMarshaller()
                                           throws javax.xml.bind.JAXBException
        Throws:
        javax.xml.bind.JAXBException

      • getUnmarshaller

        protected javax.xml.bind.Unmarshaller getUnmarshaller()
                                               throws javax.xml.bind.JAXBException,
                                                      org.xml.sax.SAXException
        Throws:
        javax.xml.bind.JAXBException
        org.xml.sax.SAXException