1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package edu.internet2.middleware.shibboleth.common.relyingparty;
18
19 import java.util.Collections;
20
21 import org.opensaml.ws.message.MessageContext;
22 import org.opensaml.ws.security.SecurityPolicy;
23 import org.opensaml.ws.security.SecurityPolicyResolver;
24 import org.opensaml.xml.security.SecurityException;
25 import org.opensaml.xml.util.DatatypeHelper;
26
27
28
29
30
31 public class RelyingPartySecurityPolicyResolver implements SecurityPolicyResolver {
32
33
34 private RelyingPartyConfigurationManager rpConfigManager;
35
36
37
38
39
40
41
42 public RelyingPartySecurityPolicyResolver(RelyingPartyConfigurationManager configManager) {
43 if (configManager == null) {
44 throw new IllegalArgumentException("Relying party configuraiton manager may not be null");
45 }
46
47 rpConfigManager = configManager;
48 }
49
50
51 public Iterable<SecurityPolicy> resolve(MessageContext messageContext) throws SecurityException {
52 return Collections.singletonList(resolveSingle(messageContext));
53 }
54
55
56 public SecurityPolicy resolveSingle(MessageContext messageContext) throws SecurityException {
57 String peerEntityId = messageContext.getInboundMessageIssuer();
58 if (DatatypeHelper.isEmpty(peerEntityId)) {
59 throw new SecurityException(
60 "Unable to select security policy, ID of the peer unknown.");
61 }
62
63 RelyingPartyConfiguration rpConfig = rpConfigManager.getRelyingPartyConfiguration(peerEntityId);
64 if (rpConfig == null) {
65 return null;
66 }
67
68 String profileId = messageContext.getCommunicationProfileId();
69 if (DatatypeHelper.isEmpty(profileId)) {
70 throw new SecurityException(
71 "Unable to select security policy, communication profile ID unknown.");
72 }
73
74 ProfileConfiguration profileConfig = rpConfig.getProfileConfiguration(profileId);
75 if (profileConfig == null) {
76 return null;
77 }
78
79 return profileConfig.getSecurityPolicy();
80 }
81 }