View Javadoc
1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.wss4j.policy.model;
20  
21  import org.apache.neethi.Assertion;
22  import org.apache.neethi.Policy;
23  import org.apache.wss4j.policy.SPConstants;
24  import org.w3c.dom.Element;
25  
26  import javax.xml.namespace.QName;
27  import java.util.*;
28  
29  public class SamlToken extends AbstractToken {
30  
31      public enum SamlTokenType {
32          WssSamlV10Token10,
33          WssSamlV11Token10,
34          WssSamlV10Token11,
35          WssSamlV11Token11,
36          WssSamlV20Token11;
37  
38          private static final Map<String, SamlTokenType> LOOKUP = new HashMap<>();
39  
40          static {
41              for (SamlTokenType u : EnumSet.allOf(SamlTokenType.class)) {
42                  LOOKUP.put(u.name(), u);
43              }
44          }
45  
46          public static SamlTokenType lookUp(String name) {
47              return LOOKUP.get(name);
48          }
49      }
50  
51      private boolean requireKeyIdentifierReference;
52      private SamlTokenType samlTokenType;
53  
54      public SamlToken(SPConstants.SPVersion version, SPConstants.IncludeTokenType includeTokenType,
55                       Element issuer, String issuerName, Element claims, Policy nestedPolicy) {
56          super(version, includeTokenType, issuer, issuerName, claims, nestedPolicy);
57  
58          parseNestedPolicy(nestedPolicy, this);
59      }
60  
61      @Override
62      public QName getName() {
63          return getVersion().getSPConstants().getSamlToken();
64      }
65  
66      @Override
67      public boolean equals(Object object) {
68          if (object == this) {
69              return true;
70          }
71          if (!(object instanceof SamlToken)) {
72              return false;
73          }
74  
75          SamlToken that = (SamlToken)object;
76          if (requireKeyIdentifierReference != that.requireKeyIdentifierReference) {
77              return false;
78          }
79          if (samlTokenType != that.samlTokenType) {
80              return false;
81          }
82  
83          return super.equals(object);
84      }
85  
86      @Override
87      public int hashCode() {
88          int result = 17;
89          if (samlTokenType != null) {
90              result = 31 * result + samlTokenType.hashCode();
91          }
92          result = 31 * result + Boolean.hashCode(requireKeyIdentifierReference);
93  
94          return 31 * result + super.hashCode();
95      }
96  
97      @Override
98      protected AbstractSecurityAssertion cloneAssertion(Policy nestedPolicy) {
99          return new SamlToken(getVersion(), getIncludeTokenType(), getIssuer(), getIssuerName(),
100                              getClaims(), nestedPolicy);
101     }
102 
103     protected void parseNestedPolicy(Policy nestedPolicy, SamlToken samlToken) {
104         Iterator<List<Assertion>> alternatives = nestedPolicy.getAlternatives();
105         //we just process the first alternative
106         //this means that if we have a compact policy only the first alternative is visible
107         //in contrary to a normalized policy where just one alternative exists
108         if (alternatives.hasNext()) {
109             List<Assertion> assertions = alternatives.next();
110             for (Assertion assertion : assertions) {
111                 String assertionName = assertion.getName().getLocalPart();
112                 String assertionNamespace = assertion.getName().getNamespaceURI();
113                 DerivedKeys derivedKeys = DerivedKeys.lookUp(assertionName);
114                 if (derivedKeys != null) {
115                     if (samlToken.getDerivedKeys() != null) {
116                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
117                     }
118                     samlToken.setDerivedKeys(derivedKeys);
119                     continue;
120                 }
121 
122                 QName requireKeyIdentifierRef =
123                     getVersion().getSPConstants().getRequireKeyIdentifierReference();
124                 if (requireKeyIdentifierRef.getLocalPart().equals(assertionName)
125                     && requireKeyIdentifierRef.getNamespaceURI().equals(assertionNamespace)) {
126                     if (samlToken.isRequireKeyIdentifierReference()) {
127                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
128                     }
129                     samlToken.setRequireKeyIdentifierReference(true);
130                     continue;
131                 }
132                 SamlTokenType samlTokenType = SamlTokenType.lookUp(assertionName);
133                 if (samlTokenType != null) {
134                     if (samlToken.getSamlTokenType() != null) {
135                         throw new IllegalArgumentException(SPConstants.ERR_INVALID_POLICY);
136                     }
137                     samlToken.setSamlTokenType(samlTokenType);
138                     continue;
139                 }
140             }
141         }
142     }
143 
144     public boolean isRequireKeyIdentifierReference() {
145         return requireKeyIdentifierReference;
146     }
147 
148     public void setRequireKeyIdentifierReference(boolean requireKeyIdentifierReference) {
149         this.requireKeyIdentifierReference = requireKeyIdentifierReference;
150     }
151 
152     public SamlTokenType getSamlTokenType() {
153         return samlTokenType;
154     }
155 
156     protected void setSamlTokenType(SamlTokenType samlTokenType) {
157         this.samlTokenType = samlTokenType;
158     }
159 }