📄 identityproviderdata.java
字号:
throw new IdentityProviderException("emptyClaimUri"); } claim.uri = uriClaim; String optional = (omElem.getAttributeValue(new QName(null, "Optional"))); if (optional != null) { claim.bOptional = (optional.equals("true")) ? true : false; } else { claim.bOptional = true; } requestedClaims.put(claim.uri, claim); } } public String getCardID() { return cardID; } public String getValueForClaim(String claim) { return null; } public String getDisplayTokenLang() { return displayTokenLang; } public Map getRequestedClaims() { return requestedClaims; } protected RequestedClaimData getRequestedClaim() { return new RequestedClaimData(); } protected void populateClaimValues(RahasData rahasData) throws IdentityProviderException { UserStore connector = UserStore.getInstance(); // get the column names for the URIs Iterator ite = requestedClaims.values().iterator(); List lst = new ArrayList(); while (ite.hasNext()) { RequestedClaimData temp = (RequestedClaimData) ite.next(); ClaimDO claimObj = (ClaimDO) claimObjs.get(temp.uri); if (claimObj != null && !claimObj.getUri().equals(IdentityConstants.CLAIM_PPID)) { lst.add(claimObj.getAttrId()); } } String userId = userIdentifier; Map mapValues = connector.getClaimValues(userId, lst); ite = requestedClaims.values().iterator(); while (ite.hasNext()) { RequestedClaimData temp = (RequestedClaimData) ite.next(); ClaimDO claimDO = ((ClaimDO) this.claimObjs.get(temp.uri)); String attrId = claimDO.getAttrId(); String claimVal = (String) mapValues.get(attrId); temp.value = claimVal; } } /** * Obtain the user identifier depending on the authentication mechanism * used. * * @param rahasData */ protected void processUserIdentifier(RahasData rahasData) throws IdentityProviderException { if (this.authMechanism == IdentityProviderConstants.AUTH_TYPE_SELF_ISSUED) { // Here we have a SAML token with a ppid // Process the SAML assertion to find out the ppid Iterator statements = this.assertion.getStatements(); String ppidValue = null; while (statements.hasNext()) { SAMLAttributeStatement stmt = (SAMLAttributeStatement) statements .next(); SAMLAttribute attr = (SAMLAttribute) stmt.getAttributes() .next(); if ("privatepersonalidentifier".equals(attr.getName()) && (IdentityConstants.NS + "/claims").equals(attr .getNamespace())) { ppidValue = (String) attr.getValues().next(); } } if (ppidValue != null) { RegisteredInfoCardInfoAdmin admin = new RegisteredInfoCardInfoAdmin(); RegisteredInfoCardInfoDO info = admin.getInfo(ppidValue); if (info != null) { XMLSignature sigObject = (XMLSignature) assertion.getNativeSignature(); KeyInfo keyInfo = sigObject.getKeyInfo(); if(validateKeyInfo(info.getIssuerInfo(), keyInfo.getElement())) { userIdentifier = info.getUserId(); } else { throw new IdentityProviderException( "signatureInfoMismatch", new String[] { ppidValue }); } } else { throw new IdentityProviderException("alianPPID", new String[] { ppidValue }); } } else { throw new IdentityProviderException("invalidSamlAttrAssertion", new String[] { "privatepersonalidentifier" }); } } else if (this.authMechanism == IdentityProviderConstants.AUTH_TYPE_USERNAME_TOKEN) { userIdentifier = rahasData.getPrincipal().getName(); } else { throw new IdentityProviderException("invalidAuthMechanism"); } } /** * Validate the given ds:KeyInfo element against the stored ds:KeyInfo * element. * @param issuerInfo Stored ds:KeyInfo element as a <code>java.lang.String</code>. * @param keyInfo The incoming ds:KeyInfo element as a * <code>org.w3c.dom.Element</code>. * @return true if the information matches, otherwise false. */ private boolean validateKeyInfo(String issuerInfo, Element keyInfo) throws IdentityProviderException { try { OMElement elem = new StAXOMBuilder(new ByteArrayInputStream( issuerInfo.getBytes())).getDocumentElement(); OMElement keyValueElem = elem.getFirstElement(); if (keyValueElem != null && keyValueElem.getQName().equals( new QName(WSConstants.SIG_NS, Constants._TAG_KEYVALUE))) { //KeyValue structure : expect an RSAKeyValue OMElement rsaKeyValueElem = keyValueElem.getFirstElement(); if (rsaKeyValueElem != null && rsaKeyValueElem.getQName().equals( new QName(WSConstants.SIG_NS, Constants._TAG_RSAKEYVALUE))) { String modulus = rsaKeyValueElem.getFirstChildWithName( new QName(WSConstants.SIG_NS, Constants._TAG_MODULUS)).getText().trim(); String exponent = rsaKeyValueElem.getFirstChildWithName( new QName(WSConstants.SIG_NS, Constants._TAG_EXPONENT)).getText().trim(); //Now process the incoming element to check for ds:RSAKeyValue OMElement receivedKeyInfoElem = (OMElement) new OMDOMFactory() .getDocument().importNode(keyInfo, true); OMElement receivedKeyValueElem = receivedKeyInfoElem.getFirstElement(); if(receivedKeyValueElem != null && receivedKeyValueElem.getQName().equals(new QName(WSConstants.SIG_NS, Constants._TAG_KEYVALUE))) { OMElement receivedRsaKeyValueElem = receivedKeyValueElem.getFirstChildWithName(new QName(WSConstants.SIG_NS, Constants._TAG_RSAKEYVALUE)); if(receivedRsaKeyValueElem != null) { //Obtain incoming mod and exp String receivedModulus = receivedRsaKeyValueElem.getFirstChildWithName( new QName(WSConstants.SIG_NS, Constants._TAG_MODULUS)).getText().trim(); String receivedExponent = receivedRsaKeyValueElem.getFirstChildWithName( new QName(WSConstants.SIG_NS, Constants._TAG_EXPONENT)).getText().trim(); //Compare return modulus.equals(receivedModulus) && exponent.equals(receivedExponent); } else { throw new IdentityProviderException( "unknownReceivedKeyInfoType", new String[] { receivedKeyInfoElem.toString() }); } } else { throw new IdentityProviderException( "unknownReceivedKeyInfoType", new String[] { receivedKeyInfoElem.toString() }); } } else { throw new IdentityProviderException("unknownStoredKeyInfoType", new String[] { issuerInfo }); } } else { throw new IdentityProviderException("unknownStoredKeyInfoType", new String[] { issuerInfo }); } } catch (XMLStreamException e) { throw new IdentityProviderException("errorParsignStoredKeyInfo", new String[] { issuerInfo }, e); } } public String getDisplayName(String URI) { ClaimDO temp = (ClaimDO) claimObjs.get(URI); return temp.getDisplayTag(); } protected void loadClaims() throws IdentityProviderException { IPPersistenceManager dbman = IPPersistenceManager .getPersistanceManager(); ClaimDO[] claims = dbman.getAllSupportedClaims(); for (int i = 0; i < claims.length; i++) { ClaimDO temp = claims[i]; claimObjs.put(temp.getUri(), temp); } } protected void readAuthenticationMechanism(RahasData data) throws IdentityProviderException { MessageContext inContext = data.getInMessageContext(); Vector results; if ((results = (Vector) inContext .getProperty(WSHandlerConstants.RECV_RESULTS)) == null) { throw new IdentityProviderException("missingAuthMechanism"); } else { for (int i = 0; i < results.size(); i++) { WSHandlerResult rResult = (WSHandlerResult) results.get(i); Vector wsSecEngineResults = rResult.getResults(); for (int j = 0; j < wsSecEngineResults.size(); j++) { WSSecurityEngineResult wser = (WSSecurityEngineResult) wsSecEngineResults .get(j); int action = ((Integer) wser .get(WSSecurityEngineResult.TAG_ACTION)).intValue(); if (action == WSConstants.ST_UNSIGNED) { this.authMechanism = IdentityProviderConstants.AUTH_TYPE_SELF_ISSUED; this.assertion = (SAMLAssertion) wser .get(WSSecurityEngineResult.TAG_SAML_ASSERTION); } else if (action == WSConstants.UT && wser.get(WSSecurityEngineResult.TAG_PRINCIPAL) != null) { this.authMechanism = IdentityProviderConstants.AUTH_TYPE_USERNAME_TOKEN; } } } } } public class RequestedClaimData { public String value; public String uri; public boolean bOptional; } public X509Certificate getRpCert() { return rpCert; } public String getUserIdentifier() { return userIdentifier; } public void setUserIdentifier(String userIdentifier) { this.userIdentifier = userIdentifier; } /** * Retrives the Trusted RP certificate from Keystore. * This cert is not signed by an accepted CA * * @param data * @return * @throws IdentityProviderException */ private X509Certificate readRpCertFromStores(RahasData data) throws IdentityProviderException { X509Certificate cert = null; String host = IdentityProviderUtil.getAppliesToHostName(data); IPPersistenceManager dbman = IPPersistenceManager .getPersistanceManager(); RelyingPartyDO rp = dbman.getRelyingParty(host); String alias = null; if (rp != null) { // This is a globally trusted RP alias = rp.getAlias(); // Get key store name PersistenceManager pm = new PersistenceManager(); KeyStoreDO keystore = pm .getKeyStore(IdentityProviderConstants.DEFAULT_IDENTITY_KEYSTORE_NAME); cert = (X509Certificate) KeyUtil.getCertificate(keystore .getKeyStoreName(), alias); } else { // If the RP is not trusted globally then // check personal RPs UserTrustedRPDO userRp = dbman.getPersonalRelyingParty( userIdentifier, host); if (userRp != null) { alias = userRp.getIdentifier().getHostName(); KeystoreUtilAdmin admin = new KeystoreUtilAdmin(); cert = admin.getCertificateFromUserTrustedRP(alias); } } return cert; } public String getRequiredTokenType() { return requiredTokenType; } public void setRequiredTokenType(String requiredTokenType) { if (requiredTokenType == null || requiredTokenType.trim().length() == 0) { requiredTokenType = getDefautTokenType(); } this.requiredTokenType = requiredTokenType; } /** * This parameter specifies the type of the token to be requested from the * STS as a URI. This parameter can be omitted if the STS and the Web site * front-end have a mutual understanding about what token type will be * provided, or if the Web site is willing to accept any token type. * @return Default Token Type */ protected String getDefautTokenType() { return IdentityConstants.SAML10_URL; } }⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -