SAML11AssertionWriter.java

/*
 * Copyright 2016 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.keycloak.saml.processing.core.saml.v1.writers;

import org.keycloak.dom.saml.v1.assertion.SAML11ActionType;
import org.keycloak.dom.saml.v1.assertion.SAML11AdviceType;
import org.keycloak.dom.saml.v1.assertion.SAML11AssertionType;
import org.keycloak.dom.saml.v1.assertion.SAML11AttributeStatementType;
import org.keycloak.dom.saml.v1.assertion.SAML11AttributeType;
import org.keycloak.dom.saml.v1.assertion.SAML11AudienceRestrictionCondition;
import org.keycloak.dom.saml.v1.assertion.SAML11AuthenticationStatementType;
import org.keycloak.dom.saml.v1.assertion.SAML11AuthorityBindingType;
import org.keycloak.dom.saml.v1.assertion.SAML11AuthorizationDecisionStatementType;
import org.keycloak.dom.saml.v1.assertion.SAML11ConditionAbstractType;
import org.keycloak.dom.saml.v1.assertion.SAML11ConditionsType;
import org.keycloak.dom.saml.v1.assertion.SAML11EvidenceType;
import org.keycloak.dom.saml.v1.assertion.SAML11NameIdentifierType;
import org.keycloak.dom.saml.v1.assertion.SAML11StatementAbstractType;
import org.keycloak.dom.saml.v1.assertion.SAML11SubjectConfirmationType;
import org.keycloak.dom.saml.v1.assertion.SAML11SubjectLocalityType;
import org.keycloak.dom.saml.v1.assertion.SAML11SubjectStatementType;
import org.keycloak.dom.saml.v1.assertion.SAML11SubjectType;
import org.keycloak.dom.saml.v1.assertion.SAML11SubjectType.SAML11SubjectTypeChoice;
import org.keycloak.dom.saml.v2.assertion.StatementAbstractType;
import org.keycloak.dom.saml.v2.metadata.LocalizedNameType;
import org.keycloak.saml.common.constants.JBossSAMLConstants;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.saml.common.util.StaxUtil;
import org.keycloak.saml.common.util.StringUtil;
import org.keycloak.saml.processing.core.saml.v1.SAML11Constants;
import org.w3c.dom.Element;

import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamWriter;
import java.net.URI;
import java.util.List;

/**
 * Write the SAML 11 Assertion to stream
 *
 * @author Anil.Saldhana@redhat.com
 * @since June 24, 2011
 */
public class SAML11AssertionWriter extends BaseSAML11Writer {

    String ns = SAML11Constants.ASSERTION_11_NSURI;

    public SAML11AssertionWriter(XMLStreamWriter writer) {
        super(writer);
    }

    /**
     * Write an {@code SAML11AssertionType} to stream
     *
     * @param assertion
     * @param out
     *
     * @throws ProcessingException
     */
    public void write(SAML11AssertionType assertion) throws ProcessingException {
        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ASSERTION.get(), ns);
        StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ns);
        StaxUtil.writeDefaultNameSpace(writer, ns);

        // Attributes
        // StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), assertion.getID());
        StaxUtil.writeAttribute(writer, SAML11Constants.ASSERTIONID, assertion.getID());
        StaxUtil.writeAttribute(writer, SAML11Constants.MAJOR_VERSION, assertion.getMajorVersion() + "");
        StaxUtil.writeAttribute(writer, SAML11Constants.MINOR_VERSION, assertion.getMinorVersion() + "");
        StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), assertion.getIssueInstant().toString());

        String issuer = assertion.getIssuer();
        if (issuer != null) {
            StaxUtil.writeAttribute(writer, SAML11Constants.ISSUER, issuer);
        }

        SAML11ConditionsType conditions = assertion.getConditions();
        if (conditions != null) {
            StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.CONDITIONS.get(), ns);

            StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString());
            StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter().toString());

            List<SAML11ConditionAbstractType> typeOfConditions = conditions.get();
            if (typeOfConditions != null) {
                for (SAML11ConditionAbstractType typeCondition : typeOfConditions) {
                    if (typeCondition instanceof SAML11AudienceRestrictionCondition) {
                        SAML11AudienceRestrictionCondition art = (SAML11AudienceRestrictionCondition) typeCondition;
                        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.AUDIENCE_RESTRICTION_CONDITION, ns);
                        List<URI> audiences = art.get();
                        if (audiences != null) {
                            for (URI audience : audiences) {
                                StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE.get(), ns);
                                StaxUtil.writeCharacters(writer, audience.toString());
                                StaxUtil.writeEndElement(writer);
                            }
                        }

                        StaxUtil.writeEndElement(writer);
                    }
                }
            }

            StaxUtil.writeEndElement(writer);
        }

        SAML11AdviceType advice = assertion.getAdvice();
        if (advice != null)
            throw logger.notImplementedYet("Advice");

        List<SAML11StatementAbstractType> statements = assertion.getStatements();
        if (statements != null) {
            for (SAML11StatementAbstractType statement : statements) {
                if (statement instanceof SAML11AuthenticationStatementType) {
                    write((SAML11AuthenticationStatementType) statement);
                } else if (statement instanceof SAML11AttributeStatementType) {
                    write((SAML11AttributeStatementType) statement);
                } else if (statement instanceof SAML11AuthorizationDecisionStatementType) {
                    write((SAML11AuthorizationDecisionStatementType) statement);
                } else if (statement instanceof SAML11SubjectStatementType) {
                    write((SAML11SubjectStatementType) statement);
                } else
                    throw logger.writerUnknownTypeError(statement.getClass().getName());
            }
        }

        Element sig = assertion.getSignature();
        if (sig != null)
            StaxUtil.writeDOMElement(writer, sig);

        StaxUtil.writeEndElement(writer);
        StaxUtil.flush(writer);
    }

    /**
     * Write an {@code StatementAbstractType} to stream
     *
     * @param statement
     * @param out
     *
     * @throws ProcessingException
     */
    public void write(StatementAbstractType statement) throws ProcessingException {
        throw logger.notImplementedYet("StatementAbstractType");
    }

    public void write(SAML11SubjectStatementType statement) throws ProcessingException {
        throw logger.notImplementedYet("SAML11SubjectStatementType");
    }

    public void write(SAML11AttributeStatementType statement) throws ProcessingException {
        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_STATEMENT.get(),
                SAML11Constants.ASSERTION_11_NSURI);

        SAML11SubjectType subject = statement.getSubject();
        if (subject != null)
            write(subject);

        List<SAML11AttributeType> attributes = statement.get();
        if (attributes != null) {
            for (SAML11AttributeType attr : attributes) {
                write(attr);
            }
        }

        StaxUtil.writeEndElement(writer);
        StaxUtil.flush(writer);
    }

    /**
     * Write an {@code AuthnStatementType} to stream
     *
     * @param authnStatement
     * @param out
     *
     * @throws ProcessingException
     */
    public void write(SAML11AuthenticationStatementType authnStatement) throws ProcessingException {
        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.AUTHENTICATION_STATEMENT,
                SAML11Constants.ASSERTION_11_NSURI);

        XMLGregorianCalendar authnInstant = authnStatement.getAuthenticationInstant();
        if (authnInstant != null) {
            StaxUtil.writeAttribute(writer, SAML11Constants.AUTHENTICATION_INSTANT, authnInstant.toString());
        }

        URI authMethod = authnStatement.getAuthenticationMethod();
        if (authMethod != null) {
            StaxUtil.writeAttribute(writer, SAML11Constants.AUTHENTICATION_METHOD, authMethod.toString());
        }

        SAML11SubjectType subject = authnStatement.getSubject();
        if (subject != null)
            write(subject);

        SAML11SubjectLocalityType locality = authnStatement.getSubjectLocality();
        if (locality != null)
            write(locality);

        List<SAML11AuthorityBindingType> authorities = authnStatement.getAuthorityBindingType();
        for (SAML11AuthorityBindingType authority : authorities) {
            write(authority);
        }

        StaxUtil.writeEndElement(writer);
        StaxUtil.flush(writer);
    }

    public void write(SAML11AuthorityBindingType authority) throws ProcessingException {
        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.AUTHORITY_BINDING,
                SAML11Constants.ASSERTION_11_NSURI);

        QName authorityKind = authority.getAuthorityKind();
        StaxUtil.writeAttribute(writer, SAML11Constants.AUTHORITY_KIND, authorityKind);

        String binding = authority.getBinding().toString();
        StaxUtil.writeAttribute(writer, SAML11Constants.BINDING, binding);

        String location = authority.getLocation().toString();
        StaxUtil.writeAttribute(writer, SAML11Constants.LOCATION, location);

        StaxUtil.writeEndElement(writer);
    }

    public void write(SAML11SubjectLocalityType locality) throws ProcessingException {
        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT_LOCALITY.get(),
                SAML11Constants.ASSERTION_11_NSURI);
        String ip = locality.getIpAddress();
        if (StringUtil.isNotNull(ip)) {
            StaxUtil.writeAttribute(writer, SAML11Constants.IP_ADDRESS, ip);
        }
        String dns = locality.getDnsAddress();
        if (StringUtil.isNotNull(dns)) {
            StaxUtil.writeAttribute(writer, SAML11Constants.DNS_ADDRESS, dns);
        }
        StaxUtil.writeEndElement(writer);
    }

    public void write(SAML11AuthorizationDecisionStatementType xacmlStat) throws ProcessingException {
        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.AUTHORIZATION_DECISION_STATEMENT, ns);

        String resource = xacmlStat.getResource().toString();
        StaxUtil.writeAttribute(writer, SAML11Constants.RESOURCE, resource);

        StaxUtil.writeAttribute(writer, SAML11Constants.DECISION, xacmlStat.getDecision().name());

        SAML11SubjectType subject = xacmlStat.getSubject();
        if (subject != null)
            write(subject);

        List<SAML11ActionType> actions = xacmlStat.getActions();
        for (SAML11ActionType action : actions) {
            write(action);
        }

        StaxUtil.writeEndElement(writer);
        StaxUtil.flush(writer);
    }

    /**
     * write an {@code SubjectType} to stream
     *
     * @param subject
     * @param out
     *
     * @throws ProcessingException
     */
    public void write(SAML11SubjectType subject) throws ProcessingException {
        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT.get(),
                SAML11Constants.ASSERTION_11_NSURI);
        StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ns);

        SAML11SubjectTypeChoice choice = subject.getChoice();
        if (choice != null) {
            SAML11NameIdentifierType nameid = choice.getNameID();
            if (nameid != null) {
                write(nameid);
            }

            SAML11SubjectConfirmationType confirmation = choice.getSubjectConfirmation();
            if (confirmation != null)
                write(confirmation);
        }

        SAML11SubjectConfirmationType confirmation = subject.getSubjectConfirmation();
        if (confirmation != null)
            write(confirmation);

        StaxUtil.writeEndElement(writer);
        StaxUtil.flush(writer);
    }

    public void write(SAML11SubjectConfirmationType confirmation) throws ProcessingException {
        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT_CONFIRMATION.get(),
                SAML11Constants.ASSERTION_11_NSURI);
        List<URI> confirmationMethods = confirmation.getConfirmationMethod();
        if (confirmationMethods != null) {
            for (URI confirmationMethod : confirmationMethods) {
                StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.CONFIRMATION_METHOD,
                        SAML11Constants.ASSERTION_11_NSURI);
                StaxUtil.writeCharacters(writer, confirmationMethod.toString());
                StaxUtil.writeEndElement(writer);
            }
        }

        Element keyInfo = confirmation.getKeyInfo();
        if (keyInfo != null) {
            StaxUtil.writeDOMElement(writer, keyInfo);
        }

        Object subjectConfirmationData = confirmation.getSubjectConfirmationData();
        if (subjectConfirmationData != null) {
            writeSubjectConfirmationData(subjectConfirmationData);
        }

        StaxUtil.writeEndElement(writer);
        StaxUtil.flush(writer);
    }

    public void writeSubjectConfirmationData(Object scData) throws ProcessingException {
        throw logger.notImplementedYet("SubjectConfirmationData");
    }

    public void write(SAML11NameIdentifierType nameid) throws ProcessingException {
        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.NAME_IDENTIFIER,
                SAML11Constants.ASSERTION_11_NSURI);

        URI format = nameid.getFormat();
        if (format != null) {
            StaxUtil.writeAttribute(writer, SAML11Constants.FORMAT, format.toString());
        }
        String nameQualifier = nameid.getNameQualifier();
        if (StringUtil.isNotNull(nameQualifier)) {
            StaxUtil.writeAttribute(writer, SAML11Constants.NAME_QUALIFIER, nameQualifier);
        }

        StaxUtil.writeCharacters(writer, nameid.getValue());

        StaxUtil.writeEndElement(writer);
        StaxUtil.flush(writer);
    }

    /**
     * Write an {@code AttributeType} to stream
     *
     * @param attributeType
     * @param out
     *
     * @throws ProcessingException
     */
    public void write(SAML11AttributeType attributeType) throws ProcessingException {
        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE.get(), ns);

        writeAttributeTypeWithoutRootTag(attributeType);

        StaxUtil.writeEndElement(writer);
        StaxUtil.flush(writer);
    }

    public void writeAttributeTypeWithoutRootTag(SAML11AttributeType attributeType) throws ProcessingException {
        String attributeName = attributeType.getAttributeName();
        if (StringUtil.isNullOrEmpty(attributeName))
            throw logger.writerNullValueError("attribute name");
        StaxUtil.writeAttribute(writer, SAML11Constants.ATTRIBUTE_NAME, attributeName);

        String attributeNamespace = attributeType.getAttributeNamespace().toString();
        if (StringUtil.isNullOrEmpty(attributeNamespace))
            throw logger.writerNullValueError("attribute namespace");
        StaxUtil.writeAttribute(writer, SAML11Constants.ATTRIBUTE_NAMESPACE, attributeNamespace);

        List<Object> attributeValues = attributeType.get();
        if (attributeValues != null) {
            for (Object attributeValue : attributeValues) {
                if (attributeValue instanceof String) {
                    writeStringAttributeValue((String) attributeValue);
                } else
                    throw logger.writerUnsupportedAttributeValueError(attributeValue.getClass().getName());
            }
        }
    }

    public void writeStringAttributeValue(String attributeValue) throws ProcessingException {
        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_VALUE.get(), ns);

        StaxUtil.writeNameSpace(writer, JBossSAMLURIConstants.XSI_PREFIX.get(), JBossSAMLURIConstants.XSI_NSURI.get());
        StaxUtil.writeNameSpace(writer, "xs", JBossSAMLURIConstants.XMLSCHEMA_NSURI.get());
        StaxUtil.writeAttribute(writer, "xsi", JBossSAMLURIConstants.XSI_NSURI.get(), "type", "xs:string");
        StaxUtil.writeCharacters(writer, attributeValue);
        StaxUtil.writeEndElement(writer);
    }

    public void writeLocalizedNameType(LocalizedNameType localizedNameType, QName startElement) throws ProcessingException {
        StaxUtil.writeStartElement(writer, startElement.getPrefix(), startElement.getLocalPart(),
                startElement.getNamespaceURI());
        StaxUtil.writeAttribute(writer, new QName(JBossSAMLURIConstants.XML.get(), "lang", "xml"), localizedNameType.getLang());
        StaxUtil.writeCharacters(writer, localizedNameType.getValue());
        StaxUtil.writeEndElement(writer);
    }

    public void write(SAML11ActionType action) throws ProcessingException {
        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.ACTION, ns);
        String ns = action.getNamespace();
        if (StringUtil.isNotNull(ns)) {
            StaxUtil.writeAttribute(writer, SAML11Constants.NAMESPACE, ns);
        }
        String val = action.getValue();
        if (StringUtil.isNotNull(val)) {
            StaxUtil.writeCharacters(writer, val);
        }
        StaxUtil.writeEndElement(writer);
    }

    public void write(SAML11EvidenceType evidence) throws ProcessingException {
        StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.EVIDENCE, ns);

        List<String> assertionIDRefs = evidence.getAssertionIDReference();
        for (String assertionIDRef : assertionIDRefs) {
            StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.ASSERTION_ID_REF, ns);
            StaxUtil.writeCharacters(writer, assertionIDRef);
            StaxUtil.writeEndElement(writer);
        }

        List<SAML11AssertionType> assertions = evidence.getAssertions();
        for (SAML11AssertionType assertion : assertions) {
            write(assertion);
        }
        StaxUtil.writeEndElement(writer);
    }
}