/** @see {@link ParserNamespaceSupport#parse(XMLEventReader)} */
public Object parse(XMLEventReader xmlEventReader) throws ParsingException {
// Get the startelement
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
StaxParserUtil.validate(startElement, RESPONSE);
ResponseType response = (ResponseType) parseBaseAttributes(startElement);
while (xmlEventReader.hasNext()) {
// Let us peek at the next start element
startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
if (startElement == null) break;
String elementName = StaxParserUtil.getStartElementName(startElement);
if (JBossSAMLConstants.ISSUER.get().equals(elementName)) {
startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
NameIDType issuer = new NameIDType();
issuer.setValue(StaxParserUtil.getElementText(xmlEventReader));
response.setIssuer(issuer);
} else if (JBossSAMLConstants.SIGNATURE.get().equals(elementName)) {
Element sig = StaxParserUtil.getDOMElement(xmlEventReader);
response.setSignature(sig);
} else if (JBossSAMLConstants.ASSERTION.get().equals(elementName)) {
SAMLAssertionParser assertionParser = new SAMLAssertionParser();
response.addAssertion(
new RTChoiceType((AssertionType) assertionParser.parse(xmlEventReader)));
} else if (JBossSAMLConstants.STATUS.get().equals(elementName)) {
response.setStatus(parseStatus(xmlEventReader));
} else if (JBossSAMLConstants.ENCRYPTED_ASSERTION.get().equals(elementName)) {
Element encryptedAssertion = StaxParserUtil.getDOMElement(xmlEventReader);
response.addAssertion(new RTChoiceType(new EncryptedAssertionType(encryptedAssertion)));
} else throw logger.parserUnknownTag(elementName, startElement.getLocation());
}
return response;
}
private String getSAMLNSPrefix(Document samlResponseDocument) {
Node assertionElement =
samlResponseDocument
.getDocumentElement()
.getElementsByTagNameNS(
JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.ASSERTION.get())
.item(0);
if (assertionElement == null) {
throwResponseDocumentOrAssertionNotFound();
}
return assertionElement.getPrefix();
}
/*
* (non-Javadoc)
*
* @see
* org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureGenerationHandler#handleRequestType(org.picketlink
* .identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest,
* org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse)
*/
@Override
public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse response)
throws ProcessingException {
if (supportsRequest(request) && isEncryptionEnabled()) {
Document samlResponseDocument = response.getResultingDocument();
if (samlResponseDocument == null) {
throwResponseDocumentOrAssertionNotFound();
}
String samlNSPrefix = getSAMLNSPrefix(samlResponseDocument);
try {
QName encryptedAssertionElementQName =
new QName(
JBossSAMLURIConstants.ASSERTION_NSURI.get(),
JBossSAMLConstants.ENCRYPTED_ASSERTION.get(),
samlNSPrefix);
byte[] secret = WSTrustUtil.createRandomSecret(128 / 8);
SecretKey secretKey = new SecretKeySpec(secret, getAlgorithm());
// encrypt the Assertion element and replace it with a EncryptedAssertion element.
XMLEncryptionUtil.encryptElement(
new QName(
JBossSAMLURIConstants.ASSERTION_NSURI.get(),
JBossSAMLConstants.ASSERTION.get(),
samlNSPrefix),
samlResponseDocument,
getSenderPublicKey(request),
secretKey,
getKeySize(),
encryptedAssertionElementQName,
true);
} catch (Exception e) {
throw logger.processingError(e);
}
}
// proceed with the signing process.
super.handleRequestType(request, response);
}