import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
        throws UnmarshallingException {
    LogoutRequest req = (LogoutRequest) parentSAMLObject;

    if (childSAMLObject instanceof BaseID) {
        req.setBaseID((BaseID) childSAMLObject);
    } else if (childSAMLObject instanceof NameID) {
        req.setNameID((NameID) childSAMLObject);
    } else if (childSAMLObject instanceof EncryptedID) {
        req.setEncryptedID((EncryptedID) childSAMLObject);
    } else if (childSAMLObject instanceof SessionIndex) {
        req.getSessionIndexes().add((SessionIndex) childSAMLObject);
    } else {
        super.processChildElement(parentSAMLObject, childSAMLObject);
    }
}
 

import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
protected LogoutRequest buildLogoutRequest(String user, String sessionIdx) throws SSOAgentException {

        LogoutRequest logoutReq = new LogoutRequestBuilder().buildObject();

        logoutReq.setID(SSOAgentUtils.createID());
        logoutReq.setDestination(ssoAgentConfig.getSAML2().getIdPURL());

        DateTime issueInstant = new DateTime();
        logoutReq.setIssueInstant(issueInstant);
        logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));

        IssuerBuilder issuerBuilder = new IssuerBuilder();
        Issuer issuer = issuerBuilder.buildObject();
        issuer.setValue(ssoAgentConfig.getSAML2().getSPEntityId());
        logoutReq.setIssuer(issuer);

        NameID nameId = new NameIDBuilder().buildObject();
        nameId.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
        nameId.setValue(user);
        logoutReq.setNameID(nameId);

        SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
        sessionIndex.setSessionIndex(sessionIdx);
        logoutReq.getSessionIndexes().add(sessionIndex);

        logoutReq.setReason("Single Logout");

        return logoutReq;
    }
 

import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
/** {@inheritDoc} */
public void testChildElementsMarshall() {
    QName qname = new QName(SAMLConstants.SAML20P_NS, LogoutRequest.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
    LogoutRequest req = (LogoutRequest) buildXMLObject(qname);
    
    super.populateChildElements(req);
    
    QName nameIDQName = new QName(SAMLConstants.SAML20_NS, NameID.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20_PREFIX);
    req.setNameID((NameID) buildXMLObject(nameIDQName));
    
    QName sessionIndexQName = new QName(SAMLConstants.SAML20P_NS, SessionIndex.DEFAULT_ELEMENT_LOCAL_NAME, SAMLConstants.SAML20P_PREFIX);
    for (int i=0; i<expectedNumSessionIndexes; i++){
        req.getSessionIndexes().add((SessionIndex) buildXMLObject(sessionIndexQName));
    }
    
    assertEquals(expectedChildElementsDOM, req);
}
 

import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
/**
 * Gets the source location used to for the artifacts created by this encoder.
 * 
 * @param requestContext current request context
 * 
 * @return source location used to for the artifacts created by this encoder
 */
protected Endpoint getAcsEndpoint(SAMLMessageContext<SAMLObject, SAMLObject, NameID> requestContext) {
    BasicEndpointSelector selector = new BasicEndpointSelector();
    selector.setEndpointType(ArtifactResolutionService.DEFAULT_ELEMENT_NAME);
    selector.getSupportedIssuerBindings().add(SAMLConstants.SAML2_SOAP11_BINDING_URI);
    selector.setMetadataProvider(requestContext.getMetadataProvider());
    selector.setEntityMetadata(requestContext.getLocalEntityMetadata());
    selector.setEntityRoleMetadata(requestContext.getLocalEntityRoleMetadata());

    Endpoint acsEndpoint = selector.selectEndpoint();

    if (acsEndpoint == null) {
        log.error("No artifact resolution service endpoint defined for the entity "
                + requestContext.getOutboundMessageIssuer());
        return null;
    }

    return acsEndpoint;
}
 

import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
        throws UnmarshallingException {
    ManageNameIDRequest req = (ManageNameIDRequest) parentSAMLObject;

    if (childSAMLObject instanceof NameID) {
        req.setNameID((NameID) childSAMLObject);
    } else if (childSAMLObject instanceof EncryptedID) {
        req.setEncryptedID((EncryptedID) childSAMLObject);
    } else if (childSAMLObject instanceof NewID) {
        req.setNewID((NewID) childSAMLObject);
    } else if (childSAMLObject instanceof NewEncryptedID) {
        req.setNewEncryptedID((NewEncryptedID) childSAMLObject);
    } else if (childSAMLObject instanceof Terminate) {
        req.setTerminate((Terminate) childSAMLObject);
    } else {
        super.processChildElement(parentSAMLObject, childSAMLObject);
    }
}
 

import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
        throws UnmarshallingException {
    NameIDMappingRequest req = (NameIDMappingRequest) parentSAMLObject;

    if (childSAMLObject instanceof BaseID) {
        req.setBaseID((BaseID) childSAMLObject);
    } else if (childSAMLObject instanceof NameID) {
        req.setNameID((NameID) childSAMLObject);
    } else if (childSAMLObject instanceof EncryptedID) {
        req.setEncryptedID((EncryptedID) childSAMLObject);
    } else if (childSAMLObject instanceof NameIDPolicy) {
        req.setNameIDPolicy((NameIDPolicy) childSAMLObject);
    } else {
        super.processChildElement(parentSAMLObject, childSAMLObject);
    }
}
 

import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentObject, XMLObject childObject) throws UnmarshallingException {
    Subject subject = (Subject) parentObject;

    if (childObject instanceof BaseID) {
        subject.setBaseID((BaseID) childObject);
    } else if (childObject instanceof NameID) {
        subject.setNameID((NameID) childObject);
    } else if (childObject instanceof EncryptedID) {
        subject.setEncryptedID((EncryptedID) childObject);
    } else if (childObject instanceof SubjectConfirmation) {
        subject.getSubjectConfirmations().add((SubjectConfirmation) childObject);
    } else {
        super.processChildElement(parentObject, childObject);
    }
}
 

import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentObject, XMLObject childObject) throws UnmarshallingException {
    SubjectConfirmation subjectConfirmation = (SubjectConfirmation) parentObject;

    if (childObject instanceof BaseID) {
        subjectConfirmation.setBaseID((BaseID) childObject);
    } else if (childObject instanceof NameID) {
        subjectConfirmation.setNameID((NameID) childObject);
    } else if (childObject instanceof EncryptedID) {
        subjectConfirmation.setEncryptedID((EncryptedID) childObject);
    } else if (childObject instanceof SubjectConfirmationData) {
        subjectConfirmation.setSubjectConfirmationData((SubjectConfirmationData) childObject);
    } else {
        super.processChildElement(parentObject, childObject);
    }
}
 

import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
/** {@inheritDoc} */
protected void marshallAttributes(XMLObject samlObject, Element domElement) throws MarshallingException {
    NameIDType nameID = (NameIDType) samlObject;

    if (nameID.getNameQualifier() != null) {
        domElement.setAttributeNS(null, NameID.NAME_QUALIFIER_ATTRIB_NAME, nameID.getNameQualifier());
    }

    if (nameID.getSPNameQualifier() != null) {
        domElement.setAttributeNS(null, NameID.SP_NAME_QUALIFIER_ATTRIB_NAME, nameID.getSPNameQualifier());
    }

    if (nameID.getFormat() != null) {
        domElement.setAttributeNS(null, NameID.FORMAT_ATTRIB_NAME, nameID.getFormat());
    }

    if (nameID.getSPProvidedID() != null) {
        domElement.setAttributeNS(null, NameID.SPPROVIDED_ID_ATTRIB_NAME, nameID.getSPProvidedID());
    }
}
 

import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
@SuppressWarnings("unchecked")
public LogoutRequest createLogoutRequest(Response resp) {
  LogoutRequest lr = ((SAMLObjectBuilder<LogoutRequest>) 
        _bf.getBuilder(LogoutRequest.DEFAULT_ELEMENT_NAME)).buildObject();
  String uid = UUID.randomUUID().toString();
  
  lr.setID(uid);
  lr.setIssueInstant(new DateTime());
  lr.setVersion(SAMLVersion.VERSION_20);
  lr.setIssuer(getIssuer());
  
  // Get NameID and SessionIndex from first assertion from
  // Authentication Response object
  Assertion asr = resp.getAssertions().get(0);
  NameID nid = ((SAMLObjectBuilder<NameID>) 
      _bf.getBuilder(NameID.DEFAULT_ELEMENT_NAME)).buildObject();
  nid.setValue(asr.getSubject().getNameID().getValue());
  lr.setNameID(nid);
  
  // Set session index(es)
  List<AuthnStatement> ausl = asr.getAuthnStatements();
  if (ausl != null) {
    for (AuthnStatement aus :ausl) {
      SessionIndex sindex = ((SAMLObjectBuilder<SessionIndex>) 
          _bf.getBuilder(SessionIndex.DEFAULT_ELEMENT_NAME)).buildObject();
      sindex.setSessionIndex(aus.getSessionIndex());
      lr.getSessionIndexes().add(sindex);
    }
  }
  
  return lr;
}
 

import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
@Test
public void testAttributes() {
    SAMLCredential samlCredential = mock(SAMLCredential.class);
    NameID nameId = mock(NameID.class);
    when(samlCredential.getNameID()).thenReturn(nameId);
    Attribute attribute = mock(Attribute.class);
    when(attribute.getName()).thenReturn("attr");
    when(samlCredential.getAttributes()).thenReturn(Collections.singletonList(attribute));
    when(samlCredential.getAttribute("attr")).thenReturn(attribute);
    when(samlCredential.getAttributeAsString("attr")).thenReturn("value");
    when(samlCredential.getAttributeAsStringArray("attr")).thenReturn(new String[]{"value"});
    when(nameId.toString()).thenReturn(NameID.UNSPECIFIED);
    SAMLUserDetails details = (SAMLUserDetails) new SimpleSAMLUserDetailsService().loadUserBySAML(samlCredential);
    assertThat(details.getPassword()).isEmpty();
    assertThat(details.isAccountNonExpired()).isTrue();
    assertThat(details.isAccountNonLocked()).isTrue();
    assertThat(details.isCredentialsNonExpired()).isTrue();
    assertThat(details.isEnabled()).isTrue();
    assertThat(details.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsExactly("ROLE_USER");
    assertThat(details.getAttribute("attr")).isEqualTo("value");
    assertThat(details.getAttributeArray("attr")).containsExactly("value");
    assertThat(details.getAttributes()).containsOnlyKeys("attr").containsValue("value");
    assertThat(details.getAttributesArrays()).containsOnlyKeys("attr");
    assertThat(details.getAttributesArrays().get("attr")).containsExactly("value");
}
 

import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
@Test
public void testAttributes() {
    SAMLCredential samlCredential = mock(SAMLCredential.class);
    NameID nameId = mock(NameID.class);
    when(samlCredential.getNameID()).thenReturn(nameId);
    Attribute attribute = mock(Attribute.class);
    when(attribute.getName()).thenReturn("attr");
    when(samlCredential.getAttributes()).thenReturn(Collections.singletonList(attribute));
    when(samlCredential.getAttribute("attr")).thenReturn(attribute);
    when(samlCredential.getAttributeAsString("attr")).thenReturn("value");
    when(samlCredential.getAttributeAsStringArray("attr")).thenReturn(new String[]{"value"});
    when(nameId.toString()).thenReturn(NameID.UNSPECIFIED);
    SAMLUserDetails details = new SAMLUserDetails(samlCredential);
    assertThat(details.getPassword()).isEmpty();
    assertThat(details.isAccountNonExpired()).isTrue();
    assertThat(details.isAccountNonLocked()).isTrue();
    assertThat(details.isCredentialsNonExpired()).isTrue();
    assertThat(details.isEnabled()).isTrue();
    assertThat(details.getAuthorities()).extracting(GrantedAuthority::getAuthority).containsExactly("ROLE_USER");
    assertThat(details.getAttribute("attr")).isEqualTo("value");
    assertThat(details.getAttributeArray("attr")).containsExactly("value");
    assertThat(details.getAttributes()).containsOnlyKeys("attr").containsValue("value");
    assertThat(details.getAttributesArrays()).containsOnlyKeys("attr");
    assertThat(details.getAttributesArrays().get("attr")).containsExactly("value");
}
 

import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
/**
 * Generate a new LogoutRequest.
 * 
 * @param session The session containing the active assertion.
 * @param logoutServiceLocation Destination for the logout request.
 * @param issuerEntityId Entity ID of the issuing entity.
 */
@SuppressWarnings("deprecation")
public static OIOLogoutRequest buildLogoutRequest(HttpSession session, String logoutServiceLocation, String issuerEntityId, SessionHandler handler) {
	LogoutRequest logoutRequest = new LogoutRequestBuilder().buildObject();

	logoutRequest.setID(Utils.generateUUID());
	logoutRequest.setIssueInstant(new DateTime(DateTimeZone.UTC));
	logoutRequest.addNamespace(OIOSAMLConstants.SAML20_NAMESPACE);
	logoutRequest.setDestination(logoutServiceLocation);
	logoutRequest.setReason("urn:oasis:names:tc:SAML:2.0:logout:user");
	logoutRequest.setIssuer(SAMLUtil.createIssuer(issuerEntityId));

	OIOAssertion assertion = handler.getAssertion(session.getId());
	if (assertion != null) {
		NameID nameID = SAMLUtil.createNameID(assertion.getSubjectNameIDValue());
		nameID.setFormat(assertion.getAssertion().getSubject().getNameID().getFormat());
		logoutRequest.setNameID(nameID);
		SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
		logoutRequest.getSessionIndexes().add(sessionIndex);
		sessionIndex.setSessionIndex(assertion.getSessionIndex());
	}

	try {
		if (log.isDebugEnabled()) {
			log.debug("Validate the logoutRequest...");
		}
		logoutRequest.validate(true);
		if (log.isDebugEnabled()) {
			log.debug("...OK");
		}
	} catch (ValidationException e) {
		throw new WrappedException(Layer.CLIENT, e);
	}

	return new OIOLogoutRequest(logoutRequest);
}
 

import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
@Test
public void getSubjectNameIDValue() {
	String expectedValue = "testvalue";

	NameID nameid = new NameIDStubImpl();
	nameid.setValue(expectedValue);

	Subject subject = new SubjectStubImpl();
	subject.setNameID(nameid);

	Assertion localAssertion = new AssertionStubImpl();
	localAssertion.setSubject(subject);

	assertEquals(expectedValue, new OIOAssertion(localAssertion).getSubjectNameIDValue());

	assertEquals("joetest", assertion.getSubjectNameIDValue());
}
 

import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
public static NameID makeEmailFormatName(final String subjectNameId, final String subjectNameIdFormat, final String subjectNameIdQualifier) {
    NameID nameID = (new NameIDBuilder().buildObject());

    if (subjectNameIdFormat.equals("email")) {
        nameID.setFormat(NameIDType.EMAIL);
    } else if (subjectNameIdFormat.equals("unspecified")) {
        nameID.setFormat(NameIDType.UNSPECIFIED);
    } else {
        throw new IllegalArgumentException("subjectNameIdFormat must be 'email' or 'unspecified'.");
    }
    
    if (subjectNameIdQualifier != null) {
        nameID.setNameQualifier(subjectNameIdQualifier);
    }
    
    nameID.setValue(subjectNameId);
    
    return nameID;
}
 

import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
@Before
public void setUp() throws Exception {

  mockWebSSOProfileConsumer = mock( WebSSOProfileConsumer.class );
  mockSAMLMessageStorage =  mock( SAMLMessageStorage.class );
  mockNameID = mock( NameID.class );
  mockAssertion = mock( Assertion.class );

  mockSAMLUserDetailsService = mock( PentahoSamlUserDetailsService.class );

  samlAuthProvider = mock( SAMLAuthenticationProvider.class, CALLS_REAL_METHODS );
  samlAuthProvider.setUserDetails( mockSAMLUserDetailsService );
  samlAuthProvider.setConsumer( mockWebSSOProfileConsumer );
  samlAuthProvider.setSamlLogger( new SAMLEmptyLogger() );
  samlAuthProvider.setForcePrincipalAsString( true ); // TODO
}
 

import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
public static SAMLMessageContext decodeSamlMessage(HttpServletRequest request, HttpServletResponse response) throws Exception {

        SAMLMessageContext<SAMLObject, SAMLObject, NameID> samlMessageContext =
                new BasicSAMLMessageContext<SAMLObject, SAMLObject, NameID>();

        HttpServletRequestAdapter httpServletRequestAdapter =
                new HttpServletRequestAdapter(request);
        samlMessageContext.setInboundMessageTransport(httpServletRequestAdapter);
        samlMessageContext.setInboundSAMLProtocol(SAMLConstants.SAML20P_NS);
        HttpServletResponseAdapter httpServletResponseAdapter =
                new HttpServletResponseAdapter(response, request.isSecure());
        samlMessageContext.setOutboundMessageTransport(httpServletResponseAdapter);
        samlMessageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);

        SecurityPolicyResolver securityPolicyResolver =
                getSecurityPolicyResolver(request.isSecure());

        samlMessageContext.setSecurityPolicyResolver(securityPolicyResolver);
        HTTPPostDecoder samlMessageDecoder = new HTTPPostDecoder();
        samlMessageDecoder.decode(samlMessageContext);
        return samlMessageContext;
    }
 

import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
/**
 * Build the logout request
 *
 * @param subject name of the user
 * @param reason  reason for generating logout request.
 * @return LogoutRequest object
 * @throws Exception
 */
public LogoutRequest buildLogoutRequest(String subject, String reason, String sessionIndexStr) throws Exception {
    log.info("Building logout request");
    Util.doBootstrap();
    LogoutRequest logoutReq = new org.opensaml.saml2.core.impl.LogoutRequestBuilder().buildObject();
    logoutReq.setID(Util.createID());
    logoutReq.setDestination(Util.getIdentityProviderSSOServiceURL());

    DateTime issueInstant = new DateTime();
    logoutReq.setIssueInstant(issueInstant);
    logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));

    IssuerBuilder issuerBuilder = new IssuerBuilder();
    Issuer issuer = issuerBuilder.buildObject();
    issuer.setValue(Util.getServiceProviderId());
    logoutReq.setIssuer(issuer);

    NameID nameId = new NameIDBuilder().buildObject();
    nameId.setFormat(SAML2SSOAuthenticatorConstants.SAML2_NAME_ID_POLICY_TRANSIENT);
    nameId.setValue(subject);
    logoutReq.setNameID(nameId);

    SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
    sessionIndex.setSessionIndex(sessionIndexStr);
    logoutReq.getSessionIndexes().add(sessionIndex);

    logoutReq.setReason(reason);

    Util.setSignature(logoutReq, XMLSignature.ALGO_ID_SIGNATURE_RSA, new SignKeyDataHolder());

    return logoutReq;
}
 

import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
/** {@inheritDoc} */
public SAML2ArtifactType0004 buildArtifact(SAMLMessageContext<SAMLObject, SAMLObject, NameID> requestContext) {
    try {
        IndexedEndpoint acsEndpoint = (IndexedEndpoint) getAcsEndpoint(requestContext);
        byte[] endpointIndex = DatatypeHelper.intToByteArray(acsEndpoint.getIndex());
        byte[] trimmedIndex = new byte[2];
        trimmedIndex[0] = endpointIndex[2];
        trimmedIndex[1] = endpointIndex[3];

        MessageDigest sha1Digester = MessageDigest.getInstance("SHA-1");
        byte[] source = sha1Digester.digest(requestContext.getLocalEntityId().getBytes());

        SecureRandom handleGenerator = SecureRandom.getInstance("SHA1PRNG");
        byte[] assertionHandle;
        assertionHandle = new byte[20];
        handleGenerator.nextBytes(assertionHandle);

        return new SAML2ArtifactType0004(trimmedIndex, source, assertionHandle);
    } catch (NoSuchAlgorithmException e) {
        log.error("JVM does not support required cryptography algorithms: SHA-1/SHA1PRNG.", e);
        throw new InternalError("JVM does not support required cryptography algorithms: SHA-1/SHA1PRNG.");
    }
}
 

import org.opensaml.saml2.core.NameID; //导入依赖的package包/类
/**
 * Gets the source location used to for the artifacts created by this encoder.
 * 
 * @param requestContext current request context
 * 
 * @return source location used to for the artifacts created by this encoder
 */
protected Endpoint getAcsEndpoint(SAMLMessageContext<SAMLObject, SAMLObject, NameID> requestContext) {
    BasicEndpointSelector selector = new BasicEndpointSelector();
    selector.setEndpointType(ArtifactResolutionService.DEFAULT_ELEMENT_NAME);
    selector.getSupportedIssuerBindings().add(SAMLConstants.SAML2_SOAP11_BINDING_URI);
    selector.setMetadataProvider(requestContext.getMetadataProvider());
    selector.setEntityMetadata(requestContext.getLocalEntityMetadata());
    selector.setEntityRoleMetadata(requestContext.getLocalEntityRoleMetadata());

    Endpoint acsEndpoint = selector.selectEndpoint();

    if (acsEndpoint == null) {
        log.error("Unable to select source location for artifact.  No artifact resolution service defined for issuer.");
        return null;
    }

    return acsEndpoint;
}