/** * Parse {@link org.keycloak.dom.saml.v1.assertion.SAML11ConditionsType} * * @param xmlEventReader * @return * @throws ParsingException */ public static SAML11ConditionsType parseSAML11Conditions(XMLEventReader xmlEventReader) throws ParsingException { StartElement startElement; SAML11ConditionsType conditions = new SAML11ConditionsType(); StartElement conditionsElement = StaxParserUtil.getNextStartElement(xmlEventReader); StaxParserUtil.validate(conditionsElement, JBossSAMLConstants.CONDITIONS.get()); String assertionNS = SAML11Constants.ASSERTION_11_NSURI; QName notBeforeQName = new QName("", JBossSAMLConstants.NOT_BEFORE.get()); QName notBeforeQNameWithNS = new QName(assertionNS, JBossSAMLConstants.NOT_BEFORE.get()); QName notAfterQName = new QName("", JBossSAMLConstants.NOT_ON_OR_AFTER.get()); QName notAfterQNameWithNS = new QName(assertionNS, JBossSAMLConstants.NOT_ON_OR_AFTER.get()); Attribute notBeforeAttribute = conditionsElement.getAttributeByName(notBeforeQName); if (notBeforeAttribute == null) notBeforeAttribute = conditionsElement.getAttributeByName(notBeforeQNameWithNS); Attribute notAfterAttribute = conditionsElement.getAttributeByName(notAfterQName); if (notAfterAttribute == null) notAfterAttribute = conditionsElement.getAttributeByName(notAfterQNameWithNS); if (notBeforeAttribute != null) { String notBeforeValue = StaxParserUtil.getAttributeValue(notBeforeAttribute); conditions.setNotBefore(XMLTimeUtil.parse(notBeforeValue)); } if (notAfterAttribute != null) { String notAfterValue = StaxParserUtil.getAttributeValue(notAfterAttribute); conditions.setNotOnOrAfter(XMLTimeUtil.parse(notAfterValue)); } while (xmlEventReader.hasNext()) { XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader); if (xmlEvent instanceof EndElement) { EndElement end = StaxParserUtil.getNextEndElement(xmlEventReader); if (StaxParserUtil.matches(end, JBossSAMLConstants.CONDITIONS.get())) break; } startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); if (startElement == null) break; String tag = StaxParserUtil.getStartElementName(startElement); if (SAML11Constants.AUDIENCE_RESTRICTION_CONDITION.equals(tag)) { startElement = StaxParserUtil.getNextStartElement(xmlEventReader); SAML11AudienceRestrictionCondition restrictCond = new SAML11AudienceRestrictionCondition(); startElement = StaxParserUtil.getNextStartElement(xmlEventReader); if (StaxParserUtil.getStartElementName(startElement) .equals(JBossSAMLConstants.AUDIENCE.get())) { restrictCond.add(URI.create(StaxParserUtil.getElementText(xmlEventReader))); } EndElement theEndElement = StaxParserUtil.getNextEndElement(xmlEventReader); StaxParserUtil.validate(theEndElement, SAML11Constants.AUDIENCE_RESTRICTION_CONDITION); conditions.add(restrictCond); } else throw logger.parserUnknownTag(tag, startElement.getLocation()); } return conditions; }
/** * Parse the {@link SubjectConfirmationDataType} * * @param xmlEventReader * @return * @throws ParsingException */ public static SubjectConfirmationDataType parseSubjectConfirmationData( XMLEventReader xmlEventReader) throws ParsingException { StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); StaxParserUtil.validate(startElement, JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get()); SubjectConfirmationDataType subjectConfirmationData = new SubjectConfirmationDataType(); Attribute inResponseTo = startElement.getAttributeByName(new QName(JBossSAMLConstants.IN_RESPONSE_TO.get())); if (inResponseTo != null) { subjectConfirmationData.setInResponseTo(StaxParserUtil.getAttributeValue(inResponseTo)); } Attribute notBefore = startElement.getAttributeByName(new QName(JBossSAMLConstants.NOT_BEFORE.get())); if (notBefore != null) { subjectConfirmationData.setNotBefore( XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(notBefore))); } Attribute notOnOrAfter = startElement.getAttributeByName(new QName(JBossSAMLConstants.NOT_ON_OR_AFTER.get())); if (notOnOrAfter != null) { subjectConfirmationData.setNotOnOrAfter( XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(notOnOrAfter))); } Attribute recipient = startElement.getAttributeByName(new QName(JBossSAMLConstants.RECIPIENT.get())); if (recipient != null) { subjectConfirmationData.setRecipient(StaxParserUtil.getAttributeValue(recipient)); } Attribute address = startElement.getAttributeByName(new QName(JBossSAMLConstants.ADDRESS.get())); if (address != null) { subjectConfirmationData.setAddress(StaxParserUtil.getAttributeValue(address)); } XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader); if (!(xmlEvent instanceof EndElement)) { startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); String tag = StaxParserUtil.getStartElementName(startElement); if (tag.equals(WSTrustConstants.XMLDSig.KEYINFO)) { KeyInfoType keyInfo = parseKeyInfo(xmlEventReader); subjectConfirmationData.setAnyType(keyInfo); } else if (tag.equals(WSTrustConstants.XMLEnc.ENCRYPTED_KEY)) { subjectConfirmationData.setAnyType(StaxParserUtil.getDOMElement(xmlEventReader)); } else throw logger.parserUnknownTag(tag, startElement.getLocation()); } // Get the end tag EndElement endElement = (EndElement) StaxParserUtil.getNextEvent(xmlEventReader); StaxParserUtil.matches(endElement, JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get()); return subjectConfirmationData; }
/** * Parse the AuthnStatement inside the assertion * * @param xmlEventReader * @return * @throws ParsingException */ public static AuthnStatementType parseAuthnStatement(XMLEventReader xmlEventReader) throws ParsingException { StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); String AUTHNSTATEMENT = JBossSAMLConstants.AUTHN_STATEMENT.get(); StaxParserUtil.validate(startElement, AUTHNSTATEMENT); Attribute authnInstant = startElement.getAttributeByName(new QName("AuthnInstant")); if (authnInstant == null) throw logger.parserRequiredAttribute("AuthnInstant"); XMLGregorianCalendar issueInstant = XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(authnInstant)); AuthnStatementType authnStatementType = new AuthnStatementType(issueInstant); Attribute sessionIndex = startElement.getAttributeByName(new QName("SessionIndex")); if (sessionIndex != null) authnStatementType.setSessionIndex(StaxParserUtil.getAttributeValue(sessionIndex)); while (xmlEventReader.hasNext()) { XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader); if (xmlEvent == null) break; if (xmlEvent instanceof EndElement) { xmlEvent = StaxParserUtil.getNextEvent(xmlEventReader); EndElement endElement = (EndElement) xmlEvent; String endElementTag = StaxParserUtil.getEndElementName(endElement); if (endElementTag.equals(AUTHNSTATEMENT)) break; else throw logger.parserUnknownEndElement(endElementTag); } startElement = null; if (xmlEvent instanceof StartElement) { startElement = (StartElement) xmlEvent; } else { startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); } if (startElement == null) break; String tag = StaxParserUtil.getStartElementName(startElement); if (JBossSAMLConstants.SUBJECT_LOCALITY.get().equals(tag)) { startElement = StaxParserUtil.getNextStartElement(xmlEventReader); SubjectLocalityType subjectLocalityType = new SubjectLocalityType(); Attribute address = startElement.getAttributeByName(new QName(JBossSAMLConstants.ADDRESS.get())); if (address != null) { subjectLocalityType.setAddress(StaxParserUtil.getAttributeValue(address)); } Attribute dns = startElement.getAttributeByName(new QName(JBossSAMLConstants.DNS_NAME.get())); if (dns != null) { subjectLocalityType.setDNSName(StaxParserUtil.getAttributeValue(dns)); } authnStatementType.setSubjectLocality(subjectLocalityType); StaxParserUtil.validate( StaxParserUtil.getNextEndElement(xmlEventReader), JBossSAMLConstants.SUBJECT_LOCALITY.get()); } else if (JBossSAMLConstants.AUTHN_CONTEXT.get().equals(tag)) { authnStatementType.setAuthnContext(parseAuthnContextType(xmlEventReader)); } else throw logger.parserUnknownTag(tag, startElement.getLocation()); } return authnStatementType; }
/** * Parse the AuthnStatement inside the assertion * * @param xmlEventReader * @return * @throws ParsingException */ public static SAML11AuthenticationStatementType parseAuthenticationStatement( XMLEventReader xmlEventReader) throws ParsingException { StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); StaxParserUtil.validate(startElement, SAML11Constants.AUTHENTICATION_STATEMENT); Attribute authMethod = startElement.getAttributeByName(new QName(SAML11Constants.AUTHENTICATION_METHOD)); if (authMethod == null) throw logger.parserRequiredAttribute(SAML11Constants.AUTHENTICATION_METHOD); Attribute authInstant = startElement.getAttributeByName(new QName(SAML11Constants.AUTHENTICATION_INSTANT)); if (authInstant == null) throw logger.parserRequiredAttribute(SAML11Constants.AUTHENTICATION_INSTANT); SAML11AuthenticationStatementType authStat = new SAML11AuthenticationStatementType( URI.create(StaxParserUtil.getAttributeValue(authMethod)), XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(authInstant))); while (xmlEventReader.hasNext()) { XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader); if (xmlEvent == null) break; if (xmlEvent instanceof EndElement) { xmlEvent = StaxParserUtil.getNextEvent(xmlEventReader); EndElement endElement = (EndElement) xmlEvent; String endElementTag = StaxParserUtil.getEndElementName(endElement); if (endElementTag.equals(SAML11Constants.AUTHENTICATION_STATEMENT)) break; else throw logger.parserUnknownEndElement(endElementTag); } startElement = null; if (xmlEvent instanceof StartElement) { startElement = (StartElement) xmlEvent; } else { startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); } if (startElement == null) break; String tag = StaxParserUtil.getStartElementName(startElement); if (JBossSAMLConstants.SUBJECT.get().equalsIgnoreCase(tag)) { SAML11SubjectParser subjectParser = new SAML11SubjectParser(); SAML11SubjectType subject = (SAML11SubjectType) subjectParser.parse(xmlEventReader); SAML11SubjectStatementType subStat = new SAML11SubjectStatementType(); subStat.setSubject(subject); authStat.setSubject(subject); } else if (JBossSAMLConstants.SUBJECT_LOCALITY.get().equals(tag)) { startElement = StaxParserUtil.getNextStartElement(xmlEventReader); SAML11SubjectLocalityType subjectLocalityType = new SAML11SubjectLocalityType(); Attribute address = startElement.getAttributeByName(new QName(SAML11Constants.IP_ADDRESS)); if (address != null) { subjectLocalityType.setIpAddress(StaxParserUtil.getAttributeValue(address)); } Attribute dns = startElement.getAttributeByName(new QName(SAML11Constants.DNS_ADDRESS)); if (dns != null) { subjectLocalityType.setDnsAddress(StaxParserUtil.getAttributeValue(dns)); } authStat.setSubjectLocality(subjectLocalityType); StaxParserUtil.validate( StaxParserUtil.getNextEndElement(xmlEventReader), JBossSAMLConstants.SUBJECT_LOCALITY.get()); } else if (SAML11Constants.AUTHORITY_BINDING.equals(tag)) { Attribute authorityKindAttr = startElement.getAttributeByName(new QName(SAML11Constants.AUTHORITY_KIND)); if (authorityKindAttr == null) throw logger.parserRequiredAttribute("AuthorityKind"); Attribute locationAttr = startElement.getAttributeByName(new QName(SAML11Constants.LOCATION)); if (locationAttr == null) throw logger.parserRequiredAttribute("Location"); URI location = URI.create(StaxParserUtil.getAttributeValue(locationAttr)); Attribute bindingAttr = startElement.getAttributeByName(new QName(SAML11Constants.BINDING)); if (bindingAttr == null) throw logger.parserRequiredAttribute("Binding"); URI binding = URI.create(StaxParserUtil.getAttributeValue(bindingAttr)); QName authorityKind = QName.valueOf(StaxParserUtil.getAttributeValue(authorityKindAttr)); SAML11AuthorityBindingType authorityBinding = new SAML11AuthorityBindingType(authorityKind, location, binding); authStat.add(authorityBinding); } else throw logger.parserUnknownTag("", startElement.getLocation()); } return authStat; }