Package org.picketlink.identity.federation.core.wstrust.wrappers

Examples of org.picketlink.identity.federation.core.wstrust.wrappers.Lifetime

132
133
134
135
136
137
138
139
140
141
142
                        expires.setValue(StaxParserUtil.getElementText(xmlEventReader));
                        lifeTime.setExpires(expires);
                    } else
                        throw logger.parserUnknownTag(subTag, subEvent.getLocation());

                    responseToken.setLifetime(new Lifetime(lifeTime));
                    EndElement lifeTimeElement = StaxParserUtil.getNextEndElement(xmlEventReader);
                    StaxParserUtil.validate(lifeTimeElement, WSTrustConstants.LIFETIME);
                } else if (tag.equals(WSTrustConstants.TOKEN_TYPE)) {
                    subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
View Full Code Here
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
        WSTrustRequestContext wstContext = (WSTrustRequestContext) context;
        // generate an id for the new assertion.
        String assertionID = IDGenerator.create("ID_");

        // lifetime and audience restrictions.
        Lifetime lifetime = wstContext.getRequestSecurityToken().getLifetime();
        SAML11AudienceRestrictionCondition restriction = null;
        AppliesTo appliesTo = wstContext.getRequestSecurityToken().getAppliesTo();
        if (appliesTo != null) {
            restriction = new SAML11AudienceRestrictionCondition();
            restriction.add(URI.create(WSTrustUtil.parseAppliesTo(appliesTo)));
        }
        SAML11ConditionsType conditions = new SAML11ConditionsType();
        conditions.setNotBefore(lifetime.getCreated());
        conditions.setNotOnOrAfter(lifetime.getExpires());
        conditions.add(restriction);

        // the assertion principal (default is caller principal)
        Principal principal = wstContext.getCallerPrincipal();

        String confirmationMethod = null;
        KeyInfoType keyInfoType = null;
        // if there is a on-behalf-of principal, we have the sender vouches confirmation method.
        if (wstContext.getOnBehalfOfPrincipal() != null) {
            principal = wstContext.getOnBehalfOfPrincipal();
            confirmationMethod = SAMLUtil.SAML11_SENDER_VOUCHES_URI;
        }
        // if there is a proof-of-possession token in the context, we have the holder of key confirmation method.
        else if (wstContext.getProofTokenInfo() != null) {
            confirmationMethod = SAMLUtil.SAML11_HOLDER_OF_KEY_URI;
            keyInfoType = wstContext.getProofTokenInfo();
        } else
            confirmationMethod = SAMLUtil.SAML11_BEARER_URI;

        SAML11SubjectConfirmationType subjectConfirmation = new SAML11SubjectConfirmationType();
        subjectConfirmation.addConfirmationMethod(URI.create(confirmationMethod));
        // TODO: set the key info.
        if (keyInfoType != null)
            throw logger.notImplementedYet("KeyInfoType");

        // create a subject using the caller principal or on-behalf-of principal.
        String subjectName = principal == null ? "ANONYMOUS" : principal.getName();
        SAML11NameIdentifierType nameId = new SAML11NameIdentifierType(subjectName);
        nameId.setFormat(URI.create(SAML11Constants.FORMAT_UNSPECIFIED));
        SAML11SubjectType subject = new SAML11SubjectType();
        subject.setChoice(new SAML11SubjectType.SAML11SubjectTypeChoice(nameId));
        subject.setSubjectConfirmation(subjectConfirmation);

        // add the subject to an auth statement.
        SAML11AuthenticationStatementType authStatement = new SAML11AuthenticationStatementType(
                URI.create("urn:picketlink:auth"), lifetime.getCreated());
        authStatement.setSubject(subject);

        // TODO: add attribute statements.

        // create the SAML assertion.
        SAML11AssertionType assertion = new SAML11AssertionType(assertionID, lifetime.getCreated());
        assertion.add(authStatement);
        assertion.setConditions(conditions);
        assertion.setIssuer(wstContext.getTokenIssuer());

        // convert the constructed assertion to element.
View Full Code Here
170
171
172
173
174
175
176
177
178
179
180
181
182
183
            StaxUtil.writeEndElement(writer);
        }

        // deal with the token lifetime.
        if (requestToken.getLifetime() != null) {
            Lifetime lifetime = requestToken.getLifetime();
            StaxUtil.writeStartElement(this.writer, WSTrustConstants.PREFIX, WSTrustConstants.LIFETIME,
                    WSTrustConstants.BASE_NAMESPACE);
            new WSSecurityWriter(this.writer).writeLifetime(lifetime.getCreated(), lifetime.getExpires());
            StaxUtil.writeEndElement(this.writer);
        }

        // Deal with AppliesTo
        AppliesTo appliesTo = requestToken.getAppliesTo();
View Full Code Here
149
150
151
152
153
154
155
156
157
158
159
                        expires.setValue(StaxParserUtil.getElementText(xmlEventReader));
                        lifeTime.setExpires(expires);
                    } else
                        throw new RuntimeException(ErrorCodes.UNKNOWN_TAG + subTag);

                    requestToken.setLifetime(new Lifetime(lifeTime));
                    EndElement lifeTimeElement = StaxParserUtil.getNextEndElement(xmlEventReader);
                    StaxParserUtil.validate(lifeTimeElement, WSTrustConstants.LIFETIME);
                } else if (tag.equals(WSTrustConstants.CANCEL_TARGET)) {
                    subEvent = StaxParserUtil.getNextStartElement(xmlEventReader);
                    StaxParserUtil.validate(subEvent, WSTrustConstants.CANCEL_TARGET);
View Full Code Here
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
        WSTrustRequestContext context = (WSTrustRequestContext) protoContext;
        // generate an id for the new assertion.
        String assertionID = IDGenerator.create("ID_");

        // lifetime and audience restrictions.
        Lifetime lifetime = context.getRequestSecurityToken().getLifetime();
        AudienceRestrictionType restriction = null;
        AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo();
        if (appliesTo != null)
            restriction = SAMLAssertionFactory.createAudienceRestriction(WSTrustUtil.parseAppliesTo(appliesTo));
        ConditionsType conditions = SAMLAssertionFactory.createConditions(lifetime.getCreated(), lifetime.getExpires(),
                restriction);

        // the assertion principal (default is caller principal)
        Principal principal = context.getCallerPrincipal();

        String confirmationMethod = null;
        KeyInfoConfirmationDataType keyInfoDataType = null;
        // if there is a on-behalf-of principal, we have the sender vouches confirmation method.
        if (context.getOnBehalfOfPrincipal() != null) {
            principal = context.getOnBehalfOfPrincipal();
            confirmationMethod = SAMLUtil.SAML2_SENDER_VOUCHES_URI;
        }
        // if there is a proof-of-possession token in the context, we have the holder of key confirmation method.
        else if (context.getProofTokenInfo() != null) {
            confirmationMethod = SAMLUtil.SAML2_HOLDER_OF_KEY_URI;
            keyInfoDataType = SAMLAssertionFactory.createKeyInfoConfirmation(context.getProofTokenInfo());
        } else
            confirmationMethod = SAMLUtil.SAML2_BEARER_URI;

        SubjectConfirmationType subjectConfirmation = SAMLAssertionFactory.createSubjectConfirmation(null, confirmationMethod,
                keyInfoDataType);

        // create a subject using the caller principal or on-behalf-of principal.
        String subjectName = principal == null ? "ANONYMOUS" : principal.getName();
        NameIDType nameID = SAMLAssertionFactory.createNameID(null, "urn:picketlink:identity-federation", subjectName);
        SubjectType subject = SAMLAssertionFactory.createSubject(nameID, subjectConfirmation);

       
        List<StatementAbstractType> statements = new ArrayList<StatementAbstractType>();
       
        // create the attribute statements if necessary.
        Map<String, Object> claimedAttributes = context.getClaimedAttributes();
        if (claimedAttributes != null) {
            statements.add(StatementUtil.createAttributeStatement(claimedAttributes));
        }

        // create an AuthnStatement
        statements.add(StatementUtil.createAuthnStatement(lifetime.getCreated(), confirmationMethod));

        // create the SAML assertion.
        NameIDType issuerID = SAMLAssertionFactory.createNameID(null, null, context.getTokenIssuer());
        AssertionType assertion = SAMLAssertionFactory.createAssertion(assertionID, issuerID, lifetime.getCreated(),
                conditions, subject, statements);

        if (this.attributeProvider != null) {
            AttributeStatementType attributeStatement = this.attributeProvider.getAttributeStatement();
            if (attributeStatement != null) {
View Full Code Here
134
135
136
137
138
139
140
141
142
143
144
145
146
147
            StaxUtil.writeEndElement(this.writer);
        }

        // write the token lifetime, if available.
        if (response.getLifetime() != null) {
            Lifetime lifetime = response.getLifetime();
            StaxUtil.writeStartElement(this.writer, WSTrustConstants.PREFIX, WSTrustConstants.LIFETIME,
                    WSTrustConstants.BASE_NAMESPACE);
            new WSSecurityWriter(this.writer).writeLifetime(lifetime.getCreated(), lifetime.getExpires());
            StaxUtil.writeEndElement(this.writer);
        }

        // write the applies-to element, if available.
        if (response.getAppliesTo() != null) {
View Full Code Here
237
238
239
240
241
242
243
    public static Lifetime createDefaultLifetime(long tokenTimeout) {
        GregorianCalendar created = new GregorianCalendar();
        GregorianCalendar expires = new GregorianCalendar();
        expires.setTimeInMillis(created.getTimeInMillis() + tokenTimeout);

        return new Lifetime(created, expires);
    }
View Full Code Here
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
        RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
        assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
        RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
        assertEquals("Unexpected response context", "testcontext", response.getContext());
        assertEquals("Unexpected token type", "http://www.tokens.org/SpecialToken", response.getTokenType().toString());
        Lifetime lifetime = response.getLifetime();
        assertNotNull("Unexpected null token lifetime", lifetime);

        // ========================================= Custom Token Validation =========================================//

        RequestedSecurityTokenType requestedToken = response.getRequestedSecurityToken();
View Full Code Here
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
        RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
        assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
        RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
        assertEquals("Unexpected response context", context, response.getContext());
        assertEquals("Unexpected token type", SAMLUtil.SAML11_TOKEN_TYPE, response.getTokenType().toString());
        Lifetime lifetime = response.getLifetime();
        assertNotNull("Unexpected null token lifetime", lifetime);

        // validate the attached token reference.
        RequestedReferenceType reference = response.getRequestedAttachedReference();
        assertNotNull("Unexpected null attached reference", reference);
        SecurityTokenReferenceType securityRef = reference.getSecurityTokenReference();
        assertNotNull("Unexpected null security reference", securityRef);
        String tokenTypeAttr = securityRef.getOtherAttributes().get(new QName(WSTrustConstants.WSSE11_NS, "TokenType"));
        assertNotNull("Required attribute TokenType is missing", tokenTypeAttr);
        assertEquals("TokenType attribute has an unexpected value", SAMLUtil.SAML11_TOKEN_TYPE, tokenTypeAttr);
        KeyIdentifierType keyId = (KeyIdentifierType) securityRef.getAny().get(0);
        assertEquals("Unexpected key value type", SAMLUtil.SAML11_VALUE_TYPE, keyId.getValueType());
        assertNotNull("Unexpected null key identifier value", keyId.getValue());

        // ====================================== SAMLV1.1 Assertion Validation ======================================//

        RequestedSecurityTokenType requestedToken = response.getRequestedSecurityToken();
        assertNotNull("Unexpected null requested security token", requestedToken);

        // unmarshall the SAMLV1.1 assertion.
        Element assertionElement = (Element) requestedToken.getAny().get(0);
        SAML11AssertionType assertion = SAMLUtil.saml11FromElement(assertionElement);

        // verify the contents of the unmarshalled assertion.
        assertNotNull("Invalid null assertion ID", assertion.getID());
        assertEquals(keyId.getValue().substring(1), assertion.getID());
        assertEquals(lifetime.getCreated(), assertion.getIssueInstant());
        assertEquals(1, assertion.getMajorVersion());
        assertEquals(1, assertion.getMinorVersion());

        // validate the assertion issuer.
        assertNotNull("Unexpected null assertion issuer", assertion.getIssuer());
        assertEquals("Unexpected assertion issuer name", "Test STS", assertion.getIssuer());

        // validate the assertion authentication statement.
        List<SAML11StatementAbstractType> statements = assertion.getStatements();
        assertTrue("At least one statement is expected in a SAMLV1.1 assertion", statements.size() > 0);
        SAML11AuthenticationStatementType authStatement = null;
        for (SAML11StatementAbstractType statement : statements) {
            if (statement instanceof SAML11AuthenticationStatementType) {
                authStatement = (SAML11AuthenticationStatementType) statement;
                break;
            }
        }
        assertNotNull("SAMLV1.1 assertion is missing the authentication statement", authStatement);

        // validate the assertion subject.
        assertNotNull("Unexpected null subject", authStatement.getSubject());
        SAML11SubjectType subject = authStatement.getSubject();

        SAML11NameIdentifierType nameID = subject.getChoice().getNameID();
        assertEquals("Unexpected NameIdentifier format", SAML11Constants.FORMAT_UNSPECIFIED, nameID.getFormat().toString());
        assertEquals("Unexpected NameIdentifier value", principal, nameID.getValue());

        SAML11SubjectConfirmationType subjType = subject.getSubjectConfirmation();
        assertEquals("Unexpected confirmation method", confirmationMethod, subjType.getConfirmationMethod().get(0).toString());

        // validate the assertion conditions.
        assertNotNull("Unexpected null conditions", assertion.getConditions());
        assertEquals(lifetime.getCreated(), assertion.getConditions().getNotBefore());
        assertEquals(lifetime.getExpires(), assertion.getConditions().getNotOnOrAfter());

        assertNotNull("Assertion should have been signed", assertion.getSignature());

        return assertion;
    }
View Full Code Here
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
        RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
        assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
        RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
        assertEquals("Unexpected response context", context, response.getContext());
        assertEquals("Unexpected token type", SAMLUtil.SAML2_TOKEN_TYPE, response.getTokenType().toString());
        Lifetime lifetime = response.getLifetime();
        assertNotNull("Unexpected null token lifetime", lifetime);

        // validate the attached token reference.
        RequestedReferenceType reference = response.getRequestedAttachedReference();
        assertNotNull("Unexpected null attached reference", reference);
        SecurityTokenReferenceType securityRef = reference.getSecurityTokenReference();
        assertNotNull("Unexpected null security reference", securityRef);
        String tokenTypeAttr = securityRef.getOtherAttributes().get(new QName(WSTrustConstants.WSSE11_NS, "TokenType"));
        assertNotNull("Required attribute TokenType is missing", tokenTypeAttr);
        assertEquals("TokenType attribute has an unexpected value", SAMLUtil.SAML2_TOKEN_TYPE, tokenTypeAttr);
        KeyIdentifierType keyId = (KeyIdentifierType) securityRef.getAny().get(0);
        assertEquals("Unexpected key value type", SAMLUtil.SAML2_VALUE_TYPE, keyId.getValueType());
        assertNotNull("Unexpected null key identifier value", keyId.getValue());

        // ====================================== SAMLV2.0 Assertion Validation ======================================//

        RequestedSecurityTokenType requestedToken = response.getRequestedSecurityToken();
        assertNotNull("Unexpected null requested security token", requestedToken);

        // unmarshall the SAMLV2.0 assertion.
        Element assertionElement = (Element) requestedToken.getAny().get(0);
        AssertionType assertion = SAMLUtil.fromElement(assertionElement);

        // verify the contents of the unmarshalled assertion.
        assertNotNull("Invalid null assertion ID", assertion.getID());
        assertEquals(keyId.getValue().substring(1), assertion.getID());
        assertEquals(lifetime.getCreated(), assertion.getIssueInstant());

        // validate the assertion issuer.
        assertNotNull("Unexpected null assertion issuer", assertion.getIssuer());
        assertEquals("Unexpected assertion issuer name", "Test STS", assertion.getIssuer().getValue());

        // validate the assertion subject.
        assertNotNull("Unexpected null subject", assertion.getSubject());
        SubjectType subject = assertion.getSubject();

        NameIDType nameID = (NameIDType) subject.getSubType().getBaseID();
        assertEquals("Unexpected name id qualifier", "urn:picketlink:identity-federation", nameID.getNameQualifier());
        assertEquals("Unexpected name id value", principal, nameID.getValue());

        SubjectConfirmationType subjType = subject.getConfirmation().get(0);
        assertEquals("Unexpected confirmation method", confirmationMethod, subjType.getMethod());

        // validate the assertion conditions.
        assertNotNull("Unexpected null conditions", assertion.getConditions());
        assertEquals(lifetime.getCreated(), assertion.getConditions().getNotBefore());
        assertEquals(lifetime.getExpires(), assertion.getConditions().getNotOnOrAfter());

        assertNotNull("Assertion should have been signed", assertion.getSignature());

        return assertion;
    }
View Full Code Here
TOP

Related Classes of org.picketlink.identity.federation.core.wstrust.wrappers.Lifetime

  • org.picketlink.identity.federation.core.parsers.wst.WSTRequestSecurityTokenParser
  • org.picketlink.identity.federation.core.parsers.wst.WSTRequestSecurityTokenResponseParser
  • org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML11TokenProvider
  • org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider
  • org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter
  • org.picketlink.identity.federation.core.wstrust.writers.WSTrustResponseWriter
  • org.picketlink.identity.federation.core.wstrust.WSTrustUtil
  • org.picketlink.identity.federation.ws.trust.LifetimeType
  • org.picketlink.identity.federation.ws.wss.utility.AttributedDateTime
  • org.picketlink.test.identity.federation.core.wstrust.PicketLinkSTSUnitTestCase
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.