Package org.apache.wss4j.common.saml
Class SamlAssertionWrapper
- java.lang.Object
-
- org.apache.wss4j.common.saml.SamlAssertionWrapper
-
public class SamlAssertionWrapper extends Object
Class SamlAssertionWrapper can generate, sign, and validate both SAML v1.1 and SAML v2.0 assertions.
-
-
Constructor Summary
Constructors Constructor Description SamlAssertionWrapper(SAMLCallback samlCallback)
Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance.SamlAssertionWrapper(org.opensaml.saml.common.SAMLObject samlObject)
Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance.SamlAssertionWrapper(Element element)
Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description String
assertionToString()
Method assertionToString ...void
checkAudienceRestrictions(List<String> audienceRestrictions)
Check the AudienceRestrictions of the Assertionvoid
checkAuthnStatements(int futureTTL)
Check the various attributes of the AuthnStatements of the assertion (if any)void
checkConditions(int futureTTL)
Check the Conditions of the Assertion.void
checkIssueInstant(int futureTTL, int ttl)
Check the IssueInstant value of the Assertion.List<String>
getConfirmationMethods()
Method getConfirmationMethods returns the confirmationMethods of this SamlAssertionWrapper object.Element
getElement()
Get the Assertion as a DOM Element.String
getId()
Method getId returns the id of this SamlAssertionWrapper object.String
getIssuerString()
Method getIssuerString returns the issuerString of this SamlAssertionWrapper object.Instant
getNotBefore()
Instant
getNotOnOrAfter()
org.opensaml.saml.saml1.core.Assertion
getSaml1()
Method getSaml1 returns the saml1 of this SamlAssertionWrapper object.org.opensaml.saml.saml2.core.Assertion
getSaml2()
Method getSaml2 returns the saml2 of this SamlAssertionWrapper object.org.opensaml.saml.common.SAMLObject
getSamlObject()
org.opensaml.saml.common.SAMLVersion
getSamlVersion()
Method getSamlVersion returns the samlVersion of this SamlAssertionWrapper object.org.opensaml.xmlsec.signature.Signature
getSignature()
SAMLKeyInfo
getSignatureKeyInfo()
Get the SAMLKeyInfo associated with the signature of the assertionbyte[]
getSignatureValue()
Get the SignatureValue bytes of the signed SAML AssertionSAMLKeyInfo
getSubjectKeyInfo()
Get the SAMLKeyInfo associated with the Subject KeyInfoString
getSubjectName()
Method getSubjectName returns the Subject name valueboolean
isCreated()
Method isCreated returns the created of this SamlAssertionWrapper object.boolean
isSigned()
Method isSigned returns the signed of this SamlAssertionWrapper object.void
parseSubject(SAMLKeyInfoProcessor keyInfoProcessor, Crypto sigCrypto, CallbackHandler callbackHandler)
This method parses the KeyInfo of the Subject.void
setSignature(org.opensaml.xmlsec.signature.Signature signature)
Method setSignature sets the signature of this SamlAssertionWrapper object.void
setSignature(org.opensaml.xmlsec.signature.Signature signature, String signatureDigestAlgorithm)
Method setSignature sets the signature of this SamlAssertionWrapper object.void
signAssertion(String issuerKeyName, String issuerKeyPassword, Crypto issuerCrypto, boolean sendKeyValue)
Create an enveloped signature on the assertion that has been created.void
signAssertion(String issuerKeyName, String issuerKeyPassword, Crypto issuerCrypto, boolean sendKeyValue, String canonicalizationAlgorithm, String signatureAlgorithm)
Create an enveloped signature on the assertion that has been created.void
signAssertion(String issuerKeyName, String issuerKeyPassword, Crypto issuerCrypto, boolean sendKeyValue, String canonicalizationAlgorithm, String signatureAlgorithm, String signatureDigestAlgorithm)
Create an enveloped signature on the assertion that has been created.Element
toDOM(Document doc)
Create a DOM from the current XMLObject content.void
validateSignatureAgainstProfile()
Validate the signature of the Assertion against the Profile.void
verifySignature(SAMLKeyInfo samlKeyInfo)
Verify the signature of this assertionvoid
verifySignature(SAMLKeyInfoProcessor keyInfoProcessor, Crypto sigCrypto)
Verify the signature of this assertion
-
-
-
Constructor Detail
-
SamlAssertionWrapper
public SamlAssertionWrapper(Element element) throws WSSecurityException
Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance.- Parameters:
element
- of type Element- Throws:
WSSecurityException
-
SamlAssertionWrapper
public SamlAssertionWrapper(org.opensaml.saml.common.SAMLObject samlObject) throws WSSecurityException
Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance. This is the primary constructor. All other constructor calls should be routed to this method to ensure that the wrapper is initialized correctly.- Parameters:
samlObject
- of type SAMLObject- Throws:
WSSecurityException
-
SamlAssertionWrapper
public SamlAssertionWrapper(SAMLCallback samlCallback) throws WSSecurityException
Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance. This constructor is primarily called on the client side to initialize the wrapper from a configuration file.- Parameters:
samlCallback
- of type SAMLCallback- Throws:
WSSecurityException
-
-
Method Detail
-
getSaml1
public org.opensaml.saml.saml1.core.Assertion getSaml1()
Method getSaml1 returns the saml1 of this SamlAssertionWrapper object.- Returns:
- the saml1 (type Assertion) of this SamlAssertionWrapper object.
-
getSaml2
public org.opensaml.saml.saml2.core.Assertion getSaml2()
Method getSaml2 returns the saml2 of this SamlAssertionWrapper object.- Returns:
- the saml2 (type Assertion) of this SamlAssertionWrapper object.
-
isCreated
public boolean isCreated()
Method isCreated returns the created of this SamlAssertionWrapper object.- Returns:
- the created (type boolean) of this SamlAssertionWrapper object.
-
toDOM
public Element toDOM(Document doc) throws WSSecurityException
Create a DOM from the current XMLObject content. If the user-supplied doc is not null, reparent the returned Element so that it is compatible with the user-supplied document.- Parameters:
doc
- of type Document- Returns:
- Element
- Throws:
WSSecurityException
-
assertionToString
public String assertionToString() throws WSSecurityException
Method assertionToString ...- Returns:
- String
- Throws:
WSSecurityException
-
getNotBefore
public Instant getNotBefore()
-
getNotOnOrAfter
public Instant getNotOnOrAfter()
-
getId
public String getId()
Method getId returns the id of this SamlAssertionWrapper object.- Returns:
- the id (type String) of this SamlAssertionWrapper object.
-
getIssuerString
public String getIssuerString()
Method getIssuerString returns the issuerString of this SamlAssertionWrapper object.- Returns:
- the issuerString (type String) of this SamlAssertionWrapper object.
-
getSubjectName
public String getSubjectName()
Method getSubjectName returns the Subject name value- Returns:
- the subjectName of this SamlAssertionWrapper object
-
getConfirmationMethods
public List<String> getConfirmationMethods()
Method getConfirmationMethods returns the confirmationMethods of this SamlAssertionWrapper object.- Returns:
- the confirmationMethods of this SamlAssertionWrapper object.
-
isSigned
public boolean isSigned()
Method isSigned returns the signed of this SamlAssertionWrapper object.- Returns:
- the signed (type boolean) of this SamlAssertionWrapper object.
-
setSignature
public void setSignature(org.opensaml.xmlsec.signature.Signature signature)
Method setSignature sets the signature of this SamlAssertionWrapper object.- Parameters:
signature
- the signature of this SamlAssertionWrapper object.
-
setSignature
public void setSignature(org.opensaml.xmlsec.signature.Signature signature, String signatureDigestAlgorithm)
Method setSignature sets the signature of this SamlAssertionWrapper object.- Parameters:
signature
- the signature of this SamlAssertionWrapper object.signatureDigestAlgorithm
- the signature digest algorithm to use
-
signAssertion
public void signAssertion(String issuerKeyName, String issuerKeyPassword, Crypto issuerCrypto, boolean sendKeyValue) throws WSSecurityException
Create an enveloped signature on the assertion that has been created.- Parameters:
issuerKeyName
- the Issuer KeyName to use with the issuerCrypto argumentissuerKeyPassword
- the Issuer Password to use with the issuerCrypto argumentissuerCrypto
- the Issuer Crypto instancesendKeyValue
- whether to send the key value or not- Throws:
WSSecurityException
-
signAssertion
public void signAssertion(String issuerKeyName, String issuerKeyPassword, Crypto issuerCrypto, boolean sendKeyValue, String canonicalizationAlgorithm, String signatureAlgorithm) throws WSSecurityException
Create an enveloped signature on the assertion that has been created.- Parameters:
issuerKeyName
- the Issuer KeyName to use with the issuerCrypto argumentissuerKeyPassword
- the Issuer Password to use with the issuerCrypto argumentissuerCrypto
- the Issuer Crypto instancesendKeyValue
- whether to send the key value or notcanonicalizationAlgorithm
- the canonicalization algorithm to be used for signingsignatureAlgorithm
- the signature algorithm to be used for signing- Throws:
WSSecurityException
-
signAssertion
public void signAssertion(String issuerKeyName, String issuerKeyPassword, Crypto issuerCrypto, boolean sendKeyValue, String canonicalizationAlgorithm, String signatureAlgorithm, String signatureDigestAlgorithm) throws WSSecurityException
Create an enveloped signature on the assertion that has been created.- Parameters:
issuerKeyName
- the Issuer KeyName to use with the issuerCrypto argumentissuerKeyPassword
- the Issuer Password to use with the issuerCrypto argumentissuerCrypto
- the Issuer Crypto instancesendKeyValue
- whether to send the key value or notcanonicalizationAlgorithm
- the canonicalization algorithm to be used for signingsignatureAlgorithm
- the signature algorithm to be used for signingsignatureDigestAlgorithm
- the signature Digest algorithm to use- Throws:
WSSecurityException
-
verifySignature
public void verifySignature(SAMLKeyInfoProcessor keyInfoProcessor, Crypto sigCrypto) throws WSSecurityException
Verify the signature of this assertion- Throws:
WSSecurityException
-
verifySignature
public void verifySignature(SAMLKeyInfo samlKeyInfo) throws WSSecurityException
Verify the signature of this assertion- Throws:
WSSecurityException
-
validateSignatureAgainstProfile
public void validateSignatureAgainstProfile() throws WSSecurityException
Validate the signature of the Assertion against the Profile. This does not actually verify the signature itself (see the verifySignature method for this)- Throws:
WSSecurityException
-
parseSubject
public void parseSubject(SAMLKeyInfoProcessor keyInfoProcessor, Crypto sigCrypto, CallbackHandler callbackHandler) throws WSSecurityException
This method parses the KeyInfo of the Subject. It then stores the SAMLKeyInfo object that has been obtained for future processing.- Throws:
WSSecurityException
-
getSamlVersion
public org.opensaml.saml.common.SAMLVersion getSamlVersion()
Method getSamlVersion returns the samlVersion of this SamlAssertionWrapper object.- Returns:
- the samlVersion (type SAMLVersion) of this SamlAssertionWrapper object.
-
getElement
public Element getElement()
Get the Assertion as a DOM Element.- Returns:
- the assertion as a DOM Element
-
getSignatureKeyInfo
public SAMLKeyInfo getSignatureKeyInfo()
Get the SAMLKeyInfo associated with the signature of the assertion- Returns:
- the SAMLKeyInfo associated with the signature of the assertion
-
getSubjectKeyInfo
public SAMLKeyInfo getSubjectKeyInfo()
Get the SAMLKeyInfo associated with the Subject KeyInfo- Returns:
- the SAMLKeyInfo associated with the Subject KeyInfo
-
getSignatureValue
public byte[] getSignatureValue() throws WSSecurityException
Get the SignatureValue bytes of the signed SAML Assertion- Returns:
- the SignatureValue bytes of the signed SAML Assertion
- Throws:
WSSecurityException
-
getSignature
public org.opensaml.xmlsec.signature.Signature getSignature() throws WSSecurityException
- Throws:
WSSecurityException
-
getSamlObject
public org.opensaml.saml.common.SAMLObject getSamlObject()
-
checkConditions
public void checkConditions(int futureTTL) throws WSSecurityException
Check the Conditions of the Assertion.- Throws:
WSSecurityException
-
checkIssueInstant
public void checkIssueInstant(int futureTTL, int ttl) throws WSSecurityException
Check the IssueInstant value of the Assertion.- Throws:
WSSecurityException
-
checkAudienceRestrictions
public void checkAudienceRestrictions(List<String> audienceRestrictions) throws WSSecurityException
Check the AudienceRestrictions of the Assertion- Throws:
WSSecurityException
-
checkAuthnStatements
public void checkAuthnStatements(int futureTTL) throws WSSecurityException
Check the various attributes of the AuthnStatements of the assertion (if any)- Throws:
WSSecurityException
-
-