org.apache.wss4j.common.saml

Class SamlAssertionWrapper

java.lang.Object

org.apache.wss4j.common.saml.SamlAssertionWrapper

public class SamlAssertionWrapper
extends Object

Class SamlAssertionWrapper can generate, sign, and validate both SAML v1.1 and SAML v2.0 assertions.

Constructor Summary

Constructors

Constructor and Description
SamlAssertionWrapper(Element element) Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance.
SamlAssertionWrapper(SAMLCallback samlCallback) Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance.
SamlAssertionWrapper(org.opensaml.saml.common.SAMLObject samlObject) Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance.

Method Summary

Modifier and Type	Method and Description
String	assertionToString() Method assertionToString ...
void	checkAudienceRestrictions(List<String> audienceRestrictions) Check the AudienceRestrictions of the Assertion
void	checkAuthnStatements(int futureTTL) Check the various attributes of the AuthnStatements of the assertion (if any)
void	checkConditions(int futureTTL) Check the Conditions of the Assertion.
void	checkIssueInstant(int futureTTL, int ttl) Check the IssueInstant value of the Assertion.
List<String>	getConfirmationMethods() Method getConfirmationMethods returns the confirmationMethods of this SamlAssertionWrapper object.
Element	getElement() Get the Assertion as a DOM Element.
String	getId() Method getId returns the id of this SamlAssertionWrapper object.
String	getIssuerString() Method getIssuerString returns the issuerString of this SamlAssertionWrapper object.
org.opensaml.saml.saml1.core.Assertion	getSaml1() Method getSaml1 returns the saml1 of this SamlAssertionWrapper object.
org.opensaml.saml.saml2.core.Assertion	getSaml2() Method getSaml2 returns the saml2 of this SamlAssertionWrapper object.
org.opensaml.saml.common.SAMLObject	getSamlObject()
org.opensaml.saml.common.SAMLVersion	getSamlVersion() Method getSamlVersion returns the samlVersion of this SamlAssertionWrapper object.
org.opensaml.xmlsec.signature.Signature	getSignature()
SAMLKeyInfo	getSignatureKeyInfo() Get the SAMLKeyInfo associated with the signature of the assertion
byte[]	getSignatureValue() Get the SignatureValue bytes of the signed SAML Assertion
SAMLKeyInfo	getSubjectKeyInfo() Get the SAMLKeyInfo associated with the Subject KeyInfo
String	getSubjectName() Method getSubjectName returns the Subject name value
boolean	isCreated() Method isCreated returns the created of this SamlAssertionWrapper object.
boolean	isSigned() Method isSigned returns the signed of this SamlAssertionWrapper object.
void	parseSubject(SAMLKeyInfoProcessor keyInfoProcessor, Crypto sigCrypto, CallbackHandler callbackHandler) This method parses the KeyInfo of the Subject.
void	setSignature(org.opensaml.xmlsec.signature.Signature signature) Method setSignature sets the signature of this SamlAssertionWrapper object.
void	setSignature(org.opensaml.xmlsec.signature.Signature signature, String signatureDigestAlgorithm) Method setSignature sets the signature of this SamlAssertionWrapper object.
void	signAssertion(String issuerKeyName, String issuerKeyPassword, Crypto issuerCrypto, boolean sendKeyValue) Create an enveloped signature on the assertion that has been created.
void	signAssertion(String issuerKeyName, String issuerKeyPassword, Crypto issuerCrypto, boolean sendKeyValue, String canonicalizationAlgorithm, String signatureAlgorithm) Create an enveloped signature on the assertion that has been created.
void	signAssertion(String issuerKeyName, String issuerKeyPassword, Crypto issuerCrypto, boolean sendKeyValue, String canonicalizationAlgorithm, String signatureAlgorithm, String signatureDigestAlgorithm) Create an enveloped signature on the assertion that has been created.
Element	toDOM(Document doc) Create a DOM from the current XMLObject content.
void	validateSignatureAgainstProfile() Validate the signature of the Assertion against the Profile.
void	verifySignature(SAMLKeyInfo samlKeyInfo) Verify the signature of this assertion
void	verifySignature(SAMLKeyInfoProcessor keyInfoProcessor, Crypto sigCrypto) Verify the signature of this assertion

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SamlAssertionWrapper

public SamlAssertionWrapper(Element element)
                     throws WSSecurityException

Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance.

Parameters:

element - of type Element

Throws:

WSSecurityException

SamlAssertionWrapper

public SamlAssertionWrapper(org.opensaml.saml.common.SAMLObject samlObject)
                     throws WSSecurityException

Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance. This is the primary constructor. All other constructor calls should be routed to this method to ensure that the wrapper is initialized correctly.

Parameters:

samlObject - of type SAMLObject

Throws:

WSSecurityException

SamlAssertionWrapper

public SamlAssertionWrapper(SAMLCallback samlCallback)
                     throws WSSecurityException

Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance. This constructor is primarily called on the client side to initialize the wrapper from a configuration file.

Parameters:

samlCallback - of type SAMLCallback

Throws:

WSSecurityException

Method Detail

getSaml1

public org.opensaml.saml.saml1.core.Assertion getSaml1()

Method getSaml1 returns the saml1 of this SamlAssertionWrapper object.

Returns:

the saml1 (type Assertion) of this SamlAssertionWrapper object.

getSaml2

public org.opensaml.saml.saml2.core.Assertion getSaml2()

Method getSaml2 returns the saml2 of this SamlAssertionWrapper object.

Returns:

the saml2 (type Assertion) of this SamlAssertionWrapper object.

isCreated

public boolean isCreated()

Method isCreated returns the created of this SamlAssertionWrapper object.

Returns:

the created (type boolean) of this SamlAssertionWrapper object.

toDOM

public Element toDOM(Document doc)
              throws WSSecurityException

Create a DOM from the current XMLObject content. If the user-supplied doc is not null, reparent the returned Element so that it is compatible with the user-supplied document.

Parameters:

doc - of type Document

Returns:

Element

Throws:

WSSecurityException

assertionToString

public String assertionToString()
                         throws WSSecurityException

Method assertionToString ...

Returns:

String

Throws:

WSSecurityException

getId

public String getId()

Method getId returns the id of this SamlAssertionWrapper object.

Returns:

the id (type String) of this SamlAssertionWrapper object.

getIssuerString

public String getIssuerString()

Method getIssuerString returns the issuerString of this SamlAssertionWrapper object.

Returns:

the issuerString (type String) of this SamlAssertionWrapper object.

getSubjectName

public String getSubjectName()

Method getSubjectName returns the Subject name value

Returns:

the subjectName of this SamlAssertionWrapper object

getConfirmationMethods

public List<String> getConfirmationMethods()

Method getConfirmationMethods returns the confirmationMethods of this SamlAssertionWrapper object.

Returns:

the confirmationMethods of this SamlAssertionWrapper object.

isSigned

public boolean isSigned()

Method isSigned returns the signed of this SamlAssertionWrapper object.

Returns:

the signed (type boolean) of this SamlAssertionWrapper object.

setSignature

public void setSignature(org.opensaml.xmlsec.signature.Signature signature)

Method setSignature sets the signature of this SamlAssertionWrapper object.

Parameters:

signature - the signature of this SamlAssertionWrapper object.

setSignature

public void setSignature(org.opensaml.xmlsec.signature.Signature signature,
                         String signatureDigestAlgorithm)

Method setSignature sets the signature of this SamlAssertionWrapper object.

Parameters:

signature - the signature of this SamlAssertionWrapper object.

signatureDigestAlgorithm - the signature digest algorithm to use

signAssertion

public void signAssertion(String issuerKeyName,
                          String issuerKeyPassword,
                          Crypto issuerCrypto,
                          boolean sendKeyValue)
                   throws WSSecurityException

Create an enveloped signature on the assertion that has been created.

Parameters:

issuerKeyName - the Issuer KeyName to use with the issuerCrypto argument

issuerKeyPassword - the Issuer Password to use with the issuerCrypto argument

issuerCrypto - the Issuer Crypto instance

sendKeyValue - whether to send the key value or not

Throws:

WSSecurityException

signAssertion

public void signAssertion(String issuerKeyName,
                          String issuerKeyPassword,
                          Crypto issuerCrypto,
                          boolean sendKeyValue,
                          String canonicalizationAlgorithm,
                          String signatureAlgorithm)
                   throws WSSecurityException

Create an enveloped signature on the assertion that has been created.

Parameters:

issuerKeyName - the Issuer KeyName to use with the issuerCrypto argument

issuerKeyPassword - the Issuer Password to use with the issuerCrypto argument

issuerCrypto - the Issuer Crypto instance

sendKeyValue - whether to send the key value or not

canonicalizationAlgorithm - the canonicalization algorithm to be used for signing

signatureAlgorithm - the signature algorithm to be used for signing

Throws:

WSSecurityException

signAssertion

public void signAssertion(String issuerKeyName,
                          String issuerKeyPassword,
                          Crypto issuerCrypto,
                          boolean sendKeyValue,
                          String canonicalizationAlgorithm,
                          String signatureAlgorithm,
                          String signatureDigestAlgorithm)
                   throws WSSecurityException

Create an enveloped signature on the assertion that has been created.

Parameters:

issuerKeyName - the Issuer KeyName to use with the issuerCrypto argument

issuerKeyPassword - the Issuer Password to use with the issuerCrypto argument

issuerCrypto - the Issuer Crypto instance

sendKeyValue - whether to send the key value or not

canonicalizationAlgorithm - the canonicalization algorithm to be used for signing

signatureAlgorithm - the signature algorithm to be used for signing

signatureDigestAlgorithm - the signature Digest algorithm to use

Throws:

WSSecurityException

verifySignature

public void verifySignature(SAMLKeyInfoProcessor keyInfoProcessor,
                            Crypto sigCrypto)
                     throws WSSecurityException

Verify the signature of this assertion

Throws:

ValidationException

WSSecurityException

verifySignature

public void verifySignature(SAMLKeyInfo samlKeyInfo)
                     throws WSSecurityException

Verify the signature of this assertion

Throws:

ValidationException

WSSecurityException

validateSignatureAgainstProfile

public void validateSignatureAgainstProfile()
                                     throws WSSecurityException

Validate the signature of the Assertion against the Profile. This does not actually verify the signature itself (see the verifySignature method for this)

Throws:

WSSecurityException

parseSubject

public void parseSubject(SAMLKeyInfoProcessor keyInfoProcessor,
                         Crypto sigCrypto,
                         CallbackHandler callbackHandler)
                  throws WSSecurityException

This method parses the KeyInfo of the Subject. It then stores the SAMLKeyInfo object that has been obtained for future processing.

Throws:

WSSecurityException

getSamlVersion

public org.opensaml.saml.common.SAMLVersion getSamlVersion()

Method getSamlVersion returns the samlVersion of this SamlAssertionWrapper object.

Returns:

the samlVersion (type SAMLVersion) of this SamlAssertionWrapper object.

getElement

public Element getElement()

Get the Assertion as a DOM Element.

Returns:

the assertion as a DOM Element

getSignatureKeyInfo

public SAMLKeyInfo getSignatureKeyInfo()

Get the SAMLKeyInfo associated with the signature of the assertion

Returns:

the SAMLKeyInfo associated with the signature of the assertion

getSubjectKeyInfo

public SAMLKeyInfo getSubjectKeyInfo()

Get the SAMLKeyInfo associated with the Subject KeyInfo

Returns:

the SAMLKeyInfo associated with the Subject KeyInfo

getSignatureValue

public byte[] getSignatureValue()
                         throws WSSecurityException

Get the SignatureValue bytes of the signed SAML Assertion

Returns:

the SignatureValue bytes of the signed SAML Assertion

Throws:

WSSecurityException

getSignature

public org.opensaml.xmlsec.signature.Signature getSignature()
                                                     throws WSSecurityException

Throws:

WSSecurityException

getSamlObject

public org.opensaml.saml.common.SAMLObject getSamlObject()

checkConditions

public void checkConditions(int futureTTL)
                     throws WSSecurityException

Check the Conditions of the Assertion.

Throws:

WSSecurityException

checkIssueInstant

public void checkIssueInstant(int futureTTL,
                              int ttl)
                       throws WSSecurityException

Check the IssueInstant value of the Assertion.

Throws:

WSSecurityException

checkAudienceRestrictions

public void checkAudienceRestrictions(List<String> audienceRestrictions)
                               throws WSSecurityException

Check the AudienceRestrictions of the Assertion

Throws:

WSSecurityException

checkAuthnStatements

public void checkAuthnStatements(int futureTTL)
                          throws WSSecurityException

Check the various attributes of the AuthnStatements of the assertion (if any)

Throws:

WSSecurityException