import org.opensaml.saml1.core.Conditions;
import org.opensaml.saml1.core.ConfirmationMethod;
import org.opensaml.saml1.core.NameIdentifier;
+import org.opensaml.saml1.core.Query;
import org.opensaml.saml1.core.RequestAbstractType;
import org.opensaml.saml1.core.Response;
import org.opensaml.saml1.core.ResponseAbstractType;
}
/**
+ * Checks that the SAML major version for a request is 1.
+ *
+ * @param requestContext current request context containing the SAML message
+ *
+ * @throws ProfileException thrown if the major version of the SAML request is not 1
+ */
+ protected void checkSamlVersion(SAML1ProfileRequestContext requestContext) throws ProfileException {
+ SAMLObject samlObject = requestContext.getSamlRequest();
+
+ if (samlObject instanceof RequestAbstractType) {
+ RequestAbstractType request = (RequestAbstractType) samlObject;
+ if (request.getMajorVersion() < 1) {
+ requestContext.setFailureStatus(buildStatus(StatusCode.REQUESTER, StatusCode.REQUEST_VERSION_TOO_LOW,
+ null));
+ throw new ProfileException("SAML request major version too low");
+ } else if (request.getMajorVersion() > 1) {
+ requestContext.setFailureStatus(buildStatus(StatusCode.REQUESTER, StatusCode.REQUEST_VERSION_TOO_HIGH,
+ null));
+ throw new ProfileException("SAML request major version too low");
+ }
+ }
+ }
+
+ /**
* Builds a response to the attribute query within the request context.
*
* @param requestContext current request context
*
* @throws ProfileException thrown if there is a problem making the query
*/
- protected AttributeStatement buildAttributeStatement(SAML1ProfileRequestContext requestContext, String subjectConfMethod)
- throws ProfileException {
+ protected AttributeStatement buildAttributeStatement(SAML1ProfileRequestContext requestContext,
+ String subjectConfMethod) throws ProfileException {
if (log.isDebugEnabled()) {
log.debug("Creating attribute statement in response to SAML request from relying party "
}
/**
+ * Checks that the SAML major version for a request is 2.
+ *
+ * @param requestContext current request context containing the SAML message
+ *
+ * @throws ProfileException thrown if the major version of the SAML request is not 2
+ */
+ protected void checkSamlVersion(SAML2ProfileRequestContext requestContext) throws ProfileException {
+ SAMLVersion version = requestContext.getSamlRequest().getVersion();
+ if (version.getMajorVersion() < 2) {
+ requestContext.setFailureStatus(buildStatus(StatusCode.VERSION_MISMATCH_URI,
+ StatusCode.REQUEST_VERSION_TOO_LOW_URI, null));
+ throw new ProfileException("SAML request version too low");
+ } else if (version.getMajorVersion() > 2) {
+ requestContext.setFailureStatus(buildStatus(StatusCode.VERSION_MISMATCH_URI,
+ StatusCode.REQUEST_VERSION_TOO_HIGH_URI, null));
+ throw new ProfileException("SAML request version too high");
+ }
+ }
+
+ /**
* Builds a response to the attribute query within the request context.
*
* @param requestContext current request context
+++ /dev/null
-/*
- * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package edu.internet2.middleware.shibboleth.idp.profile.saml2;
-
-import org.joda.time.DateTime;
-import org.opensaml.saml2.core.AttributeStatement;
-import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.SubjectQuery;
-
-import edu.internet2.middleware.shibboleth.common.profile.ProfileRequest;
-
-/**
- * Contains contextual information used in processing profile responses.
- */
-public class ProfileResponseContext {
-
- /** Profile request. */
- private ProfileRequest request;
-
- /** Profile request message. */
- private SubjectQuery message;
-
- /** Response issuer. */
- private Issuer issuer;
-
- /** Response destination. */
- private String destination;
-
- /** Provider id to retrieve relying party configuration. */
- private String providerId;
-
- /** Issue instant for the response. */
- private DateTime issueInstant;
-
- /** Response statement. */
- private AttributeStatement attributeStatement;
-
- /**
- * Constructor.
- *
- * @param r serlvet request
- * @param m decoded profile request message
- */
- public ProfileResponseContext(ProfileRequest r, SubjectQuery m) {
- request = r;
- message = m;
- providerId = m.getIssuer().getSPProvidedID();
- issueInstant = new DateTime();
- }
-
- /**
- * Gets the initiating profile request.
- *
- * @return profile request
- */
- public ProfileRequest getRequest() {
- return request;
- }
-
- /**
- * Gets the decoded profile request message.
- *
- * @return profile request message
- */
- public SubjectQuery getMessage() {
- return message;
- }
-
- /**
- * Gets the provider id.
- *
- * @return provider id
- */
- public String getProviderId() {
- return providerId;
- }
-
- /**
- * Gets the issue instant for the response.
- *
- * @return issue instant
- */
- public DateTime getIssueInstant() {
- return issueInstant;
- }
-
- /**
- * Sets an issuer associated with this response.
- *
- * @param i to set
- */
- public void setIssuer(Issuer i) {
- issuer = i;
- }
-
- /**
- * Gets the issuer associated with this response.
- *
- * @return issuer
- */
- public Issuer getIssuer() {
- return issuer;
- }
-
- /**
- * Sets a destination associated with this response.
- *
- * @param d to set
- */
- public void setDestination(String d) {
- destination = d;
- }
-
- /**
- * Gets the destination associated with this response.
- *
- * @return destination
- */
- public String getDestination() {
- return destination;
- }
-
- /**
- * Sets a attribute statement associated with this response.
- *
- * @param s to sets
- */
- public void setAttributeStatement(AttributeStatement s) {
- attributeStatement = s;
- }
-
- /**
- * Gets the statement associated with this response.
- *
- * @return response statement
- */
- public AttributeStatement getAttributeStatement() {
- return attributeStatement;
- }
-}
projects / java-idp.git / commitdiff