View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package edu.internet2.middleware.shibboleth.common.relyingparty;
18  
19  import java.util.ArrayList;
20  
21  import org.opensaml.ws.message.MessageContext;
22  import org.opensaml.ws.security.SecurityPolicy;
23  import org.opensaml.ws.security.SecurityPolicyResolver;
24  import org.opensaml.xml.security.SecurityException;
25  import org.opensaml.xml.util.DatatypeHelper;
26  
27  /**
28   * A security policy resolver that selects the active security policy based on the inbound message issuer ID and the
29   * communication profile used.
30   */
31  public class RelyingPartySecurityPolicyResolver implements SecurityPolicyResolver {
32  
33      /** Relying party configuration manager. */
34      private RelyingPartyConfigurationManager rpConfigManager;
35  
36      /**
37       * Constructor.
38       * 
39       * @param configManager configuration manager used to resolve relying party specific configuration information, may
40       *            not be null
41       */
42      public RelyingPartySecurityPolicyResolver(RelyingPartyConfigurationManager configManager) {
43          if (configManager == null) {
44              throw new IllegalArgumentException("Relying party configuraiton manager may not be null");
45          }
46          
47          rpConfigManager = configManager;
48      }
49  
50      /** {@inheritDoc} */
51      public Iterable<SecurityPolicy> resolve(MessageContext messageContext) throws SecurityException {
52          ArrayList<SecurityPolicy> policies = new ArrayList<SecurityPolicy>();
53          policies.add(resolveSingle(messageContext));
54          return policies;
55      }
56  
57      /** {@inheritDoc} */
58      public SecurityPolicy resolveSingle(MessageContext messageContext) throws SecurityException {
59          String peerEntityId = messageContext.getInboundMessageIssuer();
60          if (DatatypeHelper.isEmpty(peerEntityId)) {
61              throw new SecurityException(
62                      "Unable to select security policy, ID of the peer unknown.");
63          }
64  
65          RelyingPartyConfiguration rpConfig = rpConfigManager.getRelyingPartyConfiguration(peerEntityId);
66          if (rpConfig == null) {
67              return null;
68          }
69  
70          String profileId = messageContext.getCommunicationProfileId();
71          if (DatatypeHelper.isEmpty(profileId)) {
72              throw new SecurityException(
73                      "Unable to select security policy, communication profile ID unknown.");
74          }
75  
76          ProfileConfiguration profileConfig = rpConfig.getProfileConfiguration(profileId);
77          if (profileConfig == null) {
78              return null;
79          }
80  
81          return profileConfig.getSecurityPolicy();
82      }
83  }