/**
* Parse {@link org.keycloak.dom.saml.v1.assertion.SAML11ConditionsType}
*
* @param xmlEventReader
* @return
* @throws ParsingException
*/
public static SAML11ConditionsType parseSAML11Conditions(XMLEventReader xmlEventReader)
throws ParsingException {
StartElement startElement;
SAML11ConditionsType conditions = new SAML11ConditionsType();
StartElement conditionsElement = StaxParserUtil.getNextStartElement(xmlEventReader);
StaxParserUtil.validate(conditionsElement, JBossSAMLConstants.CONDITIONS.get());
String assertionNS = SAML11Constants.ASSERTION_11_NSURI;
QName notBeforeQName = new QName("", JBossSAMLConstants.NOT_BEFORE.get());
QName notBeforeQNameWithNS = new QName(assertionNS, JBossSAMLConstants.NOT_BEFORE.get());
QName notAfterQName = new QName("", JBossSAMLConstants.NOT_ON_OR_AFTER.get());
QName notAfterQNameWithNS = new QName(assertionNS, JBossSAMLConstants.NOT_ON_OR_AFTER.get());
Attribute notBeforeAttribute = conditionsElement.getAttributeByName(notBeforeQName);
if (notBeforeAttribute == null)
notBeforeAttribute = conditionsElement.getAttributeByName(notBeforeQNameWithNS);
Attribute notAfterAttribute = conditionsElement.getAttributeByName(notAfterQName);
if (notAfterAttribute == null)
notAfterAttribute = conditionsElement.getAttributeByName(notAfterQNameWithNS);
if (notBeforeAttribute != null) {
String notBeforeValue = StaxParserUtil.getAttributeValue(notBeforeAttribute);
conditions.setNotBefore(XMLTimeUtil.parse(notBeforeValue));
}
if (notAfterAttribute != null) {
String notAfterValue = StaxParserUtil.getAttributeValue(notAfterAttribute);
conditions.setNotOnOrAfter(XMLTimeUtil.parse(notAfterValue));
}
while (xmlEventReader.hasNext()) {
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
if (xmlEvent instanceof EndElement) {
EndElement end = StaxParserUtil.getNextEndElement(xmlEventReader);
if (StaxParserUtil.matches(end, JBossSAMLConstants.CONDITIONS.get())) break;
}
startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
if (startElement == null) break;
String tag = StaxParserUtil.getStartElementName(startElement);
if (SAML11Constants.AUDIENCE_RESTRICTION_CONDITION.equals(tag)) {
startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
SAML11AudienceRestrictionCondition restrictCond = new SAML11AudienceRestrictionCondition();
startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
if (StaxParserUtil.getStartElementName(startElement)
.equals(JBossSAMLConstants.AUDIENCE.get())) {
restrictCond.add(URI.create(StaxParserUtil.getElementText(xmlEventReader)));
}
EndElement theEndElement = StaxParserUtil.getNextEndElement(xmlEventReader);
StaxParserUtil.validate(theEndElement, SAML11Constants.AUDIENCE_RESTRICTION_CONDITION);
conditions.add(restrictCond);
} else throw logger.parserUnknownTag(tag, startElement.getLocation());
}
return conditions;
}
/**
* Parse the {@link SubjectConfirmationDataType}
*
* @param xmlEventReader
* @return
* @throws ParsingException
*/
public static SubjectConfirmationDataType parseSubjectConfirmationData(
XMLEventReader xmlEventReader) throws ParsingException {
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
StaxParserUtil.validate(startElement, JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get());
SubjectConfirmationDataType subjectConfirmationData = new SubjectConfirmationDataType();
Attribute inResponseTo =
startElement.getAttributeByName(new QName(JBossSAMLConstants.IN_RESPONSE_TO.get()));
if (inResponseTo != null) {
subjectConfirmationData.setInResponseTo(StaxParserUtil.getAttributeValue(inResponseTo));
}
Attribute notBefore =
startElement.getAttributeByName(new QName(JBossSAMLConstants.NOT_BEFORE.get()));
if (notBefore != null) {
subjectConfirmationData.setNotBefore(
XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(notBefore)));
}
Attribute notOnOrAfter =
startElement.getAttributeByName(new QName(JBossSAMLConstants.NOT_ON_OR_AFTER.get()));
if (notOnOrAfter != null) {
subjectConfirmationData.setNotOnOrAfter(
XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(notOnOrAfter)));
}
Attribute recipient =
startElement.getAttributeByName(new QName(JBossSAMLConstants.RECIPIENT.get()));
if (recipient != null) {
subjectConfirmationData.setRecipient(StaxParserUtil.getAttributeValue(recipient));
}
Attribute address =
startElement.getAttributeByName(new QName(JBossSAMLConstants.ADDRESS.get()));
if (address != null) {
subjectConfirmationData.setAddress(StaxParserUtil.getAttributeValue(address));
}
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
if (!(xmlEvent instanceof EndElement)) {
startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
String tag = StaxParserUtil.getStartElementName(startElement);
if (tag.equals(WSTrustConstants.XMLDSig.KEYINFO)) {
KeyInfoType keyInfo = parseKeyInfo(xmlEventReader);
subjectConfirmationData.setAnyType(keyInfo);
} else if (tag.equals(WSTrustConstants.XMLEnc.ENCRYPTED_KEY)) {
subjectConfirmationData.setAnyType(StaxParserUtil.getDOMElement(xmlEventReader));
} else throw logger.parserUnknownTag(tag, startElement.getLocation());
}
// Get the end tag
EndElement endElement = (EndElement) StaxParserUtil.getNextEvent(xmlEventReader);
StaxParserUtil.matches(endElement, JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get());
return subjectConfirmationData;
}
/**
* Parse the AuthnStatement inside the assertion
*
* @param xmlEventReader
* @return
* @throws ParsingException
*/
public static AuthnStatementType parseAuthnStatement(XMLEventReader xmlEventReader)
throws ParsingException {
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
String AUTHNSTATEMENT = JBossSAMLConstants.AUTHN_STATEMENT.get();
StaxParserUtil.validate(startElement, AUTHNSTATEMENT);
Attribute authnInstant = startElement.getAttributeByName(new QName("AuthnInstant"));
if (authnInstant == null) throw logger.parserRequiredAttribute("AuthnInstant");
XMLGregorianCalendar issueInstant =
XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(authnInstant));
AuthnStatementType authnStatementType = new AuthnStatementType(issueInstant);
Attribute sessionIndex = startElement.getAttributeByName(new QName("SessionIndex"));
if (sessionIndex != null)
authnStatementType.setSessionIndex(StaxParserUtil.getAttributeValue(sessionIndex));
while (xmlEventReader.hasNext()) {
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
if (xmlEvent == null) break;
if (xmlEvent instanceof EndElement) {
xmlEvent = StaxParserUtil.getNextEvent(xmlEventReader);
EndElement endElement = (EndElement) xmlEvent;
String endElementTag = StaxParserUtil.getEndElementName(endElement);
if (endElementTag.equals(AUTHNSTATEMENT)) break;
else throw logger.parserUnknownEndElement(endElementTag);
}
startElement = null;
if (xmlEvent instanceof StartElement) {
startElement = (StartElement) xmlEvent;
} else {
startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
}
if (startElement == null) break;
String tag = StaxParserUtil.getStartElementName(startElement);
if (JBossSAMLConstants.SUBJECT_LOCALITY.get().equals(tag)) {
startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
SubjectLocalityType subjectLocalityType = new SubjectLocalityType();
Attribute address =
startElement.getAttributeByName(new QName(JBossSAMLConstants.ADDRESS.get()));
if (address != null) {
subjectLocalityType.setAddress(StaxParserUtil.getAttributeValue(address));
}
Attribute dns =
startElement.getAttributeByName(new QName(JBossSAMLConstants.DNS_NAME.get()));
if (dns != null) {
subjectLocalityType.setDNSName(StaxParserUtil.getAttributeValue(dns));
}
authnStatementType.setSubjectLocality(subjectLocalityType);
StaxParserUtil.validate(
StaxParserUtil.getNextEndElement(xmlEventReader),
JBossSAMLConstants.SUBJECT_LOCALITY.get());
} else if (JBossSAMLConstants.AUTHN_CONTEXT.get().equals(tag)) {
authnStatementType.setAuthnContext(parseAuthnContextType(xmlEventReader));
} else throw logger.parserUnknownTag(tag, startElement.getLocation());
}
return authnStatementType;
}
/**
* Parse the AuthnStatement inside the assertion
*
* @param xmlEventReader
* @return
* @throws ParsingException
*/
public static SAML11AuthenticationStatementType parseAuthenticationStatement(
XMLEventReader xmlEventReader) throws ParsingException {
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
StaxParserUtil.validate(startElement, SAML11Constants.AUTHENTICATION_STATEMENT);
Attribute authMethod =
startElement.getAttributeByName(new QName(SAML11Constants.AUTHENTICATION_METHOD));
if (authMethod == null)
throw logger.parserRequiredAttribute(SAML11Constants.AUTHENTICATION_METHOD);
Attribute authInstant =
startElement.getAttributeByName(new QName(SAML11Constants.AUTHENTICATION_INSTANT));
if (authInstant == null)
throw logger.parserRequiredAttribute(SAML11Constants.AUTHENTICATION_INSTANT);
SAML11AuthenticationStatementType authStat =
new SAML11AuthenticationStatementType(
URI.create(StaxParserUtil.getAttributeValue(authMethod)),
XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(authInstant)));
while (xmlEventReader.hasNext()) {
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
if (xmlEvent == null) break;
if (xmlEvent instanceof EndElement) {
xmlEvent = StaxParserUtil.getNextEvent(xmlEventReader);
EndElement endElement = (EndElement) xmlEvent;
String endElementTag = StaxParserUtil.getEndElementName(endElement);
if (endElementTag.equals(SAML11Constants.AUTHENTICATION_STATEMENT)) break;
else throw logger.parserUnknownEndElement(endElementTag);
}
startElement = null;
if (xmlEvent instanceof StartElement) {
startElement = (StartElement) xmlEvent;
} else {
startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
}
if (startElement == null) break;
String tag = StaxParserUtil.getStartElementName(startElement);
if (JBossSAMLConstants.SUBJECT.get().equalsIgnoreCase(tag)) {
SAML11SubjectParser subjectParser = new SAML11SubjectParser();
SAML11SubjectType subject = (SAML11SubjectType) subjectParser.parse(xmlEventReader);
SAML11SubjectStatementType subStat = new SAML11SubjectStatementType();
subStat.setSubject(subject);
authStat.setSubject(subject);
} else if (JBossSAMLConstants.SUBJECT_LOCALITY.get().equals(tag)) {
startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
SAML11SubjectLocalityType subjectLocalityType = new SAML11SubjectLocalityType();
Attribute address = startElement.getAttributeByName(new QName(SAML11Constants.IP_ADDRESS));
if (address != null) {
subjectLocalityType.setIpAddress(StaxParserUtil.getAttributeValue(address));
}
Attribute dns = startElement.getAttributeByName(new QName(SAML11Constants.DNS_ADDRESS));
if (dns != null) {
subjectLocalityType.setDnsAddress(StaxParserUtil.getAttributeValue(dns));
}
authStat.setSubjectLocality(subjectLocalityType);
StaxParserUtil.validate(
StaxParserUtil.getNextEndElement(xmlEventReader),
JBossSAMLConstants.SUBJECT_LOCALITY.get());
} else if (SAML11Constants.AUTHORITY_BINDING.equals(tag)) {
Attribute authorityKindAttr =
startElement.getAttributeByName(new QName(SAML11Constants.AUTHORITY_KIND));
if (authorityKindAttr == null) throw logger.parserRequiredAttribute("AuthorityKind");
Attribute locationAttr =
startElement.getAttributeByName(new QName(SAML11Constants.LOCATION));
if (locationAttr == null) throw logger.parserRequiredAttribute("Location");
URI location = URI.create(StaxParserUtil.getAttributeValue(locationAttr));
Attribute bindingAttr = startElement.getAttributeByName(new QName(SAML11Constants.BINDING));
if (bindingAttr == null) throw logger.parserRequiredAttribute("Binding");
URI binding = URI.create(StaxParserUtil.getAttributeValue(bindingAttr));
QName authorityKind = QName.valueOf(StaxParserUtil.getAttributeValue(authorityKindAttr));
SAML11AuthorityBindingType authorityBinding =
new SAML11AuthorityBindingType(authorityKind, location, binding);
authStat.add(authorityBinding);
} else throw logger.parserUnknownTag("", startElement.getLocation());
}
return authStat;
}
