public void signAssertion(Document samlDocument) throws ProcessingException { Element originalAssertionElement = org.keycloak.saml.common.util.DocumentUtil.getChildElement( samlDocument.getDocumentElement(), new QName( JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.ASSERTION.get())); if (originalAssertionElement == null) return; Node clonedAssertionElement = originalAssertionElement.cloneNode(true); Document temporaryDocument; try { temporaryDocument = org.keycloak.saml.common.util.DocumentUtil.createDocument(); } catch (ConfigurationException e) { throw new ProcessingException(e); } temporaryDocument.adoptNode(clonedAssertionElement); temporaryDocument.appendChild(clonedAssertionElement); signDocument(temporaryDocument); samlDocument.adoptNode(clonedAssertionElement); Element parentNode = (Element) originalAssertionElement.getParentNode(); parentNode.replaceChild(clonedAssertionElement, originalAssertionElement); }
public void encryptDocument(Document samlDocument) throws ProcessingException { String samlNSPrefix = getSAMLNSPrefix(samlDocument); try { QName encryptedAssertionElementQName = new QName( JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.ENCRYPTED_ASSERTION.get(), samlNSPrefix); byte[] secret = RandomSecret.createRandomSecret(encryptionKeySize / 8); SecretKey secretKey = new SecretKeySpec(secret, encryptionAlgorithm); // encrypt the Assertion element and replace it with a EncryptedAssertion element. XMLEncryptionUtil.encryptElement( new QName( JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.ASSERTION.get(), samlNSPrefix), samlDocument, encryptionPublicKey, secretKey, encryptionKeySize, encryptedAssertionElementQName, true); } catch (Exception e) { throw new ProcessingException("failed to encrypt", e); } }
/** @see {@link ParserNamespaceSupport#parse(XMLEventReader)} */ public Object parse(XMLEventReader xmlEventReader) throws ParsingException { // Get the startelement StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); StaxParserUtil.validate(startElement, RESPONSE); ResponseType response = (ResponseType) parseBaseAttributes(startElement); while (xmlEventReader.hasNext()) { // Let us peek at the next start element startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); if (startElement == null) break; String elementName = StaxParserUtil.getStartElementName(startElement); if (JBossSAMLConstants.ISSUER.get().equals(elementName)) { startElement = StaxParserUtil.getNextStartElement(xmlEventReader); NameIDType issuer = new NameIDType(); issuer.setValue(StaxParserUtil.getElementText(xmlEventReader)); response.setIssuer(issuer); } else if (JBossSAMLConstants.SIGNATURE.get().equals(elementName)) { Element sig = StaxParserUtil.getDOMElement(xmlEventReader); response.setSignature(sig); } else if (JBossSAMLConstants.ASSERTION.get().equals(elementName)) { SAMLAssertionParser assertionParser = new SAMLAssertionParser(); response.addAssertion( new RTChoiceType((AssertionType) assertionParser.parse(xmlEventReader))); } else if (JBossSAMLConstants.STATUS.get().equals(elementName)) { response.setStatus(parseStatus(xmlEventReader)); } else if (JBossSAMLConstants.ENCRYPTED_ASSERTION.get().equals(elementName)) { Element encryptedAssertion = StaxParserUtil.getDOMElement(xmlEventReader); response.addAssertion(new RTChoiceType(new EncryptedAssertionType(encryptedAssertion))); } else throw logger.parserUnknownTag(elementName, startElement.getLocation()); } return response; }
public String getSAMLNSPrefix(Document samlResponseDocument) { Node assertionElement = samlResponseDocument .getDocumentElement() .getElementsByTagNameNS( JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.ASSERTION.get()) .item(0); if (assertionElement == null) { throw new IllegalStateException("Unable to find assertion in saml response document"); } return assertionElement.getPrefix(); }