001: /*
002: * The contents of this file are subject to the terms
003: * of the Common Development and Distribution License
004: * (the License). You may not use this file except in
005: * compliance with the License.
006: *
007: * You can obtain a copy of the license at
008: * https://glassfish.dev.java.net/public/CDDLv1.0.html.
009: * See the License for the specific language governing
010: * permissions and limitations under the License.
011: *
012: * When distributing Covered Code, include this CDDL
013: * Header Notice in each file and include the License file
014: * at https://glassfish.dev.java.net/public/CDDLv1.0.html.
015: * If applicable, add the following below the CDDL Header,
016: * with the fields enclosed by brackets [] replaced by
017: * you own identifying information:
018: * "Portions Copyrighted [year] [name of copyright owner]"
019: *
020: * Copyright 2006 Sun Microsystems Inc. All Rights Reserved
021: */
022:
023: /*
024: * SAMLAssertionFactory.java
025: *
026: * Created on August 18, 2005, 11:46 AM
027: *
028: * To change this template, choose Tools | Options and locate the template under
029: * the Source Creation and Management node. Right-click the template and choose
030: * Open. You can then make changes to the template in the Source Editor.
031: */
032:
033: package com.sun.xml.wss.saml;
034:
035: import com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo;
036: import com.sun.xml.wss.XWSSecurityException;
037: import java.util.GregorianCalendar;
038: import java.util.List;
039: import javax.xml.namespace.QName;
040: import org.w3c.dom.Element;
041: import com.sun.xml.wss.saml.impl.SAMLAssertion2_1FactoryImpl;
042: import com.sun.xml.wss.saml.impl.SAMLAssertion2_2FactoryImpl;
043: import com.sun.xml.wss.saml.impl.SAMLAssertion1_1FactoryImpl;
044: import javax.xml.stream.XMLStreamReader;
045:
046: /**
047: *
048: * @author abhijit.das@Sun.com
049: */
050: public abstract class SAMLAssertionFactory {
051:
052: /**
053: * SAML Version 1.1 & SAML Version 2.0
054: */
055: public static final String SAML1_1 = "Saml1.1";
056: public static final String SAML2_0 = "Saml2.0";
057: public static String SAML_VER_CHECK = null;
058:
059: protected SAMLAssertionFactory() {
060: //do nothing
061: }
062:
063: /**
064: *
065: * Create an instance of SAMLAssertionFactory.
066: *
067: * @param samlVersion A String representing the saml version. Possible values {SAMLAssertionFactory.SAML1_1} & {SAMLAssertionFactory.SAML2_0}
068: */
069: public static SAMLAssertionFactory newInstance(String samlVersion)
070: throws XWSSecurityException {
071: if (samlVersion.intern() == SAML1_1) {
072: SAML_VER_CHECK = SAML1_1;
073: if (System.getProperty("com.sun.xml.wss.saml.binding.jaxb") != null)
074: return new SAMLAssertion1_1FactoryImpl();
075: return new SAMLAssertion2_1FactoryImpl();
076: } else if (samlVersion.intern() == SAML2_0
077: && System
078: .getProperty("com.sun.xml.wss.saml.binding.jaxb") == null) {
079: SAML_VER_CHECK = SAML2_0;
080: return new SAMLAssertion2_2FactoryImpl();
081: } else {
082: throw new XWSSecurityException("Unsupported SAML Version");
083: }
084: }
085:
086: /**
087: * Creates an <code>Action</code> element.
088: * @param namespace The attribute "namespace" of
089: * <code>Action</code> element
090: * @param action A String representing an action
091: */
092: public abstract Action createAction(String action, String namespace);
093:
094: /**
095: * Creates an <code>Advice</code> element.
096: * @param assertionidreference A List of <code>AssertionIDReference</code>.
097: * @param assertion A List of Assertion
098: * @param otherelement A List of any element defined as
099: */
100: public abstract Advice createAdvice(List assertionidreference,
101: List assertion, List otherelement);
102:
103: /**
104: * Creates an <code>AnyType</code> element if the System property "com.sun.xml.wss.saml.binding.jaxb"
105: * is set. Otherwise returns null.
106: */
107: public abstract AnyType createAnyType();
108:
109: /**
110: * Creates and return an Assertion from the data members: the
111: * <code>assertionID</code>, the issuer, time when assertion issued,
112: * the conditions when creating a new assertion , <code>Advice</code>
113: * applicable to this <code>Assertion</code> and a set of
114: * <code>Statement</code>(s) in the assertion.
115: *
116: * @param assertionID <code>AssertionID</code> object contained within this
117: * <code>Assertion</code> if null its generated internally.
118: * @param issuer The issuer of this assertion.
119: * @param issueInstant Time instant of the issue. It has type
120: * <code>dateTime</code> which is built in to the W3C XML Schema
121: * Types specification. if null, current time is used.
122: * @param conditions <code>Conditions</code> under which the this
123: * <code>Assertion</code> is valid.
124: * @param advice <code>Advice</code> applicable for this
125: * <code>Assertion</code>.
126: * @param statements List of <code>Statement</code> objects within this
127: * <code>Assertion</code>. It could be of type
128: * <code>AuthenticationStatement</code>,
129: * <code>AuthorizationDecisionStatement</code> and
130: * <code>AttributeStatement</code>. Each Assertion can have
131: * multiple type of statements in it.
132: * @exception SAMLException if there is an error in processing input.
133: */
134: public abstract Assertion createAssertion(String assertionID,
135: java.lang.String issuer, GregorianCalendar issueInstant,
136: Conditions conditions, Advice advice, List statements)
137: throws SAMLException;
138:
139: public abstract Assertion createAssertion(String ID, NameID issuer,
140: GregorianCalendar issueInstant, Conditions conditions,
141: Advice advice, Subject subject, List statements)
142: throws SAMLException;
143:
144: /**
145: * Creates and returns an <code>Assertion</code> object from the given SAML <code>org.w3c.dom.Element</code>.
146: *
147: * @param element A <code>org.w3c.dom.Element</code> representing
148: * DOM tree for <code>Assertion</code> object
149: * @exception SAMLException if it could not process the Element properly,
150: * implying that there is an error in the sender or in the
151: * element definition.
152: */
153: public abstract Assertion createAssertion(
154: org.w3c.dom.Element element) throws SAMLException;
155:
156: /**
157: * Creates and returns an <code>Assertion</code> object from the given SAML <code>XMLStreamReader</code>.
158: *
159: * @param reader An <code>XMLStreamReader</code> representing
160: * the tree for an <code>Assertion</code> object
161: * @exception SAMLException if it could not process the Element properly,
162: * implying that there is an error in the sender or in the
163: * element definition.
164: */
165: public abstract Assertion createAssertion(XMLStreamReader reader)
166: throws SAMLException;
167:
168: /**
169: * Creates and returns an <code>AssertionIDReference</code> object. AssertionID
170: * will be generated automatically.
171: *
172: * @return null if the system property "com.sun.xml.wss.saml.binding.jaxb" is not set
173: * otherwise returns AssertionIDReference.
174: */
175: public abstract AssertionIDReference createAssertionIDReference();
176:
177: public abstract AssertionIDRef createAssertionIDRef();
178:
179: /**
180: * Creates and returns an <code>AssertionIDReference</code> object.
181: *
182: * @param id <code>String</code> of an AssertionID
183: *
184: * @return null if the system property "com.sun.xml.wss.saml.binding.jaxb" is not set
185: * otherwise returns AssertionIDReference.
186: */
187: public abstract AssertionIDReference createAssertionIDReference(
188: String id);
189:
190: public abstract AssertionIDRef createAssertionIDRef(String id);
191:
192: /**
193: * Constructs an instance of <code>Attribute</code>.
194: *
195: * @param name A String representing <code>AttributeName</code> (the name
196: * of the attribute).
197: * @param nameSpace A String representing the namespace in which
198: * <code>AttributeName</code> elements are interpreted.
199: * @param values A List representing the <code>AttributeValue</code> object.
200: */
201: public abstract Attribute createAttribute(String name,
202: String nameSpace, List values);
203:
204: public abstract Attribute createAttribute(String name, List values);
205:
206: /**
207: * Constructs an instance of <code>AttributeDesignator</code>.
208: *
209: * @param name the name of the attribute.
210: * @param nameSpace the namespace in which <code>AttributeName</code>
211: * elements are interpreted.
212: */
213: public abstract AttributeDesignator createAttributeDesignator(
214: String name, String nameSpace);
215:
216: /**
217: *
218: * Constructs an instance of <code>AttributeStatement</code>.
219: * @param subj SAML Subject
220: * @param attr List of attributes
221: */
222: public abstract AttributeStatement createAttributeStatement(
223: Subject subj, List attr);
224:
225: public abstract AttributeStatement createAttributeStatement(
226: List attr);
227:
228: /**
229: * Constructs an instance of <code>AudienceRestrictionCondition</code>.
230: * It takes in a <code>List</code> of audience for this
231: * condition, each of them being a String.
232: * @param audience A List of audience to be included within this condition
233: */
234: public abstract AudienceRestrictionCondition createAudienceRestrictionCondition(
235: List audience);
236:
237: public abstract AudienceRestriction createAudienceRestriction(
238: List audience);
239:
240: /**
241: * Constructs an instance of <code>AuthenticationStatement</code>.
242: *
243: * @param authMethod (optional) A String specifies the type of authentication
244: * that took place. Pass <b>null</b> if not required.
245: * @param authInstant (optional) A GregorianCalendar object specifing the time at which the
246: * authentication that took place. Pass null if not required.
247: * @param subject (required) A Subject object
248: * @param subjectLocality (optional) A <code>SubjectLocality</code> object. Pass <b>null</b> if not required.
249: * @param authorityBinding (optional) A List of <code>AuthorityBinding</code>. Pass <b>null</b> if not required.
250: * objects.
251: */
252: public abstract AuthenticationStatement createAuthenticationStatement(
253: String authMethod, GregorianCalendar authInstant,
254: Subject subject, SubjectLocality subjectLocality,
255: List authorityBinding);
256:
257: public abstract AuthnStatement createAuthnStatement(
258: GregorianCalendar authInstant,
259: SubjectLocality subjectLocality, AuthnContext authnContext);
260:
261: /**
262: *Constructs an instance of <code>AuthorityBinding</code>.
263: *@param authKind A QName representing the type of SAML protocol queries
264: * to which the authority described by this element will
265: * respond.
266: *@param location A String representing a URI reference describing how to locate and communicate with the
267: * authority.
268: *@param binding A String representing a URI reference identifying the SAML
269: * protocol binding to use in communicating with the authority.
270: */
271: public abstract AuthorityBinding createAuthorityBinding(
272: QName authKind, String location, String binding);
273:
274: public abstract AuthnContext createAuthnContext();
275:
276: /**
277: * Constructs an instance of <code>AuthorizationDecisionStatement</code>.
278: *
279: * @param subject (required) A Subject object
280: * @param resource (required) A String identifying the resource to which
281: * access authorization is sought.
282: * @param decision (required) The decision rendered by the issuer with
283: * respect to the specified resource.
284: * @param action (required) A List of Action objects specifying the set of
285: * actions authorized to be performed on the specified resource.
286: * @param evidence (optional) An Evidence object representing a set of
287: * assertions that the issuer replied on in making decisions.
288: */
289: public abstract AuthorizationDecisionStatement createAuthorizationDecisionStatement(
290: Subject subject, String resource, String decision,
291: List action, Evidence evidence);
292:
293: public abstract AuthnDecisionStatement createAuthnDecisionStatement(
294: String resource, String decision, List action,
295: Evidence evidence);
296:
297: /**
298: * Constructs an instance of default <code>Conditions</code> object.
299: */
300: public abstract Conditions createConditions();
301:
302: /**
303: * Constructs an instance of <code>Conditions</code>.
304: *
305: * @param notBefore specifies the earliest time instant at which the
306: * assertion is valid.
307: * @param notOnOrAfter specifies the time instant at which the assertion
308: * has expired.
309: * @param condition
310: * @param arc the <code>AudienceRestrictionCondition</code> to be
311: * added. Can be null, if no audience restriction.
312: * @param doNotCacheCnd
313: */
314: public abstract Conditions createConditions(
315: GregorianCalendar notBefore,
316: GregorianCalendar notOnOrAfter, List condition, List arc,
317: List doNotCacheCnd);
318:
319: public abstract Conditions createConditions(
320: GregorianCalendar notBefore,
321: GregorianCalendar notOnOrAfter, List condition, List ar,
322: List oneTimeUse, List proxyRestriction);
323:
324: /**
325: * Constructs an instance of <code>DoNotCacheCondition</code>
326: */
327: public abstract DoNotCacheCondition createDoNotCacheCondition();
328:
329: public abstract OneTimeUse createOneTimeUse();
330:
331: /**
332: * Constructs an Evidence from a List of <code>Assertion</code> and
333: * <code>AssertionIDReference</code> objects.
334: *
335: * @param assertionIDRef List of <code>AssertionIDReference</code> objects.
336: * @param assertion List of <code>Assertion</code> objects.
337: */
338: public abstract Evidence createEvidence(List assertionIDRef,
339: List assertion);
340:
341: /**
342: * Constructs a <code>NameQualifier</code> instance.
343: *
344: * @param name The string representing the name of the Subject
345: * @param nameQualifier The security or administrative domain that qualifies
346: * the name of the <code>Subject</code>. This is optional could be
347: * null.
348: * @param format The syntax used to describe the name of the
349: * <code>Subject</code>. This optional, could be null.
350: */
351: public abstract NameIdentifier createNameIdentifier(String name,
352: String nameQualifier, String format);
353:
354: public abstract NameID createNameID(String name,
355: String nameQualifier, String format);
356:
357: /**
358: * Constructs a Subject object from a <code>NameIdentifier</code>
359: * object and a <code>SubjectConfirmation</code> object.
360: *
361: * @param nameIdentifier <code>NameIdentifier</code> object.
362: * @param subjectConfirmation <code>SubjectConfirmation</code> object.
363: */
364: public abstract Subject createSubject(
365: NameIdentifier nameIdentifier,
366: SubjectConfirmation subjectConfirmation);
367:
368: public abstract Subject createSubject(NameID nameID,
369: SubjectConfirmation subjectConfirmation);
370:
371: /**
372: * Creates and returns a <code>SubjectConfirmation</code> object.
373: *
374: * @param confirmationMethod A URI (String) that identifies a protocol used
375: * to authenticate a <code>Subject</code>. Please refer to
376: * <code>draft-sstc-core-25</code> Section 7 for a list of URIs
377: * identifying common authentication protocols.
378: */
379: public abstract SubjectConfirmation createSubjectConfirmation(
380: String confirmationMethod);
381:
382: public abstract SubjectConfirmation createSubjectConfirmation(
383: NameID nameID, String method);
384:
385: public abstract SubjectConfirmation createSubjectConfirmation(
386: List confirmationMethods, SubjectConfirmationData scd,
387: KeyInfo keyInfo) throws SAMLException;
388:
389: /**
390: * Constructs a <code>SubjectConfirmation</code> instance.
391: *
392: * @param confirmationMethods A list of <code>confirmationMethods</code>
393: * each of which is a URI (String) that identifies a protocol
394: * used to authenticate a <code>Subject</code>. Please refer to
395: * <code>draft-sstc-core-25</code> Section 7 for
396: * a list of URIs identifying common authentication protocols.
397: * @param subjectConfirmationData Additional authentication information to
398: * be used by a specific authentication protocol. Can be passed as
399: * null if there is no <code>subjectConfirmationData</code> for the
400: * <code>SubjectConfirmation</code> object.
401: * @param keyInfo An XML signature element that specifies a cryptographic
402: * key held by the <code>Subject</code>.
403: */
404: public abstract SubjectConfirmation createSubjectConfirmation(
405: List confirmationMethods, Element subjectConfirmationData,
406: Element keyInfo) throws SAMLException;
407:
408: public abstract SubjectConfirmation createSubjectConfirmation(
409: NameID nameID,
410: SubjectConfirmationData subjectConfirmationData,
411: String confirmationMethod) throws SAMLException;
412:
413: public abstract SubjectConfirmation createSubjectConfirmation(
414: NameID nameID,
415: KeyInfoConfirmationData keyInfoConfirmationData,
416: String confirmationMethod) throws SAMLException;
417:
418: public abstract SubjectConfirmationData createSubjectConfirmationData(
419: String address, String inResponseTo,
420: GregorianCalendar notBefore,
421: GregorianCalendar notOnOrAfter, String recipient,
422: Element keyInfo) throws SAMLException;
423:
424: public abstract SubjectConfirmationData createSubjectConfirmationData(
425: String address, String inResponseTo,
426: GregorianCalendar notBefore,
427: GregorianCalendar notOnOrAfter, String recipient,
428: KeyInfo keyInfo) throws SAMLException;
429:
430: public abstract KeyInfoConfirmationData createKeyInfoConfirmationData(
431: Element keyInfo) throws SAMLException;
432:
433: /**
434: * Constructs a <code>SubjectLocality</code> instance.
435: */
436: public abstract SubjectLocality createSubjectLocality();
437:
438: /**
439: * Constructs an instance of <code>SubjectLocality</code>.
440: *
441: * @param ipAddress String representing the IP Address of the entity
442: * that was authenticated.
443: * @param dnsAddress String representing the DNS Address of the entity that
444: * was authenticated. As per SAML specification they are both
445: * optional, so values can be null.
446: */
447: public abstract SubjectLocality createSubjectLocality(
448: String ipAddress, String dnsAddress);
449: }
|