1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package edu.internet2.middleware.shibboleth.common.relyingparty;
18
19 import java.util.ArrayList;
20
21 import org.opensaml.ws.message.MessageContext;
22 import org.opensaml.ws.security.SecurityPolicy;
23 import org.opensaml.ws.security.SecurityPolicyResolver;
24 import org.opensaml.xml.security.SecurityException;
25 import org.opensaml.xml.util.DatatypeHelper;
26
27
28
29
30
31 public class RelyingPartySecurityPolicyResolver implements SecurityPolicyResolver {
32
33
34 private RelyingPartyConfigurationManager rpConfigManager;
35
36
37
38
39
40
41
42 public RelyingPartySecurityPolicyResolver(RelyingPartyConfigurationManager configManager) {
43 if (configManager == null) {
44 throw new IllegalArgumentException("Relying party configuraiton manager may not be null");
45 }
46
47 rpConfigManager = configManager;
48 }
49
50
51 public Iterable<SecurityPolicy> resolve(MessageContext messageContext) throws SecurityException {
52 ArrayList<SecurityPolicy> policies = new ArrayList<SecurityPolicy>();
53 policies.add(resolveSingle(messageContext));
54 return policies;
55 }
56
57
58 public SecurityPolicy resolveSingle(MessageContext messageContext) throws SecurityException {
59 String peerEntityId = messageContext.getInboundMessageIssuer();
60 if (DatatypeHelper.isEmpty(peerEntityId)) {
61 throw new SecurityException(
62 "Unable to select security policy, ID of the peer unknown.");
63 }
64
65 RelyingPartyConfiguration rpConfig = rpConfigManager.getRelyingPartyConfiguration(peerEntityId);
66 if (rpConfig == null) {
67 return null;
68 }
69
70 String profileId = messageContext.getCommunicationProfileId();
71 if (DatatypeHelper.isEmpty(profileId)) {
72 throw new SecurityException(
73 "Unable to select security policy, communication profile ID unknown.");
74 }
75
76 ProfileConfiguration profileConfig = rpConfig.getProfileConfiguration(profileId);
77 if (profileConfig == null) {
78 return null;
79 }
80
81 return profileConfig.getSecurityPolicy();
82 }
83 }