public void signAssertion(Document samlDocument) throws ProcessingException {
    Element originalAssertionElement =
        org.keycloak.saml.common.util.DocumentUtil.getChildElement(
            samlDocument.getDocumentElement(),
            new QName(
                JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.ASSERTION.get()));
    if (originalAssertionElement == null) return;
    Node clonedAssertionElement = originalAssertionElement.cloneNode(true);
    Document temporaryDocument;

    try {
      temporaryDocument = org.keycloak.saml.common.util.DocumentUtil.createDocument();
    } catch (ConfigurationException e) {
      throw new ProcessingException(e);
    }

    temporaryDocument.adoptNode(clonedAssertionElement);
    temporaryDocument.appendChild(clonedAssertionElement);

    signDocument(temporaryDocument);

    samlDocument.adoptNode(clonedAssertionElement);

    Element parentNode = (Element) originalAssertionElement.getParentNode();

    parentNode.replaceChild(clonedAssertionElement, originalAssertionElement);
  }
  public void encryptDocument(Document samlDocument) throws ProcessingException {
    String samlNSPrefix = getSAMLNSPrefix(samlDocument);

    try {
      QName encryptedAssertionElementQName =
          new QName(
              JBossSAMLURIConstants.ASSERTION_NSURI.get(),
              JBossSAMLConstants.ENCRYPTED_ASSERTION.get(),
              samlNSPrefix);

      byte[] secret = RandomSecret.createRandomSecret(encryptionKeySize / 8);
      SecretKey secretKey = new SecretKeySpec(secret, encryptionAlgorithm);

      // encrypt the Assertion element and replace it with a EncryptedAssertion element.
      XMLEncryptionUtil.encryptElement(
          new QName(
              JBossSAMLURIConstants.ASSERTION_NSURI.get(),
              JBossSAMLConstants.ASSERTION.get(),
              samlNSPrefix),
          samlDocument,
          encryptionPublicKey,
          secretKey,
          encryptionKeySize,
          encryptedAssertionElementQName,
          true);
    } catch (Exception e) {
      throw new ProcessingException("failed to encrypt", e);
    }
  }
示例#3
0
  /** @see {@link ParserNamespaceSupport#parse(XMLEventReader)} */
  public Object parse(XMLEventReader xmlEventReader) throws ParsingException {
    // Get the startelement
    StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
    StaxParserUtil.validate(startElement, RESPONSE);

    ResponseType response = (ResponseType) parseBaseAttributes(startElement);

    while (xmlEventReader.hasNext()) {
      // Let us peek at the next start element
      startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
      if (startElement == null) break;
      String elementName = StaxParserUtil.getStartElementName(startElement);

      if (JBossSAMLConstants.ISSUER.get().equals(elementName)) {
        startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
        NameIDType issuer = new NameIDType();
        issuer.setValue(StaxParserUtil.getElementText(xmlEventReader));
        response.setIssuer(issuer);
      } else if (JBossSAMLConstants.SIGNATURE.get().equals(elementName)) {
        Element sig = StaxParserUtil.getDOMElement(xmlEventReader);
        response.setSignature(sig);
      } else if (JBossSAMLConstants.ASSERTION.get().equals(elementName)) {
        SAMLAssertionParser assertionParser = new SAMLAssertionParser();
        response.addAssertion(
            new RTChoiceType((AssertionType) assertionParser.parse(xmlEventReader)));
      } else if (JBossSAMLConstants.STATUS.get().equals(elementName)) {
        response.setStatus(parseStatus(xmlEventReader));
      } else if (JBossSAMLConstants.ENCRYPTED_ASSERTION.get().equals(elementName)) {
        Element encryptedAssertion = StaxParserUtil.getDOMElement(xmlEventReader);
        response.addAssertion(new RTChoiceType(new EncryptedAssertionType(encryptedAssertion)));
      } else throw logger.parserUnknownTag(elementName, startElement.getLocation());
    }

    return response;
  }
  public String getSAMLNSPrefix(Document samlResponseDocument) {
    Node assertionElement =
        samlResponseDocument
            .getDocumentElement()
            .getElementsByTagNameNS(
                JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.ASSERTION.get())
            .item(0);

    if (assertionElement == null) {
      throw new IllegalStateException("Unable to find assertion in saml response document");
    }

    return assertionElement.getPrefix();
  }