1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package edu.internet2.middleware.shibboleth.common.relyingparty;
18
19 import java.util.ArrayList;
20 import java.util.Collections;
21
22 import org.opensaml.ws.message.MessageContext;
23 import org.opensaml.ws.security.SecurityPolicy;
24 import org.opensaml.ws.security.SecurityPolicyResolver;
25 import org.opensaml.xml.security.SecurityException;
26 import org.opensaml.xml.util.DatatypeHelper;
27
28
29
30
31
32 public class RelyingPartySecurityPolicyResolver implements SecurityPolicyResolver {
33
34
35 private RelyingPartyConfigurationManager rpConfigManager;
36
37
38
39
40
41
42
43 public RelyingPartySecurityPolicyResolver(RelyingPartyConfigurationManager configManager) {
44 if (configManager == null) {
45 throw new IllegalArgumentException("Relying party configuraiton manager may not be null");
46 }
47
48 rpConfigManager = configManager;
49 }
50
51
52 public Iterable<SecurityPolicy> resolve(MessageContext messageContext) throws SecurityException {
53 return Collections.singletonList(resolveSingle(messageContext));
54 }
55
56
57 public SecurityPolicy resolveSingle(MessageContext messageContext) throws SecurityException {
58 String peerEntityId = messageContext.getInboundMessageIssuer();
59 if (DatatypeHelper.isEmpty(peerEntityId)) {
60 throw new SecurityException(
61 "Unable to select security policy, ID of the peer unknown.");
62 }
63
64 RelyingPartyConfiguration rpConfig = rpConfigManager.getRelyingPartyConfiguration(peerEntityId);
65 if (rpConfig == null) {
66 return null;
67 }
68
69 String profileId = messageContext.getCommunicationProfileId();
70 if (DatatypeHelper.isEmpty(profileId)) {
71 throw new SecurityException(
72 "Unable to select security policy, communication profile ID unknown.");
73 }
74
75 ProfileConfiguration profileConfig = rpConfig.getProfileConfiguration(profileId);
76 if (profileConfig == null) {
77 return null;
78 }
79
80 return profileConfig.getSecurityPolicy();
81 }
82 }