/** {@inheritDoc} */ @Override protected boolean doPreInvoke(@Nonnull final MessageContext messageContext) throws MessageHandlerException { if (!super.doPreInvoke(messageContext)) { return false; } final ECPContext ctx = messageContext.getSubcontext(ECPContext.class); if (ctx == null || ctx.getSessionKey() == null) { return false; } return true; }
ecpContext.setRequestAuthenticated( SAMLBindingSupport.isMessageSigned(profileRequestContext.getInboundMessageContext())); log.debug("{} RequestAuthenticated: {}", getLogPrefix(), ecpContext.isRequestAuthenticated()); final byte[] key = new byte[32]; randomGenerator.nextBytes(key); ecpContext.setSessionKey(key); } else { log.debug("{} Assertion encryption is not enabled, skipping session key generation", getLogPrefix()); ecpContext.setSessionKey(null);
/** {@inheritDoc} */ @Override protected boolean doPreInvoke(@Nonnull final MessageContext messageContext) throws MessageHandlerException { if (!super.doPreInvoke(messageContext)) { return false; } final ECPContext ctx = messageContext.getSubcontext(ECPContext.class); if (ctx == null || !ctx.isRequestAuthenticated()) { return false; } return true; }
/** {@inheritDoc} */ @Override protected boolean doPreExecute(@Nonnull final ProfileRequestContext profileRequestContext) { if (!super.doPreExecute(profileRequestContext)) { return false; } ecpContext = ecpContextLookupStrategy.apply(profileRequestContext); if (ecpContext == null || ecpContext.getSessionKey() == null) { log.debug("{} No session key to add, nothing to do", getLogPrefix()); return false; } log.debug("{} Attempting to add GeneratedKey to every Assertion in Response", getLogPrefix()); response = responseLookupStrategy.apply(profileRequestContext); if (response == null) { log.debug("{} No SAML response located in current profile request context", getLogPrefix()); ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX); return false; } else if (response.getAssertions().isEmpty()) { log.debug("{} No assertions in response message, nothing to do", getLogPrefix()); return false; } return true; }
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final SAMLObjectBuilder<GeneratedKey> keyBuilder = (SAMLObjectBuilder<GeneratedKey>) XMLObjectProviderRegistrySupport.getBuilderFactory().<GeneratedKey>getBuilderOrThrow( GeneratedKey.DEFAULT_ELEMENT_NAME); final String key = Base64Support.encode(ecpContext.getSessionKey(), false); for (final Assertion assertion : response.getAssertions()) { final Advice advice = SAML2ActionSupport.addAdviceToAssertion(this, assertion); final GeneratedKey gk = keyBuilder.buildObject(); gk.setValue(key); advice.getChildren().add(gk); } log.debug("{} Added GeneratedKey to Advice", getLogPrefix()); }
/** {@inheritDoc} */ @Override protected void doInvoke(@Nonnull final MessageContext messageContext) throws MessageHandlerException { final SAMLObjectBuilder<GeneratedKey> builder = (SAMLObjectBuilder<GeneratedKey>) XMLObjectProviderRegistrySupport.getBuilderFactory().<GeneratedKey>getBuilderOrThrow( GeneratedKey.DEFAULT_ELEMENT_NAME); final GeneratedKey header = builder.buildObject(); header.setValue(Base64Support.encode(messageContext.getSubcontext(ECPContext.class).getSessionKey(), false)); SOAPSupport.addSOAP11ActorAttribute(header, ActorBearing.SOAP11_ACTOR_NEXT); try { SOAPMessagingSupport.addHeaderBlock(messageContext, header); } catch (final Exception e) { throw new MessageHandlerException(e); } }