oracle.security.xmlsec.saml2.core

Class Assertion

java.lang.Object

oracle.security.xmlsec.util.XMLNode

oracle.security.xmlsec.util.XMLElement

oracle.security.xmlsec.saml2.core.Assertion

Direct Known Subclasses:

SAML2AssertionToken

public class Assertion
extends XMLElement

Represents a package of information made or asserted by a SAML authority.

Field Summary

Fields

Modifier and Type	Field and Description
protected static java.lang.String	VERSION

Fields inherited from class oracle.security.xmlsec.util.XMLNode

node, systemId

Constructor Summary

Constructors

Modifier	Constructor and Description
	Assertion(org.w3c.dom.Document owner) Creates a new Assertion instance.
protected	Assertion(org.w3c.dom.Document owner, java.lang.String nsURI, java.lang.String localName) Creates a new Assertion instance.
	Assertion(org.w3c.dom.Element element) Creates a new Assertion instance from the given Element node.
	Assertion(org.w3c.dom.Element element, java.lang.String systemId) Creates a new Assertion instance from the given Element node.

Method Summary

Modifier and Type	Method and Description
XSSignature	addSignature(java.lang.String signatureMethod, java.lang.String c14nMethod) Creates a new XML-DSIG Signature element and inserts it into this message, replacing any exisiting XML-DSIG Signature element.
XSSignature	addSignature(java.lang.String signatureMethod, java.lang.String c14nMethod, java.lang.String digestMethod) Creates a new XML-DSIG Signature element and inserts it into this message, replacing any exisiting XML-DSIG Signature element.
void	addStatement(Statement statement) Adds a Statement element to this assertion.
protected void	clearSignature() Removes any exisiting XML-DSIG Signature elements from this message.
Advice	getAdvice() Returns additional information for processing this assertion.
java.util.List	getAttributeStatements() Returns a List containing the AttributeStatement elements present in this assertion.
java.util.List	getAuthnStatements() Returns a List containing the AuthnStatement elements present in this assertion.
java.util.List	getAuthzDecisionStatements() Returns a List containing the AuthzDecisionStatement elements present in this assertion.
Conditions	getConditions() Returns the conditions associated with this assertion.
java.lang.String	getID() Returns the identifier attribute for this Assertion.
java.util.Date	getIssueInstant() Returns the time instant of issuance of this assertion.
Issuer	getIssuer() Returns the name of the issuer Assertion.
XSSignature	getSignature() Returns the XML Signature child element from this SAMLMessage element.
Subject	getSubject() Returns the subject of this assertion.
java.lang.String	getVersion() Returns the version of this Assertion message.
boolean	isSigned() Indicates if this element was signed.
void	setAdvice(Advice advice) Sets the additional advice that should be considered when validating this assertion.
void	setConditions(Conditions conditions) Sets the conditions that must be taken into account when validating this assertion.
void	setID(java.lang.String assertionID) Sets the identifier attribute for this Assertion object.
void	setIssueInstant(java.util.Date issueInstant) Sets the time instant of issuance of this assertion in UTC time.
void	setIssuer(NameID issuer) Sets the issuer of this Assertion.
void	setSubject(Subject subject) Sets the Subject of this assertion.
void	setVersion(java.lang.String ver) Sets the Version of this Assertion message.
void	sign(java.security.PrivateKey privateKey, java.security.cert.X509Certificate cert) Signs this SAMLMessage with the given private key, and includes the given certificate in the KeyInfo child element of the resulting XML-DSIG Signature element.
void	sign(java.security.PrivateKey privateKey, java.security.cert.X509Certificate cert, java.lang.String c14nMethod) Signs this SAMLMessage with the given private key, and includes the given certificate in the KeyInfo child element of the resulting XML-DSIG Signature element.
boolean	verify() Verifies the signature using a key obtained either from the KeyInfo element (if any is present) or via the oracle.security.xmlsec.keys.retrieval.KeyRetriever mechanism.
boolean	verify(java.security.PublicKey publicKey) Verifies the signature with the given public key.

Methods inherited from class oracle.security.xmlsec.util.XMLElement

addNSPrefixAttr, addNSPrefixAttr, addNSPrefixAttrDefault, addNSPrefixAttrDefault, getAttribute, getAttributeNode, getAttributeNodeNS, getAttributeNS, getChildElementsByTagName, getChildElementsByTagName, getChildElementsByTagNameNS, getChildElementsByTagNameNS, getDefaultNSPrefix, getElement, getElementsByTagName, getElementsByTagNameNS, getTagName, hasAttribute, hasAttributeNS, removeAttribute, removeAttributeNode, removeAttributeNS, setAttribute, setAttributeNode, setAttributeNodeNS, setAttributeNS, setDefaultNSPrefix

Methods inherited from class oracle.security.xmlsec.util.XMLNode

appendChild, appendChild, appendTo, cloneNode, getAttributes, getChildNodes, getFirstChild, getLastChild, getLocalName, getNamespaceURI, getNextSibling, getNode, getNodeName, getNodeType, getNodeValue, getOwnerDocument, getParentNode, getPrefix, getPreviousSibling, getSystemId, hasAttributes, hasChildNodes, insertBefore, insertBefore, isSupported, normalize, removeChild, removeChild, replaceChild, replaceChild, setNodeValue, setPrefix, setSystemId, toBytesXML, toStringXML

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

VERSION

protected static java.lang.String VERSION

Constructor Detail

Assertion

public Assertion(org.w3c.dom.Element element)
          throws org.w3c.dom.DOMException

Creates a new Assertion instance from the given Element node.

Parameters:

element - An Assertion element.

Throws:

org.w3c.dom.DOMException

Assertion

public Assertion(org.w3c.dom.Element element,
                 java.lang.String systemId)
          throws org.w3c.dom.DOMException

Creates a new Assertion instance from the given Element node.

Parameters:

element - An Assertion element.

systemId - The URI string system ID for the Assertion.

Throws:

org.w3c.dom.DOMException

Assertion

public Assertion(org.w3c.dom.Document owner)
          throws org.w3c.dom.DOMException

Creates a new Assertion instance.

Parameters:

owner - The owner document of the new Assertion.

Throws:

org.w3c.dom.DOMException

Assertion

protected Assertion(org.w3c.dom.Document owner,
                    java.lang.String nsURI,
                    java.lang.String localName)
             throws org.w3c.dom.DOMException

Creates a new Assertion instance. This constructor is for use in subclass for extension of the Assertion element.

Parameters:

owner - The owner document of the new Assertion.

nsURI - The namespace URI in which the new Assertion is to be created.

localName - The localName of the element represented by the class that extends this class.

Throws:

org.w3c.dom.DOMException

Method Detail

setVersion

public void setVersion(java.lang.String ver)

Sets the Version of this Assertion message.

Parameters:

ver - The version number String.

getVersion

public java.lang.String getVersion()

Returns the version of this Assertion message.

Returns:

The version String null if none has been set.

setID

public void setID(java.lang.String assertionID)

Sets the identifier attribute for this Assertion object.

Parameters:

assertionID - A unique String value.

getID

public java.lang.String getID()

Returns the identifier attribute for this Assertion.

Returns:

The identifier String or null if none has been set.

setIssueInstant

public void setIssueInstant(java.util.Date issueInstant)

Sets the time instant of issuance of this assertion in UTC time.

Parameters:

issueInstant - The Date object representing the issue time.

getIssueInstant

public java.util.Date getIssueInstant()

Returns the time instant of issuance of this assertion.

Returns:

A Date object representing the issue time or null if none has been set.

setIssuer

public void setIssuer(NameID issuer)

Sets the issuer of this Assertion.

Parameters:

issuer - The name of the issuer.

getIssuer

public Issuer getIssuer()

Returns the name of the issuer Assertion.

Returns:

The name of the issuer or null if none has been set.

setSubject

public void setSubject(Subject subject)

Sets the Subject of this assertion.

Parameters:

subject - A Subject object.

getSubject

public Subject getSubject()

Returns the subject of this assertion.

Returns:

A Subject object or null if none has been set.

setConditions

public void setConditions(Conditions conditions)

Sets the conditions that must be taken into account when validating this assertion.

Parameters:

conditions - A Conditions object containing a collection of condition's.

getConditions

public Conditions getConditions()

Returns the conditions associated with this assertion.

Returns:

A Conditions object containing a set of Condition objects or null if none has been set.

setAdvice

public void setAdvice(Advice advice)

Sets the additional advice that should be considered when validating this assertion.

Parameters:

advice - An Advice object that contains additional information for this assertion.

getAdvice

public Advice getAdvice()

Returns additional information for processing this assertion.

Returns:

An Advice object or null if none has been set.

addStatement

public void addStatement(Statement statement)

Adds a Statement element to this assertion.

Parameters:

statement - The Statement to add.

getAuthnStatements

public java.util.List getAuthnStatements()

Returns a List containing the AuthnStatement elements present in this assertion.

Returns:

A List object of AuthnStatement objects or an empty List.

getAuthzDecisionStatements

public java.util.List getAuthzDecisionStatements()

Returns a List containing the AuthzDecisionStatement elements present in this assertion.

Returns:

A List object of AuthzDecisionStatement objects or an empty List.

getAttributeStatements

public java.util.List getAttributeStatements()

Returns a List containing the AttributeStatement elements present in this assertion.

Returns:

A List object of AttributeStatement objects or an empty List.

getSignature

public XSSignature getSignature()

Returns the XML Signature child element from this SAMLMessage element.

Returns:

A XSSignature object or null if no signature is present.

isSigned

public boolean isSigned()

Indicates if this element was signed.

Returns:

true if a signature is present, false otherwise.

sign

public void sign(java.security.PrivateKey privateKey,
                 java.security.cert.X509Certificate cert)
          throws SigningException

Signs this SAMLMessage with the given private key, and includes the given certificate in the KeyInfo child element of the resulting XML-DSIG Signature element. The default canonicalization method is XML-EXCLUSIVE-C14N.

Parameters:

privateKey - The private key to use for the signature computation.

cert - The X509 certificate corresponding to the private key.

Throws:

SigningException

sign

public void sign(java.security.PrivateKey privateKey,
                 java.security.cert.X509Certificate cert,
                 java.lang.String c14nMethod)
          throws SigningException

Signs this SAMLMessage with the given private key, and includes the given certificate in the KeyInfo child element of the resulting XML-DSIG Signature element.

Parameters:

privateKey - The private key to use for the signature computation.

cert - The X509 certificate corresponding to the private key.

c14nMethod - The URI identifying the canonicalization method to be applied to the SignedInfo structure.

Throws:

SigningException

addSignature

public XSSignature addSignature(java.lang.String signatureMethod,
                                java.lang.String c14nMethod)

Creates a new XML-DSIG Signature element and inserts it into this message, replacing any exisiting XML-DSIG Signature element. The default message digest algorithm is SHA-1.

Note: This method does not compute the SignatureValue or create a KeyInfo child element for the Signature element so, at a minimum, one of the sign() methods must be invoked on the returned XSSignature object.

This method is intended for use by developers who need to customize the Signature element (e.g., add custom Transform elements) the computation of the SignatureValue (e.g., using an HMAC signature algorithm) or the KeyInfo element. For most developers, either the #sign(PrivateKey, X509) or #sign(PrivateKey, X509, String) method should be sufficient.

If the ID attribute is not set, the entire document will be signed and a XPath Transform will be added to ensure that only the saml:Assertion element is signed.

Parameters:

signatureMethod - The value of the Algorithm attribute of the SignatureMethod element contained within the new Signature element's SignedInfo child element (e.g., oracle.security.xmlsec.util.XMLURI.alg_rsaWithSHA1).

c14nMethod - The value of the Algorithm attribute of the CanonicalizationMethod element contained within the new Signature element's SignedInfo child element (e.g., oracle.security.xmlsec.util.XMLURI.alg_c14nWithComments).

Returns:

The new oracle.security.xmlsec.dsig.XSSignature object.

addSignature

public XSSignature addSignature(java.lang.String signatureMethod,
                                java.lang.String c14nMethod,
                                java.lang.String digestMethod)

Creates a new XML-DSIG Signature element and inserts it into this message, replacing any exisiting XML-DSIG Signature element.

Note: This method does not compute the SignatureValue or create a KeyInfo child element for the Signature element so, at a minimum, one of the sign() methods must be invoked on the returned XSSignature object.

This method is intended for use by developers who need to customize the Signature element (e.g., add custom Transform elements) the computation of the SignatureValue (e.g., using an HMAC signature algorithm) or the KeyInfo element. For most developers, either the #sign(PrivateKey, X509) or #sign(PrivateKey, X509, String) method should be sufficient.

If the ID attribute is not set, the entire document will be signed and a XPath Transform will be added to ensure that only the saml:Assertion element is signed.

Parameters:

signatureMethod - The value of the Algorithm attribute of the SignatureMethod element contained within the new Signature element's SignedInfo child element (e.g., oracle.security.xmlsec.util.XMLURI.alg_rsaWithSHA1).

c14nMethod - The value of the Algorithm attribute of the CanonicalizationMethod element contained within the new Signature element's SignedInfo child element (e.g., oracle.security.xmlsec.util.XMLURI.alg_c14nWithComments).

digestMethod - The value of the Algorithm attribute of the DigestMethod element contained within the new Signature element's Reference child element (e.g., oracle.security.xmlsec.util.XMLURI.alg_sha1).

Returns:

The new oracle.security.xmlsec.dsig.XSSignature object.

verify

public boolean verify()
               throws VerifyException

Verifies the signature using a key obtained either from the KeyInfo element (if any is present) or via the oracle.security.xmlsec.keys.retrieval.KeyRetriever mechanism. Any Manifests referenced by the signature will be validated.

Returns:

true if the verification succeeded, or false if the verification failed.

Throws:

VerifyException - If an error occurs while verifying the signature, or if no signature is present in this message.

verify

public boolean verify(java.security.PublicKey publicKey)
               throws VerifyException

Verifies the signature with the given public key. Any Manifests referenced by the signature will be validated.

Parameters:

publicKey - The public key used for verifying the signature.

Returns:

true if the verification succeeded, or false if the verification failed.

Throws:

VerifyException - If an error occurs while verifying the signature, or if no signature is present in this message.

clearSignature

protected void clearSignature()

Removes any exisiting XML-DSIG Signature elements from this message.