org.opensaml.xml.util.DatatypeHelper Java Examples

The following examples show how to use org.opensaml.xml.util.DatatypeHelper. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: NamespaceManager.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Remove a Namespace from a set of Namespaces.  Equivalence of Namespace instances will be based 
 * on namespace URI and prefix only. The <code>alwaysDeclare</code> property will be ignored for
 * purpose of equivalence.
 * 
 * @param namespaces the set of namespaces
 * @param oldNamespace the namespace to add to the set
 */
private void removeNamespace(Set<Namespace> namespaces, Namespace oldNamespace) {
    if (oldNamespace == null) {
        return;
    }
    
    Iterator<Namespace> iter = namespaces.iterator();
    while (iter.hasNext()) {
        Namespace namespace = iter.next();
        if (DatatypeHelper.safeEquals(namespace.getNamespaceURI(), oldNamespace.getNamespaceURI()) &&
                DatatypeHelper.safeEquals(namespace.getNamespacePrefix(), oldNamespace.getNamespacePrefix())) {
            iter.remove();
        }
    }
    
}
 
Example #2
Source File: AssertionUnmarshaller.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/** {@inheritDoc} */
protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {

    Assertion assertion = (Assertion) samlObject;

    if (Assertion.ID_ATTRIB_NAME.equals(attribute.getLocalName())) {
        assertion.setID(attribute.getValue());
    } else if (Assertion.ISSUER_ATTRIB_NAME.equals(attribute.getLocalName())) {
        assertion.setIssuer(attribute.getValue());
    } else if (Assertion.ISSUEINSTANT_ATTRIB_NAME.equals(attribute.getLocalName())
            && !DatatypeHelper.isEmpty(attribute.getValue())) {
        assertion.setIssueInstant(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC()));
    } else if (Assertion.MINORVERSION_ATTRIB_NAME.equals(attribute.getLocalName())) {
        if (attribute.getValue().equals("0")) {
            assertion.setVersion(SAMLVersion.VERSION_10);
        } else {
            assertion.setVersion(SAMLVersion.VERSION_11);
        }
    } else {
        super.processAttribute(samlObject, attribute);
    }
}
 
Example #3
Source File: SAML2AuthnRequestsSignedRule.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Determine whether the inbound message is signed.
 * 
 * @param messageContext the message context being evaluated
 * @return true if the inbound message is signed, otherwise false
 */
protected boolean isMessageSigned(SAMLMessageContext messageContext) {
    // TODO this really should be determined by the decoders and supplied to the rule
    // in some fashion, to handle binding-specific signature mechanisms. See JIRA issue JOWS-4.
    //
    // For now evaluate here inline for XML Signature and HTTP-Redirect and HTTP-Post-SimpleSign.
    
    SAMLObject samlMessage = messageContext.getInboundSAMLMessage();
    if (samlMessage instanceof SignableSAMLObject) {
        SignableSAMLObject signableMessage = (SignableSAMLObject) samlMessage;
        if (signableMessage.isSigned()) {
            return true;
        }
    }
    
    // This handles HTTP-Redirect and HTTP-POST-SimpleSign bindings.
    HTTPInTransport inTransport = (HTTPInTransport) messageContext.getInboundMessageTransport();
    String sigParam = inTransport.getParameterValue("Signature");
    return !DatatypeHelper.isEmpty(sigParam);
}
 
Example #4
Source File: SignatureUnmarshaller.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Find and return the integer value contained within the HMACOutputLength element, if present.
 * 
 * @param signatureMethodElement the ds:SignatureMethod element
 * @return the HMAC output length value, or null if not present
 */
private Integer getHMACOutputLengthValue(Element signatureMethodElement) {
    if (signatureMethodElement == null) {
        return null;
    }
    // Should be at most one element
    List<Element> children = XMLHelper.getChildElementsByTagNameNS(signatureMethodElement, XMLConstants.XMLSIG_NS,
            "HMACOutputLength");
    if (!children.isEmpty()) {
        Element hmacElement = children.get(0);
        String value = DatatypeHelper.safeTrimOrNullString(hmacElement.getTextContent());
        if (value != null) {
            return new Integer(value);
        }
    }
    return null;
}
 
Example #5
Source File: SAML2HTTPRedirectDeflateSignatureRule.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/** {@inheritDoc} */
protected byte[] getSignedContent(HttpServletRequest request) throws SecurityPolicyException {
    // We need the raw non-URL-decoded query string param values for HTTP-Redirect DEFLATE simple signature
    // validation.
    // We have to construct a string containing the signature input by accessing the
    // request directly. We can't use the decoded parameters because we need the raw
    // data and URL-encoding isn't canonical.
    String queryString = request.getQueryString();
    log.debug("Constructing signed content string from URL query string {}", queryString);

    String constructed = buildSignedContentString(queryString);
    if (DatatypeHelper.isEmpty(constructed)) {
        log.warn("Could not extract signed content string from query string");
        return null;
    }
    log.debug("Constructed signed content string for HTTP-Redirect DEFLATE {}", constructed);

    try {
        return constructed.getBytes("UTF-8");
    } catch (UnsupportedEncodingException e) {
        // JVM is required to support UTF-8
    }
    return null;
}
 
Example #6
Source File: SecurityHelper.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Get the length of the key indicated by the algorithm URI, if applicable and available.
 * 
 * @param algorithmURI the algorithm URI to evaluate
 * @return the length of the key indicated by the algorithm URI, or null if the length is either unavailable or
 *         indeterminable from the URI
 */
public static Integer getKeyLengthFromURI(String algorithmURI) {
    Logger log = getLogger();
    String algoClass = DatatypeHelper.safeTrimOrNullString(JCEMapper.getAlgorithmClassFromURI(algorithmURI));

    if (ApacheXMLSecurityConstants.ALGO_CLASS_BLOCK_ENCRYPTION.equals(algoClass)
            || ApacheXMLSecurityConstants.ALGO_CLASS_SYMMETRIC_KEY_WRAP.equals(algoClass)) {

        try {
            int keyLength = JCEMapper.getKeyLengthFromURI(algorithmURI);
            return new Integer(keyLength);
        } catch (NumberFormatException e) {
            log.warn("XML Security config contained invalid key length value for algorithm URI: " + algorithmURI);
        }
    }

    log.info("Mapping from algorithm URI {} to key length not available", algorithmURI);
    return null;
}
 
Example #7
Source File: BaseSAMLXMLSignatureSecurityPolicyRule.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/** {@inheritDoc} */
protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext)
    throws SecurityPolicyException {
    if (!(messageContext instanceof SAMLMessageContext)) {
        log.error("Supplied message context was not an instance of SAMLMessageContext, can not build criteria set from SAML metadata parameters");
        throw new SecurityPolicyException("Supplied message context was not an instance of SAMLMessageContext");
    }
    
    SAMLMessageContext samlContext = (SAMLMessageContext) messageContext;
    
    CriteriaSet criteriaSet = new CriteriaSet();
    if (! DatatypeHelper.isEmpty(entityID)) {
        criteriaSet.add(new EntityIDCriteria(entityID) );
    }
    
    MetadataCriteria mdCriteria = 
        new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext.getInboundSAMLProtocol());
    criteriaSet.add(mdCriteria);
    
    criteriaSet.add( new UsageCriteria(UsageType.SIGNING) );
    
    return criteriaSet;
}
 
Example #8
Source File: SAML2HTTPRedirectDeflateSignatureValidator.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
/**
 * Extract the signature value from the request, in the form suitable for
 * input into
 * {@link SignatureTrustEngine#validate(byte[], byte[], String, CriteriaSet, Credential)}
 * .
 * <p/>
 * Defaults to the Base64-decoded value of the HTTP request parameter named
 * <code>Signature</code>.
 *
 * @param queryString
 * @return
 * @throws SecurityPolicyException
 * @throws IdentitySAML2SSOException
 */
protected static byte[] getSignature(String queryString) throws SecurityPolicyException {
    String signatureQueryParam = HTTPTransportUtils.getRawQueryStringParameter(queryString, "Signature");
    if (DatatypeHelper.isEmpty(signatureQueryParam)) {
        throw new SecurityPolicyException("Could not extract the Signature from query string");
    }
    String signature = null;
    try {
        /* Split 'Signature=<sig_value>' query param using '=' as the delimiter,
    and get the Signature value */
        signature = URLDecoder.decode(signatureQueryParam.split("=")[1], "UTF-8");
    } catch (UnsupportedEncodingException e) {
        if (log.isDebugEnabled()) {
            log.debug("Encoding not supported.", e);
        }
        // JVM is required to support UTF-8
        return new byte[0];
    }
    return Base64.decode(signature);
}
 
Example #9
Source File: Encrypter.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Check key encryption parameters for consistency and required values.
 * 
 * @param kekParams the key encryption parameters to check
 * @param allowEmpty if false, a null parameter is treated as an error
 * 
 * @throws EncryptionException thrown if any parameters are missing or have invalid values
 */
protected void checkParams(KeyEncryptionParameters kekParams, boolean allowEmpty) throws EncryptionException {
    if (kekParams == null) {
        if (allowEmpty) {
            return;
        } else {
            log.error("Key encryption parameters are required");
            throw new EncryptionException("Key encryption parameters are required");
        }
    }
    Key key = SecurityHelper.extractEncryptionKey(kekParams.getEncryptionCredential());
    if (key == null) {
        log.error("Key encryption credential and contained key are required");
        throw new EncryptionException("Key encryption credential and contained key are required");
    } else if (key instanceof DSAPublicKey) {
        log.error("Attempt made to use DSA key for encrypted key transport");
        throw new EncryptionException("DSA keys may not be used for encrypted key transport");
    } else if (key instanceof ECPublicKey) {
        log.error("Attempt made to use EC key for encrypted key transport");
        throw new EncryptionException("EC keys may not be used for encrypted key transport");
    } else if (DatatypeHelper.isEmpty(kekParams.getAlgorithm())) {
        log.error("Key encryption algorithm URI is required");
        throw new EncryptionException("Key encryption algorithm URI is required");
    }
}
 
Example #10
Source File: X509Util.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Gets a formatted string representing identifier information from the supplied credential.
 * 
 * <p>
 * This could for example be used in logging messages.
 * </p>
 * 
 * <p>
 * Often it will be the case that a given credential that is being evaluated will NOT have a value for the entity ID
 * property. So extract the certificate subject DN, and if present, the credential's entity ID.
 * </p>
 * 
 * @param credential the credential for which to produce a token.
 * @param handler the X.500 DN handler to use. If null, a new instance of {@link InternalX500DNHandler} will be
 *            used.
 * 
 * @return a formatted string containing identifier information present in the credential
 */
public static String getIdentifiersToken(X509Credential credential, X500DNHandler handler) {
    X500DNHandler x500DNHandler;
    if (handler != null) {
        x500DNHandler = handler;
    } else {
        x500DNHandler = new InternalX500DNHandler();
    }
    X500Principal x500Principal = credential.getEntityCertificate().getSubjectX500Principal();
    StringBuilder builder = new StringBuilder();
    builder.append('[');
    builder.append(String.format("subjectName='%s'", x500DNHandler.getName(x500Principal)));
    if (!DatatypeHelper.isEmpty(credential.getEntityId())) {
        builder.append(String.format(" |credential entityID='%s'", DatatypeHelper.safeTrimOrNullString(credential
                .getEntityId())));
    }
    builder.append(']');
    return builder.toString();
}
 
Example #11
Source File: MetadataCredentialResolver.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Check that all necessary credential criteria are available.
 * 
 * @param criteriaSet the credential set to evaluate
 */
protected void checkCriteriaRequirements(CriteriaSet criteriaSet) {
    EntityIDCriteria entityCriteria = criteriaSet.get(EntityIDCriteria.class);
    MetadataCriteria mdCriteria = criteriaSet.get(MetadataCriteria.class);
    if (entityCriteria == null) {
        throw new IllegalArgumentException("Entity criteria must be supplied");
    }
    if (mdCriteria == null) {
        throw new IllegalArgumentException("SAML metadata criteria must be supplied");
    }
    if (DatatypeHelper.isEmpty(entityCriteria.getEntityID())) {
        throw new IllegalArgumentException("Credential owner entity ID criteria value must be supplied");
    }
    if (mdCriteria.getRole() == null) {
        throw new IllegalArgumentException("Credential metadata role criteria value must be supplied");
    }
}
 
Example #12
Source File: BaseSAML2MessageDecoder.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * {@inheritDoc} 
 * 
 * <p>This SAML 2-specific implementation extracts the value of the protocol message Destination attribute.</p>
 * 
 * */
protected String getIntendedDestinationEndpointURI(SAMLMessageContext samlMsgCtx) throws MessageDecodingException {
    SAMLObject samlMessage = samlMsgCtx.getInboundSAMLMessage();
    String messageDestination = null;
    if (samlMessage instanceof RequestAbstractType) {
        RequestAbstractType request =  (RequestAbstractType) samlMessage;
        messageDestination = DatatypeHelper.safeTrimOrNullString(request.getDestination());
    } else if (samlMessage instanceof StatusResponseType) {
        StatusResponseType response = (StatusResponseType) samlMessage;
        messageDestination = DatatypeHelper.safeTrimOrNullString(response.getDestination());
    } else {
        log.error("Invalid SAML message type encountered: {}", samlMessage.getElementQName().toString());
        throw new MessageDecodingException("Invalid SAML message type encountered");
    }
    return messageDestination;
}
 
Example #13
Source File: WSSecurityHelper.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Gets the <code>wsse11:TokenType</code> attribute from a given SOAP object.
 * 
 * @param soapObject the SOAP object to add the attribute to
 * 
 * @return the value of the tokenType attribute, or null if not present
 */
public static String getWSSE11TokenType(XMLObject soapObject) {
    String value = null;
    if (soapObject instanceof TokenTypeBearing) {
        value = DatatypeHelper.safeTrimOrNullString(((TokenTypeBearing)soapObject).getWSSE11TokenType());
        if (value != null) {
            return value;
        }
    }
    if (soapObject instanceof AttributeExtensibleXMLObject) {
        value = DatatypeHelper.safeTrimOrNullString(((AttributeExtensibleXMLObject)soapObject)
                    .getUnknownAttributes().get(TokenTypeBearing.WSSE11_TOKEN_TYPE_ATTR_NAME));
        return value;
    }
    return null;
}
 
Example #14
Source File: AbstractEncryptedKeyResolver.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Evaluate whether an EncryptedKey's CarriedKeyName matches one of the KeyName values
 * from the EncryptedData context.
 * 
 * @param encryptedData the EncryptedData context
 * @param encryptedKey the candidate Encryptedkey to evaluate
 * @return true if the encrypted key's carried key name matches that of the encrytped data, 
 *          false otherwise
 */
protected boolean matchCarriedKeyName(EncryptedData encryptedData, EncryptedKey encryptedKey) {
    if (encryptedKey.getCarriedKeyName() == null 
            || DatatypeHelper.isEmpty(encryptedKey.getCarriedKeyName().getValue()) ) {
        return true;
    }
    
    if (encryptedData.getKeyInfo() == null 
            || encryptedData.getKeyInfo().getKeyNames().isEmpty() ) {
        return false;
    }
    
    String keyCarriedKeyName = encryptedKey.getCarriedKeyName().getValue();
    List<String> dataKeyNames = KeyInfoHelper.getKeyNames(encryptedData.getKeyInfo());
    
    return dataKeyNames.contains(keyCarriedKeyName);
}
 
Example #15
Source File: EntityDescriptorUnmarshaller.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/** {@inheritDoc} */
protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {
    EntityDescriptor entityDescriptor = (EntityDescriptor) samlObject;

    if (attribute.getLocalName().equals(EntityDescriptor.ENTITY_ID_ATTRIB_NAME)) {
        entityDescriptor.setEntityID(attribute.getValue());
    } else if (attribute.getLocalName().equals(EntityDescriptor.ID_ATTRIB_NAME)) {
        entityDescriptor.setID(attribute.getValue());
        attribute.getOwnerElement().setIdAttributeNode(attribute, true);
    } else if (attribute.getLocalName().equals(TimeBoundSAMLObject.VALID_UNTIL_ATTRIB_NAME)
            && !DatatypeHelper.isEmpty(attribute.getValue())) {
        entityDescriptor.setValidUntil(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC()));
    } else if (attribute.getLocalName().equals(CacheableSAMLObject.CACHE_DURATION_ATTRIB_NAME)) {
        entityDescriptor.setCacheDuration(XMLHelper.durationToLong(attribute.getValue()));
    } else {
        QName attribQName = XMLHelper.getNodeQName(attribute);
        if (attribute.isId()) {
            entityDescriptor.getUnknownAttributes().registerID(attribQName);
        }
        entityDescriptor.getUnknownAttributes().put(attribQName, attribute.getValue());
    }
}
 
Example #16
Source File: EntitiesDescriptorUnmarshaller.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/** {@inheritDoc} */
protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {
    EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) samlObject;

    if (attribute.getLocalName().equals(EntitiesDescriptor.ID_ATTRIB_NAME)) {
        entitiesDescriptor.setID(attribute.getValue());
        attribute.getOwnerElement().setIdAttributeNode(attribute, true);
    } else if (attribute.getLocalName().equals(TimeBoundSAMLObject.VALID_UNTIL_ATTRIB_NAME)
            && !DatatypeHelper.isEmpty(attribute.getValue())) {
        entitiesDescriptor.setValidUntil(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC()));
    } else if (attribute.getLocalName().equals(CacheableSAMLObject.CACHE_DURATION_ATTRIB_NAME)) {
        entitiesDescriptor.setCacheDuration(new Long(XMLHelper.durationToLong(attribute.getValue())));
    } else if (attribute.getLocalName().equals(EntitiesDescriptor.NAME_ATTRIB_NAME)) {
        entitiesDescriptor.setName(attribute.getValue());
    } else {
        super.processAttribute(samlObject, attribute);
    }
}
 
Example #17
Source File: EnvironmentMatchTypeMarshaller.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
protected void marshallAttributes(XMLObject xmlObject, Element domElement) throws MarshallingException {
    EnvironmentMatchType matchType = (EnvironmentMatchType) xmlObject;

    if (!DatatypeHelper.isEmpty(matchType.getMatchId())) {
        domElement.setAttribute(EnvironmentMatchType.MATCH_ID_ATTRIB_NAME, matchType.getMatchId());
    }
}
 
Example #18
Source File: ClasspathResource.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Constructor.
 * 
 * @param path the path to the file for this resource
 * @param resourceFilter filter to apply to this resource
 * 
 * @throws ResourceException thrown if the resource path is null or empty or if the resource does not exist
 * 
 * @deprecated use {@link #setResourceFilter(ResourceFilter)} instead
 */
public ClasspathResource(String path, ResourceFilter resourceFilter) throws ResourceException {
    super(resourceFilter);
    
    if (DatatypeHelper.isEmpty(path)) {
        throw new ResourceException("Resource path may not be null or empty");
    }

    resource = getClass().getResource(path);
    if (resource == null) {
        throw new ResourceException("Classpath resource does not exist: " + path);
    }

    lastModTime = new DateTime();
}
 
Example #19
Source File: InlineX509DataProvider.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Find the certificate from the chain identified by one of the specified issuer serials.
 * 
 * @param certs list of certificates to evaluate
 * @param serials X509 issuer serials to use as search criteria
 * @return the matching certificate, or null
 */
protected X509Certificate findCertFromIssuerSerials(List<X509Certificate> certs, List<X509IssuerSerial> serials) {
    for (X509IssuerSerial issuerSerial : serials) {
        if (issuerSerial.getX509IssuerName() == null || issuerSerial.getX509SerialNumber() == null) {
            continue;
        }
        String issuerNameValue = issuerSerial.getX509IssuerName().getValue();
        BigInteger serialNumber  = issuerSerial.getX509SerialNumber().getValue();
        if (! DatatypeHelper.isEmpty(issuerNameValue)) {
            X500Principal issuerX500Principal = null;
            try {
                issuerX500Principal = x500DNHandler.parse(issuerNameValue);
            } catch (IllegalArgumentException e) {
                log.warn("X500 issuer name '{}' could not be parsed by configured X500DNHandler '{}'",
                        issuerNameValue, x500DNHandler.getClass().getName());
                return null;
            }
            for (X509Certificate cert : certs) {
                if (cert.getIssuerX500Principal().equals(issuerX500Principal) &&
                        cert.getSerialNumber().equals(serialNumber)) {
                    return cert;
                }
            }
        }
    }
    return null;
}
 
Example #20
Source File: ResponseAbstractTypeUnmarshaller.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {
    ResponseAbstractType response = (ResponseAbstractType) samlObject;

    if (attribute.getLocalName().equals(ResponseAbstractType.ID_ATTRIB_NAME)) {
        response.setID(attribute.getValue());
    } else if (attribute.getLocalName().equals(ResponseAbstractType.INRESPONSETO_ATTRIB_NAME)) {
        response.setInResponseTo(attribute.getValue());
    } else if (attribute.getLocalName().equals(ResponseAbstractType.ISSUEINSTANT_ATTRIB_NAME)
            && !DatatypeHelper.isEmpty(attribute.getValue())) {
        response.setIssueInstant(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC()));
    } else if (attribute.getLocalName().equals(ResponseAbstractType.MINORVERSION_ATTRIB_NAME)) {
        int minor;
        try {
            minor = Integer.parseInt(attribute.getValue());
        } catch (NumberFormatException n) {
            log.error("Parsing minor version ", n);
            throw new UnmarshallingException(n);
        }
        if (minor == 0) {
            response.setVersion(SAMLVersion.VERSION_10);
        } else if (minor == 1) {
            response.setVersion(SAMLVersion.VERSION_11);
        }
    } else if (attribute.getLocalName().equals(ResponseAbstractType.RECIPIENT_ATTRIB_NAME)) {
        response.setRecipient(attribute.getValue());
    } else {
        super.processAttribute(samlObject, attribute);
    }
}
 
Example #21
Source File: X509KeyManagerX509CredentialAdapter.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Constructor.
 * 
 * @param manager wrapped key manager
 * @param alias alias used to reference the credential in the key manager
 */
public X509KeyManagerX509CredentialAdapter(X509KeyManager manager, String alias) {
    if (manager == null) {
        throw new IllegalArgumentException("Key manager may not be null");
    }
    keyManager = manager;

    credentialAlias = DatatypeHelper.safeTrimOrNullString(alias);
    if (credentialAlias == null) {
        throw new IllegalArgumentException("Entity alias may not be null");
    }
}
 
Example #22
Source File: KeyNameCriteria.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Set the key name criteria.
 * 
 * @param name The keyName to set.
 */
public void setKeyName(String name) {
    if (DatatypeHelper.isEmpty(name)) {
        throw new IllegalArgumentException("Key name criteria value must be supplied");
    }
    keyName = DatatypeHelper.safeTrimOrNullString(name);
}
 
Example #23
Source File: CombinerParameterTypeUnmarshaller.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
protected void processAttribute(XMLObject xmlObject, Attr attribute) throws UnmarshallingException {
    CombinerParameterType combinerParameterType = (CombinerParameterType) xmlObject;
  
    if(attribute.getLocalName().equals(CombinerParameterType.PARAMETER_NAMEATTRIB_NAME)){
        combinerParameterType.setParameterName(DatatypeHelper.safeTrimOrNullString(attribute.getValue()));
    } else {
        super.processAttribute(xmlObject, attribute);
    }
}
 
Example #24
Source File: X509KeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Process the options related to generation of the X509IssuerSerial child element of X509Data 
 * based on certificate data.
 * 
 * @param x509Data the X509Data element being processed.
 * @param cert the certificate being processed
 */ 
protected void processCertX509IssuerSerial(X509Data x509Data, java.security.cert.X509Certificate cert) {
    if (options.emitX509IssuerSerial) {
        String issuerNameValue = getIssuerName(cert);
        if (! DatatypeHelper.isEmpty(issuerNameValue)) {
            x509Data.getX509IssuerSerials().add( 
                    KeyInfoHelper.buildX509IssuerSerial(issuerNameValue, cert.getSerialNumber()) );
        }
    }
}
 
Example #25
Source File: ResourceMatchTypeMarshaller.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
protected void marshallAttributes(XMLObject xmlObject, Element domElement) throws MarshallingException {
    ResourceMatchType matchType = (ResourceMatchType) xmlObject;

    if (!DatatypeHelper.isEmpty(matchType.getMatchId())) {
        domElement.setAttribute(ResourceMatchType.MATCH_ID_ATTRIB_NAME, matchType.getMatchId());
    }
}
 
Example #26
Source File: BasicKeyInfoGeneratorFactory.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** Process the values of {@link Credential#getKeyNames()}.
 * 
 * @param keyInfo the KeyInfo that is being built
 * @param credential the Credential that is geing processed
 */
protected void processKeyNames(KeyInfo keyInfo, Credential credential) {
    if (options.emitKeyNames) {
        for (String keyNameValue : credential.getKeyNames()) {
            if ( ! DatatypeHelper.isEmpty(keyNameValue)) {
                KeyInfoHelper.addKeyName(keyInfo, keyNameValue);
            }
        }
    }
}
 
Example #27
Source File: AssertionUnmarshaller.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
public XMLObject unmarshall(Element domElement) throws UnmarshallingException {
    // After regular unmarshalling, check the minor version and set ID-ness if not SAML 1.0
    Assertion assertion = (Assertion) super.unmarshall(domElement);
    if (assertion.getMinorVersion() != 0 && !DatatypeHelper.isEmpty(assertion.getID())) {
        domElement.setIdAttributeNS(null, Assertion.ID_ATTRIB_NAME, true);
    }
    return assertion;
}
 
Example #28
Source File: BaseSAML2MessageEncoder.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Checks that the relay state is 80 bytes or less if it is not null.
 * 
 * @param relayState relay state to check
 * 
 * @return true if the relay state is not empty and is less than 80 bytes
 */
protected boolean checkRelayState(String relayState) {
    if (!DatatypeHelper.isEmpty(relayState)) {
        if (relayState.getBytes().length > 80) {
            log.warn("Relay state exceeds 80 bytes, some application may not support this.");
        }

        return true;
    }

    return false;
}
 
Example #29
Source File: CryptoBinaryImpl.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
public BigInteger getValueBigInt() {
    if (bigIntValue == null && !DatatypeHelper.isEmpty(getValue())) {
        bigIntValue = KeyInfoHelper.decodeBigIntegerFromCryptoBinary(getValue());
    }
    return bigIntValue;
}
 
Example #30
Source File: SAML2HTTPRedirectDeflateSignatureValidator.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
/**
 * Build a criteria set suitable for input to the trust engine.
 *
 * @param issuer
 * @return
 * @throws SecurityPolicyException
 */
private static CriteriaSet buildCriteriaSet(String issuer) {
    CriteriaSet criteriaSet = new CriteriaSet();
    if (!DatatypeHelper.isEmpty(issuer)) {
        criteriaSet.add(new EntityIDCriteria(issuer));
    }
    criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
    return criteriaSet;
}