Source Code of org.jboss.seam.security.external.saml.SamlMessageFactory

package org.jboss.seam.security.external.saml;

import java.util.GregorianCalendar;

import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;

import org.jboss.seam.security.external.dialogues.api.Dialogue;
import org.jboss.seam.security.external.jaxb.samlv2.assertion.AssertionType;
import org.jboss.seam.security.external.jaxb.samlv2.assertion.AudienceRestrictionType;
import org.jboss.seam.security.external.jaxb.samlv2.assertion.AuthnContextType;
import org.jboss.seam.security.external.jaxb.samlv2.assertion.AuthnStatementType;
import org.jboss.seam.security.external.jaxb.samlv2.assertion.ConditionsType;
import org.jboss.seam.security.external.jaxb.samlv2.assertion.NameIDType;
import org.jboss.seam.security.external.jaxb.samlv2.assertion.SubjectConfirmationDataType;
import org.jboss.seam.security.external.jaxb.samlv2.assertion.SubjectConfirmationType;
import org.jboss.seam.security.external.jaxb.samlv2.assertion.SubjectType;
import org.jboss.seam.security.external.jaxb.samlv2.protocol.AuthnRequestType;
import org.jboss.seam.security.external.jaxb.samlv2.protocol.LogoutRequestType;
import org.jboss.seam.security.external.jaxb.samlv2.protocol.ObjectFactory;
import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
import org.jboss.seam.security.external.jaxb.samlv2.protocol.ResponseType;
import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusCodeType;
import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusType;
import org.jboss.seam.security.external.saml.api.SamlIdpSession;
import org.jboss.seam.security.external.saml.api.SamlNameId;
import org.jboss.seam.security.external.saml.idp.SamlIdpSessionImpl;

/**
 * @author Marcel Kolsteren
 */
@ApplicationScoped
public class SamlMessageFactory {
    private static final int ASSERTION_VALIDITY_IN_MINUTES = 5;

    @Inject
    private Instance<SamlEntityBean> samlEntityBean;

    @Inject
    private Dialogue dialogue;

    @Inject
    private Instance<SamlDialogue> samlDialogue;

    private ObjectFactory objectFactory = new ObjectFactory();

    private org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory assertionObjectFactory = new org.jboss.seam.security.external.jaxb.samlv2.assertion.ObjectFactory();

    public StatusResponseType createStatusResponse(String statusCode, String statusMessage) {
        StatusResponseType response = objectFactory.createStatusResponseType();

        fillStatusResponseFields(response, statusCode, statusMessage);

        return response;
    }

    public AuthnRequestType createAuthnRequest() {
        AuthnRequestType authnRequest = objectFactory.createAuthnRequestType();

        fillRequestAbstractTypeFields(authnRequest);

        // Fill in the optional fields that indicate where and how the response
        // should be delivered.
        authnRequest.setAssertionConsumerServiceURL(samlEntityBean.get().getServiceURL(SamlServiceType.SAML_ASSERTION_CONSUMER_SERVICE));
        authnRequest.setProtocolBinding(SamlConstants.HTTP_POST_BINDING);

        return authnRequest;
    }

    public ResponseType createResponse(SamlIdpSession session, SamlEndpoint externalSamlEndpoint) {
        ResponseType response = objectFactory.createResponseType();

        fillStatusResponseFields(response, SamlConstants.STATUS_SUCCESS, null);

        AssertionType assertion = assertionObjectFactory.createAssertionType();
        response.getAssertionOrEncryptedAssertion().add(assertion);

        SubjectType subject = assertionObjectFactory.createSubjectType();
        assertion.setSubject(subject);

        NameIDType nameID = assertionObjectFactory.createNameIDType();
        subject.getContent().add(assertionObjectFactory.createNameID(nameID));
        nameID.setValue(session.getPrincipal().getNameId().getValue());
        nameID.setFormat(session.getPrincipal().getNameId().getFormat());
        nameID.setNameQualifier(session.getPrincipal().getNameId().getQualifier());

        SubjectConfirmationType subjectConfirmation = assertionObjectFactory.createSubjectConfirmationType();
        subject.getContent().add(assertionObjectFactory.createSubjectConfirmation(subjectConfirmation));
        subjectConfirmation.setMethod(SamlConstants.CONFIRMATION_METHOD_BEARER);
        subjectConfirmation.setNameID(nameID);

        SubjectConfirmationDataType subjectConfirmationData = assertionObjectFactory.createSubjectConfirmationDataType();
        subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);

        subjectConfirmationData.setRecipient(externalSamlEndpoint.getLocation());
        subjectConfirmationData.setNotOnOrAfter(SamlUtils.getXMLGregorianCalendarNowPlusDuration(GregorianCalendar.MINUTE, ASSERTION_VALIDITY_IN_MINUTES));
        subjectConfirmationData.setInResponseTo(samlDialogue.get().getExternalProviderMessageId());

        ConditionsType conditions = assertionObjectFactory.createConditionsType();
        assertion.setConditions(conditions);
        AudienceRestrictionType audienceRestriction = assertionObjectFactory.createAudienceRestrictionType();
        conditions.getConditionOrAudienceRestrictionOrOneTimeUse().add(audienceRestriction);
        audienceRestriction.getAudience().add(samlDialogue.get().getExternalProvider().getEntityId());

        AuthnStatementType authnStatement = assertionObjectFactory.createAuthnStatementType();
        assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(authnStatement);
        authnStatement.setAuthnInstant(SamlUtils.getXMLGregorianCalendarNow());
        authnStatement.setSessionIndex(((SamlIdpSessionImpl) session).getSessionIndex());

        AuthnContextType authnContext = assertionObjectFactory.createAuthnContextType();
        authnStatement.setAuthnContext(authnContext);
        authnContext.getContent().add(assertionObjectFactory.createAuthnContextDeclRef(SamlConstants.AC_PASSWORD_PROTECTED_TRANSPORT));

        return response;
    }

    public LogoutRequestType createLogoutRequest(SamlNameId samlNameId, String sessionIndex) {
        LogoutRequestType logoutRequest = objectFactory.createLogoutRequestType();

        fillRequestAbstractTypeFields(logoutRequest);

        NameIDType nameID = assertionObjectFactory.createNameIDType();
        nameID.setValue(samlNameId.getValue());
        nameID.setFormat(samlNameId.getFormat());
        nameID.setNameQualifier(samlNameId.getQualifier());
        logoutRequest.setNameID(nameID);

        logoutRequest.getSessionIndex().add(sessionIndex);

        return logoutRequest;
    }

    private void fillRequestAbstractTypeFields(RequestAbstractType request) {
        request.setID(dialogue.getId());
        request.setIssueInstant(SamlUtils.getXMLGregorianCalendarNow());

        NameIDType issuer = assertionObjectFactory.createNameIDType();
        issuer.setValue(samlEntityBean.get().getEntityId());
        request.setIssuer(issuer);

        request.setVersion(SamlConstants.VERSION_2_0);
    }

    private void fillStatusResponseFields(StatusResponseType response, String statusCode, String statusMessage) {
        response.setID(dialogue.getId());
        response.setIssueInstant(SamlUtils.getXMLGregorianCalendarNow());

        NameIDType issuer = assertionObjectFactory.createNameIDType();
        issuer.setValue(samlEntityBean.get().getEntityId());
        response.setIssuer(issuer);

        response.setVersion(SamlConstants.VERSION_2_0);
        response.setInResponseTo(samlDialogue.get().getExternalProviderMessageId());

        StatusCodeType statusCodeJaxb = objectFactory.createStatusCodeType();
        statusCodeJaxb.setValue(statusCode);

        StatusType statusType = objectFactory.createStatusType();
        statusType.setStatusCode(statusCodeJaxb);
        if (statusMessage != null) {
            statusType.setStatusMessage(statusMessage);
        }

        response.setStatus(statusType);
    }
}