import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
@Override
protected void prepareResponse(final Response response, final Map<String, Object> model) {
    final Authentication authentication = getAssertionFrom(model).getPrimaryAuthentication();
    final DateTime issuedAt = response.getIssueInstant();
    final Service service = getAssertionFrom(model).getService();

    final Object o = authentication.getAttributes().get(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME);
    final boolean isRemembered = o == Boolean.TRUE && !getAssertionFrom(model).isFromNewLogin();

    // Build up the SAML assertion containing AuthenticationStatement and AttributeStatement
    final Assertion assertion = newSamlObject(Assertion.class);
    assertion.setID(generateId());
    assertion.setIssueInstant(issuedAt);
    assertion.setIssuer(this.issuer);
    assertion.setConditions(newConditions(issuedAt, service.getId()));
    final AuthenticationStatement authnStatement = newAuthenticationStatement(authentication);
    assertion.getAuthenticationStatements().add(authnStatement);
    final Map<String, Object> attributes = authentication.getPrincipal().getAttributes();
    if (!attributes.isEmpty() || isRemembered) {
        assertion.getAttributeStatements().add(
                newAttributeStatement(newSubject(authentication.getPrincipal().getId()), attributes, isRemembered));
    }
    response.setStatus(newStatus(StatusCode.SUCCESS, null));
    response.getAssertions().add(assertion);
}
 

import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
/** {@inheritDoc} */
public SAML1ArtifactType0001 buildArtifact(
        SAMLMessageContext<RequestAbstractType, Response, NameIdentifier> requestContext, Assertion assertion) {
    try {
        MessageDigest sha1Digester = MessageDigest.getInstance("SHA-1");
        byte[] source = sha1Digester.digest(requestContext.getLocalEntityId().getBytes());

        SecureRandom handleGenerator = SecureRandom.getInstance("SHA1PRNG");
        byte[] assertionHandle = new byte[20];
        handleGenerator.nextBytes(assertionHandle);

        return new SAML1ArtifactType0001(source, assertionHandle);
    } catch (NoSuchAlgorithmException e) {
        log.error("JVM does not support required cryptography algorithms.", e);
        throw new InternalError("JVM does not support required cryptography algorithms: SHA-1 and/or SHA1PRNG.");
    }
}
 

import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
/** {@inheritDoc} */
public SAML1ArtifactType0002 buildArtifact(
        SAMLMessageContext<RequestAbstractType, Response, NameIdentifier> requestContext, Assertion assertion) {
    try {
        String sourceLocation = getSourceLocation(requestContext);
        if (sourceLocation == null) {
            return null;
        }

        SecureRandom handleGenerator = SecureRandom.getInstance("SHA1PRNG");
        byte[] assertionHandle = new byte[20];
        handleGenerator.nextBytes(assertionHandle);
        return new SAML1ArtifactType0002(assertionHandle, sourceLocation);
    } catch (NoSuchAlgorithmException e) {
        log.error("JVM does not support required cryptography algorithms: SHA1PRNG.", e);
        throw new InternalError("JVM does not support required cryptography algorithms: SHA1PRNG.");
    }
}
 

import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
        throws UnmarshallingException {

    Assertion assertion = (Assertion) parentSAMLObject;

    if (childSAMLObject instanceof Signature) {
        assertion.setSignature((Signature) childSAMLObject);
    } else if (childSAMLObject instanceof Conditions) {
        assertion.setConditions((Conditions) childSAMLObject);
    } else if (childSAMLObject instanceof Advice) {
        assertion.setAdvice((Advice) childSAMLObject);
    } else if (childSAMLObject instanceof Statement) {
        assertion.getStatements().add((Statement) childSAMLObject);
    } else {
        super.processChildElement(parentSAMLObject, childSAMLObject);
    }
}
 

import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
/** {@inheritDoc} */
protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {

    Assertion assertion = (Assertion) samlObject;

    if (Assertion.ID_ATTRIB_NAME.equals(attribute.getLocalName())) {
        assertion.setID(attribute.getValue());
    } else if (Assertion.ISSUER_ATTRIB_NAME.equals(attribute.getLocalName())) {
        assertion.setIssuer(attribute.getValue());
    } else if (Assertion.ISSUEINSTANT_ATTRIB_NAME.equals(attribute.getLocalName())
            && !DatatypeHelper.isEmpty(attribute.getValue())) {
        assertion.setIssueInstant(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC()));
    } else if (Assertion.MINORVERSION_ATTRIB_NAME.equals(attribute.getLocalName())) {
        if (attribute.getValue().equals("0")) {
            assertion.setVersion(SAMLVersion.VERSION_10);
        } else {
            assertion.setVersion(SAMLVersion.VERSION_11);
        }
    } else {
        super.processAttribute(samlObject, attribute);
    }
}
 

import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
@Override
protected void prepareResponse(final Response response, final Map<String, Object> model) {
    final Authentication authentication = getAssertionFrom(model).getChainedAuthentications().get(0);
    final DateTime issuedAt = response.getIssueInstant();
    final Service service = getAssertionFrom(model).getService();

    final Object o = authentication.getAttributes().get(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME);
    final boolean isRemembered = o == Boolean.TRUE && !getAssertionFrom(model).isFromNewLogin();

    // Build up the SAML assertion containing AuthenticationStatement and AttributeStatement
    final Assertion assertion = newSamlObject(Assertion.class);
    assertion.setID(generateId());
    assertion.setIssueInstant(issuedAt);
    assertion.setIssuer(this.issuer);
    assertion.setConditions(newConditions(issuedAt, service.getId()));
    final AuthenticationStatement authnStatement = newAuthenticationStatement(authentication);
    assertion.getAuthenticationStatements().add(authnStatement);
    final Map<String, Object> attributes = authentication.getPrincipal().getAttributes();
    if (!attributes.isEmpty() || isRemembered) {
        assertion.getAttributeStatements().add(
                newAttributeStatement(newSubject(authentication.getPrincipal().getId()), attributes, isRemembered));
    }
    response.setStatus(newStatus(StatusCode.SUCCESS, null));
    response.getAssertions().add(assertion);
}
 

import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
/**
 * Constructor
 */
public AssertionTest() {
    super();
    expectedID = "ident";
    expectedMinorVersion = 1;
    expectedIssuer = "issuer";
    //
    // IssueInstant="1970-01-02T01:01:02.100Z"
    //
    expectedIssueInstant = new DateTime(1970, 1, 2, 1, 1, 2, 100, ISOChronology.getInstanceUTC());

    singleElementFile = "/data/org/opensaml/saml1/impl/singleAssertion.xml";
    singleElementOptionalAttributesFile = "/data/org/opensaml/saml1/impl/singleAssertionAttributes.xml";
    childElementsFile = "/data/org/opensaml/saml1/impl/AssertionWithChildren.xml";
    qname = Assertion.DEFAULT_ELEMENT_NAME;
}
 

import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
/** {@inheritDoc} */

    public void testSingleElementUnmarshall() {

        Assertion assertion = (Assertion) unmarshallElement(singleElementFile);

        assertNull("Issuer attribute", assertion.getIssuer());
        assertNull("IssueInstant attribute", assertion.getIssueInstant());
        assertNull("ID attribute", assertion.getID());

        assertNull("Conditions element", assertion.getConditions());
        assertNull("Advice element", assertion.getAdvice());
        assertNull("Signature element", assertion.getSignature());

        assertEquals("Statement element count", 0, assertion.getStatements().size());
        assertEquals("AttributeStatements element count", 0, assertion.getAttributeStatements().size());
        assertEquals("SubjectStatements element count", 0, assertion.getSubjectStatements().size());
        assertEquals("AuthenticationStatements element count", 0, assertion.getAuthenticationStatements().size());
        assertEquals("AuthorizationDecisionStatements element count", 0, assertion.getAuthorizationDecisionStatements().size());
    }
 

import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
/** {@inheritDoc} */

    public void testSingleElementOptionalAttributesUnmarshall() {
        Assertion assertion = (Assertion) unmarshallElement(singleElementOptionalAttributesFile);

        assertEquals("Issuer attribute", expectedIssuer, assertion.getIssuer());
        assertEquals("IssueInstant attribute", expectedIssueInstant, assertion.getIssueInstant());
        assertEquals("ID attribute", expectedID, assertion.getID());
        assertEquals("Issuer expectedMinorVersion", expectedMinorVersion, assertion.getMinorVersion());

        assertNull("Conditions element", assertion.getConditions());
        assertNull("Advice element", assertion.getAdvice());
        assertNull("Signature element", assertion.getSignature());

        assertEquals("Statement element count", 0, assertion.getStatements().size());
        assertEquals("AttributeStatements element count", 0, assertion.getAttributeStatements().size());
        assertEquals("SubjectStatements element count", 0, assertion.getSubjectStatements().size());
        assertEquals("AuthenticationStatements element count", 0, assertion.getAuthenticationStatements().size());
        assertEquals("AuthorizationDecisionStatements element count", 0, assertion.getAuthorizationDecisionStatements().size());
    }
 

import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
/**
 * Test an XML file with children
 */

public void testChildElementsUnmarshall() {
    Assertion assertion = (Assertion) unmarshallElement(childElementsFile);

    assertNull("Issuer attribute", assertion.getIssuer());
    assertNull("ID attribute", assertion.getID());
    assertNull("IssueInstant attribute", assertion.getIssueInstant());

    assertNotNull("Conditions element null", assertion.getConditions());
    assertNotNull("Advice element null", assertion.getAdvice());
    assertNull("Signature element", assertion.getSignature());

    assertNotNull("No Authentication Statements", assertion.getAuthenticationStatements());
    assertEquals("AuthenticationStatements element count", 2, assertion.getAuthenticationStatements().size());

    assertNotNull("No Attribute Statements", assertion.getAttributeStatements());
    assertEquals("AttributeStatements element count", 3, assertion.getAttributeStatements().size());

    assertNotNull("No AuthorizationDecisionStatements ", assertion.getAuthorizationDecisionStatements());
    assertEquals("AuthorizationDecisionStatements element count", 3, assertion.getAuthorizationDecisionStatements()
            .size());
}
 

import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
/**
 * Test an XML file with Children
 * @throws MarshallingException 
 */

public void testChildElementsMarshall() {
    Assertion assertion = (Assertion) buildXMLObject(qname);
    
    assertion.setConditions((Conditions) buildXMLObject(Conditions.DEFAULT_ELEMENT_NAME));
    assertion.setAdvice((Advice) buildXMLObject(Advice.DEFAULT_ELEMENT_NAME));

    QName authenticationQname = AuthenticationStatement.DEFAULT_ELEMENT_NAME;
    QName authorizationQname = AuthorizationDecisionStatement.DEFAULT_ELEMENT_NAME;
    QName attributeQname = AttributeStatement.DEFAULT_ELEMENT_NAME;
    
    assertion.getStatements().add((Statement) buildXMLObject(authenticationQname));
    assertion.getStatements().add((Statement) buildXMLObject(authorizationQname));
    assertion.getStatements().add((Statement) buildXMLObject(attributeQname));
    assertion.getStatements().add((Statement) buildXMLObject(authenticationQname));
    assertion.getStatements().add((Statement) buildXMLObject(authorizationQname));
    assertion.getStatements().add((Statement) buildXMLObject(attributeQname));
    assertion.getStatements().add((Statement) buildXMLObject(authorizationQname));
    assertion.getStatements().add((Statement) buildXMLObject(attributeQname));

    assertEquals(expectedChildElementsDOM, assertion);
}
 

import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
/**
 *
 */
@Test
public void testToString() {
    final String wresult = testTokens.get("goodToken");
    final Assertion assertion = WsFederationUtils.parseTokenFromString(wresult);
    final WsFederationCredential instance = WsFederationUtils.createCredentialFromToken(assertion);
    final String expResult =
            "ID: _6257b2bf-7361-4081-ae1f-ec58d4310f61\n" +
            "Issuer: http://adfs.example.com/adfs/services/trust\n" +
            "Audience: urn:federation:cas\n" +
            "Audience Method: urn:federation:authentication:windows\n" +
            "Issued On: 2014-02-26T22:51:16.504Z\n" +
            "Valid After: 2014-02-26T22:51:16.474Z\n" +
            "Valid Before: 2014-02-26T23:51:16.474Z\n" +
            "Attributes:\n" + 
            "  emailaddress: [email protected]\n" +
            "  upn: [email protected]\n" +
            "  givenname: John\n" + 
            "  surname: Gasper\n" +
            "  Group: example.com\\Domain Users\n";
    final String result = instance.toString();
    assertEquals("toString() not equal", expResult,result);
}
 

import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
/**
 *
 * @throws Exception
 */
@Test
public void testCreateCredentialFromToken() throws Exception {
    String wresult = testTokens.get("goodToken");
    final Assertion assertion = WsFederationUtils.parseTokenFromString(wresult);
    
    WsFederationCredential expResult = new WsFederationCredential();
    expResult.setIssuedOn(new DateTime("2014-02-26T22:51:16.504Z").withZone(DateTimeZone.UTC));
    expResult.setNotBefore(new DateTime("2014-02-26T22:51:16.474Z").withZone(DateTimeZone.UTC));
    expResult.setNotOnOrAfter(new DateTime("2014-02-26T23:51:16.474Z").withZone(DateTimeZone.UTC));
    expResult.setIssuer("http://adfs.example.com/adfs/services/trust");
    expResult.setAudience("urn:federation:cas");
    expResult.setId("_6257b2bf-7361-4081-ae1f-ec58d4310f61");
    
    WsFederationCredential result = WsFederationUtils.createCredentialFromToken(assertion);
    
    assertNotNull("testCreateCredentialFromToken() - Not Null", result);
    assertEquals("testCreateCredentialFromToken() - IssuedOn", expResult.getIssuedOn(), result.getIssuedOn());
    assertEquals("testCreateCredentialFromToken() - NotBefore", expResult.getNotBefore(), result.getNotBefore());
    assertEquals("testCreateCredentialFromToken() - NotOnOrAfter", expResult.getNotOnOrAfter(), result.getNotOnOrAfter());
    assertEquals("testCreateCredentialFromToken() - Issuer", expResult.getIssuer(), result.getIssuer());
    assertEquals("testCreateCredentialFromToken() - Audience", expResult.getAudience(), result.getAudience());
    assertEquals("testCreateCredentialFromToken() - Id", expResult.getId(), result.getId());
}
 

import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
/**
 * Extract information from a SAML StatusResponse message.
 * 
 * @param messageContext current message context
 * @param response the SAML message to process
 * 
 * @throws MessageDecodingException thrown if the assertions within the response contain differening issuer IDs
 */
protected void extractResponseInfo(SAMLMessageContext messageContext, Response response)
        throws MessageDecodingException {

    messageContext.setInboundSAMLMessageId(response.getID());
    messageContext.setInboundSAMLMessageIssueInstant(response.getIssueInstant());

    String issuer = null;
    List<Assertion> assertions = ((Response) response).getAssertions();
    if (assertions != null && assertions.size() > 0) {
        log.info("Attempting to extract issuer from enclosed SAML 1.x Assertion(s)");
        for (Assertion assertion : assertions) {
            if (assertion != null && assertion.getIssuer() != null) {
                if (issuer != null && !issuer.equals(assertion.getIssuer())) {
                    throw new MessageDecodingException("SAML 1.x assertions, within response " + response.getID()
                            + " contain different issuer IDs");
                }
                issuer = assertion.getIssuer();
            }
        }
    }

    if (issuer == null) {
        log.warn("Issuer could not be extracted from standard SAML 1.x response message");
    }

    messageContext.setInboundMessageIssuer(issuer);
}
 

import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
protected void validateDoNotCache(Assertion assertion) throws ValidationException {
    
    if (assertion.getMinorVersion() == 0) {
        Conditions conditions = assertion.getConditions();
        if (conditions != null) {
            for (Condition condition : conditions.getConditions()) {
                if (condition instanceof DoNotCacheCondition) {
                    throw new ValidationException("DoNotCacheCondition not valid in SAML1.0");
                }
            }
        }
    }
}
 

import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
/** {@inheritDoc} */
public void validate(Assertion assertion) throws ValidationException {
     validateVersion(assertion);
     validateId(assertion);
     validateIssuer(assertion);
     validateIssueInstant(assertion);
     validateStatements(assertion);
}
 

import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
/**
 * Test that the version is SAML1.1 or 1.0
 * @param assertion what to test
 * @throws ValidationException
 */
protected void validateVersion(Assertion assertion) throws ValidationException {
     if ((assertion.getMajorVersion() != 1) &&
         (assertion.getMinorVersion() != 0 || assertion.getMinorVersion() != 1)) {
         throw new ValidationException("Invalid Version");
     }
}
 

import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
/**
 * Test that the provided assertion has some statements in 
 * @param assertion
 * @throws ValidationException
 */
protected void validateStatements(Assertion assertion) throws ValidationException {
    List <Statement> list = assertion.getStatements();
     if (list == null || list.size() == 0) {
         throw new ValidationException("No Statements present");
     }
}
 

import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
/** {@inheritDoc} */
public XMLObject unmarshall(Element domElement) throws UnmarshallingException {
    // After regular unmarshalling, check the minor version and set ID-ness if not SAML 1.0
    Assertion assertion = (Assertion) super.unmarshall(domElement);
    if (assertion.getMinorVersion() != 0 && !DatatypeHelper.isEmpty(assertion.getID())) {
        domElement.setIdAttributeNS(null, Assertion.ID_ATTRIB_NAME, true);
    }
    return assertion;
}
 

import org.opensaml.saml1.core.Assertion; //导入依赖的package包/类
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
        throws UnmarshallingException {

    Evidence evidence = (Evidence) parentSAMLObject;

    if (childSAMLObject instanceof AssertionIDReference) {
        evidence.getAssertionIDReferences().add((AssertionIDReference) childSAMLObject);
    } else if (childSAMLObject instanceof Assertion) {
        evidence.getAssertions().add((Assertion) childSAMLObject);
    } else {
        super.processChildElement(parentSAMLObject, childSAMLObject);
    }
}