11package com .onelogin .saml2 .settings ;
22
3+ import static com .onelogin .saml2 .util .Util .toXml ;
4+
35import java .net .URL ;
46import java .util .Arrays ;
57import java .util .Calendar ;
@@ -126,7 +128,7 @@ private StrSubstitutor generateSubstitutor(Saml2Settings settings) throws Certif
126128 Map <String , String > valueMap = new HashMap <String , String >();
127129 Boolean wantsEncrypted = settings .getWantAssertionsEncrypted () || settings .getWantNameIdEncrypted ();
128130
129- valueMap .put ("id" , Util .generateUniqueID (settings .getUniqueIDPrefix ()));
131+ valueMap .put ("id" , Util .toXml ( Util . generateUniqueID (settings .getUniqueIDPrefix () )));
130132 String validUntilTimeStr = "" ;
131133 if (validUntilTime != null ) {
132134 String validUntilTimeValue = Util .formatDateTime (validUntilTime .getTimeInMillis ());
@@ -141,12 +143,12 @@ private StrSubstitutor generateSubstitutor(Saml2Settings settings) throws Certif
141143 }
142144 valueMap .put ("cacheDurationStr" , cacheDurationStr );
143145
144- valueMap .put ("spEntityId" , settings .getSpEntityId ());
146+ valueMap .put ("spEntityId" , Util . toXml ( settings .getSpEntityId () ));
145147 valueMap .put ("strAuthnsign" , String .valueOf (settings .getAuthnRequestsSigned ()));
146148 valueMap .put ("strWsign" , String .valueOf (settings .getWantAssertionsSigned ()));
147- valueMap .put ("spNameIDFormat" , settings .getSpNameIDFormat ());
148- valueMap .put ("spAssertionConsumerServiceBinding" , settings .getSpAssertionConsumerServiceBinding ());
149- valueMap .put ("spAssertionConsumerServiceUrl" , settings .getSpAssertionConsumerServiceUrl ().toString ());
149+ valueMap .put ("spNameIDFormat" , Util . toXml ( settings .getSpNameIDFormat () ));
150+ valueMap .put ("spAssertionConsumerServiceBinding" , Util . toXml ( settings .getSpAssertionConsumerServiceBinding () ));
151+ valueMap .put ("spAssertionConsumerServiceUrl" , Util . toXml ( settings .getSpAssertionConsumerServiceUrl ().toString () ));
150152 valueMap .put ("sls" , toSLSXml (settings .getSpSingleLogoutServiceUrl (), settings .getSpSingleLogoutServiceBinding ()));
151153
152154 valueMap .put ("strAttributeConsumingService" , getAttributeConsumingServiceXml ());
@@ -198,10 +200,10 @@ private String getAttributeConsumingServiceXml() {
198200
199201 attributeConsumingServiceXML .append ("<md:AttributeConsumingService index=\" 1\" >" );
200202 if (serviceName != null && !serviceName .isEmpty ()) {
201- attributeConsumingServiceXML .append ("<md:ServiceName xml:lang=\" en\" >" + serviceName + "</md:ServiceName>" );
203+ attributeConsumingServiceXML .append ("<md:ServiceName xml:lang=\" en\" >" + Util . toXml ( serviceName ) + "</md:ServiceName>" );
202204 }
203205 if (serviceDescription != null && !serviceDescription .isEmpty ()) {
204- attributeConsumingServiceXML .append ("<md:ServiceDescription xml:lang=\" en\" >" + serviceDescription + "</md:ServiceDescription>" );
206+ attributeConsumingServiceXML .append ("<md:ServiceDescription xml:lang=\" en\" >" + Util . toXml ( serviceDescription ) + "</md:ServiceDescription>" );
205207 }
206208 if (requestedAttributes != null && !requestedAttributes .isEmpty ()) {
207209 for (RequestedAttribute requestedAttribute : requestedAttributes ) {
@@ -214,15 +216,15 @@ private String getAttributeConsumingServiceXml() {
214216 String contentStr = "<md:RequestedAttribute" ;
215217
216218 if (name != null && !name .isEmpty ()) {
217- contentStr += " Name=\" " + name + "\" " ;
219+ contentStr += " Name=\" " + Util . toXml ( name ) + "\" " ;
218220 }
219221
220222 if (nameFormat != null && !nameFormat .isEmpty ()) {
221- contentStr += " NameFormat=\" " + nameFormat + "\" " ;
223+ contentStr += " NameFormat=\" " + Util . toXml ( nameFormat ) + "\" " ;
222224 }
223225
224226 if (friendlyName != null && !friendlyName .isEmpty ()) {
225- contentStr += " FriendlyName=\" " + friendlyName + "\" " ;
227+ contentStr += " FriendlyName=\" " + Util . toXml ( friendlyName ) + "\" " ;
226228 }
227229
228230 if (isRequired != null ) {
@@ -232,7 +234,7 @@ private String getAttributeConsumingServiceXml() {
232234 if (attrValues != null && !attrValues .isEmpty ()) {
233235 contentStr += ">" ;
234236 for (String attrValue : attrValues ) {
235- contentStr += "<saml:AttributeValue xmlns:saml=\" urn:oasis:names:tc:SAML:2.0:assertion\" >" + attrValue + "</saml:AttributeValue>" ;
237+ contentStr += "<saml:AttributeValue xmlns:saml=\" urn:oasis:names:tc:SAML:2.0:assertion\" >" + Util . toXml ( attrValue ) + "</saml:AttributeValue>" ;
236238 }
237239 attributeConsumingServiceXML .append (contentStr + "</md:RequestedAttribute>" );
238240 } else {
@@ -256,9 +258,9 @@ private String toContactsXml(List<Contact> contacts) {
256258 StringBuilder contactsXml = new StringBuilder ();
257259
258260 for (Contact contact : contacts ) {
259- contactsXml .append ("<md:ContactPerson contactType=\" " + contact .getContactType () + "\" >" );
260- contactsXml .append ("<md:GivenName>" + contact .getGivenName () + "</md:GivenName>" );
261- contactsXml .append ("<md:EmailAddress>" + contact .getEmailAddress () + "</md:EmailAddress>" );
261+ contactsXml .append ("<md:ContactPerson contactType=\" " + Util . toXml ( contact .getContactType () ) + "\" >" );
262+ contactsXml .append ("<md:GivenName>" + Util . toXml ( contact .getGivenName () ) + "</md:GivenName>" );
263+ contactsXml .append ("<md:EmailAddress>" + Util . toXml ( contact .getEmailAddress () ) + "</md:EmailAddress>" );
262264 contactsXml .append ("</md:ContactPerson>" );
263265 }
264266
@@ -276,10 +278,10 @@ private String toOrganizationXml(Organization organization) {
276278
277279 if (organization != null ) {
278280 String lang = organization .getOrgLangAttribute ();
279- orgXml = "<md:Organization><md:OrganizationName xml:lang=\" " + lang + "\" >" + organization .getOrgName ()
280- + "</md:OrganizationName><md:OrganizationDisplayName xml:lang=\" " + lang + "\" >"
281- + organization .getOrgDisplayName () + "</md:OrganizationDisplayName><md:OrganizationURL xml:lang=\" "
282- + lang + "\" >" + organization .getOrgUrl () + "</md:OrganizationURL></md:Organization>" ;
281+ orgXml = "<md:Organization><md:OrganizationName xml:lang=\" " + Util . toXml ( lang ) + "\" >" + Util . toXml ( organization .getOrgName () )
282+ + "</md:OrganizationName><md:OrganizationDisplayName xml:lang=\" " + Util . toXml ( lang ) + "\" >"
283+ + Util . toXml ( organization .getOrgDisplayName () ) + "</md:OrganizationDisplayName><md:OrganizationURL xml:lang=\" "
284+ + Util . toXml ( lang ) + "\" >" + Util . toXml ( organization .getOrgUrl () ) + "</md:OrganizationURL></md:Organization>" ;
283285 }
284286 return orgXml ;
285287 }
@@ -316,7 +318,7 @@ private String toX509KeyDescriptorsXML(X509Certificate certCurrent, X509Certific
316318 keyDescriptorXml .append ("<md:KeyDescriptor use=\" signing\" >" );
317319 keyDescriptorXml .append ("<ds:KeyInfo xmlns:ds=\" http://www.w3.org/2000/09/xmldsig#\" >" );
318320 keyDescriptorXml .append ("<ds:X509Data>" );
319- keyDescriptorXml .append ("<ds:X509Certificate>" +certString +"</ds:X509Certificate>" );
321+ keyDescriptorXml .append ("<ds:X509Certificate>" +Util . toXml ( certString ) +"</ds:X509Certificate>" );
320322 keyDescriptorXml .append ("</ds:X509Data>" );
321323 keyDescriptorXml .append ("</ds:KeyInfo>" );
322324 keyDescriptorXml .append ("</md:KeyDescriptor>" );
@@ -325,7 +327,7 @@ private String toX509KeyDescriptorsXML(X509Certificate certCurrent, X509Certific
325327 keyDescriptorXml .append ("<md:KeyDescriptor use=\" encryption\" >" );
326328 keyDescriptorXml .append ("<ds:KeyInfo xmlns:ds=\" http://www.w3.org/2000/09/xmldsig#\" >" );
327329 keyDescriptorXml .append ("<ds:X509Data>" );
328- keyDescriptorXml .append ("<ds:X509Certificate>" +certString +"</ds:X509Certificate>" );
330+ keyDescriptorXml .append ("<ds:X509Certificate>" +Util . toXml ( certString ) +"</ds:X509Certificate>" );
329331 keyDescriptorXml .append ("</ds:X509Data>" );
330332 keyDescriptorXml .append ("</ds:KeyInfo>" );
331333 keyDescriptorXml .append ("</md:KeyDescriptor>" );
@@ -343,8 +345,8 @@ private String toSLSXml(URL spSingleLogoutServiceUrl, String spSingleLogoutServi
343345 StringBuilder slsXml = new StringBuilder ();
344346
345347 if (spSingleLogoutServiceUrl != null ) {
346- slsXml .append ("<md:SingleLogoutService Binding=\" " + spSingleLogoutServiceBinding + "\" " );
347- slsXml .append (" Location=\" " + spSingleLogoutServiceUrl .toString () + "\" />" );
348+ slsXml .append ("<md:SingleLogoutService Binding=\" " + Util . toXml ( spSingleLogoutServiceBinding ) + "\" " );
349+ slsXml .append (" Location=\" " + Util . toXml ( spSingleLogoutServiceUrl .toString () ) + "\" />" );
348350 }
349351 return slsXml .toString ();
350352 }
0 commit comments