/** {@inheritDoc} */ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject) throws UnmarshallingException { RoleDescriptor roleDescriptor = (RoleDescriptor) parentSAMLObject; if (childSAMLObject instanceof Extensions) { roleDescriptor.setExtensions((Extensions) childSAMLObject); } else if (childSAMLObject instanceof Signature) { roleDescriptor.setSignature((Signature) childSAMLObject); } else if (childSAMLObject instanceof KeyDescriptor) { roleDescriptor.getKeyDescriptors().add((KeyDescriptor) childSAMLObject); } else if (childSAMLObject instanceof Organization) { roleDescriptor.setOrganization((Organization) childSAMLObject); } else if (childSAMLObject instanceof ContactPerson) { roleDescriptor.getContactPersons().add((ContactPerson) childSAMLObject); } else { super.processChildElement(parentSAMLObject, childSAMLObject); } }
if (roleDescriptor.getID() != null) { log.trace("Writing ID attribute to RoleDescriptor DOM element"); domElement.setAttributeNS(null, RoleDescriptor.ID_ATTRIB_NAME, roleDescriptor.getID()); domElement.setIdAttributeNS(null, RoleDescriptor.ID_ATTRIB_NAME, true); if (roleDescriptor.getValidUntil() != null) { log.trace("Writting validUntil attribute to RoleDescriptor DOM element"); String validUntilStr = Configuration.getSAMLDateFormatter().print(roleDescriptor.getValidUntil()); domElement.setAttributeNS(null, TimeBoundSAMLObject.VALID_UNTIL_ATTRIB_NAME, validUntilStr); if (roleDescriptor.getCacheDuration() != null) { log.trace("Writting cacheDuration attribute to EntitiesDescriptor DOM element"); String cacheDuration = XMLHelper.longToDuration(roleDescriptor.getCacheDuration()); domElement.setAttributeNS(null, CacheableSAMLObject.CACHE_DURATION_ATTRIB_NAME, cacheDuration); List<String> supportedProtocols = roleDescriptor.getSupportedProtocols(); if (supportedProtocols != null && supportedProtocols.size() > 0) { log.trace("Writting protocolSupportEnumberation attribute to RoleDescriptor DOM element"); if (roleDescriptor.getErrorURL() != null) { log.trace("Writting errorURL attribute to RoleDescriptor DOM element"); domElement.setAttributeNS(null, RoleDescriptor.ERROR_URL_ATTRIB_NAME, roleDescriptor.getErrorURL()); for (Entry<QName, String> entry : roleDescriptor.getUnknownAttributes().entrySet()) { attribute = XMLHelper.constructAttribute(domElement.getOwnerDocument(), entry.getKey()); attribute.setValue(entry.getValue()); domElement.setAttributeNodeNS(attribute); if (Configuration.isIDAttribute(entry.getKey()) || roleDescriptor.getUnknownAttributes().isIDAttribute(entry.getKey())) {
/** {@inheritDoc} */ protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException { RoleDescriptor roleDescriptor = (RoleDescriptor) samlObject; if (attribute.getLocalName().equals(RoleDescriptor.ID_ATTRIB_NAME)) { roleDescriptor.setID(attribute.getValue()); attribute.getOwnerElement().setIdAttributeNode(attribute, true); } else if (attribute.getLocalName().equals(TimeBoundSAMLObject.VALID_UNTIL_ATTRIB_NAME) && !DatatypeHelper.isEmpty(attribute.getValue())) { roleDescriptor.setValidUntil(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC())); } else if (attribute.getLocalName().equals(CacheableSAMLObject.CACHE_DURATION_ATTRIB_NAME)) { roleDescriptor.setCacheDuration(XMLHelper.durationToLong(attribute.getValue())); } else if (attribute.getLocalName().equals(RoleDescriptor.PROTOCOL_ENUMERATION_ATTRIB_NAME)) { StringTokenizer protocolTokenizer = new StringTokenizer(attribute.getValue(), " "); while (protocolTokenizer.hasMoreTokens()) { roleDescriptor.addSupportedProtocol(protocolTokenizer.nextToken()); } } else if (attribute.getLocalName().equals(RoleDescriptor.ERROR_URL_ATTRIB_NAME)) { roleDescriptor.setErrorURL(attribute.getValue()); } else { QName attribQName = XMLHelper.getNodeQName(attribute); if (attribute.isId()) { roleDescriptor.getUnknownAttributes().registerID(attribQName); } roleDescriptor.getUnknownAttributes().put(attribQName, attribute.getValue()); } } }
/** * Gets the effective name for the role. This is either the element QName for roles defined within the SAML metadata * specification or the element schema type QName for those that are not. * * @param role role to get the effective name for * * @return effective name of the role * * @throws FilterException thrown if the effective role name can not be determined */ protected QName getRoleName(RoleDescriptor role) throws FilterException { QName roleName = role.getElementQName(); if (extRoleDescriptor.equals(roleName)) { roleName = role.getSchemaType(); if (roleName == null) { throw new FilterException("Role descriptor element was " + extRoleDescriptor + " but did not contain a schema type. This is illegal."); } } return roleName; } }
public void signMetadata(EntityDescriptor baseDescriptor) throws MetadataException { // Add key descriptors for each element in base descriptor. List<RoleDescriptor> roleDescriptors = baseDescriptor.getRoleDescriptors(); if (roleDescriptors.size() > 0) { for (RoleDescriptor roleDesc : roleDescriptors) { roleDesc.getKeyDescriptors().add(createKeyDescriptor()); } } if (log.isDebugEnabled()) { log.debug("Key Descriptors set for all the role descriptor types"); } // Remove namespace of Signature element try { org.apache.xml.security.utils.ElementProxy.setDefaultPrefix(ConfigElements.XMLSIGNATURE_NS, ""); } catch (XMLSecurityException e) { throw new MetadataException("Unable to set default prefix for signature element", e); } org.apache.xml.security.Init.init(); } /**
/** {@inheritDoc} */ @SuppressWarnings("unchecked") public Endpoint selectEndpoint() { if(getEntityRoleMetadata() == null){ return null; } List<? extends Endpoint> endpoints = getEntityRoleMetadata().getEndpoints(getEndpointType()); if (endpoints == null || endpoints.size() == 0) { return null; } Endpoint selectedEndpoint; endpoints = filterEndpointsByProtocolBinding(endpoints); if (endpoints == null || endpoints.size() == 0) { return null; } if (endpoints.get(0) instanceof IndexedEndpoint) { selectedEndpoint = selectIndexedEndpoint((List<IndexedEndpoint>) endpoints); } else { selectedEndpoint = selectNonIndexedEndpoint((List<Endpoint>) endpoints); } log.debug("Selected endpoint {} for request", selectedEndpoint.getLocation()); return selectedEndpoint; }
while (roleIter.hasNext()) { RoleDescriptor roleChild = roleIter.next(); if (!roleChild.isSigned()) { log.trace("RoleDescriptor member '{}' was not signed, skipping signature processing...", roleChild.getElementQName()); continue; } else { log.trace("Processing signed RoleDescriptor member: {}", roleChild.getElementQName()); log.error("RoleDescriptor '{}' subordinate to entity '{}' failed signature verification, " + "removing from metadata provider", roleChild.getElementQName(), entityID);
throw new ServletException(new SAMLException("Can't determine IDP Discovery return URL for entity " + messageContext.getLocalEntityRoleMetadata().getID()));
/** * Get a string token for logging/debugging purposes that contains role information and containing entityID. * * @param entityID the containing entityID * @param role the role descriptor * * @return the constructed role ID token. */ protected String getRoleIDToken(String entityID, RoleDescriptor role) { String roleName = role.getElementQName().getLocalPart(); return "[Role: " + entityID + "::" + roleName + "]"; } }
if (descriptor.getExtensions() != null) { List<XMLObject> discoveryResponseElements = descriptor.getExtensions().getUnknownXMLObjects(DiscoveryResponse.DEFAULT_ELEMENT_NAME); for (XMLObject element : discoveryResponseElements) { DiscoveryResponse response = (DiscoveryResponse) element;
List<KeyDescriptor> keyDescriptors = roleDescriptor.getKeyDescriptors(); if(keyDescriptors == null || keyDescriptors.isEmpty()){ return trustedNames;
context.setLocalEntityEndpoint(SAMLUtil.getEndpoint(context.getLocalEntityRoleMetadata().getEndpoints(), context.getInboundSAMLBinding(), context.getInboundMessageTransport(), uriComparator));
List<KeyDescriptor> keyDescriptors = roleDescriptor.getKeyDescriptors(); if(keyDescriptors == null || keyDescriptors.isEmpty()){ return credentials;
context.setCommunicationProfileId(getProfileName()); processor.retrieveMessage(context); context.setLocalEntityEndpoint(SAMLUtil.getEndpoint(context.getLocalEntityRoleMetadata().getEndpoints(), context.getInboundSAMLBinding(), context.getInboundMessageTransport(), uriComparator));
List<? extends Endpoint> endpoints = getEntityRoleMetadata().getEndpoints(getEndpointType()); if (endpoints == null || endpoints.size() == 0) { return null;