View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package edu.internet2.middleware.shibboleth.common.relyingparty;
18  
19  import java.util.Collections;
20  
21  import org.opensaml.ws.message.MessageContext;
22  import org.opensaml.ws.security.SecurityPolicy;
23  import org.opensaml.ws.security.SecurityPolicyResolver;
24  import org.opensaml.xml.security.SecurityException;
25  import org.opensaml.xml.util.DatatypeHelper;
26  
27  /**
28   * A security policy resolver that selects the active security policy based on the inbound message issuer ID and the
29   * communication profile used.
30   */
31  public class RelyingPartySecurityPolicyResolver implements SecurityPolicyResolver {
32  
33      /** Relying party configuration manager. */
34      private RelyingPartyConfigurationManager rpConfigManager;
35  
36      /**
37       * Constructor.
38       * 
39       * @param configManager configuration manager used to resolve relying party specific configuration information, may
40       *            not be null
41       */
42      public RelyingPartySecurityPolicyResolver(RelyingPartyConfigurationManager configManager) {
43          if (configManager == null) {
44              throw new IllegalArgumentException("Relying party configuraiton manager may not be null");
45          }
46          
47          rpConfigManager = configManager;
48      }
49  
50      /** {@inheritDoc} */
51      public Iterable<SecurityPolicy> resolve(MessageContext messageContext) throws SecurityException {
52          return Collections.singletonList(resolveSingle(messageContext));
53      }
54  
55      /** {@inheritDoc} */
56      public SecurityPolicy resolveSingle(MessageContext messageContext) throws SecurityException {
57          String peerEntityId = messageContext.getInboundMessageIssuer();
58          if (DatatypeHelper.isEmpty(peerEntityId)) {
59              throw new SecurityException(
60                      "Unable to select security policy, ID of the peer unknown.");
61          }
62  
63          RelyingPartyConfiguration rpConfig = rpConfigManager.getRelyingPartyConfiguration(peerEntityId);
64          if (rpConfig == null) {
65              return null;
66          }
67  
68          String profileId = messageContext.getCommunicationProfileId();
69          if (DatatypeHelper.isEmpty(profileId)) {
70              throw new SecurityException(
71                      "Unable to select security policy, communication profile ID unknown.");
72          }
73  
74          ProfileConfiguration profileConfig = rpConfig.getProfileConfiguration(profileId);
75          if (profileConfig == null) {
76              return null;
77          }
78  
79          return profileConfig.getSecurityPolicy();
80      }
81  }