/** * Validates issuer info * * @param verifier * @return Whether issue validation successful or not. * @throws Exception */ protected boolean validateIssuerInfoPolicy(SAMLTokenVerifier verifier, RelyingPartyData data) throws RelyingPartyException { String issuerName = verifier.getIssuerName(); String issuerPolicy = data.getIssuerPolicy(); try { if (IdentityConstants.SELF_ISSUED_ISSUER.equals(issuerName)) { if (issuerPolicy == null || issuerPolicy.equals(TokenVerifierConstants.SELF_ONLY) || issuerPolicy.equals(TokenVerifierConstants.SELF_AND_MANGED)) { return true; } else { return false; } } else if (issuerPolicy.equals(TokenVerifierConstants.SELF_ONLY)) { // not a self issued card when self only return false; } else { return true; } } catch (Exception e) { log.error("Error in issuer policy validation", e); throw new RelyingPartyException("errorValidatingIssuerPolicy", e); } }
/** * The control flow is 1) Verify 2) Validate policies 3) Inject parameters into the * HttpServletRequest * * @param request * @param xmlToken * @param data * @throws RelyingPartyException */ public void setInfocardSessionAttributes( HttpServletRequest request, String xmlToken, RelyingPartyData data) throws RelyingPartyException { SAMLTokenVerifier verifier = new SAMLTokenVerifier(); Element plainTokenElem = verifier.decryptToken(xmlToken, data.getPrivateKey()); boolean isAllSuccess = false; if (verifier.verifyDecryptedToken(plainTokenElem, data)) { if (validateIssuerInfoPolicy(verifier, data)) { isAllSuccess = true; } } if (isAllSuccess == false) { injectDataToRequestOnFailure(verifier, request); } else { injectDataToRequestOnSuccess(verifier, request); } }
/** * When the token is valid this method injects valid states message * * @param verifier * @param request * @throws RelyingPartyException */ protected void injectDataToRequestOnSuccess(SAMLTokenVerifier verifier, ServletRequest request) throws RelyingPartyException { String issuerInfo = getIssuerInfoString(verifier); Iterator propertyEntry = null; if (issuerInfo != null) { request.setAttribute(TokenVerifierConstants.ISSUER_INFO, issuerInfo); } propertyEntry = verifier.getAttributeTable().entrySet().iterator(); while (propertyEntry.hasNext()) { Entry entry = (Entry) propertyEntry.next(); String key = (String) entry.getKey(); String value = (String) entry.getValue(); request.setAttribute(key, value); } request.setAttribute( TokenVerifierConstants.SERVLET_ATTR_STATE, TokenVerifierConstants.STATE_SUCCESS); }
/** * @param verifier * @return * @throws RelyingPartyException */ protected String getIssuerInfoString(SAMLTokenVerifier verifier) throws RelyingPartyException { String issuerInfo = null; OMFactory factory = null; OMNamespace namespace = null; Element keyInfo = null; OMElement certificates = null; OMElement omKeyInfo = null; boolean siginingSet = false; OMElement certElem = null; Iterator<X509Certificate> certIterator = null; try { factory = OMAbstractFactory.getOMFactory(); namespace = factory.createOMNamespace(TokenVerifierConstants.NS, TokenVerifierConstants.PREFIX); keyInfo = verifier.getKeyInfoElement(); certIterator = verifier.getCertificates().iterator(); while (certIterator.hasNext()) { X509Certificate cert = certIterator.next(); byte[] encodedCert = cert.getEncoded(); String base64Encoded = Base64.encode(encodedCert); if (certificates == null) { certificates = factory.createOMElement(TokenVerifierConstants.LN_CERTIFICATES, namespace); } certElem = factory.createOMElement(TokenVerifierConstants.LN_CERTIFICATE, namespace); if (siginingSet == false) { certElem.addAttribute(TokenVerifierConstants.LN_SIGNING_CERT, "true", null); siginingSet = true; } certElem.setText(base64Encoded); certificates.addChild(certElem); } if (keyInfo != null) { String value = IdentityUtil.nodeToString(keyInfo); XMLStreamReader parser = XMLInputFactory.newInstance().createXMLStreamReader(new StringReader(value)); StAXOMBuilder builder = new StAXOMBuilder(parser); omKeyInfo = builder.getDocumentElement(); } } catch (Exception e) { log.error("Error while building issuer info", e); throw new RelyingPartyException("errorBuildingIssuerInfo"); } if (certificates != null) { issuerInfo = certificates.toString(); } if (omKeyInfo != null) { if (issuerInfo != null) { issuerInfo = issuerInfo + omKeyInfo.toString(); } else { issuerInfo = omKeyInfo.toString(); } } return issuerInfo; }