public List<EntityDescriptor> filterEntityCategory(
List<EntityDescriptor> entities, String category) {
List<EntityDescriptor> returnList = new ArrayList<EntityDescriptor>();
for (EntityDescriptor entity : entities) {
Extensions extensions = entity.getExtensions();
List<XMLObject> extObjs = extensions.getOrderedChildren();
for (XMLObject xmlObject : extObjs) {
if (xmlObject instanceof EntityAttributes) {
EntityAttributes entityAttrs = (EntityAttributes) xmlObject;
for (Attribute attr : entityAttrs.getAttributes()) {
if ("http://macedir.org/entity-category".equals(attr.getName())) {
for (XMLObject value : attr.getAttributeValues()) {
if (value instanceof XSAny) {
XSAny any = (XSAny) value;
if (category.equals(any.getTextContent())) {
returnList.add(entity);
}
}
}
}
}
}
}
}
return returnList;
}
protected String getIdpEntityId(XMLObject md) {
if (md instanceof EntitiesDescriptor) {
for (EntityDescriptor entity : ((EntitiesDescriptor) md).getEntityDescriptors()) {
return entity.getEntityID();
}
} else if (md instanceof EntityDescriptor) {
return ((EntityDescriptor) md).getEntityID();
}
throw new SamlException("No idp entityId found");
}
public String getOrganisation(EntityDescriptor entityDesc) {
if (entityDesc.getOrganization() != null) {
List<OrganizationDisplayName> displayList = entityDesc.getOrganization().getDisplayNames();
if (displayList.size() > 0) return displayList.get(0).getName().getLocalString();
else return entityDesc.getEntityID();
} else {
return entityDesc.getEntityID();
}
}
public List<EntityDescriptor> filterSP(List<EntityDescriptor> entities) {
List<EntityDescriptor> returnList = new ArrayList<EntityDescriptor>();
for (EntityDescriptor entity : entities) {
IDPSSODescriptor idpsso = entity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
if (idpsso != null) returnList.add(entity);
}
return returnList;
}
public SingleSignOnService getSSO(EntityDescriptor entityDesc, String binding) {
IDPSSODescriptor idpSsoDesc = entityDesc.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
if (idpSsoDesc != null) {
List<SingleSignOnService> ssos = idpSsoDesc.getSingleSignOnServices();
for (SingleSignOnService sso : ssos) {
if (sso.getBinding().equals(binding)) {
return sso;
}
}
}
return null;
}
public AttributeService getAttributeService(EntityDescriptor entityDesc) {
AttributeAuthorityDescriptor idpAtrDesc =
entityDesc.getAttributeAuthorityDescriptor(SAMLConstants.SAML20P_NS);
if (idpAtrDesc != null) {
List<AttributeService> attrs = idpAtrDesc.getAttributeServices();
for (AttributeService attr : attrs) {
if (attr.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) {
return attr;
}
}
}
return null;
}
private void init(InputStream inputStream) throws SAMLException {
BasicParserPool parsers = new BasicParserPool();
parsers.setNamespaceAware(true);
EntityDescriptor edesc;
try {
Document doc = parsers.parse(inputStream);
Element root = doc.getDocumentElement();
UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
edesc = (EntityDescriptor) unmarshallerFactory.getUnmarshaller(root).unmarshall(root);
} catch (org.opensaml.xml.parse.XMLParserException e) {
throw new SAMLException(e);
} catch (org.opensaml.xml.io.UnmarshallingException e) {
throw new SAMLException(e);
}
// fetch sp information
SPSSODescriptor spDesc = edesc.getSPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
if (spDesc == null) throw new SAMLException("No SP SSO descriptor found");
// get first redirect or post binding
String acsUrl = null;
for (AssertionConsumerService svc : spDesc.getAssertionConsumerServices()) {
if (svc.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)
|| svc.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
acsUrl = svc.getLocation();
break;
}
}
if (acsUrl == null) throw new SAMLException("No acceptable Assertion Consumer Service found");
this.setEntityId(edesc.getEntityID());
this.setAcs(acsUrl);
}
public Set<SamlIdpScopeEntity> getScopes(EntityDescriptor entityDesc, SamlIdpMetadataEntity idp) {
Set<SamlIdpScopeEntity> scopeList = new HashSet<SamlIdpScopeEntity>();
IDPSSODescriptor idpsso = entityDesc.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
if (idpsso != null) {
Extensions extensions = idpsso.getExtensions();
List<XMLObject> scopes =
extensions.getUnknownXMLObjects(new QName("urn:mace:shibboleth:metadata:1.0", "Scope"));
for (XMLObject xmlObject : scopes) {
if (xmlObject instanceof XSAny) {
XSAny any = (XSAny) xmlObject;
SamlIdpScopeEntity scope = new SamlIdpScopeEntity();
scope.setScope(any.getTextContent());
scope.setRegex(false);
scope.setIdp(idp);
scopeList.add(scope);
}
}
}
return scopeList;
}
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
throws UnmarshallingException {
EntityDescriptor entityDescriptor = (EntityDescriptor) parentSAMLObject;
if (childSAMLObject instanceof Extensions) {
entityDescriptor.setExtensions((Extensions) childSAMLObject);
} else if (childSAMLObject instanceof Signature) {
entityDescriptor.setSignature((Signature) childSAMLObject);
} else if (childSAMLObject instanceof RoleDescriptor) {
entityDescriptor.getRoleDescriptors().add((RoleDescriptor) childSAMLObject);
} else if (childSAMLObject instanceof AffiliationDescriptor) {
entityDescriptor.setAffiliationDescriptor((AffiliationDescriptor) childSAMLObject);
} else if (childSAMLObject instanceof Organization) {
entityDescriptor.setOrganization((Organization) childSAMLObject);
} else if (childSAMLObject instanceof ContactPerson) {
entityDescriptor.getContactPersons().add((ContactPerson) childSAMLObject);
} else if (childSAMLObject instanceof AdditionalMetadataLocation) {
entityDescriptor
.getAdditionalMetadataLocations()
.add((AdditionalMetadataLocation) childSAMLObject);
} else {
super.processChildElement(parentSAMLObject, childSAMLObject);
}
}
/** {@inheritDoc} */
protected void processAttribute(XMLObject samlObject, Attr attribute)
throws UnmarshallingException {
EntityDescriptor entityDescriptor = (EntityDescriptor) samlObject;
if (attribute.getLocalName().equals(EntityDescriptor.ENTITY_ID_ATTRIB_NAME)) {
entityDescriptor.setEntityID(attribute.getValue());
} else if (attribute.getLocalName().equals(EntityDescriptor.ID_ATTRIB_NAME)) {
entityDescriptor.setID(attribute.getValue());
attribute.getOwnerElement().setIdAttributeNode(attribute, true);
} else if (attribute.getLocalName().equals(TimeBoundSAMLObject.VALID_UNTIL_ATTRIB_NAME)
&& !DatatypeHelper.isEmpty(attribute.getValue())) {
entityDescriptor.setValidUntil(
new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC()));
} else if (attribute.getLocalName().equals(CacheableSAMLObject.CACHE_DURATION_ATTRIB_NAME)) {
entityDescriptor.setCacheDuration(XMLHelper.durationToLong(attribute.getValue()));
} else {
QName attribQName = XMLHelper.getNodeQName(attribute);
if (attribute.isId()) {
entityDescriptor.getUnknownAttributes().registerID(attribQName);
}
entityDescriptor.getUnknownAttributes().put(attribQName, attribute.getValue());
}
}