From a06f94c9da130af5cf755b7d6465c8905d37d75b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 5 Jun 2018 15:05:50 +0200 Subject: add one method to AssertionAttributeExtractor and add some log messages --- .../pvp2x/utils/AssertionAttributeExtractor.java | 57 +++++++++++++++++++--- 1 file changed, 50 insertions(+), 7 deletions(-) (limited to 'id/server/idserverlib/src/main/java/at') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java index 4a0cec6e4..bdfb11d34 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java @@ -34,6 +34,8 @@ import java.util.Set; import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml2.core.Audience; +import org.opensaml.saml2.core.AudienceRestriction; import org.opensaml.saml2.core.AuthnContextClassRef; import org.opensaml.saml2.core.AuthnStatement; import org.opensaml.saml2.core.Response; @@ -191,17 +193,22 @@ public class AssertionAttributeExtractor { } -// public PersonalAttributeList getSTORKAttributes() { -// return storkAttributes; -// } - - + /** + * Get the Id attribute from SAML2 assertion + * + * @return + */ public String getAssertionID() { return assertion.getID(); } - + /** + * Get the subjectNameId from SAML2 Assertion + * + * @return nameId but never null + * @throws AssertionAttributeExtractorExeption + */ public String getNameID() throws AssertionAttributeExtractorExeption { if (assertion.getSubject() != null) { Subject subject = assertion.getSubject(); @@ -218,6 +225,12 @@ public class AssertionAttributeExtractor { throw new AssertionAttributeExtractorExeption("nameID"); } + /** + * Get get SessionIndex from SAML2 assertion + * + * @return sessionIndex but never null + * @throws AssertionAttributeExtractorExeption + */ public String getSessionIndex() throws AssertionAttributeExtractorExeption { AuthnStatement authn = getAuthnStatement(); @@ -229,7 +242,9 @@ public class AssertionAttributeExtractor { } /** - * @return + * Get the LoA (QAA level) from assertion. This information is extracted from AuthnContext and AuthnContextClassRef + * + * @return LoA but never null * @throws AssertionAttributeExtractorExeption */ public String getQAALevel() throws AssertionAttributeExtractorExeption { @@ -247,6 +262,11 @@ public class AssertionAttributeExtractor { throw new AssertionAttributeExtractorExeption("AuthnContextClassRef"); } + /** + * Get full SAML2 assertion + * + * @return + */ public Assertion getFullAssertion() { return assertion; } @@ -297,6 +317,29 @@ public class AssertionAttributeExtractor { } + /** + * Get the AudienceRestriction from SAML2 Assertion + * + * @return AudienceRestriction, but never null + * @throws AssertionAttributeExtractorExeption + */ + public List getAudienceRestriction( ) throws AssertionAttributeExtractorExeption { + try { + List rest = getFullAssertion().getConditions().getAudienceRestrictions(); + if (rest != null && rest.size() != 0) { + if (rest.size() == 1 && rest.get(0) != null) + return rest.get(0).getAudiences(); + + else + Logger.warn("More than one 'AudienceRestriction'! Extraction currently NOT supported"); + } + + } catch (NullPointerException e) { } + + throw new AssertionAttributeExtractorExeption("AudienceRestriction"); + + } + private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption { List authnList = assertion.getAuthnStatements(); if (authnList.size() == 0) -- cgit v1.2.3