Fix #156. Add support for second-level status code. Refactor getStatus method (moved to Utils and used at SAMLResponse and LogoutResponse classes

Author: pitbulk

core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java

@@ -577,42 +577,15 @@ public void checkStatus() throws ValidationError {
 	 * @param dom
 	 *            The Response as XML
 	 *
-	 * @return array with the code and a message
+	 * @return SamlResponseStatus
 	 *
 	 * @throws IllegalArgumentException
 	 *             if the response not contain status or if Unexpected XPath error
 	 * @throws ValidationError 
 	 */
 	public static SamlResponseStatus getStatus(Document dom) throws ValidationError {
-		try {
-			String statusExpr = "/samlp:Response/samlp:Status";
-
-			NodeList statusEntry = Util.query(dom, statusExpr, null);
-			if (statusEntry.getLength() != 1) {
-				throw new ValidationError("Missing Status on response", ValidationError.MISSING_STATUS);
-			}
-			NodeList codeEntry;
-
-			codeEntry = Util.query(dom, statusExpr + "/samlp:StatusCode", (Element) statusEntry.item(0));
-
-			if (codeEntry.getLength() != 1) {
-				throw new ValidationError("Missing Status Code on response", ValidationError.MISSING_STATUS_CODE);
-			}
-
-			String stausCode = codeEntry.item(0).getAttributes().getNamedItem("Value").getNodeValue();
-			SamlResponseStatus status = new SamlResponseStatus(stausCode);
-
-			NodeList messageEntry = Util.query(dom, statusExpr + "/samlp:StatusMessage",
-					(Element) statusEntry.item(0));
-			if (messageEntry.getLength() == 1) {
-				status.setStatusMessage(messageEntry.item(0).getTextContent());
-			}
-			return status;
-		} catch (XPathExpressionException e) {
-			String error = "Unexpected error in getStatus." +  e.getMessage();
-			LOGGER.error(error);
-			throw new IllegalArgumentException(error);
-		}
+		String statusXpath = "/samlp:Response/samlp:Status";
+		return Util.getStatus(statusXpath, dom);
 	}
 
 	/**

core/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java

@@ -22,6 +22,7 @@
 import com.onelogin.saml2.exception.SettingsException;
 import com.onelogin.saml2.exception.ValidationError;
 import com.onelogin.saml2.http.HttpRequest;
+import com.onelogin.saml2.model.SamlResponseStatus;
 import com.onelogin.saml2.settings.Saml2Settings;
 import com.onelogin.saml2.util.Constants;
 import com.onelogin.saml2.util.SchemaFactory;
@@ -295,20 +296,33 @@ public String getIssuer() throws XPathExpressionException {
 
     /**
      * Gets the Status of the Logout Response.
-     * 
+     *
      * @return the Status
      *
-     * @throws XPathExpressionException 
+     * @throws XPathExpressionException
      */
     public String getStatus() throws XPathExpressionException
     {
     	String statusCode = null;
 		NodeList entries = this.query("/samlp:LogoutResponse/samlp:Status/samlp:StatusCode");
 		if (entries.getLength() == 1) {
 			statusCode = entries.item(0).getAttributes().getNamedItem("Value").getNodeValue();
-		}    	
+		}
         return statusCode;
-    }    
+    }
+
+    /**
+     * Gets the Status of the Logout Response.
+     *
+     * @return SamlResponseStatus
+     *
+     * @throws ValidationError
+     */
+    public SamlResponseStatus getSamlResponseStatus() throws ValidationError
+    {
+		String statusXpath = "/samlp:Response/samlp:Status";
+		return Util.getStatus(statusXpath, this.logoutResponseDocument);
+    }
 
 	/**
      * Extracts nodes that match the query from the DOMDocument (Logout Response Menssage)

core/src/main/java/com/onelogin/saml2/model/SamlResponseStatus.java

@@ -12,6 +12,11 @@ public class SamlResponseStatus {
      */
 	private String statusCode;
 
+	/**
+     * Status code second level
+     */
+	private String subStatusCode;
+
 	/**
      * Status Message
      */
@@ -50,11 +55,28 @@ public String getStatusCode() {
 	/**
 	 * Set the status code
 	 * 
-	 * @param stausCode 
+	 * @param statusCode
 	 *              String. Status code
 	 */
-	public void setStatusCode(String stausCode) {
-		this.statusCode = stausCode;
+	public void setStatusCode(String statusCode) {
+		this.statusCode = statusCode;
+	}
+
+	/**
+	 * @return string the second-level status code
+	 */
+	public String getSubStatusCode() {
+		return subStatusCode;
+	}
+
+	/**
+	 * Set the second-level status code
+	 *
+	 * @param subStatusCode
+	 *              String. second-level status code
+	 */
+	public void setSubStatusCode(String subStatusCode) {
+		this.subStatusCode = subStatusCode;
 	}
 
 	/**

core/src/main/java/com/onelogin/saml2/util/Constants.java

@@ -61,9 +61,27 @@ public final class Constants {
 	public static String STATUS_REQUESTER = "urn:oasis:names:tc:SAML:2.0:status:Requester";
 	public static String STATUS_RESPONDER = "urn:oasis:names:tc:SAML:2.0:status:Responder";
 	public static String STATUS_VERSION_MISMATCH = "urn:oasis:names:tc:SAML:2.0:status:VersionMismatch";
+
+	// Status Second-level Codes
+	public static String STATUS_AUTHNFAILED = "urn:oasis:names:tc:SAML:2.0:status:AuthnFailed";
+	public static String STATUS_INVALID_ATTRNAME_OR_VALUE =  "urn:oasis:names:tc:SAML:2.0:status:InvalidAttrNameOrValue";
+	public static String STATUS_INVALID_NAMEIDPOLICY = "urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy";
+	public static String STATUS_NO_AUTHNCONTEXT = "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext";
+	public static String STATUS_NO_AVAILABLE_IDP = "urn:oasis:names:tc:SAML:2.0:status:NoAvailableIDP";
 	public static String STATUS_NO_PASSIVE = "urn:oasis:names:tc:SAML:2.0:status:NoPassive";
+	public static String STATUS_NO_SUPPORTED_IDP = "urn:oasis:names:tc:SAML:2.0:status:NoSupportedIDP";
 	public static String STATUS_PARTIAL_LOGOUT = "urn:oasis:names:tc:SAML:2.0:status:PartialLogout";
 	public static String STATUS_PROXY_COUNT_EXCEEDED = "urn:oasis:names:tc:SAML:2.0:status:ProxyCountExceeded";
+	public static String STATUS_REQUEST_DENIED = "urn:oasis:names:tc:SAML:2.0:status:RequestDenied";
+	public static String STATUS_REQUEST_UNSUPPORTED = "urn:oasis:names:tc:SAML:2.0:status:RequestUnsupported";
+	public static String STATUS_REQUEST_VERSION_DEPRECATED = "urn:oasis:names:tc:SAML:2.0:status:RequestVersionDeprecated";
+	public static String STATUS_REQUEST_VERSION_TOO_HIGH = "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooHigh";
+	public static String STATUS_REQUEST_VERSION_TOO_LOW = "urn:oasis:names:tc:SAML:2.0:status:RequestVersionTooLow";
+	public static String STATUS_RESOURCE_NOT_RECOGNIZED = "urn:oasis:names:tc:SAML:2.0:status:ResourceNotRecognized";
+	public static String STATUS_TOO_MANY_RESPONSES = "urn:oasis:names:tc:SAML:2.0:status:TooManyResponses";
+	public static String STATUS_UNKNOWN_ATTR_PROFILE = "urn:oasis:names:tc:SAML:2.0:status:UnknownAttrProfile";
+	public static String STATUS_UNKNOWN_PRINCIPAL = "urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal";
+	public static String STATUS_UNSUPPORTED_BINDING = "urn:oasis:names:tc:SAML:2.0:status:UnsupportedBinding";
 
 	// Canonization
 	public static String C14N = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";

core/src/main/java/com/onelogin/saml2/util/Util.java

@@ -88,6 +88,7 @@
 
 import com.onelogin.saml2.exception.ValidationError;
 import com.onelogin.saml2.exception.XMLEntityException;
+import com.onelogin.saml2.model.SamlResponseStatus;
 
 
 /**
@@ -1351,6 +1352,50 @@ public static Boolean validateBinarySignature(String signedQuery, byte[] signatu
 		return valid;
 	}
 
+	/**
+	 * Get Status from a Response
+	 *
+	 * @param dom
+	 *            The Response as XML
+	 *
+	 * @return SamlResponseStatus
+	 *
+	 * @throws IllegalArgumentException
+	 * @throws ValidationError
+	 */
+	public static SamlResponseStatus getStatus(String statusXpath, Document dom) throws ValidationError {
+		try {
+			NodeList statusEntry = Util.query(dom, statusXpath, null);
+			if (statusEntry.getLength() != 1) {
+				throw new ValidationError("Missing Status on response", ValidationError.MISSING_STATUS);
+			}
+			NodeList codeEntry = Util.query(dom, statusXpath + "/samlp:StatusCode", (Element) statusEntry.item(0));
+
+			if (codeEntry.getLength() == 0) {
+				throw new ValidationError("Missing Status Code on response", ValidationError.MISSING_STATUS_CODE);
+			}
+			String stausCode = codeEntry.item(0).getAttributes().getNamedItem("Value").getNodeValue();
+			SamlResponseStatus status = new SamlResponseStatus(stausCode);
+
+			NodeList subStatusCodeEntry = Util.query(dom, statusXpath + "/samlp:StatusCode/samlp:StatusCode", (Element) statusEntry.item(0));
+			if (subStatusCodeEntry.getLength() > 0) {
+				String subStatusCode = subStatusCodeEntry.item(0).getAttributes().getNamedItem("Value").getNodeValue();
+				status.setSubStatusCode(subStatusCode);
+			}
+
+			NodeList messageEntry = Util.query(dom, statusXpath + "/samlp:StatusMessage", (Element) statusEntry.item(0));
+			if (messageEntry.getLength() == 1) {
+				status.setStatusMessage(messageEntry.item(0).getTextContent());
+			}
+
+			return status;
+		} catch (XPathExpressionException e) {
+			String error = "Unexpected error in getStatus." +  e.getMessage();
+			LOGGER.error(error);
+			throw new IllegalArgumentException(error);
+		}
+	}
+
 	/**
 	 * Generates a nameID.
 	 *

core/src/test/java/com/onelogin/saml2/test/authn/AuthnResponseTest.java

@@ -693,6 +693,13 @@ public void testGetStatus() throws IOException, Error, XPathExpressionException,
 		status = SamlResponse.getStatus(samlResponseDoc);
 		assertEquals(Constants.STATUS_RESPONDER, status.getStatusCode());
 		assertEquals("something_is_wrong", status.getStatusMessage());
+
+		samlResponseEncoded = Util.getFileAsString("data/responses/invalids/status_code_and_sub_status_code_responder_and_msg.xml.base64");
+		samlResponseDoc = Util.loadXML(new String(Util.base64decoder(samlResponseEncoded)));
+		status = SamlResponse.getStatus(samlResponseDoc);
+		assertEquals(Constants.STATUS_RESPONDER, status.getStatusCode());
+		assertEquals(Constants.STATUS_AUTHNFAILED, status.getSubStatusCode());
+		assertEquals("something_is_wrong", status.getStatusMessage());
 	}
 
 	/**

core/src/test/resources/data/responses/invalids/status_code_and_sub_status_code_responder_and_msg.xml.base64

@@ -0,0 +1 @@
+PHNhbWxwOlJlc3BvbnNlDQp4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIg0KQ29uc2VudD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNvbnNlbnQ6dW5zcGVjaWZpZWQiIERlc3RpbmF0aW9uPSINCmh0dHBzOi8vZXhhbXBsZS5jb20vb3BlbnNzby9Db25zdW1lci9tZXRhQWxpYXMvc3AiDQpJRD0iX2E3MWJiZjIyLTkwYTktNGE5Ni1iOWNlLWVhNWJhMzBhZWU2NSINCkluUmVzcG9uc2VUbz0iczIxMjAzYjI3ZDM4ZDBhMDdlYTJjNzEzZTdhMDA0NWNmOGQxZTMyODExIg0KSXNzdWVJbnN0YW50PSIyMDExLTA4LTI0VDE2OjM2OjMwLjM2NVoiIFZlcnNpb249IjIuMCI+PElzc3Vlcg0KeG1sbnM9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPg0KaHR0cDovL2lkcC5leGFtcGxlLmNvbS9hZGZzL3NlcnZpY2VzL3RydXN0PC9Jc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpSZXNwb25kZXIiPjxzYW1scDpTdGF0dXNDb2RlIFZhbHVlPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6c3RhdHVzOkF1dGhuRmFpbGVkIi8+PC9zYW1scDpTdGF0dXNDb2RlPjxzYW1scDpTdGF0dXNNZXNzYWdlPnNvbWV0aGluZ19pc193cm9uZzwvc2FtbHA6U3RhdHVzTWVzc2FnZT48L3NhbWxwOlN0YXR1cz48L3NhbWxwOlJlc3BvbnNlPg==