com.sun.identity.saml.common

Class SAMLUtils

java.lang.Object

com.sun.identity.saml.common.SAMLUtilsCommon

com.sun.identity.saml.common.SAMLUtils

public class SAMLUtils
extends SAMLUtilsCommon

This class contains some utility methods for processing SAML protocols.

Field Summary

Fields

Modifier and Type	Field and Description
static String	DEFAULT_CONTENT_LENGTH Default maximum content length in string format.
static int	defaultMaxLength Default maximum content length is set to 16k.
static String	HTTP_MAX_CONTENT_LENGTH Attribute that specifies maximum content length for SAML request in AMConfig.properties file.

Fields inherited from class com.sun.identity.saml.common.SAMLUtilsCommon

bundle, debug, random, SAMLID_PREFIX, sc

Method Summary

Modifier and Type	Method and Description
static void	addEnvParamsFromAssertion(Map envParameters, Assertion assertion, Subject subject) Returns attributes included in AttributeStatement of the assertion.
static void	checkHTTPContentLength(javax.servlet.http.HttpServletRequest request) Checks content length of a http request to avoid dos attack.
static boolean	checkQuery(Element element, String queryname) Verifies if an element is a type of a specific query.
static boolean	checkSignatureValid(String xmlString, String idAttribute, String issuer) Return whether the signature on the object is valid or not.
static String	displayXML(String input) Displays an XML string.
static Subject	examAssertions(List assertions) Determines if there is a valid SSO Assertion inside of SAML Response.
static String	generateAssertionHandle() Generates assertion handle.
static String	generateAssertionID() Generates an ID String with length of SAMLConstants.ID_LENGTH.
static Object	generateSession(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Map attrMap) Creates Session
static String	generateSourceID(String siteURL) Generates sourceID of a site.
static Map	getAttributeMap(SAMLServiceManager.SOAPEntry partnerdest, List assertions, Subject subject, String target) Gets Attribute Map to be set in the Session.
static Element	getCanonicalElement(Node node) Gets input Node Canonicalized
static String	getFullServiceURL(String shortUrl) Returns full service url.
static List	getListOfAssertions(List assertions) Gets the list of Assertion objects from a list of 'String' assertions.
static String	getLoginRedirectURL(javax.servlet.http.HttpServletRequest req) Returns the authenticaion login url with goto parameter in the given HttpServletRequest object.
static int	getMaxContentLength() Returns maximum content length of a SAML request.
static MimeHeaders	getMimeHeaders(javax.servlet.http.HttpServletRequest req) Returns a MimeHeaders object that contains the headers in the given HttpServletRequest object.
static Response	getResponse(byte[] bytes) Returns Response object from byte array.
static byte[]	getResponseBytes(Response samlResponse) Returns byte array from a SAML Response.
static String	getServerID(String idTypeString) Returns server ID.
static String	getServerURL(String str) Returns server url of a site.
static SAMLServiceManager.SOAPEntry	getSourceSite(String issuer) Gets sourceSite corresponding to an issuer from the partner URL list.
static List	getStrAssertions(List assertions) Gets List of assertions in String format from a list of Assertion objects.
static String	hexStringToBase64(String hexString) Converts HEX encoded string to Base64 encoded string.
static byte[]	hexStringToByteArray(String hexString) Converts a HEX encoded string to a byte array.
static String	HTMLEncode(String srcStr, char ch) Replaces every occurence of ch with "&#<ascii code of ch>;"
static boolean	isAuthNAssertion(Assertion assertion) Returns true if the assertion is valid both time wise and signature wise, and contains at least one AuthenticationStatement.
static boolean	isCorrectConfirmationMethod(SubjectConfirmation sc) Checks if a SubjectConfirmation is correct.
static void	main(String[] args) Returns site ID based on the host name.
static void	postToTarget(javax.servlet.http.HttpServletResponse response, PrintWriter out, List assertion, String targeturl, Map attrMap) Post assertions and attributes to the target url.
static boolean	postYN(String targetIn) Returns true of false based on whether the target passed as parameter accepts form POST.
static Map	processArtifact(String[] artifact, String target) Processes SAML Artifact
static Map	processResponse(Response samlResponse, String target) Processes SAML Response
static void	sendError(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, int httpStatusCode, String errorCode, String errorMsg) Sends to error page URL for SAML protocols.
static void	setMimeHeaders(MimeHeaders headers, javax.servlet.http.HttpServletResponse response) Sets the given HttpServletResponse object with the headers in the given MimeHeaders object.
static byte[]	stringToByteArray(String input) Converts a string to a byte array.
static Map	verifyAssertionAndGetSSMap(Response response) Checks response and get back a Map of relevant data including, Subject, SOAPEntry for the partner and the List of Assertions.
static boolean	verifyResponse(Response response, String requestUrl, javax.servlet.http.HttpServletRequest request) Verifies a Response.
static boolean	verifySignature(Response samlResponse) Verifies Signature for Post response.

Methods inherited from class com.sun.identity.saml.common.SAMLUtilsCommon

byteArrayToHexString, byteArrayToString, checkStatement, decodePassword, generateID, getDecodedSourceIDString, makeEndElementTagXML, makeStartElementTagXML, removeNewLineChars, setDebugInstance, setResourceBundle

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

HTTP_MAX_CONTENT_LENGTH

public static final String HTTP_MAX_CONTENT_LENGTH

Attribute that specifies maximum content length for SAML request in AMConfig.properties file.

See Also:

Constant Field Values

defaultMaxLength

public static final int defaultMaxLength

Default maximum content length is set to 16k.

See Also:

Constant Field Values

DEFAULT_CONTENT_LENGTH

public static final String DEFAULT_CONTENT_LENGTH

Default maximum content length in string format.

Method Detail

generateAssertionID

public static String generateAssertionID()

Generates an ID String with length of SAMLConstants.ID_LENGTH.

Returns:

string the ID String; or null if it fails.

checkQuery

public static boolean checkQuery(Element element,
                                 String queryname)

Verifies if an element is a type of a specific query. Currently, this method is used by class AuthenticationQuery, AuthorizationDecisionQuery, and AttributeQuery.

Parameters:

element - a DOM Element which needs to be verified.

queryname - A specific name of a query, for example, AuthenticationQuery, AuthorizationDecisionQuery, or AttributeQuery.

Returns:

true if the element is a type of the specified query; false otherwise.

generateSourceID

public static String generateSourceID(String siteURL)

Generates sourceID of a site.

Parameters:

siteURL - a String that uniquely identifies a site.

Returns:

Base64 encoded SHA digest of siteURL.

generateAssertionHandle

public static String generateAssertionHandle()

Generates assertion handle.

Returns:

20-byte random string to be used to form an artifact.

hexStringToByteArray

public static byte[] hexStringToByteArray(String hexString)

Converts a HEX encoded string to a byte array.

Parameters:

hexString - HEX encoded string

Returns:

byte array.

hexStringToBase64

public static String hexStringToBase64(String hexString)

Converts HEX encoded string to Base64 encoded string.

Parameters:

hexString - HEX encoded string.

Returns:

Base64 encoded string.

getSourceSite

public static SAMLServiceManager.SOAPEntry getSourceSite(String issuer)

Gets sourceSite corresponding to an issuer from the partner URL list.

Parameters:

issuer - The issuer string.

Returns:

SAMLServiceManager.SOAPEntry of the issuer if it's on the list; null otherwise.

main

public static void main(String[] args)

Returns site ID based on the host name. The site ID will be in Base64 encoded format. This method will print out site ID to the standard output

Parameters:

args - host name

isCorrectConfirmationMethod

public static boolean isCorrectConfirmationMethod(SubjectConfirmation sc)

Checks if a SubjectConfirmation is correct.

Parameters:

sc - SubjectConfirmation instance to be checked.

Returns:

true if the SubjectConfirmation instance passed in has only one ConfirmationMethod, and this ConfirmationMethod is set to SAMLConstants.CONFIRMATION_METHOD_IS.

isAuthNAssertion

public static boolean isAuthNAssertion(Assertion assertion)

Returns true if the assertion is valid both time wise and signature wise, and contains at least one AuthenticationStatement.

Parameters:

assertion - Assertion instance to be checked.

Returns:

true if the assertion is valid both time wise and signature wise, and contains at least one AuthenticationStatement.

stringToByteArray

public static byte[] stringToByteArray(String input)

Converts a string to a byte array.

Parameters:

input - a String to be converted.

Returns:

result byte array.

getServerID

public static String getServerID(String idTypeString)

Returns server ID.

Parameters:

idTypeString - An ID string

Returns:

server ID part of the id.

getServerURL

public static String getServerURL(String str)

Returns server url of a site.

Parameters:

str - Server ID.

Returns:

Server url corresponding to the server id.

getFullServiceURL

public static String getFullServiceURL(String shortUrl)

Returns full service url.

Parameters:

shortUrl - short URL of the service.

Returns:

full service url.

addEnvParamsFromAssertion

public static void addEnvParamsFromAssertion(Map envParameters,
                                             Assertion assertion,
                                             Subject subject)

Returns attributes included in AttributeStatement of the assertion.

Parameters:

envParameters - return map which includes name value pairs of attributes included in AttributeStatement of the assertion

assertion - an Assertion object which contains AttributeStatement

subject - the Subject instance from AuthenticationStatement. The Subject included in AttributeStatement must match this Subject instance.

getMaxContentLength

public static int getMaxContentLength()

Returns maximum content length of a SAML request.

Returns:

maximum content length of a SAML request.

checkHTTPContentLength

public static void checkHTTPContentLength(javax.servlet.http.HttpServletRequest request)
                                   throws javax.servlet.ServletException

Checks content length of a http request to avoid dos attack. In case SAML inter-op with other SAML vendor who may not provide content length in HttpServletRequest. We decide to support no length restriction for Http communication. Here, we use a special value (e.g. 0) to indicate that no enforcement is required.

Parameters:

request - HttpServletRequest instance to be checked.

Throws:

javax.servlet.ServletException - if context length of the request exceeds maximum content length allowed.

postToTarget

public static void postToTarget(javax.servlet.http.HttpServletResponse response,
                                PrintWriter out,
                                List assertion,
                                String targeturl,
                                Map attrMap)
                         throws IOException

Post assertions and attributes to the target url. This method opens a URL connection to the target specified and POSTs assertions to it using the passed HttpServletResponse object. It POSTs multiple parameter names "assertion" with value being each of the Assertion in the passed Set.

Parameters:

response - HttpServletResponse object

out - The print writer which for content is to be written too.

assertion - List of Assertions to be posted.

targeturl - target url

attrMap - Map of attributes to be posted to the target

Throws:

IOException

postYN

public static boolean postYN(String targetIn)

Returns true of false based on whether the target passed as parameter accepts form POST.

Parameters:

targetIn - url to be checked

Returns:

true if it should post assertion to the target passed in; false otherwise.

HTMLEncode

public static String HTMLEncode(String srcStr,
                                char ch)

Replaces every occurence of ch with "&#<ascii code of ch>;"

Parameters:

srcStr - orginal string to to be encoded.

ch - the charactor needs to be encoded.

Returns:

encoded string

displayXML

public static String displayXML(String input)

Displays an XML string. This is a utility function used to hack up an HTML display of an XML string.

Parameters:

input - original string

Returns:

encoded string so it can be displayed properly by html.

getListOfAssertions

public static List getListOfAssertions(List assertions)

Gets the list of Assertion objects from a list of 'String' assertions.

Parameters:

assertions - List of assertions in string format

Returns:

List of Assertion objects

getResponseBytes

public static byte[] getResponseBytes(Response samlResponse)
                               throws SAMLException

Returns byte array from a SAML Response.

Parameters:

samlResponse - Response object

Returns:

byte array

Throws:

SAMLException - if error occurrs during the process.

getResponse

public static Response getResponse(byte[] bytes)

Returns Response object from byte array.

Parameters:

bytes - byte array

Returns:

Response object

verifyResponse

public static boolean verifyResponse(Response response,
                                     String requestUrl,
                                     javax.servlet.http.HttpServletRequest request)

Verifies a Response.

Parameters:

response - SAML Response object

requestUrl - this server's POST profile URL

request - HttpServletRequest object

Returns:

true if the response is valid; false otherwise.

getStrAssertions

public static List getStrAssertions(List assertions)

Gets List of assertions in String format from a list of Assertion objects.

Parameters:

assertions - List of Assertion objects.

Returns:

List of assertions in String format

verifySignature

public static boolean verifySignature(Response samlResponse)

Verifies Signature for Post response.

Parameters:

samlResponse - Response object from post profile.

Returns:

true if the signature on the reponse is valid; false otherwise.

getAttributeMap

public static Map getAttributeMap(SAMLServiceManager.SOAPEntry partnerdest,
                                  List assertions,
                                  Subject subject,
                                  String target)
                           throws Exception

Gets Attribute Map to be set in the Session.

Parameters:

partnerdest - SOAPEntry object

assertions - List of Assertions

subject - Subject object

target - target of final SSO

Returns:

Map which contains name and attributes.

Throws:

Exception - if an error occurrs.

verifyAssertionAndGetSSMap

public static Map verifyAssertionAndGetSSMap(Response response)

Checks response and get back a Map of relevant data including, Subject, SOAPEntry for the partner and the List of Assertions.

Parameters:

response - Response object

Returns:

Map of data including Subject, SOAPEntry, and list of assertions.

examAssertions

public static Subject examAssertions(List assertions)
                              throws IOException

Determines if there is a valid SSO Assertion inside of SAML Response.

Parameters:

assertions - a List of Assertion objects

Returns:

a Subject object

Throws:

IOException - IOException

checkSignatureValid

public static boolean checkSignatureValid(String xmlString,
                                          String idAttribute,
                                          String issuer)

Return whether the signature on the object is valid or not.

Parameters:

xmlString - input XML String

idAttribute - ASSERTION_ID_ATTRIBUTE or RESPONSE_ID_ATTRIBUTE

issuer - the issuer of the Assertion

Returns:

true if the signature on the object is valid; false otherwise.

setMimeHeaders

public static void setMimeHeaders(MimeHeaders headers,
                                  javax.servlet.http.HttpServletResponse response)

Sets the given HttpServletResponse object with the headers in the given MimeHeaders object.

Parameters:

headers - the MimeHeaders object

response - the HttpServletResponse object to which the headers are to be written.

getMimeHeaders

public static MimeHeaders getMimeHeaders(javax.servlet.http.HttpServletRequest req)

Returns a MimeHeaders object that contains the headers in the given HttpServletRequest object.

Parameters:

req - the HttpServletRequest object.

Returns:

a new MimeHeaders object containing the headers.

getLoginRedirectURL

public static String getLoginRedirectURL(javax.servlet.http.HttpServletRequest req)

Returns the authenticaion login url with goto parameter in the given HttpServletRequest object.

Parameters:

req - the HttpServletRequest object.

Returns:

a new authenticaion login url with goto parameter.

processArtifact

public static Map processArtifact(String[] artifact,
                                  String target)
                           throws SAMLException

Processes SAML Artifact

Parameters:

artifact - SAML Artifact

target - Target URL

Returns:

Attribute Map

Throws:

SAMLException - if failed to get the Assertions or Attribute Map.

generateSession

public static Object generateSession(javax.servlet.http.HttpServletRequest request,
                                     javax.servlet.http.HttpServletResponse response,
                                     Map attrMap)
                              throws SAMLException

Creates Session

Parameters:

request - HttpServletRequest

response - HttpServletResponse

attrMap - Attribute Map

Throws:

if - failed to create Session

SAMLException

processResponse

public static Map processResponse(Response samlResponse,
                                  String target)
                           throws SAMLException

Processes SAML Response

Parameters:

samlResponse - SAML Response object

target - Target URL

Returns:

Attribute Map

Throws:

SAMLException - if failed to get Attribute Map.

getCanonicalElement

public static Element getCanonicalElement(Node node)

Gets input Node Canonicalized

Parameters:

node - Node

Returns:

Canonical element if the operation succeeded. Otherwise, return null.

sendError

public static void sendError(javax.servlet.http.HttpServletRequest request,
                             javax.servlet.http.HttpServletResponse response,
                             int httpStatusCode,
                             String errorCode,
                             String errorMsg)

Sends to error page URL for SAML protocols. If the error page is hosted in the same web application, forward is used with parameters. Otherwise, redirection or HTTP POST is used with parameters. Three parameters are passed to the error URL: -- errorcode : Error key, this is the I18n key of the error message. -- httpstatuscode : Http status code for the error -- message : detailed I18n'd error message

Parameters:

request - HttpServletRequest object

response - HttpServletResponse object

httpStatusCode - Http Status code

errorCode - Error code

errorMsg - Detailed error message