public static Element getAssertionElement(Object assertion) { return ((SamlAssertionWrapper)assertion).getElement(); }
@Override public void verify() throws XMLSecurityException { if (stsValidated) { // Already validated return; } try { super.verify(); } catch (XMLSecurityException ex) { SamlAssertionWrapper assertion = super.getSamlAssertionWrapper(); Element tokenElement = assertion.getElement(); validateTokenToSTS(tokenElement, message); } }
@Override public void verify() throws XMLSecurityException { if (stsValidated) { // Already validated return; } try { super.verify(); } catch (XMLSecurityException ex) { SamlAssertionWrapper assertion = super.getSamlAssertionWrapper(); Element tokenElement = assertion.getElement(); validateTokenToSTS(tokenElement, message); } }
for (WSDataRef dataRef : sl) { Element se = dataRef.getProtectedElement(); if (se == assertionWrapper.getElement()) { assertionIsSigned = true;
public WSSecurityEngineResult( int act, SamlAssertionWrapper ass ) { put(TAG_ACTION, act); put(TAG_SAML_ASSERTION, ass); put(TAG_VALIDATED_TOKEN, Boolean.FALSE); put(TAG_TOKEN_ELEMENT, ass.getElement()); }
private Element getTokenFromResults(WSHandlerResult handlerResult) { // Now go through the results in a certain order. Highest priority is first. Map<Integer, List<WSSecurityEngineResult>> actionResults = handlerResult.getActionResults(); for (Integer resultPriority : securityPriorities) { List<WSSecurityEngineResult> foundResults = actionResults.get(resultPriority); if (foundResults != null && !foundResults.isEmpty()) { for (WSSecurityEngineResult result : foundResults) { if (!skipResult(resultPriority, result)) { // First check for a transformed token Object transformedToken = result.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN); if (useTransformedToken && transformedToken instanceof SamlAssertionWrapper) { return ((SamlAssertionWrapper)transformedToken).getElement(); } if (result.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT) != null) { return (Element)result.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT); } } } } } return null; }
private Element getTokenFromResults(WSHandlerResult handlerResult) { // Now go through the results in a certain order. Highest priority is first. Map<Integer, List<WSSecurityEngineResult>> actionResults = handlerResult.getActionResults(); for (Integer resultPriority : securityPriorities) { List<WSSecurityEngineResult> foundResults = actionResults.get(resultPriority); if (foundResults != null && !foundResults.isEmpty()) { for (WSSecurityEngineResult result : foundResults) { if (!skipResult(resultPriority, result)) { // First check for a transformed token Object transformedToken = result.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN); if (useTransformedToken && transformedToken instanceof SamlAssertionWrapper) { return ((SamlAssertionWrapper)transformedToken).getElement(); } if (result.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT) != null) { return (Element)result.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT); } } } } } return null; }
private void storeTokenInCache( TokenStore tokenStore, SamlAssertionWrapper assertion, Principal principal, String tokenRealm ) throws WSSecurityException { // Store the successfully validated token in the cache byte[] signatureValue = assertion.getSignatureValue(); if (tokenStore != null && signatureValue != null && signatureValue.length > 0) { SecurityToken securityToken = CacheUtils.createSecurityTokenForStorage(assertion.getElement(), assertion.getId(), assertion.getNotOnOrAfter(), principal, tokenRealm, null); CacheUtils.storeTokenInCache(securityToken, tokenStore, signatureValue); } }
private void storeTokenInCache( TokenStore tokenStore, SamlAssertionWrapper assertion, Principal principal, String tokenRealm ) throws WSSecurityException { // Store the successfully validated token in the cache byte[] signatureValue = assertion.getSignatureValue(); if (tokenStore != null && signatureValue != null && signatureValue.length > 0) { SecurityToken securityToken = CacheUtils.createSecurityTokenForStorage(assertion.getElement(), assertion.getId(), assertion.getNotOnOrAfter(), principal, tokenRealm, null); CacheUtils.storeTokenInCache(securityToken, tokenStore, signatureValue); } }
/** * Store a SAML Assertion as a SecurityToken */ protected void storeAssertionAsSecurityToken(SamlAssertionWrapper assertion) { String id = findIDFromSamlToken(assertion.getElement()); if (id == null) { return; } SecurityToken secToken = new SecurityToken(id); if (assertion.getSaml2() != null) { secToken.setTokenType(WSS4JConstants.WSS_SAML2_TOKEN_TYPE); } else { secToken.setTokenType(WSS4JConstants.WSS_SAML_TOKEN_TYPE); } secToken.setToken(assertion.getElement()); getTokenStore().add(secToken); message.put(SecurityConstants.TOKEN_ID, secToken.getId()); }
public SecurityContext getSecurityContext(Message message, SamlAssertionWrapper wrapper) { // First check to see if we are allowed to set up a security context // The SAML Assertion must be signed, or we must explicitly allow unsigned String allowUnsigned = (String)SecurityUtils.getSecurityPropertyValue( SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, message ); boolean allowUnsignedSamlPrincipals = Boolean.parseBoolean(allowUnsigned); if (!(wrapper.isSigned() || allowUnsignedSamlPrincipals)) { return null; } ClaimCollection claims = getClaims(wrapper); Subject subject = getSubject(message, wrapper, claims); SecurityContext securityContext = doGetSecurityContext(message, subject, claims); if (securityContext instanceof SAMLSecurityContext) { Element assertionElement = wrapper.getElement(); ((SAMLSecurityContext)securityContext).setAssertionElement(assertionElement); } return securityContext; }
Node assertionParent = assertionWrapper.getElement().getParentNode();
public SecurityContext getSecurityContext(Message message, SamlAssertionWrapper wrapper) { // First check to see if we are allowed to set up a security context // The SAML Assertion must be signed, or we must explicitly allow unsigned String allowUnsigned = (String)SecurityUtils.getSecurityPropertyValue( SecurityConstants.ENABLE_UNSIGNED_SAML_ASSERTION_PRINCIPAL, message ); boolean allowUnsignedSamlPrincipals = Boolean.parseBoolean(allowUnsigned); if (!(wrapper.isSigned() || allowUnsignedSamlPrincipals)) { return null; } ClaimCollection claims = getClaims(wrapper); Subject subject = getSubject(message, wrapper, claims); SecurityContext securityContext = doGetSecurityContext(message, subject, claims); if (securityContext instanceof SAMLSecurityContext) { Element assertionElement = wrapper.getElement(); ((SAMLSecurityContext)securityContext).setAssertionElement(assertionElement); } return securityContext; }
/** * Store a SAML Assertion as a SecurityToken */ protected void storeAssertionAsSecurityToken(SamlAssertionWrapper assertion) { String id = findIDFromSamlToken(assertion.getElement()); if (id == null) { return; } SecurityToken secToken = new SecurityToken(id); if (assertion.getSaml2() != null) { secToken.setTokenType(WSS4JConstants.WSS_SAML2_TOKEN_TYPE); } else { secToken.setTokenType(WSS4JConstants.WSS_SAML_TOKEN_TYPE); } secToken.setToken(assertion.getElement()); getTokenStore().add(secToken); message.put(SecurityConstants.TOKEN_ID, secToken.getId()); }
Node assertionParent = assertionWrapper.getElement().getParentNode();
private void storeTokenInCache( TokenStore tokenStore, SamlAssertionWrapper assertion, Principal principal, TokenRenewerParameters tokenParameters ) throws WSSecurityException { // Store the successfully renewed token in the cache byte[] signatureValue = assertion.getSignatureValue(); if (tokenStore != null && signatureValue != null && signatureValue.length > 0) { SecurityToken securityToken = CacheUtils.createSecurityTokenForStorage(assertion.getElement(), assertion.getId(), assertion.getNotOnOrAfter(), tokenParameters.getPrincipal(), tokenParameters.getRealm(), tokenParameters.getTokenRequirements().getRenewing()); CacheUtils.storeTokenInCache( securityToken, tokenParameters.getTokenStore(), signatureValue); } }
private void storeTokenInCache( TokenStore tokenStore, SamlAssertionWrapper assertion, Principal principal, TokenRenewerParameters tokenParameters ) throws WSSecurityException { // Store the successfully renewed token in the cache byte[] signatureValue = assertion.getSignatureValue(); if (tokenStore != null && signatureValue != null && signatureValue.length > 0) { SecurityToken securityToken = CacheUtils.createSecurityTokenForStorage(assertion.getElement(), assertion.getId(), assertion.getNotOnOrAfter(), tokenParameters.getPrincipal(), tokenParameters.getRealm(), tokenParameters.getTokenRequirements().getRenewing()); CacheUtils.storeTokenInCache( securityToken, tokenParameters.getTokenStore(), signatureValue); } }
private SecurityToken createSecurityToken( SamlAssertionWrapper assertionWrapper ) { SecurityToken token = new SecurityToken(assertionWrapper.getId()); SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo(); if (subjectKeyInfo != null) { token.setSecret(subjectKeyInfo.getSecret()); X509Certificate[] certs = subjectKeyInfo.getCerts(); if (certs != null && certs.length > 0) { token.setX509Certificate(certs[0], null); } if (subjectKeyInfo.getPublicKey() != null) { token.setKey(subjectKeyInfo.getPublicKey()); } } if (assertionWrapper.getSaml1() != null) { token.setTokenType(WSS4JConstants.WSS_SAML_TOKEN_TYPE); } else if (assertionWrapper.getSaml2() != null) { token.setTokenType(WSS4JConstants.WSS_SAML2_TOKEN_TYPE); } token.setToken(assertionWrapper.getElement()); return token; }
private SecurityToken createSecurityToken( SamlAssertionWrapper assertionWrapper ) { SecurityToken token = new SecurityToken(assertionWrapper.getId()); SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo(); if (subjectKeyInfo != null) { token.setSecret(subjectKeyInfo.getSecret()); X509Certificate[] certs = subjectKeyInfo.getCerts(); if (certs != null && certs.length > 0) { token.setX509Certificate(certs[0], null); } if (subjectKeyInfo.getPublicKey() != null) { token.setKey(subjectKeyInfo.getPublicKey()); } } if (assertionWrapper.getSaml1() != null) { token.setTokenType(WSS4JConstants.WSS_SAML_TOKEN_TYPE); } else if (assertionWrapper.getSaml2() != null) { token.setTokenType(WSS4JConstants.WSS_SAML2_TOKEN_TYPE); } token.setToken(assertionWrapper.getElement()); return token; }
Element tokenElement = samlAssertionWrapper.getElement(); validateTokenToSTS(tokenElement, message); valid = true;