|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.rahas.impl.util.SAMLUtils
public class SAMLUtils
Utility class for SAML 1 assertions. Responsible for manipulating all SAML1 specific objects like Assertion, ConfirmationMethod etc ...
Constructor Summary | |
---|---|
SAMLUtils()
|
Method Summary | |
---|---|
static org.opensaml.saml1.core.Assertion |
buildAssertion(org.w3c.dom.Element assertionElement)
Builds an assertion from an XML element. |
static org.opensaml.xml.XMLObject |
buildXMLObject(javax.xml.namespace.QName objectQName)
Builds the requested XMLObject. |
static org.joda.time.DateTime |
convertToDateTime(java.util.Date date)
Converts java.util.Date to opensaml DateTime object. |
static org.opensaml.saml1.core.Assertion |
createAssertion(java.lang.String issuerName,
org.joda.time.DateTime notBefore,
org.joda.time.DateTime notOnOrAfter,
java.util.List<org.opensaml.saml1.core.Statement> statements)
This method creates the final SAML assertion. |
static org.opensaml.saml1.core.Attribute |
createAttribute(java.lang.String name,
java.lang.String namespace,
java.lang.String value)
Creates a SAML attribute similar to following, |
static org.opensaml.saml1.core.AttributeStatement |
createAttributeStatement(org.opensaml.saml1.core.Subject subject,
java.util.List<org.opensaml.saml1.core.Attribute> attributeList)
Creates an attribute statement. |
static org.opensaml.saml1.core.AuthenticationStatement |
createAuthenticationStatement(org.opensaml.saml1.core.Subject subject,
java.lang.String authenticationMethod,
org.joda.time.DateTime authenticationInstant)
Creates an AuthenticationStatement. |
static org.opensaml.saml1.core.Conditions |
createConditions(org.joda.time.DateTime notBefore,
org.joda.time.DateTime notOnOrAfter)
Creates Conditions object. |
static org.opensaml.xml.signature.KeyInfo |
createKeyInfo()
Creates a KeyInfo object |
static org.opensaml.xml.signature.KeyInfo |
createKeyInfo(org.opensaml.xml.encryption.EncryptedKey encryptedKey)
Creates a KeyInfo element given EncryptedKey. |
static org.opensaml.xml.signature.KeyInfo |
createKeyInfo(org.opensaml.xml.signature.X509Data x509Data)
Creates a KeyInfo element given EncryptedKey. |
static org.opensaml.saml1.core.NameIdentifier |
createNamedIdentifier(java.lang.String principalName,
java.lang.String format)
Create named identifier. |
static org.opensaml.saml1.core.Subject |
createSubject(org.opensaml.saml1.core.NameIdentifier nameIdentifier,
java.lang.String confirmationMethod,
org.opensaml.xml.signature.KeyInfo keyInfoContent)
Creates an opensaml Subject representation. |
static org.opensaml.saml1.core.SubjectConfirmation |
createSubjectConfirmation(java.lang.String confirmationMethod,
org.opensaml.xml.signature.KeyInfo keyInfoContent)
Creates opensaml SubjectConfirmation representation. |
static org.opensaml.saml1.core.ConfirmationMethod |
createSubjectConfirmationMethod(java.lang.String confirmationMethod)
Creates the subject confirmation method. |
static java.util.Collection<java.security.cert.X509Certificate> |
getCertChainCollection(java.security.cert.X509Certificate[] issuerCerts)
|
static org.opensaml.xml.signature.KeyInfo |
getCertificateBasedKeyInfo(java.security.cert.X509Certificate certificate)
Creates the certificate based KeyInfo object. |
static java.lang.String |
getSAML11SubjectConfirmationMethod(org.opensaml.saml1.core.Assertion assertion)
Get subject confirmation method of the given SAML 1.1 Assertion. |
static org.opensaml.xml.signature.KeyInfo |
getSymmetricKeyBasedKeyInfo(org.w3c.dom.Document doc,
RahasData data,
java.security.cert.X509Certificate serviceCert,
int keySize,
org.apache.ws.security.components.crypto.Crypto crypto,
int keyComputation)
This method creates KeyInfo element of an assertion. |
static void |
signAssertion(org.opensaml.saml1.core.Assertion assertion,
org.apache.ws.security.components.crypto.Crypto crypto,
java.lang.String issuerKeyAlias,
java.lang.String issuerKeyPassword)
Signs the SAML assertion. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public SAMLUtils()
Method Detail |
---|
public static java.util.Collection<java.security.cert.X509Certificate> getCertChainCollection(java.security.cert.X509Certificate[] issuerCerts)
public static org.opensaml.xml.XMLObject buildXMLObject(javax.xml.namespace.QName objectQName) throws TrustException
objectQName
- name of the XMLObject
TrustException
- If unable to find the appropriate builder.public static org.opensaml.saml1.core.Assertion buildAssertion(org.w3c.dom.Element assertionElement)
assertionElement
- The XML element.
public static void signAssertion(org.opensaml.saml1.core.Assertion assertion, org.apache.ws.security.components.crypto.Crypto crypto, java.lang.String issuerKeyAlias, java.lang.String issuerKeyPassword) throws TrustException
Credential
objectSignature
object
assertion
- The assertion to be signed.crypto
- Certificate and private key data are stored in Crypto objectissuerKeyAlias
- Key aliasissuerKeyPassword
- Key password
TrustException
- If an error occurred while signing the assertion.public static java.lang.String getSAML11SubjectConfirmationMethod(org.opensaml.saml1.core.Assertion assertion)
assertion
- SAML 1.1 Assertion
public static org.opensaml.saml1.core.NameIdentifier createNamedIdentifier(java.lang.String principalName, java.lang.String format) throws TrustException
principalName
- Name of the subject.format
- Format of the subject, whether it is an email, uid etc ...
TrustException
- If unable to find the builder.public static org.opensaml.saml1.core.ConfirmationMethod createSubjectConfirmationMethod(java.lang.String confirmationMethod) throws TrustException
confirmationMethod
- Name of the actual confirmation method. Could be
holder-of-key - "urn:oasis:names:tc:SAML:1.0:cm:holder-of-key"
sender-vouches - "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches"
bearer - TODO
TrustException
- If unable to find appropriate XMLObject builder for confirmation QName.public static org.opensaml.saml1.core.SubjectConfirmation createSubjectConfirmation(java.lang.String confirmationMethod, org.opensaml.xml.signature.KeyInfo keyInfoContent) throws TrustException
confirmationMethod
- The subject confirmation method. Bearer, Sender-Vouches or Holder-Of-Key.keyInfoContent
- The KeyInfo content. According to SPEC (SAML 1.1) this could be null.
TrustException
- If unable to find any of the XML builders.public static org.opensaml.saml1.core.Subject createSubject(org.opensaml.saml1.core.NameIdentifier nameIdentifier, java.lang.String confirmationMethod, org.opensaml.xml.signature.KeyInfo keyInfoContent) throws TrustException
nameIdentifier
- Represent the "NameIdentifier" of XML element above.confirmationMethod
- Represent the bearer, HOK or Sender-Vouches.keyInfoContent
- Key info information. This could be null.
TrustException
- If a relevant XML builder is unable to find.public static org.opensaml.saml1.core.AuthenticationStatement createAuthenticationStatement(org.opensaml.saml1.core.Subject subject, java.lang.String authenticationMethod, org.joda.time.DateTime authenticationInstant) throws TrustException
subject
- OpenSAML Subject implementation.authenticationMethod
- How subject is authenticated ? i.e. by using a password, kerberos, certificate
etc ... The method is defined as a URL in SAML specification.authenticationInstant
- Time which authentication took place.
TrustException
- If unable to find the builder.public static org.opensaml.saml1.core.AttributeStatement createAttributeStatement(org.opensaml.saml1.core.Subject subject, java.util.List<org.opensaml.saml1.core.Attribute> attributeList) throws TrustException
subject
- The OpenSAML representation of the Subject.attributeList
- List of attribute values to include within the message.
TrustException
- If unable to find the appropriate builder.public static org.opensaml.saml1.core.Conditions createConditions(org.joda.time.DateTime notBefore, org.joda.time.DateTime notOnOrAfter) throws TrustException
notBefore
- The validity of the Assertion starts from this value.notOnOrAfter
- The validity ends from this value.
TrustException
- If unable to find appropriate builder.public static org.opensaml.saml1.core.Assertion createAssertion(java.lang.String issuerName, org.joda.time.DateTime notBefore, org.joda.time.DateTime notOnOrAfter, java.util.List<org.opensaml.saml1.core.Statement> statements) throws TrustException
issuerName
- Represents the "Issuer" in Assertion.notBefore
- The Condition's NotBefore valuenotOnOrAfter
- The Condition's NotOnOrAfter valuestatements
- Other statements.
TrustException
- If unable to find the appropriate builder.public static org.opensaml.saml1.core.Attribute createAttribute(java.lang.String name, java.lang.String namespace, java.lang.String value) throws TrustException
name
- attribute namenamespace
- attribute namespace.value
- attribute value.
TrustException
- If unable to find the appropriate builder.public static org.opensaml.xml.signature.KeyInfo createKeyInfo() throws TrustException
TrustException
- If an error occurred while creating KeyInfo.public static org.opensaml.xml.signature.KeyInfo createKeyInfo(org.opensaml.xml.encryption.EncryptedKey encryptedKey) throws TrustException
encryptedKey
- The OpemSAML representation of encrypted key.
TrustException
- If unable to find the builder.public static org.opensaml.xml.signature.KeyInfo createKeyInfo(org.opensaml.xml.signature.X509Data x509Data) throws TrustException
x509Data
- The OpemSAML representation X509Data
TrustException
- If unable to find the builder.public static org.opensaml.xml.signature.KeyInfo getCertificateBasedKeyInfo(java.security.cert.X509Certificate certificate) throws TrustException
certificate
- The public key certificate used to create the KeyInfo object.
TrustException
- If an error occurred while creating the KeyInfopublic static org.opensaml.xml.signature.KeyInfo getSymmetricKeyBasedKeyInfo(org.w3c.dom.Document doc, RahasData data, java.security.cert.X509Certificate serviceCert, int keySize, org.apache.ws.security.components.crypto.Crypto crypto, int keyComputation) throws org.apache.ws.security.WSSecurityException, TrustException
doc
- An Axiom based DOM Document.data
- The ephemeral key which we use here need in encrypting the message also. Therefore
we need to save the ephemeral key in RahasData passed here.serviceCert
- Public key used to encrypt the assertion is extracted from this certificate.keySize
- Size of the key to be usedcrypto
- The relevant private keykeyComputation
- Key computation mechanism.
org.apache.ws.security.WSSecurityException
- We use WSS4J to generate encrypted key. This exception will trigger if an
error occurs while generating the encrypted key.
TrustException
- If an error occurred while creating KeyInfo object.public static org.joda.time.DateTime convertToDateTime(java.util.Date date)
date
- Java util date
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |