samlassertion.java

开放源代码的基于SAML的单点登录系统

/* 
 * The OpenSAML License, Version 1. 
 * Copyright (c) 2002 
 * University Corporation for Advanced Internet Development, Inc. 
 * All rights reserved
 * 
 * 
 * Redistribution and use in source and binary forms, with or without 
 * modification, are permitted provided that the following conditions are met:
 * 
 * Redistributions of source code must retain the above copyright notice, this 
 * list of conditions and the following disclaimer.
 * 
 * Redistributions in binary form must reproduce the above copyright notice, 
 * this list of conditions and the following disclaimer in the documentation 
 * and/or other materials provided with the distribution, if any, must include 
 * the following acknowledgment: "This product includes software developed by 
 * the University Corporation for Advanced Internet Development 
 * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
 * may appear in the software itself, if and wherever such third-party 
 * acknowledgments normally appear.
 * 
 * Neither the name of OpenSAML nor the names of its contributors, nor 
 * Internet2, nor the University Corporation for Advanced Internet Development, 
 * Inc., nor UCAID may be used to endorse or promote products derived from this 
 * software without specific prior written permission. For written permission, 
 * please contact opensaml@opensaml.org
 * 
 * Products derived from this software may not be called OpenSAML, Internet2, 
 * UCAID, or the University Corporation for Advanced Internet Development, nor 
 * may OpenSAML appear in their name, without prior written permission of the 
 * University Corporation for Advanced Internet Development.
 * 
 * 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
 * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
 * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
 * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
 * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
 * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
package org.opensaml;

import java.io.InputStream;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.TimeZone;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;

import org.w3c.dom.*;

/**
 *  Represents a SAML Assertion
 *
 * @author     Scott Cantor
 * @created    March 18, 2002
 */
public class SAMLAssertion extends SAMLSignedObject implements Cloneable
{
    protected String assertionId = new SAMLIdentifier().toString();
    protected String issuer = null;
    protected Date issueInstant = new Date();
    protected Date notBefore = null;
    protected Date notOnOrAfter = null;
    protected ArrayList conditions = new ArrayList();
    protected ArrayList advice = new ArrayList();
    protected ArrayList statements = new ArrayList();

    /**
     *  Places the signature into the object's DOM to prepare for signing<p>

     * @throws SAMLException    Thrown if an error occurs while placing the signature
     */
    protected void insertSignature() throws SAMLException {
        root.appendChild(getSignatureElement());
    }

    /**
     *  Default constructor
     */
    public SAMLAssertion() {
    }

    /**
     *  Builds an assertion out of its component parts
     *
     * @param  issuer             Name of SAML authority issuing assertion
     * @param  notBefore          Optional start of validity
     * @param  notOnOrAfter       Optional end of validity
     * @param  conditions         Set of conditions on validity
     * @param  advice             Optional advice content
     * @param  statements         Set of SAML statements to place in assertion
     * @exception  SAMLException  Raised if an assertion cannot be constructed
     *      from the supplied information
     */
    public SAMLAssertion(String issuer, Date notBefore, Date notOnOrAfter,
                          Collection conditions, Collection advice, Collection statements) throws SAMLException {
        // Copy pieces/parts to populate assertion.
        this.issuer = issuer;
        this.notBefore = notBefore;
        this.notOnOrAfter = notOnOrAfter;

        if (conditions != null)
            this.conditions.addAll(conditions);
        
        if (advice != null)
            this.advice.addAll(advice);

        if (statements != null)
            this.statements.addAll(statements);
    }

    /**
     *  Reconstructs an assertion from a DOM tree
     *
     * @param  e                  The root of a DOM tree
     * @exception  SAMLException  Thrown if the object cannot be constructed
     */
    public SAMLAssertion(Element e) throws SAMLException {
        fromDOM(e);
    }

    /**
     *  Reconstructs an assertion from a stream
     *
     * @param  in                   A stream containing XML
     * @exception  SAMLException  Raised if an exception occurs while constructing
     *                              the object.
     */
    public SAMLAssertion(InputStream in) throws SAMLException {
        fromDOM(fromStream(in));
    }
    
    /**
     * @see org.opensaml.SAMLObject#fromDOM(org.w3c.dom.Element)
     */
    public void fromDOM(Element e) throws SAMLException {
        super.fromDOM(e);
        
        if (config.getBooleanProperty("org.opensaml.strict-dom-checking") && !XML.isElementNamed(e,XML.SAML_NS,"Assertion"))
            throw new MalformedException(SAMLException.RESPONDER,"SAMLAssertion.fromDOM() requires saml:Assertion at root");

        if (Integer.parseInt(e.getAttributeNS(null, "MajorVersion")) != 1)
            throw new MalformedException(SAMLException.VERSION, "SAMLAssertion.fromDOM() detected incompatible assertion major version of " +
                e.getAttributeNS(null, "MajorVersion"));

        issuer = e.getAttributeNS(null, "Issuer");
        assertionId = e.getAttributeNS(null, "AssertionID");
        e.setIdAttributeNode(e.getAttributeNodeNS(null, "AssertionID"), true);
            
        try {
            SimpleDateFormat formatter = null;
            String dateTime = e.getAttributeNS(null, "IssueInstant");
            int dot = dateTime.indexOf('.');
            if (dot > 0) {
                formatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
            }
            else {
                formatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
            }
            formatter.setTimeZone(TimeZone.getTimeZone("GMT"));
            issueInstant = formatter.parse(dateTime);

            Element n = XML.getFirstChildElement(e);
            while (n != null) {
                // The top level children may be one of three different types.
                if (XML.isElementNamed(n, XML.SAML_NS, "Conditions")) {
                    // Check validity time attributes.
                    if (n.hasAttributeNS(null, "NotBefore"))
                        notBefore = formatter.parse(n.getAttributeNS(null, "NotBefore"));
                    if (n.hasAttributeNS(null, "NotOnOrAfter"))
                        notOnOrAfter = formatter.parse(n.getAttributeNS(null, "NotOnOrAfter"));

                    // Iterate over conditions.
                    Element cond = XML.getFirstChildElement(n);
                    while (cond != null) {
                        conditions.add(SAMLCondition.getInstance(cond));
                        cond = XML.getNextSiblingElement(cond);
                    }
                }
                else if (XML.isElementNamed(n, XML.SAML_NS, "Advice")) {
                    Element child = XML.getFirstChildElement(n);
                    while (child != null) {
                        if (XML.isElementNamed(child, XML.SAML_NS, "AssertionIDReference")) {
                            advice.add(child.getFirstChild().getNodeValue());
                        }
                        else if (XML.isElementNamed(child, XML.SAML_NS, "Assertion")) {
                            advice.add(new SAMLAssertion(child));
                        }
                        else {
                            advice.add(child);
                        }
                        child = XML.getNextSiblingElement(child);
                    }
                }
                else if (!XML.isElementNamed(n, XML.XMLSIG_NS, "Signature"))
                    statements.add(SAMLStatement.getInstance(n));
                n = XML.getNextSiblingElement(n);
            }
        }
        catch (java.text.ParseException ex) {
            throw new MalformedException(SAMLException.RESPONDER, "SAMLAssertion.fromDOM() detected an invalid datetime while parsing assertion", ex);
        }
        checkValidity();
    }

    /**
     *  Gets the assertion ID from the assertion
     *
     * @return    The assertion ID
     */
    public String getId() {
        return assertionId;
    }

    /**
     *  Sets the assertion ID
     * 
     *  <b>NOTE:</b> Use this method with caution. Assertions must contain unique identifiers
     *  and only specialized applications should need to explicitly assign an identifier.
     *
     * @param   id    The assertion ID
     */
    public void setId(String id) {
        if (XML.isEmpty(id))
            throw new IllegalArgumentException("id cannot be null");
        assertionId=id;
        if (root != null) {
            unsign();
            ((Element)root).getAttributeNodeNS(null,"AssertionID").setNodeValue(id);
        }
    }

    /**
     *  Gets the issuer of the assertion
     *
     * @return    The issuer name
     */
    public String getIssuer() {
        return issuer;
    }

    /**
     *  Sets the issuer name
     * 
     * @param   issuer    The issuer name
     */
    public void setIssuer(String issuer) {
        if (XML.isEmpty(issuer))
            throw new IllegalArgumentException("issuer cannot be null");
        this.issuer = issuer;
        if (root != null) {
            unsign();
            ((Element)root).getAttributeNodeNS(null,"Issuer").setNodeValue(issuer);
        }
    }
    
    /**
     *  Gets the issue timestamp of the assertion
     *
     * @return    The issue timestamp
     */
    public Date getIssueInstant() {
        return issueInstant;
    }

    /**
     *  Sets the issue timestamp of the assertion
     *
     * @param   issueInstant    The issue timestamp
     */
    public void setIssueInstant(Date issueInstant) {
        if (issueInstant == null)
            throw new IllegalArgumentException("issueInstant cannot be null");
        if (root != null) {
            unsign();
            SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
            formatter.setTimeZone(TimeZone.getTimeZone("GMT"));
            ((Element)root).getAttributeNodeNS(null, "IssueInstant").setNodeValue(formatter.format(issueInstant));
        }
        this.issueInstant = issueInstant;
    }

    /**
     *  Gets the start of the assertion's validity period
     *
     * @return    The starting validity date and time
     */
    public Date getNotBefore() {
        return notBefore;
    }

    /**
     *  Sets the start of the assertion's validity period
     * 
     * @param   notBefore    The starting validity date and time
     */
    public void setNotBefore(Date notBefore) {
        if (root != null) {
            //Clear out the existing value.
            unsign();
            Element cond = XML.getFirstChildElement(root, XML.SAML_NS, "Conditions");
            if (this.notBefore != null) {
                cond.removeAttributeNS(null,"NotBefore");
                //Still need the element at all?
                if (notBefore == null && notOnOrAfter == null && conditions.size() == 0) {
                    root.removeChild(cond);
                }
            }
            
            if (notBefore != null) {
                //Recreate element if needed.
                if (cond == null)
                    cond = (Element)root.insertBefore(
                        root.getOwnerDocument().createElementNS(XML.SAML_NS, "Conditions"),
                        root.getFirstChild());
                SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
                formatter.setTimeZone(TimeZone.getTimeZone("GMT"));
                cond.setAttributeNS(null, "NotBefore", formatter.format(notBefore));
            }
        }
        this.notBefore = notBefore;
    }

    /**
     *  Gets the end of the assertion's validity period
     *
     * @return    The ending validity date and time
     */
    public Date getNotOnOrAfter() {
        return notOnOrAfter;
    }

    /**
     *  Sets the end of the assertion's validity period
     * 
     * @param   notOnOrAfter    The ending validity date and time
     */
    public void setNotOnOrAfter(Date notOnOrAfter) {
        if (root != null) {
            //Clear out the existing value.
            unsign();
            Element cond = XML.getFirstChildElement(root, XML.SAML_NS, "Conditions");
            if (this.notOnOrAfter != null) {
                cond.removeAttributeNS(null,"NotOnOrAfter");
                //Still need the element at all?
                if (notBefore == null && notOnOrAfter == null && conditions.size() == 0) {
                    root.removeChild(cond);
                }