Examples of org.picketlink.identity.federation.saml.v2.assertion.AssertionType

• org.picketlink.identity.federation.saml.v2.assertion.AssertionType
  @author Anil.Saldhana@redhat.com @since Nov 24, 2010

            StaxUtil.writeStartElement(this.writer, WSTrustConstants.PREFIX, WSTrustConstants.REQUESTED_TOKEN,
                    WSTrustConstants.BASE_NAMESPACE);
            List<Object> theList = response.getRequestedSecurityToken().getAny();
            for (Object securityToken : theList) {
                if (securityToken instanceof AssertionType) {
                    AssertionType assertion = (AssertionType) securityToken;
                    SAMLAssertionWriter samlAssertionWriter = new SAMLAssertionWriter(this.writer);
                    samlAssertionWriter.write(assertion);
                } else if (securityToken instanceof Element) {
                    StaxUtil.writeDOMElement(this.writer, (Element) securityToken);
                } else

        Element oldAssertionElement = (Element) token.getFirstChild();
        if (!this.isAssertion(oldAssertionElement))
            throw logger.assertionInvalidError();

        // get the JAXB representation of the old assertion.
        AssertionType oldAssertion = null;
        try {
            oldAssertion = SAMLUtil.fromElement(oldAssertionElement);
        } catch (Exception je) {
            throw logger.samlAssertionUnmarshallError(je);
        }

        // canceled assertions cannot be renewed.
        if (this.revocationRegistry.isRevoked(SAMLUtil.SAML2_TOKEN_TYPE, oldAssertion.getID()))
            throw logger.samlAssertionRevokedCouldNotRenew(oldAssertion.getID());

        // adjust the lifetime for the renewed assertion.
        ConditionsType conditions = oldAssertion.getConditions();
        conditions.setNotBefore(context.getRequestSecurityToken().getLifetime().getCreated());
        conditions.setNotOnOrAfter(context.getRequestSecurityToken().getLifetime().getExpires());

        // create a new unique ID for the renewed assertion.
        String assertionID = IDGenerator.create("ID_");

        List<StatementAbstractType> statements = new ArrayList<StatementAbstractType>();
        statements.addAll(oldAssertion.getStatements());

        // create the new assertion.
        AssertionType newAssertion = SAMLAssertionFactory.createAssertion(assertionID, oldAssertion.getIssuer(), context
                .getRequestSecurityToken().getLifetime().getCreated(), conditions, oldAssertion.getSubject(), statements);

        // create a security token with the new assertion.
        Element assertionElement = null;
        try {

            throw logger.wsTrustNullValidationTargetError();

        String code = WSTrustConstants.STATUS_CODE_VALID;
        String reason = "SAMLV2.0 Assertion successfuly validated";

        AssertionType assertion = null;
        Element assertionElement = (Element) token.getFirstChild();
        if (!this.isAssertion(assertionElement)) {
            code = WSTrustConstants.STATUS_CODE_INVALID;
            reason = "Validation failure: supplied token is not a SAMLV2.0 Assertion";
        } else {
            try {
                if (logger.isTraceEnabled()) {
                    logger.samlAssertion(DocumentUtil.getNodeAsString(assertionElement));
                }
                assertion = SAMLUtil.fromElement(assertionElement);
            } catch (Exception e) {
                throw logger.samlAssertionUnmarshallError(e);
            }
        }

        // check if the assertion has been canceled before.
        if (this.revocationRegistry.isRevoked(SAMLUtil.SAML2_TOKEN_TYPE, assertion.getID())) {
            code = WSTrustConstants.STATUS_CODE_INVALID;
            reason = "Validation failure: assertion with id " + assertion.getID() + " has been canceled";
        }

        // check the assertion lifetime.
        try {
            if (AssertionUtil.hasExpired(assertion)) {

    }

    public class MyCBH implements CallbackHandler {

        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
            AssertionType assertion = AssertionUtil.createAssertion(IDGenerator.create("ID_"), new NameIDType());

            assertion.setSubject(AssertionUtil.createAssertionSubject("anil"));

            List<String> roles = new ArrayList<String>();
            roles.add("test1");
            roles.add("test2");
            assertion.addStatement(StatementUtil.createAttributeStatement(roles));
            assertion.addStatement(StatementUtil.createAttributeStatement("SomeAttrib", "testX"));

            try {
                SamlCredential cred = new SamlCredential(AssertionUtil.asString(assertion));
                ObjectCallback obj = (ObjectCallback) callbacks[0];
                obj.setCredential(cred);

            boolean sigValid = AssertionUtil.isSignatureValid(assertionElement, publicKey);
            if (!sigValid) {
                throw logger.authSAMLInvalidSignatureError();
            }

            AssertionType assertion = SAMLUtil.fromElement(assertionElement);

            if (AssertionUtil.hasExpired(assertion)) {
                throw logger.authSAMLAssertionExpiredError();
            }
        } catch (NamingException e) {

        String authnContextDeclRef = JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get();

        AuthnStatementType authnStatement = response.createAuthnStatement(authnContextDeclRef, XMLTimeUtil.getIssueInstant());

        // Create an assertion
        AssertionType assertion = response.createAssertion(id, issuerInfo.getIssuer());
        assertion.addStatement(authnStatement);

        KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
        KeyPair kp = kpg.genKeyPair();

        id = IDGenerator.create("ID_"); // regenerate

        SecurityContextAssociation.clearSecurityContext();

        Element assertionElement = (Element) context.getSecurityToken().getTokenValue();

        SAMLParser samlParser = new SAMLParser();
        AssertionType assertion = (AssertionType) samlParser.parse(DocumentUtil.getNodeAsStream(assertionElement));

        /*
         * JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.assertion");
         * Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); JAXBElement<?> parsedElement = (JAXBElement<?>)
         * unmarshaller.unmarshal((Element) context.getSecurityToken() .getTokenValue());
         * assertNotNull("Unexpected null element", parsedElement); assertEquals("Unexpected element type", AssertionType.class,
         * parsedElement.getDeclaredType());
         *
         * AssertionType assertion = (AssertionType) parsedElement.getValue();
         */
        StandardSecurityToken securityToken = (StandardSecurityToken) context.getSecurityToken();
        assertEquals("Unexpected token id", securityToken.getTokenID(), assertion.getID());
        assertEquals("Unexpected token issuer", "PicketLinkSTS", assertion.getIssuer().getValue());

        // check the contents of the assertion conditions.
        ConditionsType conditions = assertion.getConditions();
        assertNotNull("Unexpected null conditions", conditions);
        assertNotNull("Unexpected null value for NotBefore attribute", conditions.getNotBefore());
        assertNotNull("Unexpected null value for NotOnOrAfter attribute", conditions.getNotOnOrAfter());
        assertEquals("Unexpected number of conditions", 1, conditions.getConditions().size());
        assertTrue("Unexpected condition type", conditions.getConditions().get(0) instanceof AudienceRestrictionType);
        AudienceRestrictionType restrictionType = (AudienceRestrictionType) conditions.getConditions().get(0);
        assertNotNull("Unexpected null audience list", restrictionType.getAudience());
        assertEquals("Unexpected number of audience elements", 1, restrictionType.getAudience().size());
        assertEquals("Unexpected audience value", "http://services.testcorp.org/provider2", restrictionType.getAudience()
                .get(0).toString());

        // check the contents of the assertion subject.
        SubjectType subject = assertion.getSubject();
        assertNotNull("Unexpected null subject", subject);

        NameIDType nameID = (NameIDType) subject.getSubType().getBaseID();
        assertEquals("Unexpected name id qualifier", "urn:picketlink:identity-federation", nameID.getNameQualifier());
        assertEquals("Unexpected name id", "bmozaffa", nameID.getValue());
        SubjectConfirmationType confirmation = (SubjectConfirmationType) subject.getConfirmation().get(0);
        assertEquals("Unexpected confirmation method", SAMLUtil.SAML2_BEARER_URI, confirmation.getMethod());

        Iterator<StatementAbstractType> statementIterator = assertion.getStatements().iterator();
        StatementAbstractType authnStatementType = statementIterator.next();
        StatementAbstractType statementAbstractType = statementIterator.next();

        assertTrue("Unexpected type instead of AuthnStatement: " + authnStatementType.getClass().getSimpleName(),
                authnStatementType instanceof AuthnStatementType);

        // Let us use the encrypted doc element to decrypt it

        ResponseType newRT = sr.getResponseType(DocumentUtil.getNodeAsStream(decryptedDocumentElement));

        AssertionType assertion = newRT.getAssertions().get(0).getAssertion();
        assertEquals("http://identityurl", assertion.getIssuer().getValue());
    }

        SPInfoHolder sp = new SPInfoHolder();
        sp.setResponseDestinationURI("http://service");
        sp.setIssuer("http://service.issuer");
        responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
        AssertionType assertion = responseType.getAssertions().get(0).getAssertion();

        AttributeStatementType attrStatement = StatementUtil.createAttributeStatement(roles);
        assertion.addStatement(attrStatement);

        // Add timed conditions
        saml2Response.createTimedConditions(assertion, 5000L);

        return responseType;

        ResponseType responseType = getResponseTypeAndCheckSignature(response, null);

        assertNotNull(responseType);
        assertEquals(1, responseType.getAssertions().size());

        AssertionType assertion = responseType.getAssertions().get(0).getAssertion();

        assertEquals(assertion.getIssuer().getValue(), IDENTITY_PROVIDER_URL);

        List<String> expectedRoles = new ArrayList<String>();

        expectedRoles.add("test-role1");
        expectedRoles.add("test-role2");
        expectedRoles.add("test-role3");

        Set<StatementAbstractType> statements = assertion.getStatements();

        for (StatementAbstractType statementType : statements) {
            if (statementType instanceof AttributeStatementType) {
                AttributeStatementType attributeType = (AttributeStatementType) statementType;
                List<ASTChoiceType> attributes = attributeType.getAttributes();