Package org.apache.wss4j.common.saml

Class SamlAssertionWrapper

java.lang.Object
org.apache.wss4j.common.saml.SamlAssertionWrapper
public class SamlAssertionWrapper extends Object
Class SamlAssertionWrapper can generate, sign, and validate both SAML v1.1 and SAML v2.0 assertions.

  • Constructor Details

    • SamlAssertionWrapper

      public SamlAssertionWrapper(Element element) throws WSSecurityException
      Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance.
      Parameters:
      element - of type Element
      Throws:
      WSSecurityException

    • SamlAssertionWrapper

      public SamlAssertionWrapper(org.opensaml.saml.common.SAMLObject samlObject) throws WSSecurityException
      Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance. This is the primary constructor. All other constructor calls should be routed to this method to ensure that the wrapper is initialized correctly.
      Parameters:
      samlObject - of type SAMLObject
      Throws:
      WSSecurityException

    • SamlAssertionWrapper

      public SamlAssertionWrapper(SAMLCallback samlCallback) throws WSSecurityException
      Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance. This constructor is primarily called on the client side to initialize the wrapper from a configuration file.
      Parameters:
      samlCallback - of type SAMLCallback
      Throws:
      WSSecurityException

  • Method Details

    • getSaml1

      public org.opensaml.saml.saml1.core.Assertion getSaml1()
      Method getSaml1 returns the saml1 of this SamlAssertionWrapper object.
      Returns:
      the saml1 (type Assertion) of this SamlAssertionWrapper object.

    • getSaml2

      public org.opensaml.saml.saml2.core.Assertion getSaml2()
      Method getSaml2 returns the saml2 of this SamlAssertionWrapper object.
      Returns:
      the saml2 (type Assertion) of this SamlAssertionWrapper object.

    • isCreated

      public boolean isCreated()
      Method isCreated returns the created of this SamlAssertionWrapper object.
      Returns:
      the created (type boolean) of this SamlAssertionWrapper object.

    • toDOM

      public Element toDOM(Document doc) throws WSSecurityException
      Create a DOM from the current XMLObject content. If the user-supplied doc is not null, reparent the returned Element so that it is compatible with the user-supplied document.
      Parameters:
      doc - of type Document
      Returns:
      Element
      Throws:
      WSSecurityException

    • assertionToString

      public String assertionToString() throws WSSecurityException
      Method assertionToString ...
      Returns:
      String
      Throws:
      WSSecurityException

    • getNotBefore

      public Instant getNotBefore()

    • getNotOnOrAfter

      public Instant getNotOnOrAfter()

    • getId

      public String getId()
      Method getId returns the id of this SamlAssertionWrapper object.
      Returns:
      the id (type String) of this SamlAssertionWrapper object.

    • getIssuerString

      public String getIssuerString()
      Method getIssuerString returns the issuerString of this SamlAssertionWrapper object.
      Returns:
      the issuerString (type String) of this SamlAssertionWrapper object.

    • getSubjectName

      public String getSubjectName()
      Method getSubjectName returns the Subject name value
      Returns:
      the subjectName of this SamlAssertionWrapper object

    • getConfirmationMethods

      public List<String> getConfirmationMethods()
      Method getConfirmationMethods returns the confirmationMethods of this SamlAssertionWrapper object.
      Returns:
      the confirmationMethods of this SamlAssertionWrapper object.

    • isSigned

      public boolean isSigned()
      Method isSigned returns the signed of this SamlAssertionWrapper object.
      Returns:
      the signed (type boolean) of this SamlAssertionWrapper object.

    • setSignature

      public void setSignature(org.opensaml.xmlsec.signature.Signature signature)
      Method setSignature sets the signature of this SamlAssertionWrapper object.
      Parameters:
      signature - the signature of this SamlAssertionWrapper object.

    • setSignature

      public void setSignature(org.opensaml.xmlsec.signature.Signature signature, String signatureDigestAlgorithm)
      Method setSignature sets the signature of this SamlAssertionWrapper object.
      Parameters:
      signature - the signature of this SamlAssertionWrapper object.
      signatureDigestAlgorithm - the signature digest algorithm to use

    • signAssertion

      public void signAssertion(String issuerKeyName, String issuerKeyPassword, Crypto issuerCrypto, boolean sendKeyValue) throws WSSecurityException
      Create an enveloped signature on the assertion that has been created.
      Parameters:
      issuerKeyName - the Issuer KeyName to use with the issuerCrypto argument
      issuerKeyPassword - the Issuer Password to use with the issuerCrypto argument
      issuerCrypto - the Issuer Crypto instance
      sendKeyValue - whether to send the key value or not
      Throws:
      WSSecurityException

    • signAssertion

      public void signAssertion(String issuerKeyName, String issuerKeyPassword, Crypto issuerCrypto, boolean sendKeyValue, String canonicalizationAlgorithm, String signatureAlgorithm) throws WSSecurityException
      Create an enveloped signature on the assertion that has been created.
      Parameters:
      issuerKeyName - the Issuer KeyName to use with the issuerCrypto argument
      issuerKeyPassword - the Issuer Password to use with the issuerCrypto argument
      issuerCrypto - the Issuer Crypto instance
      sendKeyValue - whether to send the key value or not
      canonicalizationAlgorithm - the canonicalization algorithm to be used for signing
      signatureAlgorithm - the signature algorithm to be used for signing
      Throws:
      WSSecurityException

    • signAssertion

      public void signAssertion(String issuerKeyName, String issuerKeyPassword, Crypto issuerCrypto, boolean sendKeyValue, String canonicalizationAlgorithm, String signatureAlgorithm, String signatureDigestAlgorithm) throws WSSecurityException
      Create an enveloped signature on the assertion that has been created.
      Parameters:
      issuerKeyName - the Issuer KeyName to use with the issuerCrypto argument
      issuerKeyPassword - the Issuer Password to use with the issuerCrypto argument
      issuerCrypto - the Issuer Crypto instance
      sendKeyValue - whether to send the key value or not
      canonicalizationAlgorithm - the canonicalization algorithm to be used for signing
      signatureAlgorithm - the signature algorithm to be used for signing
      signatureDigestAlgorithm - the signature Digest algorithm to use
      Throws:
      WSSecurityException

    • verifySignature

      public void verifySignature(SAMLKeyInfoProcessor keyInfoProcessor, Crypto sigCrypto) throws WSSecurityException
      Verify the signature of this assertion
      Throws:
      WSSecurityException

    • verifySignature

      public void verifySignature(SAMLKeyInfo samlKeyInfo) throws WSSecurityException
      Verify the signature of this assertion
      Throws:
      WSSecurityException

    • validateSignatureAgainstProfile

      public void validateSignatureAgainstProfile() throws WSSecurityException
      Validate the signature of the Assertion against the Profile. This does not actually verify the signature itself (see the verifySignature method for this)
      Throws:
      WSSecurityException

    • parseSubject

      public void parseSubject(SAMLKeyInfoProcessor keyInfoProcessor, Crypto sigCrypto) throws WSSecurityException
      This method parses the KeyInfo of the Subject. It then stores the SAMLKeyInfo object that has been obtained for future processing.
      Throws:
      WSSecurityException

    • getSamlVersion

      public org.opensaml.saml.common.SAMLVersion getSamlVersion()
      Method getSamlVersion returns the samlVersion of this SamlAssertionWrapper object.
      Returns:
      the samlVersion (type SAMLVersion) of this SamlAssertionWrapper object.

    • getElement

      public Element getElement()
      Get the Assertion as a DOM Element.
      Returns:
      the assertion as a DOM Element

    • getSignatureKeyInfo

      public SAMLKeyInfo getSignatureKeyInfo()
      Get the SAMLKeyInfo associated with the signature of the assertion
      Returns:
      the SAMLKeyInfo associated with the signature of the assertion

    • getSubjectKeyInfo

      public SAMLKeyInfo getSubjectKeyInfo()
      Get the SAMLKeyInfo associated with the Subject KeyInfo
      Returns:
      the SAMLKeyInfo associated with the Subject KeyInfo

    • getSignatureValue

      public byte[] getSignatureValue() throws WSSecurityException
      Get the SignatureValue bytes of the signed SAML Assertion
      Returns:
      the SignatureValue bytes of the signed SAML Assertion
      Throws:
      WSSecurityException

    • getSignature

      public org.opensaml.xmlsec.signature.Signature getSignature() throws WSSecurityException
      Throws:
      WSSecurityException

    • getSamlObject

      public org.opensaml.saml.common.SAMLObject getSamlObject()

    • checkConditions

      public void checkConditions(int futureTTL) throws WSSecurityException
      Check the Conditions of the Assertion.
      Throws:
      WSSecurityException

    • checkIssueInstant

      public void checkIssueInstant(int futureTTL, int ttl) throws WSSecurityException
      Check the IssueInstant value of the Assertion.
      Throws:
      WSSecurityException

    • checkAudienceRestrictions

      public void checkAudienceRestrictions(List<String> audienceRestrictions) throws WSSecurityException
      Check the AudienceRestrictions of the Assertion
      Throws:
      WSSecurityException

    • checkAuthnStatements

      public void checkAuthnStatements(int futureTTL) throws WSSecurityException
      Check the various attributes of the AuthnStatements of the assertion (if any)
      Throws:
      WSSecurityException