List of usage examples for org.joda.time DateTime DateTime
public DateTime()
ISOChronology in the default time zone. From source file:be.e_contract.mycarenet.sts.RequestFactory.java
License:Open Source License
private void createConditions(AssertionType assertion) { ConditionsType conditions = this.samlObjectFactory.createConditionsType(); DateTime notBefore = new DateTime(); conditions.setNotBefore(toXMLGregorianCalendar(notBefore)); DateTime notAfter = notBefore.plusHours(24); conditions.setNotOnOrAfter(toXMLGregorianCalendar(notAfter)); assertion.setConditions(conditions); }
From source file:be.e_contract.mycarenet.sts.RequestFactory.java
License:Open Source License
private AssertionType createAssertion(X509Certificate authnCertificate, List<Attribute> attributes) { AssertionType assertion = this.samlObjectFactory.createAssertionType(); String assertionId = "assertion-" + UUID.randomUUID().toString(); assertion.setAssertionID(assertionId); assertion.setMajorVersion(BigInteger.ONE); assertion.setMinorVersion(BigInteger.ONE); DateTime now = new DateTime(); assertion.setIssueInstant(toXMLGregorianCalendar(now)); assertion.setIssuer(authnCertificate.getSubjectX500Principal().getName("RFC1779")); createConditions(assertion);//from w w w.ja v a 2 s .c om createAttributeStatement(assertion, authnCertificate, attributes); return assertion; }
From source file:be.e_contract.mycarenet.xkms2.XKMS2Client.java
License:Open Source License
private String addPrototypeKeyBinding(RegisterRequestType registerRequest, SessionKey sessionKey) { PrototypeKeyBindingType prototypeKeyBinding = this.objectFactory.createPrototypeKeyBindingType(); registerRequest.setPrototypeKeyBinding(prototypeKeyBinding); String prototypeKeyBindingId = "keybinding-" + UUID.randomUUID().toString(); prototypeKeyBinding.setId(prototypeKeyBindingId); KeyInfoType keyInfo = this.xmldsigObjectFactory.createKeyInfoType(); prototypeKeyBinding.setKeyInfo(keyInfo); KeyValueType keyValue = this.xmldsigObjectFactory.createKeyValueType(); keyInfo.getContent().add(this.xmldsigObjectFactory.createKeyValue(keyValue)); RSAKeyValueType rsaKeyValue = this.xmldsigObjectFactory.createRSAKeyValueType(); keyValue.getContent().add(this.xmldsigObjectFactory.createRSAKeyValue(rsaKeyValue)); rsaKeyValue.setModulus(sessionKey.getModulus()); rsaKeyValue.setExponent(sessionKey.getExponent()); prototypeKeyBinding.getKeyUsage().add(SIGNATURE_KEY_USAGE); ValidityIntervalType validityInterval = this.objectFactory.createValidityIntervalType(); prototypeKeyBinding.setValidityInterval(validityInterval); DateTime notBefore = new DateTime(); validityInterval.setNotBefore(toXMLGregorianCalendar(notBefore)); DateTime notAfter = notBefore.plusHours(12); validityInterval.setNotOnOrAfter(toXMLGregorianCalendar(notAfter)); return prototypeKeyBindingId; }
From source file:be.e_contract.sts.client.cxf.ActAsCallbackHandler.java
License:Open Source License
private Element getTokenElement() throws Exception { Assertion assertion = buildXMLObject(Assertion.class, Assertion.DEFAULT_ELEMENT_NAME); assertion.setVersion(SAMLVersion.VERSION_20); String assertionId = "assertion-" + UUID.randomUUID().toString(); assertion.setID(assertionId);/*from w w w .j a v a2 s. c o m*/ DateTime issueInstant = new DateTime(); assertion.setIssueInstant(issueInstant); Issuer issuer = buildXMLObject(Issuer.class, Issuer.DEFAULT_ELEMENT_NAME); assertion.setIssuer(issuer); issuer.setValue("self-claimed"); List<AttributeStatement> attributeStatements = assertion.getAttributeStatements(); AttributeStatement attributeStatement = buildXMLObject(AttributeStatement.class, AttributeStatement.DEFAULT_ELEMENT_NAME); attributeStatements.add(attributeStatement); addAttribute(attributeStatement, Attributes.SOFTWARE_KEY, this.securityDecorator.getSoftwareKey()); addAttribute(attributeStatement, Attributes.OFFICE_KEY, this.securityDecorator.getOfficeKey()); addAttribute(attributeStatement, Attributes.IDENTITY, this.securityDecorator.getIdentity()); addAttribute(attributeStatement, Attributes.IDENTITY_SIGNATURE, this.securityDecorator.getIdentitySignature()); addAttribute(attributeStatement, Attributes.ADDRESS, this.securityDecorator.getAddress()); addAttribute(attributeStatement, Attributes.ADDRESS_SIGNATURE, this.securityDecorator.getAddressSignature()); addAttribute(attributeStatement, Attributes.NATIONAL_REGISTRATION_CERTIFICATE, this.securityDecorator.getNationalRegistrationCertificate()); addAttribute(attributeStatement, Attributes.PHOTO, this.securityDecorator.getPhoto()); Element element = Configuration.getMarshallerFactory().getMarshaller(assertion).marshall(assertion); return element; }
From source file:be.fedict.eid.dss.model.bean.DocumentServiceBean.java
License:Open Source License
private DateTime getExpiration() { Integer documentStorageExpiration = this.configuration.getValue(ConfigProperty.DOCUMENT_STORAGE_EXPIRATION, Integer.class); if (null == documentStorageExpiration || documentStorageExpiration <= 0) { throw new RuntimeException("Invalid document storage validity: " + documentStorageExpiration); }/*from w w w . ja v a 2 s. com*/ return new DateTime().plus(documentStorageExpiration * 60 * 1000) .toDateTime(ISOChronology.getInstanceUTC()); }
From source file:be.fedict.eid.dss.ws.DigitalSignatureServicePortImpl.java
License:Open Source License
private SignResponse storageInfoResponse(SignRequest signRequest) { List<DocumentDO> documents = getDocuments(signRequest.getInputDocuments()); if (documents.isEmpty()) { return DSSUtil.createRequestorSignErrorResponse(signRequest.getRequestID(), null, "No valid document found to validate."); }// w w w .java 2s .com if (documents.size() != 1) { return DSSUtil.createRequestorSignErrorResponse(signRequest.getRequestID(), null, "Can validate only one document."); } // store artifact String documentId = UUID.randomUUID().toString(); DateTime expiration = this.documentService.store(documentId, documents.get(0).getDocumentData(), documents.get(0).getContentType()); // construct response ObjectFactory dssObjectFactory = new ObjectFactory(); be.fedict.eid.dss.ws.profile.artifact.jaxb.ObjectFactory artifactObjectFactory = new be.fedict.eid.dss.ws.profile.artifact.jaxb.ObjectFactory(); SignResponse signResponse = dssObjectFactory.createSignResponse(); signResponse.setRequestID(signRequest.getRequestID()); signResponse.setProfile(DSSConstants.ARTIFACT_NAMESPACE); Result result = dssObjectFactory.createResult(); signResponse.setResult(result); result.setResultMajor(DSSConstants.RESULT_MAJOR_SUCCESS); AnyType optionalOutputs = dssObjectFactory.createAnyType(); signResponse.setOptionalOutputs(optionalOutputs); StorageInfo storageInfo = artifactObjectFactory.createStorageInfo(); storageInfo.setIdentifier(documentId); ValidityType validity = artifactObjectFactory.createValidityType(); validity.setNotBefore(DSSUtil.toXML(new DateTime())); validity.setNotAfter(DSSUtil.toXML(expiration)); storageInfo.setValidity(validity); optionalOutputs.getAny().add(DSSUtil.getStorageInfoElement(storageInfo)); return signResponse; }
From source file:be.fedict.eid.idp.common.saml2.Saml2Util.java
License:Open Source License
/** * Constructs a bare SAML v2.0 {@link Response} with status Success. * //from ww w .j a va 2 s. c o m * @param inResponseTo * response inresponse to request.ID * @param targetUrl * targetURL * @param issuerName * issuer of the response * @return SAML v2.0 Response */ public static Response getResponse(String inResponseTo, String targetUrl, String issuerName) { Response response = Saml2Util.buildXMLObject(Response.class, Response.DEFAULT_ELEMENT_NAME); DateTime issueInstant = new DateTime(); response.setIssueInstant(issueInstant); response.setVersion(SAMLVersion.VERSION_20); response.setDestination(targetUrl); String samlResponseId = "saml-response-" + UUID.randomUUID().toString(); response.setID(samlResponseId); response.setInResponseTo(inResponseTo); Issuer issuer = Saml2Util.buildXMLObject(Issuer.class, Issuer.DEFAULT_ELEMENT_NAME); issuer.setValue(issuerName); response.setIssuer(issuer); Status status = Saml2Util.buildXMLObject(Status.class, Status.DEFAULT_ELEMENT_NAME); response.setStatus(status); StatusCode statusCode = Saml2Util.buildXMLObject(StatusCode.class, StatusCode.DEFAULT_ELEMENT_NAME); status.setStatusCode(statusCode); statusCode.setValue(StatusCode.SUCCESS_URI); return response; }
From source file:be.fedict.eid.idp.protocol.saml2.artifact.ArtifactServicePortImpl.java
License:Open Source License
private ArtifactResponse getArtifactResponse(String inResponseTo, String statusCodeValue, String statusMessageValue) { ArtifactResponse artifactResponse = Saml2Util.buildXMLObject(ArtifactResponse.class, ArtifactResponse.DEFAULT_ELEMENT_NAME); DateTime issueInstant = new DateTime(); artifactResponse.setIssueInstant(issueInstant); artifactResponse.setVersion(SAMLVersion.VERSION_20); artifactResponse.setID(UUID.randomUUID().toString()); artifactResponse.setInResponseTo(inResponseTo); Status status = Saml2Util.buildXMLObject(Status.class, Status.DEFAULT_ELEMENT_NAME); artifactResponse.setStatus(status);//from w w w.j ava 2 s .com StatusCode statusCode = Saml2Util.buildXMLObject(StatusCode.class, StatusCode.DEFAULT_ELEMENT_NAME); status.setStatusCode(statusCode); statusCode.setValue(statusCodeValue); if (null != statusMessageValue) { StatusMessage statusMessage = Saml2Util.buildXMLObject(StatusMessage.class, StatusMessage.DEFAULT_ELEMENT_NAME); statusMessage.setMessage(statusMessageValue); status.setStatusMessage(statusMessage); } return artifactResponse; }
From source file:be.fedict.eid.idp.protocol.ws_federation.AbstractWSFederationProtocolService.java
License:Open Source License
private String getWResult(String wctx, String wtrealm, String userId, Map<String, Attribute> attributes, SecretKey secretKey, PublicKey publicKey) throws TransformerException, IOException { RequestSecurityTokenResponseCollection requestSecurityTokenResponseCollection = Saml2Util.buildXMLObject( RequestSecurityTokenResponseCollection.class, RequestSecurityTokenResponseCollection.ELEMENT_NAME); RequestSecurityTokenResponse requestSecurityTokenResponse = Saml2Util .buildXMLObject(RequestSecurityTokenResponse.class, RequestSecurityTokenResponse.ELEMENT_NAME); requestSecurityTokenResponseCollection.getRequestSecurityTokenResponses().add(requestSecurityTokenResponse); if (null != wctx) { requestSecurityTokenResponse.setContext(wctx); }//from w w w . j ava2 s.c o m TokenType tokenType = Saml2Util.buildXMLObject(TokenType.class, TokenType.ELEMENT_NAME); tokenType.setValue(SAMLConstants.SAML20_NS); RequestType requestType = Saml2Util.buildXMLObject(RequestType.class, RequestType.ELEMENT_NAME); requestType.setValue("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"); KeyType keyType = Saml2Util.buildXMLObject(KeyType.class, KeyType.ELEMENT_NAME); keyType.setValue("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer"); RequestedSecurityToken requestedSecurityToken = Saml2Util.buildXMLObject(RequestedSecurityToken.class, RequestedSecurityToken.ELEMENT_NAME); requestSecurityTokenResponse.getUnknownXMLObjects().add(tokenType); requestSecurityTokenResponse.getUnknownXMLObjects().add(requestType); requestSecurityTokenResponse.getUnknownXMLObjects().add(keyType); requestSecurityTokenResponse.getUnknownXMLObjects().add(requestedSecurityToken); String issuerName = this.configuration.getDefaultIssuer(); DateTime issueInstantDateTime = new DateTime(); Assertion assertion = Saml2Util.getAssertion(issuerName, null, wtrealm, wtrealm, configuration.getResponseTokenValidity(), issueInstantDateTime, getAuthenticationPolicy(), userId, attributes, secretKey, publicKey); requestedSecurityToken.setUnknownXMLObject(assertion); Element element; IdPIdentity idpIdentity = this.configuration.findIdentity(); if (null != idpIdentity) { LOG.debug("sign assertion"); element = Saml2Util.signAsElement(requestSecurityTokenResponseCollection, assertion, idpIdentity.getPrivateKeyEntry()); } else { LOG.warn("assertion NOT signed!"); element = Saml2Util.marshall(requestSecurityTokenResponseCollection); } ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); Saml2Util.writeDocument(element.getOwnerDocument(), outputStream); String wresult = new String(outputStream.toByteArray(), Charset.forName("UTF-8")); LOG.debug("wresult=\"" + wresult + "\""); return wresult; }
From source file:be.fedict.eid.idp.protocol.ws_federation.sts.SecurityTokenServicePortImpl.java
License:Open Source License
private void validateToken(Element tokenElement, String expectedAudience, IdentityProviderConfiguration identityProviderConfiguration) throws Exception { List<X509Certificate> certificateChain = identityProviderConfiguration.getIdentityCertificateChain(); if (certificateChain.isEmpty()) { throw new SecurityException("no eID IdP service identity configured"); }/*from w w w . j av a2 s. co m*/ Element nsElement = tokenElement.getOwnerDocument().createElement("nsElement"); nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:ds", "http://www.w3.org/2000/09/xmldsig#"); nsElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:saml2", "urn:oasis:names:tc:SAML:2.0:assertion"); LOG.debug("token element: " + tokenElement.getLocalName()); LOG.debug("token element namespace: " + tokenElement.getNamespaceURI()); LOG.debug("token: " + toString(tokenElement)); // fix for recent versions of Apache xmlsec. tokenElement.setIdAttribute("ID", true); Element signatureElement = (Element) XPathAPI.selectSingleNode(tokenElement, "ds:Signature", nsElement); if (null == signatureElement) { throw new SecurityException("missing XML signature"); } XMLSignature xmlSignature = new XMLSignature(signatureElement, ""); KeyInfo keyInfo = xmlSignature.getKeyInfo(); X509Certificate actualCertificate = keyInfo.getX509Certificate(); boolean signatureResult = xmlSignature.checkSignatureValue(actualCertificate); if (false == signatureResult) { throw new SecurityException("invalid XML signature"); } LOG.debug("XML signature OK"); X509Certificate serviceCertificate = certificateChain.get(0); if (false == Arrays.equals(serviceCertificate.getEncoded(), actualCertificate.getEncoded())) { throw new SecurityException("SAML signing certificate different from eID IdP service identity"); } LOG.debug("SAML signer OK"); String actualIssuer = XPathAPI.selectSingleNode(tokenElement, "saml2:Issuer/text()", nsElement) .getNodeValue(); String serviceIssuer = identityProviderConfiguration.getDefaultIssuer(); if (false == actualIssuer.equals(serviceIssuer)) { LOG.debug("actual issuer: " + actualIssuer); LOG.debug("service issuer: " + serviceIssuer); throw new SecurityException("wrong SAML issuer"); } LOG.debug("SAML issuer OK"); if (null != expectedAudience) { String audience = XPathAPI .selectSingleNode(tokenElement, "saml2:Conditions/saml2:AudienceRestriction/saml2:Audience/text()", nsElement) .getNodeValue(); if (false == expectedAudience.equals(audience)) { LOG.debug("expected audience: " + expectedAudience); LOG.debug("actual audience: " + audience); throw new SecurityException("incorrect SAML audience"); } LOG.debug("SAML Audience OK"); } else { LOG.warn("SAML audience restriction not checked"); } String authnContextClassRef = XPathAPI .selectSingleNode(tokenElement, "saml2:AuthnStatement/saml2:AuthnContext/saml2:AuthnContextClassRef/text()", nsElement) .getNodeValue(); LOG.debug("AuthnContextClassRef: " + authnContextClassRef); SamlAuthenticationPolicy samlAuthenticationPolicy = SamlAuthenticationPolicy .getAuthenticationPolicy(authnContextClassRef); if (SamlAuthenticationPolicy.AUTHENTICATION != samlAuthenticationPolicy && SamlAuthenticationPolicy.AUTHENTICATION_WITH_IDENTIFICATION != samlAuthenticationPolicy) { throw new SecurityException("wrong SAML authentication policy: " + samlAuthenticationPolicy); } String notBeforeStr = XPathAPI.selectSingleNode(tokenElement, "saml2:Conditions/@NotBefore", nsElement) .getNodeValue(); String notOnOrAfterStr = XPathAPI .selectSingleNode(tokenElement, "saml2:Conditions/@NotOnOrAfter", nsElement).getNodeValue(); DateTimeFormatter dateTimeFormatter = ISODateTimeFormat.dateTimeParser(); DateTime notBefore = dateTimeFormatter.parseDateTime(notBeforeStr); DateTime notOnOrAfter = dateTimeFormatter.parseDateTime(notOnOrAfterStr); DateTime now = new DateTime(); if (now.isBefore(notBefore)) { throw new SecurityException("SAML assertion in future"); } if (now.isAfter(notOnOrAfter)) { throw new SecurityException("SAML assertion expired"); } LOG.debug("SAML timestamp OK"); }