/*
* (non-Javadoc)
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder result = new StringBuilder();
result.append("Principal: " + getPrincipal() + ", Attributes: ");
for (AttributeStatement attributeStatement : getAttributeStatements()) {
for (Attribute attr : attributeStatement.getAttributes()) {
result.append("[ ");
result.append(attr.getName());
result.append(" : ");
for (int i = 0; i < attr.getAttributeValues().size(); i++) {
result.append(((XSString) attr.getAttributeValues().get(i)).getValue());
}
result.append("] ");
}
}
// add this back in when we support parsing this information
result.append(", AuthnStatements: ");
for (AuthnStatement authStatement : getAuthnStatements()) {
result.append("[ ");
result.append(authStatement.getAuthnInstant() + " : ");
result.append(
authStatement.getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef());
result.append("] ");
}
// result.append(", AuthzDecisionStatements: ");
// for (AuthzDecisionStatement authDecision : getAuthzDecisionStatements()) {
// result.append("[ ");
// result.append(authDecision.getDecision().toString());
// result.append(" ]");
// }
return result.toString();
}
/**
* Checks that all the attributes have a unique Name/NameFormat pair.
*
* @param query the attribute query to validate
* @throws ValidationException thrown if more than on Name/NameFormat pair is found in the list of
* attributes in this query
*/
protected void validateUniqueAttributeIdentifiers(AttributeQuery query)
throws ValidationException {
List<Attribute> attributes = query.getAttributes();
HashSet<Pair<String, String>> encounteredNames = new HashSet<Pair<String, String>>();
String attributeName;
String attributeNameFormat;
for (Attribute attribute : attributes) {
attributeName = attribute.getName();
attributeNameFormat = attribute.getNameFormat();
if (DatatypeHelper.isEmpty(attributeNameFormat)) {
// SAML 2 core, sec. 2.7.3.1, if no format is specified,
// unspecified is in effect. This avoids bug in processing null value.
attributeNameFormat = Attribute.UNSPECIFIED;
}
Pair<String, String> pair = new Pair<String, String>(attributeName, attributeNameFormat);
if (encounteredNames.contains(pair)) {
throw new ValidationException(
"Attribute query contains more than one attribute with the same Name and NameFormat");
} else {
encounteredNames.add(pair);
}
}
}
public List<EntityDescriptor> filterEntityCategory(
List<EntityDescriptor> entities, String category) {
List<EntityDescriptor> returnList = new ArrayList<EntityDescriptor>();
for (EntityDescriptor entity : entities) {
Extensions extensions = entity.getExtensions();
List<XMLObject> extObjs = extensions.getOrderedChildren();
for (XMLObject xmlObject : extObjs) {
if (xmlObject instanceof EntityAttributes) {
EntityAttributes entityAttrs = (EntityAttributes) xmlObject;
for (Attribute attr : entityAttrs.getAttributes()) {
if ("http://macedir.org/entity-category".equals(attr.getName())) {
for (XMLObject value : attr.getAttributeValues()) {
if (value instanceof XSAny) {
XSAny any = (XSAny) value;
if (category.equals(any.getTextContent())) {
returnList.add(entity);
}
}
}
}
}
}
}
}
return returnList;
}
@Override
protected Saml2Profile retrieveUserProfile(
final Saml2Credentials credentials, final WebContext context) {
Saml2Profile profile = new Saml2Profile();
profile.setId(credentials.getNameId().getValue());
for (Attribute attribute : credentials.getAttributes()) {
List<String> values = new ArrayList<String>();
for (XMLObject attributeValue : attribute.getAttributeValues()) {
Element attributeValueElement = attributeValue.getDOM();
String value = attributeValueElement.getTextContent();
values.add(value);
}
profile.addAttribute(attribute.getName(), values);
}
return profile;
}
@Override
public Set<Principal> getPrincipals() {
Set<Principal> principals = new HashSet<>();
Principal primary = getPrincipal();
principals.add(primary);
principals.add(new RolePrincipal(primary.getName()));
for (AttributeStatement attributeStatement : getAttributeStatements()) {
for (Attribute attr : attributeStatement.getAttributes()) {
if (StringUtils.containsIgnoreCase(attr.getName(), "role")) {
for (final XMLObject obj : attr.getAttributeValues()) {
principals.add(new RolePrincipal(((XSString) obj).getValue()));
}
}
}
}
return principals;
}
/*
* Process the response and returns the results
*/
private Map<String, String> getAssertionStatements(Assertion assertion) {
Map<String, String> results = new HashMap<String, String>();
if (assertion != null && assertion.getAttributeStatements() != null) {
List<AttributeStatement> attributeStatementList = assertion.getAttributeStatements();
for (AttributeStatement statement : attributeStatementList) {
List<Attribute> attributesList = statement.getAttributes();
for (Attribute attribute : attributesList) {
Element value = attribute.getAttributeValues().get(0).getDOM();
String attributeValue = value.getTextContent();
results.put(attribute.getName(), attributeValue);
}
}
}
return results;
}
/**
* Checks if the NameIDFormat is of the following formats below, if not, the name is changed to
* the value of the first matching usernameAttribute.
*/
private void identifyNameIDFormat() {
if (!((StringUtils.containsIgnoreCase(nameIDFormat, SAML2Constants.NAMEID_FORMAT_PERSISTENT)
|| StringUtils.containsIgnoreCase(
nameIDFormat, SAML2Constants.NAMEID_FORMAT_X509_SUBJECT_NAME)
|| StringUtils.containsIgnoreCase(nameIDFormat, SAML2Constants.NAMEID_FORMAT_KERBEROS)
|| StringUtils.containsIgnoreCase(
nameIDFormat, SAML2Constants.NAMEID_FORMAT_UNSPECIFIED))
&& !name.equals(""))) {
for (AttributeStatement attributeStatementList : getAttributeStatements()) {
List<Attribute> attributeList = attributeStatementList.getAttributes();
for (Attribute attribute : attributeList) {
if (listContainsIgnoreCase(usernameAttributeList, attribute.getName())) {
name = ((XMLString) attribute.getAttributeValues().get(0)).getValue();
return;
}
}
}
}
}
private AttributeStatement buildAttributeStatement(Map<String, String> claims) {
AttributeStatement attStmt = null;
if (claims != null) {
attStmt = new AttributeStatementBuilder().buildObject();
Iterator<String> ite = claims.keySet().iterator();
for (int i = 0; i < claims.size(); i++) {
Attribute attrib = new AttributeBuilder().buildObject();
String claimUri = ite.next();
attrib.setName(claimUri);
// look
// https://wiki.shibboleth.net/confluence/display/OpenSAML/OSTwoUsrManJavaAnyTypes
XSStringBuilder stringBuilder =
(XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
XSString stringValue =
stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
stringValue.setValue(claims.get(claimUri));
attrib.getAttributeValues().add(stringValue);
attStmt.getAttributes().add(attrib);
}
}
return attStmt;
}
private Map<String, Object> getUserAttributes(ResponseImpl samlResponse) {
Map<String, Object> userAttributes = new HashMap<>();
// Add 'Subject'
Assertion assertion = samlResponse.getAssertions().get(0);
userAttributes.put(
SAMLConstants.SAML2_ASSERTION_SUBJECT, assertion.getSubject().getNameID().getValue());
// Add other user attributes.
List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
if (attributeStatements != null) {
for (AttributeStatement attributeStatement : attributeStatements) {
List<Attribute> attributes = attributeStatement.getAttributes();
for (Attribute attribute : attributes) {
userAttributes.put(
attribute.getName(), attribute.getAttributeValues().get(0).getDOM().getTextContent());
}
}
}
return userAttributes;
}