예제 #1
0
  /** @see {@link ParserNamespaceSupport#parse(XMLEventReader)} */
  public Object parse(XMLEventReader xmlEventReader) throws ParsingException {
    // Get the startelement
    StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
    StaxParserUtil.validate(startElement, RESPONSE);

    ResponseType response = (ResponseType) parseBaseAttributes(startElement);

    while (xmlEventReader.hasNext()) {
      // Let us peek at the next start element
      startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
      if (startElement == null) break;
      String elementName = StaxParserUtil.getStartElementName(startElement);

      if (JBossSAMLConstants.ISSUER.get().equals(elementName)) {
        startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
        NameIDType issuer = new NameIDType();
        issuer.setValue(StaxParserUtil.getElementText(xmlEventReader));
        response.setIssuer(issuer);
      } else if (JBossSAMLConstants.SIGNATURE.get().equals(elementName)) {
        Element sig = StaxParserUtil.getDOMElement(xmlEventReader);
        response.setSignature(sig);
      } else if (JBossSAMLConstants.ASSERTION.get().equals(elementName)) {
        SAMLAssertionParser assertionParser = new SAMLAssertionParser();
        response.addAssertion(
            new RTChoiceType((AssertionType) assertionParser.parse(xmlEventReader)));
      } else if (JBossSAMLConstants.STATUS.get().equals(elementName)) {
        response.setStatus(parseStatus(xmlEventReader));
      } else if (JBossSAMLConstants.ENCRYPTED_ASSERTION.get().equals(elementName)) {
        Element encryptedAssertion = StaxParserUtil.getDOMElement(xmlEventReader);
        response.addAssertion(new RTChoiceType(new EncryptedAssertionType(encryptedAssertion)));
      } else throw logger.parserUnknownTag(elementName, startElement.getLocation());
    }

    return response;
  }
  private String getSAMLNSPrefix(Document samlResponseDocument) {
    Node assertionElement =
        samlResponseDocument
            .getDocumentElement()
            .getElementsByTagNameNS(
                JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.ASSERTION.get())
            .item(0);

    if (assertionElement == null) {
      throwResponseDocumentOrAssertionNotFound();
    }

    return assertionElement.getPrefix();
  }
  /*
   * (non-Javadoc)
   *
   * @see
   * org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureGenerationHandler#handleRequestType(org.picketlink
   * .identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest,
   * org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse)
   */
  @Override
  public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse response)
      throws ProcessingException {
    if (supportsRequest(request) && isEncryptionEnabled()) {
      Document samlResponseDocument = response.getResultingDocument();

      if (samlResponseDocument == null) {
        throwResponseDocumentOrAssertionNotFound();
      }

      String samlNSPrefix = getSAMLNSPrefix(samlResponseDocument);

      try {
        QName encryptedAssertionElementQName =
            new QName(
                JBossSAMLURIConstants.ASSERTION_NSURI.get(),
                JBossSAMLConstants.ENCRYPTED_ASSERTION.get(),
                samlNSPrefix);

        byte[] secret = WSTrustUtil.createRandomSecret(128 / 8);
        SecretKey secretKey = new SecretKeySpec(secret, getAlgorithm());

        // encrypt the Assertion element and replace it with a EncryptedAssertion element.
        XMLEncryptionUtil.encryptElement(
            new QName(
                JBossSAMLURIConstants.ASSERTION_NSURI.get(),
                JBossSAMLConstants.ASSERTION.get(),
                samlNSPrefix),
            samlResponseDocument,
            getSenderPublicKey(request),
            secretKey,
            getKeySize(),
            encryptedAssertionElementQName,
            true);
      } catch (Exception e) {
        throw logger.processingError(e);
      }
    }

    // proceed with the signing process.
    super.handleRequestType(request, response);
  }