Package org.apache.wss4j.common.saml

Class SamlAssertionWrapper

  • public class SamlAssertionWrapper
extends Object
    Class SamlAssertionWrapper can generate, sign, and validate both SAML v1.1 and SAML v2.0 assertions.

    • Constructor Detail

      • SamlAssertionWrapper

        public SamlAssertionWrapper​(Element element)
                     throws WSSecurityException
        Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance.
        Parameters:
        element - of type Element
        Throws:
        WSSecurityException

      • SamlAssertionWrapper

        public SamlAssertionWrapper​(org.opensaml.saml.common.SAMLObject samlObject)
                     throws WSSecurityException
        Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance. This is the primary constructor. All other constructor calls should be routed to this method to ensure that the wrapper is initialized correctly.
        Parameters:
        samlObject - of type SAMLObject
        Throws:
        WSSecurityException

      • SamlAssertionWrapper

        public SamlAssertionWrapper​(SAMLCallback samlCallback)
                     throws WSSecurityException
        Constructor SamlAssertionWrapper creates a new SamlAssertionWrapper instance. This constructor is primarily called on the client side to initialize the wrapper from a configuration file.
        Parameters:
        samlCallback - of type SAMLCallback
        Throws:
        WSSecurityException

    • Method Detail

      • getSaml1

        public org.opensaml.saml.saml1.core.Assertion getSaml1()
        Method getSaml1 returns the saml1 of this SamlAssertionWrapper object.
        Returns:
        the saml1 (type Assertion) of this SamlAssertionWrapper object.

      • getSaml2

        public org.opensaml.saml.saml2.core.Assertion getSaml2()
        Method getSaml2 returns the saml2 of this SamlAssertionWrapper object.
        Returns:
        the saml2 (type Assertion) of this SamlAssertionWrapper object.

      • isCreated

        public boolean isCreated()
        Method isCreated returns the created of this SamlAssertionWrapper object.
        Returns:
        the created (type boolean) of this SamlAssertionWrapper object.

      • toDOM

        public Element toDOM​(Document doc)
              throws WSSecurityException
        Create a DOM from the current XMLObject content. If the user-supplied doc is not null, reparent the returned Element so that it is compatible with the user-supplied document.
        Parameters:
        doc - of type Document
        Returns:
        Element
        Throws:
        WSSecurityException

      • getNotBefore

        public Instant getNotBefore()

      • getNotOnOrAfter

        public Instant getNotOnOrAfter()

      • getId

        public String getId()
        Method getId returns the id of this SamlAssertionWrapper object.
        Returns:
        the id (type String) of this SamlAssertionWrapper object.

      • getIssuerString

        public String getIssuerString()
        Method getIssuerString returns the issuerString of this SamlAssertionWrapper object.
        Returns:
        the issuerString (type String) of this SamlAssertionWrapper object.

      • getSubjectName

        public String getSubjectName()
        Method getSubjectName returns the Subject name value
        Returns:
        the subjectName of this SamlAssertionWrapper object

      • getConfirmationMethods

        public List<String> getConfirmationMethods()
        Method getConfirmationMethods returns the confirmationMethods of this SamlAssertionWrapper object.
        Returns:
        the confirmationMethods of this SamlAssertionWrapper object.

      • isSigned

        public boolean isSigned()
        Method isSigned returns the signed of this SamlAssertionWrapper object.
        Returns:
        the signed (type boolean) of this SamlAssertionWrapper object.

      • setSignature

        public void setSignature​(org.opensaml.xmlsec.signature.Signature signature)
        Method setSignature sets the signature of this SamlAssertionWrapper object.
        Parameters:
        signature - the signature of this SamlAssertionWrapper object.

      • setSignature

        public void setSignature​(org.opensaml.xmlsec.signature.Signature signature,
                         String signatureDigestAlgorithm)
        Method setSignature sets the signature of this SamlAssertionWrapper object.
        Parameters:
        signature - the signature of this SamlAssertionWrapper object.
        signatureDigestAlgorithm - the signature digest algorithm to use

      • signAssertion

        public void signAssertion​(String issuerKeyName,
                          String issuerKeyPassword,
                          Crypto issuerCrypto,
                          boolean sendKeyValue)
                   throws WSSecurityException
        Create an enveloped signature on the assertion that has been created.
        Parameters:
        issuerKeyName - the Issuer KeyName to use with the issuerCrypto argument
        issuerKeyPassword - the Issuer Password to use with the issuerCrypto argument
        issuerCrypto - the Issuer Crypto instance
        sendKeyValue - whether to send the key value or not
        Throws:
        WSSecurityException

      • signAssertion

        public void signAssertion​(String issuerKeyName,
                          String issuerKeyPassword,
                          Crypto issuerCrypto,
                          boolean sendKeyValue,
                          String canonicalizationAlgorithm,
                          String signatureAlgorithm)
                   throws WSSecurityException
        Create an enveloped signature on the assertion that has been created.
        Parameters:
        issuerKeyName - the Issuer KeyName to use with the issuerCrypto argument
        issuerKeyPassword - the Issuer Password to use with the issuerCrypto argument
        issuerCrypto - the Issuer Crypto instance
        sendKeyValue - whether to send the key value or not
        canonicalizationAlgorithm - the canonicalization algorithm to be used for signing
        signatureAlgorithm - the signature algorithm to be used for signing
        Throws:
        WSSecurityException

      • signAssertion

        public void signAssertion​(String issuerKeyName,
                          String issuerKeyPassword,
                          Crypto issuerCrypto,
                          boolean sendKeyValue,
                          String canonicalizationAlgorithm,
                          String signatureAlgorithm,
                          String signatureDigestAlgorithm)
                   throws WSSecurityException
        Create an enveloped signature on the assertion that has been created.
        Parameters:
        issuerKeyName - the Issuer KeyName to use with the issuerCrypto argument
        issuerKeyPassword - the Issuer Password to use with the issuerCrypto argument
        issuerCrypto - the Issuer Crypto instance
        sendKeyValue - whether to send the key value or not
        canonicalizationAlgorithm - the canonicalization algorithm to be used for signing
        signatureAlgorithm - the signature algorithm to be used for signing
        signatureDigestAlgorithm - the signature Digest algorithm to use
        Throws:
        WSSecurityException

      • validateSignatureAgainstProfile

        public void validateSignatureAgainstProfile()
                                     throws WSSecurityException
        Validate the signature of the Assertion against the Profile. This does not actually verify the signature itself (see the verifySignature method for this)
        Throws:
        WSSecurityException

      • getSamlVersion

        public org.opensaml.saml.common.SAMLVersion getSamlVersion()
        Method getSamlVersion returns the samlVersion of this SamlAssertionWrapper object.
        Returns:
        the samlVersion (type SAMLVersion) of this SamlAssertionWrapper object.

      • getElement

        public Element getElement()
        Get the Assertion as a DOM Element.
        Returns:
        the assertion as a DOM Element

      • getSignatureKeyInfo

        public SAMLKeyInfo getSignatureKeyInfo()
        Get the SAMLKeyInfo associated with the signature of the assertion
        Returns:
        the SAMLKeyInfo associated with the signature of the assertion

      • getSubjectKeyInfo

        public SAMLKeyInfo getSubjectKeyInfo()
        Get the SAMLKeyInfo associated with the Subject KeyInfo
        Returns:
        the SAMLKeyInfo associated with the Subject KeyInfo

      • getSignatureValue

        public byte[] getSignatureValue()
                         throws WSSecurityException
        Get the SignatureValue bytes of the signed SAML Assertion
        Returns:
        the SignatureValue bytes of the signed SAML Assertion
        Throws:
        WSSecurityException

      • getSamlObject

        public org.opensaml.saml.common.SAMLObject getSamlObject()

      • checkAuthnStatements

        public void checkAuthnStatements​(int futureTTL)
                          throws WSSecurityException
        Check the various attributes of the AuthnStatements of the assertion (if any)
        Throws:
        WSSecurityException