1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.wss4j.policy.model;
20
21 import org.apache.neethi.Assertion;
22 import org.apache.neethi.Policy;
23 import org.apache.wss4j.policy.SPConstants;
24 import org.w3c.dom.Element;
25
26 import javax.xml.namespace.QName;
27 import java.util.*;
28
29 public class SamlToken extends AbstractToken {
30
31 public enum SamlTokenType {
32 WssSamlV10Token10,
33 WssSamlV11Token10,
34 WssSamlV10Token11,
35 WssSamlV11Token11,
36 WssSamlV20Token11;
37
38 private static final Map<String, SamlTokenType> LOOKUP = new HashMap<>();
39
40 static {
41 for (SamlTokenType u : EnumSet.allOf(SamlTokenType.class)) {
42 LOOKUP.put(u.name(), u);
43 }
44 }
45
46 public static SamlTokenType lookUp(String name) {
47 return LOOKUP.get(name);
48 }
49 }
50
51 private boolean requireKeyIdentifierReference;
52 private SamlTokenType samlTokenType;
53
54 public SamlToken(SPConstants.SPVersion version, SPConstants.IncludeTokenType includeTokenType,
55 Element issuer, String issuerName, Element claims, Policy nestedPolicy) {
56 super(version, includeTokenType, issuer, issuerName, claims, nestedPolicy);
57
58 parseNestedPolicy(nestedPolicy, this);
59 }
60
61 @Override
62 public QName getName() {
63 return getVersion().getSPConstants().getSamlToken();
64 }
65
66 @Override
67 public boolean equals(Object object) {
68 if (object == this) {
69 return true;
70 }
71 if (!(object instanceof SamlToken)) {
72 return false;
73 }
74
75 SamlToken that = (SamlToken)object;
76 if (requireKeyIdentifierReference != that.requireKeyIdentifierReference) {
77 return false;
78 }
79 if (samlTokenType != that.samlTokenType) {
80 return false;
81 }
82
83 return super.equals(object);
84 }
85
86 @Override
87 public int hashCode() {
88 int result = 17;
89 if (samlTokenType != null) {
90 result = 31 * result + samlTokenType.hashCode();
91 }
92 result = 31 * result + Boolean.hashCode(requireKeyIdentifierReference);
93
94 return 31 * result + super.hashCode();
95 }
96
97 @Override
98 protected AbstractSecurityAssertion cloneAssertion(Policy nestedPolicy) {
99 return new SamlToken(getVersion(), getIncludeTokenType(), getIssuer(), getIssuerName(),
100 getClaims(), nestedPolicy);
101 }
102
103 protected void parseNestedPolicy(Policy nestedPolicy, SamlToken samlToken) {
104 Iterator<List<Assertion>> alternatives = nestedPolicy.getAlternatives();
105
106
107
108 if (alternatives.hasNext()) {
109 List<Assertion> assertions = alternatives.next();
110 for (Assertion assertion : assertions) {
111 String assertionName = assertion.getName().getLocalPart();
112 String assertionNamespace = assertion.getName().getNamespaceURI();
113 DerivedKeys derivedKeys = DerivedKeys.lookUp(assertionName);
114 if (derivedKeys != null) {
115 if (samlToken.getDerivedKeys() != null) {
116 throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
117 }
118 samlToken.setDerivedKeys(derivedKeys);
119 continue;
120 }
121
122 QName requireKeyIdentifierRef =
123 getVersion().getSPConstants().getRequireKeyIdentifierReference();
124 if (requireKeyIdentifierRef.getLocalPart().equals(assertionName)
125 && requireKeyIdentifierRef.getNamespaceURI().equals(assertionNamespace)) {
126 if (samlToken.isRequireKeyIdentifierReference()) {
127 throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
128 }
129 samlToken.setRequireKeyIdentifierReference(true);
130 continue;
131 }
132 SamlTokenType samlTokenType = SamlTokenType.lookUp(assertionName);
133 if (samlTokenType != null) {
134 if (samlToken.getSamlTokenType() != null) {
135 throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
136 }
137 samlToken.setSamlTokenType(samlTokenType);
138 continue;
139 }
140 }
141 }
142 }
143
144 public boolean isRequireKeyIdentifierReference() {
145 return requireKeyIdentifierReference;
146 }
147
148 public void setRequireKeyIdentifierReference(boolean requireKeyIdentifierReference) {
149 this.requireKeyIdentifierReference = requireKeyIdentifierReference;
150 }
151
152 public SamlTokenType getSamlTokenType() {
153 return samlTokenType;
154 }
155
156 protected void setSamlTokenType(SamlTokenType samlTokenType) {
157 this.samlTokenType = samlTokenType;
158 }
159 }