View Javadoc

1   /*
2    * Licensed to the University Corporation for Advanced Internet Development, 
3    * Inc. (UCAID) under one or more contributor license agreements.  See the 
4    * NOTICE file distributed with this work for additional information regarding
5    * copyright ownership. The UCAID licenses this file to You under the Apache 
6    * License, Version 2.0 (the "License"); you may not use this file except in 
7    * compliance with the License.  You may obtain a copy of the License at
8    *
9    *    http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  
18  package edu.internet2.middleware.shibboleth.common.relyingparty;
19  
20  import java.util.Collections;
21  
22  import org.opensaml.ws.message.MessageContext;
23  import org.opensaml.ws.security.SecurityPolicy;
24  import org.opensaml.ws.security.SecurityPolicyResolver;
25  import org.opensaml.xml.security.SecurityException;
26  import org.opensaml.xml.util.DatatypeHelper;
27  
28  /**
29   * A security policy resolver that selects the active security policy based on the inbound message issuer ID and the
30   * communication profile used.
31   */
32  public class RelyingPartySecurityPolicyResolver implements SecurityPolicyResolver {
33  
34      /** Relying party configuration manager. */
35      private RelyingPartyConfigurationManager rpConfigManager;
36  
37      /**
38       * Constructor.
39       * 
40       * @param configManager configuration manager used to resolve relying party specific configuration information, may
41       *            not be null
42       */
43      public RelyingPartySecurityPolicyResolver(RelyingPartyConfigurationManager configManager) {
44          if (configManager == null) {
45              throw new IllegalArgumentException("Relying party configuraiton manager may not be null");
46          }
47          
48          rpConfigManager = configManager;
49      }
50  
51      /** {@inheritDoc} */
52      public Iterable<SecurityPolicy> resolve(MessageContext messageContext) throws SecurityException {
53          return Collections.singletonList(resolveSingle(messageContext));
54      }
55  
56      /** {@inheritDoc} */
57      public SecurityPolicy resolveSingle(MessageContext messageContext) throws SecurityException {
58          String peerEntityId = messageContext.getInboundMessageIssuer();
59          if (DatatypeHelper.isEmpty(peerEntityId)) {
60              throw new SecurityException(
61                      "Unable to select security policy, ID of the peer unknown.");
62          }
63  
64          RelyingPartyConfiguration rpConfig = rpConfigManager.getRelyingPartyConfiguration(peerEntityId);
65          if (rpConfig == null) {
66              return null;
67          }
68  
69          String profileId = messageContext.getCommunicationProfileId();
70          if (DatatypeHelper.isEmpty(profileId)) {
71              throw new SecurityException(
72                      "Unable to select security policy, communication profile ID unknown.");
73          }
74  
75          ProfileConfiguration profileConfig = rpConfig.getProfileConfiguration(profileId);
76          if (profileConfig == null) {
77              return null;
78          }
79  
80          return profileConfig.getSecurityPolicy();
81      }
82  }