Produced by Araxis Merge on 10/3/2017 11:15:18 AM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | ehmp.zip\ehmp\ehmp\product\production\mocktokengenerator\src\main\java\com\clearavenue\mocksts | STSTokenGenerator.java | Tue Jan 10 16:20:50 2017 UTC |
| 2 | ehmp.zip\ehmp\ehmp\product\production\mocktokengenerator\src\main\java\com\clearavenue\mocksts | STSTokenGenerator.java | Mon Oct 2 19:47:54 2017 UTC |
| Description | Between Files 1 and 2 |
|
|---|---|---|
| Text Blocks | Lines | |
| Unchanged | 2 | 1454 |
| Changed | 1 | 2 |
| Inserted | 0 | 0 |
| Removed | 0 | 0 |
| Whitespace | |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | /* | |
| 2 | * | |
| 3 | */ | |
| 4 | package co m.clearave nue.mockst s; | |
| 5 | ||
| 6 | import jav a.io.FileN otFoundExc eption; | |
| 7 | import jav a.io.IOExc eption; | |
| 8 | import jav a.io.Input Stream; | |
| 9 | import jav a.security .KeyStore; | |
| 10 | import jav a.security .KeyStoreE xception; | |
| 11 | import jav a.security .NoSuchAlg orithmExce ption; | |
| 12 | import jav a.security .PrivateKe y; | |
| 13 | import jav a.security .Unrecover ableEntryE xception; | |
| 14 | import jav a.security .cert.Cert ificateEnc odingExcep tion; | |
| 15 | import jav a.security .cert.Cert ificateExc eption; | |
| 16 | import jav a.security .cert.X509 Certificat e; | |
| 17 | import jav a.util.UUI D; | |
| 18 | ||
| 19 | import jav ax.xml.nam espace.QNa me; | |
| 20 | ||
| 21 | import org .apache.xm l.security .signature .XMLSignat ureExcepti on; | |
| 22 | import org .joda.time .DateTime; | |
| 23 | import org .joda.time .DateTimeZ one; | |
| 24 | import org .opensaml. Configurat ion; | |
| 25 | import org .opensaml. saml2.core .Assertion ; | |
| 26 | import org .opensaml. saml2.core .Attribute ; | |
| 27 | import org .opensaml. saml2.core .Attribute Statement; | |
| 28 | import org .opensaml. saml2.core .Attribute Value; | |
| 29 | import org .opensaml. saml2.core .Audience; | |
| 30 | import org .opensaml. saml2.core .AudienceR estriction ; | |
| 31 | import org .opensaml. saml2.core .AuthnCont ext; | |
| 32 | import org .opensaml. saml2.core .AuthnCont extClassRe f; | |
| 33 | import org .opensaml. saml2.core .AuthnStat ement; | |
| 34 | import org .opensaml. saml2.core .Condition s; | |
| 35 | import org .opensaml. saml2.core .Issuer; | |
| 36 | import org .opensaml. saml2.core .NameID; | |
| 37 | import org .opensaml. saml2.core .NameIDTyp e; | |
| 38 | import org .opensaml. saml2.core .Subject; | |
| 39 | import org .opensaml. saml2.core .SubjectCo nfirmation ; | |
| 40 | import org .opensaml. saml2.core .SubjectCo nfirmation Data; | |
| 41 | import org .opensaml. ws.soap.so ap11.Body; | |
| 42 | import org .opensaml. ws.soap.so ap11.Envel ope; | |
| 43 | import org .opensaml. ws.soap.so ap11.Heade r; | |
| 44 | import org .opensaml. ws.soap.ut il.SOAPHel per; | |
| 45 | import org .opensaml. ws.wsaddre ssing.Addr ess; | |
| 46 | import org .opensaml. ws.wsaddre ssing.Endp ointRefere nce; | |
| 47 | import org .opensaml. ws.wspolic y.AppliesT o; | |
| 48 | import org .opensaml. ws.wssecur ity.Binary SecurityTo ken; | |
| 49 | import org .opensaml. ws.wssecur ity.Create d; | |
| 50 | import org .opensaml. ws.wssecur ity.Expire s; | |
| 51 | import org .opensaml. ws.wssecur ity.KeyIde ntifier; | |
| 52 | import org .opensaml. ws.wssecur ity.Refere nce; | |
| 53 | import org .opensaml. ws.wssecur ity.Securi ty; | |
| 54 | import org .opensaml. ws.wssecur ity.Securi tyTokenRef erence; | |
| 55 | import org .opensaml. ws.wssecur ity.Timest amp; | |
| 56 | import org .opensaml. ws.wssecur ity.WSSecu rityConsta nts; | |
| 57 | import org .opensaml. ws.wstrust .Lifetime; | |
| 58 | import org .opensaml. ws.wstrust .RequestSe curityToke nResponse; | |
| 59 | import org .opensaml. ws.wstrust .RequestSe curityToke nResponseC ollection; | |
| 60 | import org .opensaml. ws.wstrust .Requested AttachedRe ference; | |
| 61 | import org .opensaml. ws.wstrust .Requested SecurityTo ken; | |
| 62 | import org .opensaml. xml.io.Mar shallingEx ception; | |
| 63 | import org .opensaml. xml.schema .XSString; | |
| 64 | import org .opensaml. xml.schema .impl.XSSt ringBuilde r; | |
| 65 | import org .opensaml. xml.securi ty.x509.Ba sicX509Cre dential; | |
| 66 | import org .opensaml. xml.signat ure.KeyInf o; | |
| 67 | import org .opensaml. xml.signat ure.Signat ure; | |
| 68 | import org .opensaml. xml.signat ure.Signat ureConstan ts; | |
| 69 | import org .opensaml. xml.signat ure.Signat ureExcepti on; | |
| 70 | import org .opensaml. xml.signat ure.Signer ; | |
| 71 | import org .opensaml. xml.util.B ase64; | |
| 72 | import org .slf4j.Log ger; | |
| 73 | import org .slf4j.Log gerFactory ; | |
| 74 | ||
| 75 | /** | |
| 76 | * The Cla ss STSToke nGenerator . | |
| 77 | */ | |
| 78 | public cla ss STSToke nGenerator { | |
| 79 | ||
| 80 | /* * The Cons tant COMMU NITY_ID. * / | |
| 81 | pr ivate stat ic final S tring COMM UNITY_ID = "urn:oid: 2.16.840.1 .113883.4. 349"; | |
| 82 | ||
| 83 | /* * The Cons tant ASS_L EVEL. */ | |
| 84 | pr ivate stat ic final S tring ASS_ LEVEL = "2 "; | |
| 85 | ||
| 86 | /* * The Cons tant NPI. */ | |
| 87 | pr ivate stat ic final S tring NPI = "IAM AD" ; | |
| 88 | ||
| 89 | /* * The Cons tant AUTHE NTICATION_ TYPE. */ | |
| 90 | pr ivate stat ic final S tring AUTH ENTICATION _TYPE = "I ndirect"; | |
| 91 | ||
| 92 | /* * The Cons tant AUTHN SYSTEM. */ | |
| 93 | pr ivate stat ic final S tring AUTH NSYSTEM = "SSOi"; | |
| 94 | ||
| 95 | /* * The Cons tant JKS_A LIAS. */ | |
| 96 | pr ivate stat ic final S tring JKS_ ALIAS = "m ocksts"; | |
| 97 | ||
| 98 | /* * The Cons tant JKS_P ASSWORD. * / | |
| 99 | pr ivate stat ic final S tring JKS_ PASSWORD = "m0ckSts1 23"; | |
| 100 | ||
| 101 | /* * The Cons tant SIGNI NG_JKS. */ | |
| 102 | pr ivate stat ic final S tring SIGN ING_JKS = "mocksts.j ks"; | |
| 103 | ||
| 104 | /* * The Cons tant ISSUE R. */ | |
| 105 | pr ivate stat ic final S tring ISSU ER = "int. services.e auth. DNS "; | |
| 106 | ||
| 107 | /* * The Cons tant VALID _SECONDS. */ | |
| 108 | pr ivate stat ic final i nt VALID_S ECONDS = 3 60; | |
| 109 | ||
| 110 | /* * The Cons tant SUBJE CT_URL. */ | |
| 111 | pr ivate stat ic final S tring SUBJ ECT_URL = "http://SS Oi/Applies To/SAML2"; | |
| 112 | ||
| 113 | /* * The Cons tant ID_TY PE. */ | |
| 114 | pu blic stati c final QN ame ID_TYP E = new QN ame("ID"); | |
| 115 | ||
| 116 | /* * The Cons tant VALUE _TYPE. */ | |
| 117 | pu blic stati c final QN ame VALUE_ TYPE = new QName("Va lueType"); | |
| 118 | ||
| 119 | /* * The Cons tant SAMLI D. */ | |
| 120 | pu blic stati c final St ring SAMLI D = "http: //docs.oas is-open.or g/wss/oasi s-wss-saml -token-pro file-1.1#S AMLID"; | |
| 121 | ||
| 122 | /* * The Cons tant TOKEN _TYPE_SAML _20. */ | |
| 123 | pu blic stati c final St ring TOKEN _TYPE_SAML _20 = "htt p://docs.o asis-open. org/wss/oa sis-wss-sa ml-token-p rofile-1.1 #SAMLV2.0" ; | |
| 124 | ||
| 125 | /* * The Cons tant TOKEN _TYPE. */ | |
| 126 | pu blic stati c final QN ame TOKEN_ TYPE = new QName(WSS ecurityCon stants.WSS E11_NS, "T okenType", WSSecurit yConstants .WSSE11_PR EFIX); | |
| 127 | ||
| 128 | /* * The Cons tant logge r. */ | |
| 129 | fi nal static Logger LO GGER = Log gerFactory .getLogger (STSTokenG enerator.c lass); | |
| 130 | ||
| 131 | /* * The user name. */ | |
| 132 | pr ivate Stri ng usernam e; | |
| 133 | ||
| 134 | /* * The user . */ | |
| 135 | pr ivate fina l MockUser user; | |
| 136 | ||
| 137 | /* * | |
| 138 | * Instantia tes a new STS token generator. | |
| 139 | * | |
| 140 | * @param mo ckuser | |
| 141 | * the mock user objec t with inf o about th e user | |
| 142 | * / | |
| 143 | pu blic STSTo kenGenerat or(final M ockUser mo ckuser) { | |
| 144 | user = mockuse r; | |
| 145 | } | |
| 146 | ||
| 147 | /* * | |
| 148 | * Generate SOAP envel ope respon se contain ing a Head er with th e X509 cer t used to sign the a ssertion f ound in th e Body. | |
| 149 | * | |
| 150 | * @param bo dyId | |
| 151 | * the body id to use in buildi ng the ref erences | |
| 152 | * @return t he SOAP en velope | |
| 153 | * @throws X MLSignatur eException | |
| 154 | * the XML signature exception | |
| 155 | * @throws I llegalArgu mentExcept ion | |
| 156 | * the ill egal argum ent except ion | |
| 157 | * @throws I llegalAcce ssExceptio n | |
| 158 | * the ill egal acces s exceptio n | |
| 159 | * @throws N oSuchField Exception | |
| 160 | * the no such field exception | |
| 161 | * @throws S ecurityExc eption | |
| 162 | * the sec urity exce ption | |
| 163 | * / | |
| 164 | pu blic Envel ope genera teResponse (final Str ing bodyId ) throws X MLSignatur eException , IllegalA rgumentExc eption, Il legalAcces sException , NoSuchFi eldExcepti on, Securi tyExceptio n { | |
| 165 | ||
| 166 | fina l Security security = MockSTSU tils.creat eXMLObject (Security. class); | |
| 167 | SOAP Helper.add SOAP11Must Understand Attribute( security, true); | |
| 168 | ||
| 169 | fina l Timestam p timestam p = genera teTimestam p(VALID_SE CONDS); | |
| 170 | fina l BinarySe curityToke n secToken = generat eBinarySec urityToken (); | |
| 171 | secu rity.getUn knownXMLOb jects().ad d(timestam p); | |
| 172 | secu rity.getUn knownXMLOb jects().ad d(secToken ); | |
| 173 | ||
| 174 | fina l Assertio n assertio n = genera teAssertio n(); | |
| 175 | sign Assertion( assertion, secToken. getWSUId() ); | |
| 176 | ||
| 177 | fina l Body bod y = genera teBody(ass ertion); | |
| 178 | body .getUnknow nAttribute s().put(ID _TYPE, Str ing.format ("Body-%s" , bodyId)) ; | |
| 179 | ||
| 180 | fina l Header h eader = Mo ckSTSUtils .createSAM LObject(He ader.class ); | |
| 181 | head er.getUnkn ownXMLObje cts().add( security); | |
| 182 | ||
| 183 | fina l Envelope envelope = MockSTSU tils.creat eSAMLObjec t(Envelope .class); | |
| 184 | enve lope.setHe ader(heade r); | |
| 185 | enve lope.setBo dy(body); | |
| 186 | ||
| 187 | retu rn envelop e; | |
| 188 | } | |
| 189 | ||
| 190 | /* * | |
| 191 | * Generate body. | |
| 192 | * | |
| 193 | * @param as sertion | |
| 194 | * the asse rtion | |
| 195 | * @return t he body | |
| 196 | * @throws I llegalArgu mentExcept ion | |
| 197 | * the ill egal argum ent except ion | |
| 198 | * @throws I llegalAcce ssExceptio n | |
| 199 | * the ill egal acces s exceptio n | |
| 200 | * @throws N oSuchField Exception | |
| 201 | * the no such field exception | |
| 202 | * @throws S ecurityExc eption | |
| 203 | * the sec urity exce ption | |
| 204 | * / | |
| 205 | pr ivate Body generateB ody(final Assertion assertion) throws Il legalArgum entExcepti on, Illega lAccessExc eption, No SuchFieldE xception, SecurityEx ception { | |
| 206 | ||
| 207 | fina l RequestS ecurityTok enResponse rstr = Mo ckSTSUtils .createXML Object(Req uestSecuri tyTokenRes ponse.clas s); | |
| 208 | ||
| 209 | // a ppliesTO | |
| 210 | fina l AppliesT o appliesT o = getApp liesTo(); | |
| 211 | rstr .getUnknow nXMLObject s().add(ap pliesTo); | |
| 212 | ||
| 213 | // l ifetime | |
| 214 | fina l Lifetime lt = gene rateLifeti me(VALID_S ECONDS); | |
| 215 | rstr .getUnknow nXMLObject s().add(lt ); | |
| 216 | ||
| 217 | // R ST | |
| 218 | fina l Requeste dSecurityT oken rst = generateR equestedSe curityToke n(assertio n); | |
| 219 | rstr .getUnknow nXMLObject s().add(rs t); | |
| 220 | ||
| 221 | // R AR | |
| 222 | fina l Requeste dAttachedR eference r ar = MockS TSUtils.cr eateXMLObj ect(Reques tedAttache dReference .class); | |
| 223 | rar. setSecurit yTokenRefe rence(gene rateTokenR eference(a ssertion)) ; | |
| 224 | rstr .getUnknow nXMLObject s().add(ra r); | |
| 225 | ||
| 226 | fina l RequestS ecurityTok enResponse Collection rstrc = M ockSTSUtil s.createXM LObject(Re questSecur ityTokenRe sponseColl ection.cla ss); | |
| 227 | rstr c.getReque stSecurity TokenRespo nses().add (rstr); | |
| 228 | ||
| 229 | fina l Body bod y = MockST SUtils.cre ateSAMLObj ect(Body.c lass); | |
| 230 | body .getUnknow nXMLObject s().add(rs trc); | |
| 231 | retu rn body; | |
| 232 | } | |
| 233 | ||
| 234 | /* * | |
| 235 | * Gets the applies to . | |
| 236 | * | |
| 237 | * @return t he applies to | |
| 238 | * @throws I llegalArgu mentExcept ion | |
| 239 | * the ill egal argum ent except ion | |
| 240 | * @throws I llegalAcce ssExceptio n | |
| 241 | * the ill egal acces s exceptio n | |
| 242 | * @throws N oSuchField Exception | |
| 243 | * the no such field exception | |
| 244 | * @throws S ecurityExc eption | |
| 245 | * the sec urity exce ption | |
| 246 | * / | |
| 247 | pr ivate Appl iesTo getA ppliesTo() throws Il legalArgum entExcepti on, Illega lAccessExc eption, No SuchFieldE xception, SecurityEx ception { | |
| 248 | fina l Address address = MockSTSUti ls.createX MLObject(A ddress.cla ss); | |
| 249 | addr ess.setVal ue(SUBJECT _URL); | |
| 250 | fina l Endpoint Reference ep = MockS TSUtils.cr eateXMLObj ect(Endpoi ntReferenc e.class); | |
| 251 | ep.s etAddress( address); | |
| 252 | ||
| 253 | fina l AppliesT o at = Moc kSTSUtils. createXMLO bject(Appl iesTo.clas s); | |
| 254 | at.g etUnknownX MLObjects( ).add(ep); | |
| 255 | retu rn at; | |
| 256 | } | |
| 257 | ||
| 258 | /* * | |
| 259 | * Generate token refe rence. | |
| 260 | * | |
| 261 | * @param as sertion | |
| 262 | * the asse rtion | |
| 263 | * @return t he securit y token re ference | |
| 264 | * @throws I llegalArgu mentExcept ion | |
| 265 | * the ill egal argum ent except ion | |
| 266 | * @throws I llegalAcce ssExceptio n | |
| 267 | * the ill egal acces s exceptio n | |
| 268 | * @throws N oSuchField Exception | |
| 269 | * the no such field exception | |
| 270 | * @throws S ecurityExc eption | |
| 271 | * the sec urity exce ption | |
| 272 | * / | |
| 273 | pr ivate Secu rityTokenR eference g enerateTok enReferenc e(final As sertion as sertion) | |
| 274 | throws IllegalAr gumentExce ption, Ill egalAccess Exception, NoSuchFie ldExceptio n, Securit yException { | |
| 275 | fina l Security TokenRefer ence str = MockSTSUt ils.create XMLObject( SecurityTo kenReferen ce.class); | |
| 276 | ||
| 277 | fina l KeyIdent ifier keyI dentifier = MockSTSU tils.creat eXMLObject (KeyIdenti fier.class ); | |
| 278 | keyI dentifier. setValue(a ssertion.g etID()); | |
| 279 | keyI dentifier. getUnknown Attributes ().put(VAL UE_TYPE, S AMLID); | |
| 280 | keyI dentifier. setEncodin gType(null ); | |
| 281 | str. getUnknown Attributes ().put(TOK EN_TYPE, T OKEN_TYPE_ SAML_20); | |
| 282 | str. getUnknown XMLObjects ().add(key Identifier ); | |
| 283 | ||
| 284 | retu rn str; | |
| 285 | } | |
| 286 | ||
| 287 | /* * | |
| 288 | * Generate requested security t oken. | |
| 289 | * | |
| 290 | * @param as sertion | |
| 291 | * the asse rtion | |
| 292 | * @return t he request ed securit y token | |
| 293 | * @throws I llegalArgu mentExcept ion | |
| 294 | * the ill egal argum ent except ion | |
| 295 | * @throws I llegalAcce ssExceptio n | |
| 296 | * the ill egal acces s exceptio n | |
| 297 | * @throws N oSuchField Exception | |
| 298 | * the no such field exception | |
| 299 | * @throws S ecurityExc eption | |
| 300 | * the sec urity exce ption | |
| 301 | * / | |
| 302 | pr ivate Requ estedSecur ityToken g enerateReq uestedSecu rityToken( final Asse rtion asse rtion) | |
| 303 | throws IllegalAr gumentExce ption, Ill egalAccess Exception, NoSuchFie ldExceptio n, Securit yException { | |
| 304 | fina l Requeste dSecurityT oken rst = MockSTSUt ils.create XMLObject( RequestedS ecurityTok en.class); | |
| 305 | rst. setUnknown XMLObject( assertion) ; | |
| 306 | retu rn rst; | |
| 307 | } | |
| 308 | ||
| 309 | /* * | |
| 310 | * Generate binary sec urity toke n. | |
| 311 | * | |
| 312 | * @return t he binary security t oken | |
| 313 | * @throws X MLSignatur eException | |
| 314 | * the XML signature exception | |
| 315 | * @throws I llegalArgu mentExcept ion | |
| 316 | * the ill egal argum ent except ion | |
| 317 | * @throws I llegalAcce ssExceptio n | |
| 318 | * the ill egal acces s exceptio n | |
| 319 | * @throws N oSuchField Exception | |
| 320 | * the no such field exception | |
| 321 | * @throws S ecurityExc eption | |
| 322 | * the sec urity exce ption | |
| 323 | * / | |
| 324 | pr ivate Bina rySecurity Token gene rateBinary SecurityTo ken() | |
| 325 | throws XMLSignat ureExcepti on, Illega lArgumentE xception, IllegalAcc essExcepti on, NoSuch FieldExcep tion, Secu rityExcept ion { | |
| 326 | fina l BasicX50 9Credentia l credenti al = getX5 09Credenti al(); | |
| 327 | fina l BinarySe curityToke n bst = Mo ckSTSUtils .createXML Object(Bin arySecurit yToken.cla ss); | |
| 328 | ||
| 329 | bst. setEncodin gType("htt p://docs.o asis-open. org/wss/20 04/01/oasi s-200401-w ss-soap-me ssage-secu rity-1.0#B ase64Binar y"); | |
| 330 | bst. getUnknown Attributes ().put(VAL UE_TYPE, " http://doc s.oasis-op en.org/wss /2004/01/o asis-20040 1-wss-x509 -token-pro file-1.0#X 509v3"); | |
| 331 | bst. setWSUId(S tring.form at("BST-%s ", UUID.ra ndomUUID() .toString( ))); | |
| 332 | ||
| 333 | try { | |
| 334 | bst.se tValue(Bas e64.encode Bytes(cred ential.get EntityCert ificate(). getEncoded ())); | |
| 335 | } ca tch (final Certifica teEncoding Exception e) { | |
| 336 | throw new XMLSig natureExce ption(e.ge tMessage() ); | |
| 337 | } | |
| 338 | retu rn bst; | |
| 339 | } | |
| 340 | ||
| 341 | /* * | |
| 342 | * Generate assertion. | |
| 343 | * | |
| 344 | * @return t he asserti on | |
| 345 | * @throws I llegalArgu mentExcept ion | |
| 346 | * the ill egal argum ent except ion | |
| 347 | * @throws I llegalAcce ssExceptio n | |
| 348 | * the ill egal acces s exceptio n | |
| 349 | * @throws N oSuchField Exception | |
| 350 | * the no such field exception | |
| 351 | * @throws S ecurityExc eption | |
| 352 | * the sec urity exce ption | |
| 353 | * / | |
| 354 | pr ivate Asse rtion gene rateAssert ion() thro ws Illegal ArgumentEx ception, I llegalAcce ssExceptio n, NoSuchF ieldExcept ion, Secur ityExcepti on { | |
| 355 | fina l Assertio n assertio n = MockST SUtils.cre ateSAMLObj ect(Assert ion.class) ; | |
| 356 | fina l Subject subject = generateSu bject(SUBJ ECT_URL, V ALID_SECON DS, getUse rname()); | |
| 357 | fina l Issuer i ssuer = ge nerateIssu er(); | |
| 358 | ||
| 359 | // i nclude aud ience as p er spec | |
| 360 | fina l Audience audience = MockSTSU tils.creat eSAMLObjec t(Audience .class); | |
| 361 | audi ence.setAu dienceURI( SUBJECT_UR L); | |
| 362 | fina l Audience Restrictio n audience Restrictio n = MockST SUtils.cre ateSAMLObj ect(Audien ceRestrict ion.class) ; | |
| 363 | audi enceRestri ction.getA udiences() .add(audie nce); | |
| 364 | ||
| 365 | fina l Conditio ns conditi ons = Mock STSUtils.c reateSAMLO bject(Cond itions.cla ss); | |
| 366 | cond itions.get AudienceRe strictions ().add(aud ienceRestr iction); | |
| 367 | ||
| 368 | fina l AuthnSta tement aut hnStatemen t = genera teAuthnSta tement(); | |
| 369 | asse rtion.setI ssuer(issu er); | |
| 370 | asse rtion.setS ubject(sub ject); | |
| 371 | asse rtion.setC onditions( conditions ); | |
| 372 | asse rtion.getA uthnStatem ents().add (authnStat ement); | |
| 373 | ||
| 374 | fina l Attribut eStatement attribute Statement = generate AttributeS tatement() ; | |
| 375 | attr ibuteState ment.getAt tributes() .add(gener ateAttribu te("authns ystem", AU THNSYSTEM) ); | |
| 376 | attr ibuteState ment.getAt tributes() .add(gener ateAttribu te("authen ticationty pe", AUTHE NTICATION_ TYPE)); | |
| 377 | attr ibuteState ment.getAt tributes() .add(gener ateAttribu te("urn:oa sis:names: tc:xspa:2. 0:subject: npi", NPI) ); | |
| 378 | attr ibuteState ment.getAt tributes() .add(gener ateAttribu te("assura ncelevel", ASS_LEVEL )); | |
| 379 | attr ibuteState ment.getAt tributes() .add(gener ateAttribu te("urn:nh in:names:s aml:homeCo mmunityId" , COMMUNIT Y_ID)); | |
| 380 | attr ibuteState ment.getAt tributes() .add(gener ateAttribu te("urn:va :vrm:iam:t ransaction id", UUID. randomUUID ().toStrin g())); | |
| 381 | attr ibuteState ment.getAt tributes() .add(gener ateAttribu te("urn:va :vrm:iam:s ecid", use r.getSecId ())); | |
| 382 | attr ibuteState ment.getAt tributes() .add(gener ateAttribu te("unique UserId", u ser.getUse rname())); | |
| 383 | attr ibuteState ment.getAt tributes() .add(gener ateAttribu te("firstn ame", user .getFirstn ame())); | |
| 384 | attr ibuteState ment.getAt tributes() .add(gener ateAttribu te("lastna me", user. getLastnam e())); | |
| 385 | attr ibuteState ment.getAt tributes() .add(gener ateAttribu te("role", user.getR ole())); | |
| 386 | attr ibuteState ment.getAt tributes() .add(gener ateAttribu te("urn:va :vrm:iam:m viicn", us er.getIcn( ))); | |
| 387 | attr ibuteState ment.getAt tributes() .add(gener ateAttribu te("urn:va :vrm:iam:c orpid", us er.getCorp Id())); | |
| 388 | attr ibuteState ment.getAt tributes() .add(gener ateAttribu te("urn:va :vrm:iam:d odedipnid" , user.get Edipi())); | |
| 389 | attr ibuteState ment.getAt tributes() .add(gener ateAttribu te("urn:va :ad:samacc ountname", user.getA dSamAccoun tName())); | |
| 390 | attr ibuteState ment.getAt tributes() .add(gener ateAttribu te("upn", user.getAd Upn())); | |
| 391 | attr ibuteState ment.getAt tributes() .add(gener ateAttribu te("email" , user.get AdEmail()) ); | |
| 392 | attr ibuteState ment.getAt tributes() .add(gener ateAttribu te("urn:va :vrm:iam:v istaid", S tring.form at("%s_%s" , user.get Site(), us er.getDuz( )))); | |
| 393 | attr ibuteState ment.getAt tributes() | |
| 394 | .add(gen erateAttri bute("urn: oasis:name s:tc:xspa: 1.0:subjec t:subject- id", Strin g.format(" %s %s", us er.getFirs tname(), u ser.getLas tname()))) ; | |
| 395 | ||
| 396 | asse rtion.getA ttributeSt atements() .add(attri buteStatem ent); | |
| 397 | asse rtion.setI D(String.f ormat("Ass ertion-%s" , UUID.ran domUUID(). toString() )); | |
| 398 | asse rtion.setI ssueInstan t(new Date Time()); | |
| 399 | ||
| 400 | retu rn asserti on; | |
| 401 | ||
| 402 | } | |
| 403 | ||
| 404 | /* * | |
| 405 | * Generate subject. | |
| 406 | * | |
| 407 | * @param re cepient | |
| 408 | * the rece pient | |
| 409 | * @param va lidForInSe conds | |
| 410 | * the vali d for in s econds | |
| 411 | * @param na me | |
| 412 | * the name | |
| 413 | * @return t he subject | |
| 414 | * @throws I llegalArgu mentExcept ion | |
| 415 | * the ill egal argum ent except ion | |
| 416 | * @throws I llegalAcce ssExceptio n | |
| 417 | * the ill egal acces s exceptio n | |
| 418 | * @throws N oSuchField Exception | |
| 419 | * the no such field exception | |
| 420 | * @throws S ecurityExc eption | |
| 421 | * the sec urity exce ption | |
| 422 | * / | |
| 423 | pr ivate Subj ect genera teSubject( final Stri ng recepie nt, final int validF orInSecond s, final S tring name ) | |
| 424 | throws IllegalAr gumentExce ption, Ill egalAccess Exception, NoSuchFie ldExceptio n, Securit yException { | |
| 425 | fina l NameID n ameID = Mo ckSTSUtils .createSAM LObject(Na meID.class ); | |
| 426 | name ID.setValu e(name); | |
| 427 | name ID.setForm at(NameIDT ype.PERSIS TENT); | |
| 428 | ||
| 429 | fina l Subject subject = MockSTSUti ls.createS AMLObject( Subject.cl ass); | |
| 430 | subj ect.setNam eID(nameID ); | |
| 431 | ||
| 432 | fina l SubjectC onfirmatio n subjectC onfirmatio n = MockST SUtils.cre ateSAMLObj ect(Subjec tConfirmat ion.class) ; | |
| 433 | subj ectConfirm ation.setM ethod(Subj ectConfirm ation.METH OD_BEARER) ; | |
| 434 | ||
| 435 | fina l SubjectC onfirmatio nData subj ectConfirm ationData = MockSTSU tils.creat eSAMLObjec t(SubjectC onfirmatio nData.clas s); | |
| 436 | subj ectConfirm ationData. setRecipie nt(recepie nt); | |
| 437 | subj ectConfirm ationData. setNotOnOr After(new DateTime() .plusSecon ds(validFo rInSeconds )); | |
| 438 | subj ectConfirm ation.setS ubjectConf irmationDa ta(subject Confirmati onData); | |
| 439 | subj ect.getSub jectConfir mations(). add(subjec tConfirmat ion); | |
| 440 | ||
| 441 | retu rn subject ; | |
| 442 | } | |
| 443 | ||
| 444 | /* * | |
| 445 | * Generate issuer. | |
| 446 | * | |
| 447 | * @return t he issuer | |
| 448 | * @throws I llegalArgu mentExcept ion | |
| 449 | * the ill egal argum ent except ion | |
| 450 | * @throws I llegalAcce ssExceptio n | |
| 451 | * the ill egal acces s exceptio n | |
| 452 | * @throws N oSuchField Exception | |
| 453 | * the no such field exception | |
| 454 | * @throws S ecurityExc eption | |
| 455 | * the sec urity exce ption | |
| 456 | * / | |
| 457 | pr ivate Issu er generat eIssuer() throws Ill egalArgume ntExceptio n, Illegal AccessExce ption, NoS uchFieldEx ception, S ecurityExc eption { | |
| 458 | fina l Issuer i ssuer = Mo ckSTSUtils .createSAM LObject(Is suer.class ); | |
| 459 | issu er.setValu e(ISSUER); | |
| 460 | issu er.setForm at(NameIDT ype.ENTITY ); | |
| 461 | retu rn issuer; | |
| 462 | } | |
| 463 | ||
| 464 | /* * | |
| 465 | * Generate authn stat ement. | |
| 466 | * | |
| 467 | * @return t he authn s tatement | |
| 468 | * @throws I llegalArgu mentExcept ion | |
| 469 | * the ill egal argum ent except ion | |
| 470 | * @throws I llegalAcce ssExceptio n | |
| 471 | * the ill egal acces s exceptio n | |
| 472 | * @throws N oSuchField Exception | |
| 473 | * the no such field exception | |
| 474 | * @throws S ecurityExc eption | |
| 475 | * the sec urity exce ption | |
| 476 | * / | |
| 477 | pr ivate Auth nStatement generateA uthnStatem ent() thro ws Illegal ArgumentEx ception, I llegalAcce ssExceptio n, NoSuchF ieldExcept ion, Secur ityExcepti on { | |
| 478 | fina l AuthnCon textClassR ef authnCo ntextClass Ref = Mock STSUtils.c reateSAMLO bject(Auth nContextCl assRef.cla ss); | |
| 479 | auth nContextCl assRef.set AuthnConte xtClassRef (AuthnCont ext.PASSWO RD_AUTHN_C TX); | |
| 480 | ||
| 481 | fina l AuthnCon text authn Context = MockSTSUti ls.createS AMLObject( AuthnConte xt.class); | |
| 482 | auth nContext.s etAuthnCon textClassR ef(authnCo ntextClass Ref); | |
| 483 | ||
| 484 | fina l AuthnSta tement aut hnStatemen t = MockST SUtils.cre ateSAMLObj ect(AuthnS tatement.c lass); | |
| 485 | auth nStatement .setAuthnC ontext(aut hnContext) ; | |
| 486 | auth nStatement .setAuthnI nstant(new DateTime( )); | |
| 487 | ||
| 488 | retu rn authnSt atement; | |
| 489 | } | |
| 490 | ||
| 491 | /* * | |
| 492 | * Generate attribute statement. | |
| 493 | * | |
| 494 | * @return t he attribu te stateme nt | |
| 495 | * @throws I llegalArgu mentExcept ion | |
| 496 | * the ill egal argum ent except ion | |
| 497 | * @throws I llegalAcce ssExceptio n | |
| 498 | * the ill egal acces s exceptio n | |
| 499 | * @throws N oSuchField Exception | |
| 500 | * the no such field exception | |
| 501 | * @throws S ecurityExc eption | |
| 502 | * the sec urity exce ption | |
| 503 | * / | |
| 504 | pr ivate Attr ibuteState ment gener ateAttribu teStatemen t() throws IllegalAr gumentExce ption, Ill egalAccess Exception, NoSuchFie ldExceptio n, Securit yException { | |
| 505 | fina l Attribut eStatement attribute Statement = MockSTSU tils.creat eSAMLObjec t(Attribut eStatement .class); | |
| 506 | retu rn attribu teStatemen t; | |
| 507 | } | |
| 508 | ||
| 509 | /* * | |
| 510 | * Generate attribute. | |
| 511 | * | |
| 512 | * @param at trName | |
| 513 | * the attr name | |
| 514 | * @param at trValue | |
| 515 | * the attr value | |
| 516 | * @return t he attribu te | |
| 517 | * @throws I llegalArgu mentExcept ion | |
| 518 | * the ill egal argum ent except ion | |
| 519 | * @throws I llegalAcce ssExceptio n | |
| 520 | * the ill egal acces s exceptio n | |
| 521 | * @throws N oSuchField Exception | |
| 522 | * the no such field exception | |
| 523 | * @throws S ecurityExc eption | |
| 524 | * the sec urity exce ption | |
| 525 | * / | |
| 526 | pr ivate Attr ibute gene rateAttrib ute(final String att rName, fin al String attrValue) | |
| 527 | throws IllegalAr gumentExce ption, Ill egalAccess Exception, NoSuchFie ldExceptio n, Securit yException { | |
| 528 | fina l Attribut e attribut e = MockST SUtils.cre ateSAMLObj ect(Attrib ute.class) ; | |
| 529 | attr ibute.setN ame(attrNa me); | |
| 530 | ||
| 531 | fina l XSString Builder st ringBuilde r = (XSStr ingBuilder ) Configur ation.getB uilderFact ory().getB uilder(XSS tring.TYPE _NAME); | |
| 532 | fina l XSString stringVal ue = strin gBuilder.b uildObject (Attribute Value.DEFA ULT_ELEMEN T_NAME, XS String.TYP E_NAME); | |
| 533 | stri ngValue.se tValue(att rValue); | |
| 534 | ||
| 535 | attr ibute.getA ttributeVa lues().add (stringVal ue); | |
| 536 | retu rn attribu te; | |
| 537 | } | |
| 538 | ||
| 539 | /* * | |
| 540 | * Generate timestamp. | |
| 541 | * | |
| 542 | * @param ti mestampSke w | |
| 543 | * the time stamp skew | |
| 544 | * @return t he timesta mp | |
| 545 | * @throws I llegalArgu mentExcept ion | |
| 546 | * the ill egal argum ent except ion | |
| 547 | * @throws I llegalAcce ssExceptio n | |
| 548 | * the ill egal acces s exceptio n | |
| 549 | * @throws N oSuchField Exception | |
| 550 | * the no such field exception | |
| 551 | * @throws S ecurityExc eption | |
| 552 | * the sec urity exce ption | |
| 553 | * / | |
| 554 | pu blic Times tamp gener ateTimesta mp(final i nt timesta mpSkew) th rows Illeg alArgument Exception, IllegalAc cessExcept ion, NoSuc hFieldExce ption, Sec urityExcep tion { | |
| 555 | fina l DateTime now = new DateTime( ).toDateTi me(DateTim eZone.UTC) ; | |
| 556 | ||
| 557 | fina l Timestam p timestam p = MockST SUtils.cre ateXMLObje ct(Timesta mp.class); | |
| 558 | ||
| 559 | fina l Created created = MockSTSUti ls.createX MLObject(C reated.cla ss); | |
| 560 | crea ted.setDat eTime(now. minusSecon ds(timesta mpSkew)); | |
| 561 | time stamp.setC reated(cre ated); | |
| 562 | ||
| 563 | fina l Expires exp = Mock STSUtils.c reateXMLOb ject(Expir es.class); | |
| 564 | exp. setDateTim e(now.plus Seconds(ti mestampSke w)); | |
| 565 | time stamp.setE xpires(exp ); | |
| 566 | ||
| 567 | retu rn timesta mp; | |
| 568 | } | |
| 569 | ||
| 570 | /* * | |
| 571 | * Generate lifetime. | |
| 572 | * | |
| 573 | * @param ti mestampSke w | |
| 574 | * the time stamp skew | |
| 575 | * @return t he lifetim e | |
| 576 | * @throws I llegalArgu mentExcept ion | |
| 577 | * the ill egal argum ent except ion | |
| 578 | * @throws I llegalAcce ssExceptio n | |
| 579 | * the ill egal acces s exceptio n | |
| 580 | * @throws N oSuchField Exception | |
| 581 | * the no such field exception | |
| 582 | * @throws S ecurityExc eption | |
| 583 | * the sec urity exce ption | |
| 584 | * / | |
| 585 | pu blic Lifet ime genera teLifetime (final int timestamp Skew) thro ws Illegal ArgumentEx ception, I llegalAcce ssExceptio n, NoSuchF ieldExcept ion, Secur ityExcepti on { | |
| 586 | fina l DateTime now = new DateTime( ).toDateTi me(DateTim eZone.UTC) ; | |
| 587 | ||
| 588 | fina l Lifetime lifetime = MockSTSU tils.creat eXMLObject (Lifetime. class); | |
| 589 | ||
| 590 | fina l Created created = MockSTSUti ls.createX MLObject(C reated.cla ss); | |
| 591 | crea ted.setDat eTime(now. minusSecon ds(timesta mpSkew)); | |
| 592 | life time.setCr eated(crea ted); | |
| 593 | ||
| 594 | fina l Expires exp = Mock STSUtils.c reateXMLOb ject(Expir es.class); | |
| 595 | exp. setDateTim e(now.plus Seconds(ti mestampSke w)); | |
| 596 | life time.setEx pires(exp) ; | |
| 597 | ||
| 598 | retu rn lifetim e; | |
| 599 | } | |
| 600 | ||
| 601 | /* * | |
| 602 | * Gets the x509 crede ntial. | |
| 603 | * | |
| 604 | * @return t he x509 cr edential | |
| 605 | * / | |
| 606 | pr ivate Basi cX509Crede ntial getX 509Credent ial() { | |
| 607 | fina l ClassLoa der classl oader = Th read.curre ntThread() .getContex tClassLoad er(); | |
| 608 | fina l BasicX50 9Credentia l credenti al = new B asicX509Cr edential() ; | |
| 609 | ||
| 610 | try { | |
| 611 | KeySto re keystor e; | |
| 612 | keysto re = KeySt ore.getIns tance(KeyS tore.getDe faultType( )); | |
| 613 | ||
| 614 | final InputStrea m inputStr eam = clas sloader.ge tResourceA sStream(SI GNING_JKS) ; | |
| 615 | keysto re.load(in putStream, JKS_PASSW ORD.toChar Array()); | |
| 616 | inputS tream.clos e(); | |
| 617 | ||
| 618 | KeySto re.Private KeyEntry p kEntry = n ull; | |
| 619 | pkEntr y = (KeySt ore.Privat eKeyEntry) keystore. getEntry(J KS_ALIAS, new KeySto re.Passwor dProtectio n(JKS_PASS WORD.toCha rArray())) ; | |
| 620 | final PrivateKey pk = pkEn try.getPri vateKey(); | |
| 621 | ||
| 622 | final X509Certif icate cert ificate = (X509Certi ficate) pk Entry.getC ertificate (); | |
| 623 | creden tial.setEn tityCertif icate(cert ificate); | |
| 624 | creden tial.setPr ivateKey(p k); | |
| 625 | } ca tch (final KeyStoreE xception e ) { | |
| 626 | if (LO GGER.isErr orEnabled( )) { | |
| 627 | LOGGER.e rror("**** ** - KeySt oreExcepti on : {}", e.getMessa ge()); | |
| 628 | } | |
| 629 | } ca tch (final FileNotFo undExcepti on e) { | |
| 630 | if (LO GGER.isErr orEnabled( )) { | |
| 631 | LOGGER.e rror("**** ** - FileN otFoundExc eption : { }", e.getM essage()); | |
| 632 | } | |
| 633 | } ca tch (final NoSuchAlg orithmExce ption e) { | |
| 634 | if (LO GGER.isErr orEnabled( )) { | |
| 635 | LOGGER.e rror("**** ** - NoSuc hAlgorithm Exception : {}", e.g etMessage( )); | |
| 636 | } | |
| 637 | } ca tch (final Certifica teExceptio n e) { | |
| 638 | if (LO GGER.isErr orEnabled( )) { | |
| 639 | LOGGER.e rror("**** ** - Certi ficateExce ption : {} ", e.getMe ssage()); | |
| 640 | } | |
| 641 | } ca tch (final IOExcepti on e) { | |
| 642 | if (LO GGER.isErr orEnabled( )) { | |
| 643 | LOGGER.e rror("**** ** - IOExc eption : { }", e.getM essage()); | |
| 644 | } | |
| 645 | } ca tch (final Unrecover ableEntryE xception e ) { | |
| 646 | if (LO GGER.isErr orEnabled( )) { | |
| 647 | LOGGER.e rror("**** ** - Unrec overableEn tryExcepti on : {}", e.getMessa ge()); | |
| 648 | } | |
| 649 | } | |
| 650 | ||
| 651 | retu rn credent ial; | |
| 652 | ||
| 653 | } | |
| 654 | ||
| 655 | /* * | |
| 656 | * Sign asse rtion. | |
| 657 | * | |
| 658 | * @param as sertion | |
| 659 | * the asse rtion | |
| 660 | * @param ke yId | |
| 661 | * the key id | |
| 662 | * @return t he signatu re | |
| 663 | * @throws I llegalArgu mentExcept ion | |
| 664 | * the ill egal argum ent except ion | |
| 665 | * @throws I llegalAcce ssExceptio n | |
| 666 | * the ill egal acces s exceptio n | |
| 667 | * @throws N oSuchField Exception | |
| 668 | * the no such field exception | |
| 669 | * @throws S ecurityExc eption | |
| 670 | * the sec urity exce ption | |
| 671 | * / | |
| 672 | pr ivate Sign ature sign Assertion( final Asse rtion asse rtion, fin al String keyId) | |
| 673 | throws IllegalAr gumentExce ption, Ill egalAccess Exception, NoSuchFie ldExceptio n, Securit yException { | |
| 674 | fina l Signatur e signatur e = MockST SUtils.cre ateSAMLObj ect(Signat ure.class) ; | |
| 675 | try { | |
| 676 | final BasicX509C redential credential = getX509 Credential (); | |
| 677 | signat ure.setSig ningCreden tial(crede ntial); | |
| 678 | signat ure.setSig natureAlgo rithm(Sign atureConst ants.ALGO_ ID_SIGNATU RE_RSA_SHA 256); | |
| 679 | signat ure.setCan onicalizat ionAlgorit hm(Signatu reConstant s.ALGO_ID_ C14N_EXCL_ OMIT_COMME NTS); | |
| 680 | ||
| 681 | final Reference ref = Mock STSUtils.c reateXMLOb ject(Refer ence.class ); | |
| 682 | ref.se tURI(Strin g.format(" #%s", keyI d)); | |
| 683 | ref.se tValueType (WSSecurit yConstants .X509_V3); | |
| 684 | ||
| 685 | final SecurityTo kenReferen ce str = M ockSTSUtil s.createXM LObject(Se curityToke nReference .class); | |
| 686 | str.ge tUnknownXM LObjects() .add(ref); | |
| 687 | ||
| 688 | final KeyInfo ke yinfo = Mo ckSTSUtils .createSAM LObject(Ke yInfo.clas s); | |
| 689 | keyinf o.getXMLOb jects().ad d(str); | |
| 690 | signat ure.setKey Info(keyin fo); | |
| 691 | ||
| 692 | assert ion.setSig nature(sig nature); | |
| 693 | ||
| 694 | Config uration.ge tMarshalle rFactory() .getMarsha ller(asser tion).mars hall(asser tion); | |
| 695 | Signer .signObjec t(signatur e); | |
| 696 | ||
| 697 | } ca tch (final Marshalli ngExceptio n e) { | |
| 698 | if (LO GGER.isErr orEnabled( )) { | |
| 699 | LOGGER.e rror("**** ** - Marsh allingExce ption : {} ", e.getMe ssage()); | |
| 700 | } | |
| 701 | } ca tch (final Signature Exception e) { | |
| 702 | if (LO GGER.isErr orEnabled( )) { | |
| 703 | LOGGER.e rror("**** ** - Signa tureExcept ion : {}", e.getMess age()); | |
| 704 | } | |
| 705 | } | |
| 706 | retu rn signatu re; | |
| 707 | } | |
| 708 | ||
| 709 | /* * | |
| 710 | * Gets the username. | |
| 711 | * | |
| 712 | * @return t he usernam e | |
| 713 | * / | |
| 714 | pu blic Strin g getUsern ame() { | |
| 715 | retu rn usernam e; | |
| 716 | } | |
| 717 | ||
| 718 | /* * | |
| 719 | * Sets the username. | |
| 720 | * | |
| 721 | * @param us ername | |
| 722 | * the new username | |
| 723 | * / | |
| 724 | pu blic void setUsernam e(final St ring usern ame) { | |
| 725 | this .username = username ; | |
| 726 | } | |
| 727 | ||
| 728 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.