/** * Parse a SAML Assertion to obtain a SAMLKeyInfo object from * the Subject of the assertion * * @param assertion The SAML Assertion * @param data The RequestData instance used to obtain configuration * @param docInfo A WSDocInfo instance * @param bspCompliant Whether to process tokens in compliance with the BSP spec or not * @return a SAMLKeyInfo object * @throws WSSecurityException */ public static SAMLKeyInfo getCredentialFromSubject( AssertionWrapper assertion, RequestData data, WSDocInfo docInfo, boolean bspCompliant ) throws WSSecurityException { if (assertion.getSaml1() != null) { return getCredentialFromSubject(assertion.getSaml1(), data, docInfo, bspCompliant); } else { return getCredentialFromSubject(assertion.getSaml2(), data, docInfo, bspCompliant); } }
/** * Parse a SAML Assertion to obtain a SAMLKeyInfo object from * the Subject of the assertion * * @param assertion The SAML Assertion * @param data The RequestData instance used to obtain configuration * @param docInfo A WSDocInfo instance * @param bspCompliant Whether to process tokens in compliance with the BSP spec or not * @return a SAMLKeyInfo object * @throws WSSecurityException */ public static SAMLKeyInfo getCredentialFromSubject( AssertionWrapper assertion, RequestData data, WSDocInfo docInfo, boolean bspCompliant ) throws WSSecurityException { if (assertion.getSaml1() != null) { return getCredentialFromSubject(assertion.getSaml1(), data, docInfo, bspCompliant); } else { return getCredentialFromSubject(assertion.getSaml2(), data, docInfo, bspCompliant); } }
/** * This method parses the KeyInfo of the Subject for the holder-of-key confirmation * method, as required by the SAML Token spec. It then stores the SAMLKeyInfo object that * has been obtained for future processing by the SignatureProcessor. * @throws WSSecurityException */ public void parseHOKSubject( RequestData data, WSDocInfo docInfo ) throws WSSecurityException { String confirmMethod = null; List<String> methods = getConfirmationMethods(); if (methods != null && methods.size() > 0) { confirmMethod = methods.get(0); } if (OpenSAMLUtil.isMethodHolderOfKey(confirmMethod)) { if (saml1 != null) { subjectKeyInfo = SAMLUtil.getCredentialFromSubject(saml1, data, docInfo, data.getWssConfig().isWsiBSPCompliant()); } else if (saml2 != null) { subjectKeyInfo = SAMLUtil.getCredentialFromSubject(saml2, data, docInfo, data.getWssConfig().isWsiBSPCompliant()); } } }
/** * This method parses the KeyInfo of the Subject for the holder-of-key confirmation * method, as required by the SAML Token spec. It then stores the SAMLKeyInfo object that * has been obtained for future processing by the SignatureProcessor. * @throws WSSecurityException */ public void parseHOKSubject( RequestData data, WSDocInfo docInfo ) throws WSSecurityException { String confirmMethod = null; List<String> methods = getConfirmationMethods(); if (methods != null && methods.size() > 0) { confirmMethod = methods.get(0); } if (OpenSAMLUtil.isMethodHolderOfKey(confirmMethod)) { if (saml1 != null) { subjectKeyInfo = SAMLUtil.getCredentialFromSubject(saml1, data, docInfo, data.getWssConfig().isWsiBSPCompliant()); } else if (saml2 != null) { subjectKeyInfo = SAMLUtil.getCredentialFromSubject(saml2, data, docInfo, data.getWssConfig().isWsiBSPCompliant()); } } }
/** * Get a SecretKey from a SAML Assertion */ private byte[] getSecretKeyFromAssertion( AssertionWrapper assertion, SecurityTokenReference secRef, RequestData data, WSDocInfo wsDocInfo, boolean bspCompliant ) throws WSSecurityException { if (bspCompliant) { BSPEnforcer.checkSamlTokenBSPCompliance(secRef, assertion); } SAMLKeyInfo samlKi = SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant); if (samlKi == null) { throw new WSSecurityException( WSSecurityException.FAILED_CHECK, "invalidSAMLToken", new Object[] {"No Secret Key"} ); } return samlKi.getSecret(); }
@Override public byte[] getAssertionKeyInfoSecret(Crypto signatureCrypto, TokenCallbackHandler tokenCallbackHandler) throws WSSecurityException { RequestData requestData = new RequestData(); requestData.setCallbackHandler(tokenCallbackHandler); requestData.setSigCrypto(signatureCrypto); WSDocInfo docInfo = new WSDocInfo(assertion.getDOM().getOwnerDocument()); // TODO Improve .. // TODO change this to use SAMLAssertion parameter once wss4j conversion is done .... SAMLKeyInfo samlKi = SAMLUtil.getCredentialFromSubject(assertion, requestData, docInfo, true); return samlKi.getSecret(); }
/** * Get a SecretKey from a SAML Assertion */ private byte[] getSecretKeyFromAssertion( AssertionWrapper assertion, SecurityTokenReference secRef, RequestData data, WSDocInfo wsDocInfo, boolean bspCompliant ) throws WSSecurityException { if (bspCompliant) { BSPEnforcer.checkSamlTokenBSPCompliance(secRef, assertion); } SAMLKeyInfo samlKi = SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant); if (samlKi == null) { throw new WSSecurityException( WSSecurityException.FAILED_CHECK, "invalidSAMLToken", new Object[] {"No Secret Key"} ); } return samlKi.getSecret(); }
SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant);
SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant);
SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant); certs = samlKi.getCerts();
SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant); certs = samlKi.getCerts();
SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant);
SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant);
SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant); X509Certificate[] foundCerts = samlKi.getCerts(); if (foundCerts != null && foundCerts.length > 0) {
SAMLUtil.getCredentialFromSubject(assertion, data, wsDocInfo, bspCompliant); X509Certificate[] foundCerts = samlKi.getCerts(); if (foundCerts != null && foundCerts.length > 0) {
data.setWssConfig(getWsConfig()); SAMLKeyInfo samlKeyInfo = SAMLUtil.getCredentialFromSubject( assertion, data, wsDocInfo, getWsConfig().isWsiBSPCompliant() );
data.setWssConfig(getWsConfig()); SAMLKeyInfo samlKeyInfo = SAMLUtil.getCredentialFromSubject( assertion, data, wsDocInfo, getWsConfig().isWsiBSPCompliant() );