/** * Get the entity ID of the presenter of the client TLS certificate, as will be used for trust evaluation purposes. * * <p> * The default behavior is to return the value of {@link MessageContext#getInboundMessageIssuer()}. Subclasses may * override to implement different logic. * </p> * * @param messageContext the current message context * @return the entity ID of the client TLS certificate presenter */ protected String getCertificatePresenterEntityID(MessageContext messageContext) { return messageContext.getInboundMessageIssuer(); }
/** {@inheritDoc} */ protected void doDecode(MessageContext messageContext) throws MessageDecodingException { if (!(messageContext instanceof SAMLMessageContext)) { log.error("Invalid message context type, this decoder only support SAMLMessageContext"); throw new MessageDecodingException( "Invalid message context type, this decoder only support SAMLMessageContext"); } if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) { log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport"); throw new MessageDecodingException( "Invalid inbound message transport type, this decoder only support HTTPInTransport"); } SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext; HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); if (!inTransport.getHTTPMethod().equalsIgnoreCase("POST")) { throw new MessageDecodingException("This message decoder only supports the HTTP POST method"); } String relayState = inTransport.getParameterValue("RelayState"); samlMsgCtx.setRelayState(relayState); log.debug("Decoded SAML relay state of: {}", relayState); InputStream base64DecodedMessage = getBase64DecodedMessage(inTransport); Assertion inboundMessage = (Assertion) unmarshallMessage(base64DecodedMessage); Response response = SamlRedirectUtils.wrapAssertionIntoResponse(inboundMessage, inboundMessage.getIssuer().getValue()); samlMsgCtx.setInboundMessage(response); samlMsgCtx.setInboundSAMLMessage(response); log.debug("Decoded SAML message"); populateMessageContext(samlMsgCtx); }
/** {@inheritDoc} */ public boolean providesMessageConfidentiality(MessageContext messageContext) throws MessageEncodingException { if (messageContext.getOutboundMessageTransport().isConfidential()) { return true; } return false; }
/** {@inheritDoc} */ protected void prepareMessageContext(MessageContext messageContext) throws MessageEncodingException { if (messageContext.getOutboundMessage() == null) { messageContext.setOutboundMessage(buildSOAPEnvelope(messageContext)); } }
if (!(messageContext.getOutboundMessageTransport() instanceof HTTPOutTransport)) { log.error("Invalid outbound message transport type, this encoder only support HTTPOutTransport"); throw new MessageEncodingException( artifactMap.put(artifact.base64Encode(), messageContext.getInboundMessageIssuer(), messageContext .getOutboundMessageIssuer(), assertion); } catch (MarshallingException e) { log.error("Unable to marshall assertion to be represented as an artifact", e);
/** {@inheritDoc} */ protected void encodeToTransport(MessageContext messageContext) throws MessageEncodingException { Element envelopeElem = marshallMessage(messageContext.getOutboundMessage()); preprocessTransport(messageContext); try { OutTransport outTransport = messageContext.getOutboundMessageTransport(); Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8"); XMLHelper.writeNode(envelopeElem, out); out.flush(); } catch (UnsupportedEncodingException e) { log.error("JVM does not support required UTF-8 encoding"); throw new MessageEncodingException("JVM does not support required UTF-8 encoding"); } catch (IOException e) { log.error("Unable to write message content to outbound stream", e); throw new MessageEncodingException("Unable to write message content to outbound stream", e); } }
/** {@inheritDoc} */ protected void doDecode(MessageContext messageContext) throws MessageDecodingException { InTransport inTransport = messageContext.getInboundMessageTransport(); log.debug("Unmarshalling SOAP message"); Envelope soapMessage = (Envelope) unmarshallMessage(inTransport.getIncomingStream()); messageContext.setInboundMessage(soapMessage); }
String peerEntityId = messageContext.getInboundMessageIssuer(); if (DatatypeHelper.isEmpty(peerEntityId)) { throw new SecurityException("Unable to select security policy, ID of the peer unknown."); String profileId = messageContext.getCommunicationProfileId(); if (DatatypeHelper.isEmpty(profileId)) { throw new SecurityException("Unable to select security policy, communication profile ID unknown.");
/** * Add a header block to the SOAP envelope contained within the specified message context's * {@link MessageContext#getOutboundMessage()}. * * @param messageContext the message context being processed * @param headerBlock the header block to add */ public static void addHeaderBlock(MessageContext messageContext, XMLObject headerBlock) { XMLObject outboundEnvelope = messageContext.getOutboundMessage(); if (outboundEnvelope == null) { throw new IllegalArgumentException("Message context does not contain a SOAP envelope"); } // SOAP 1.1 Envelope if (outboundEnvelope instanceof Envelope) { addSOAP11HeaderBlock((Envelope) outboundEnvelope, headerBlock); } //TODO SOAP 1.2 support when object providers are implemented }
/** * Process the outbound {@link HandlerChain} for the message context, if any. * * @param messageContext the message context to process * @throws MessageEncodingException thrown if a handler indicates a problem handling the message */ protected void processOutboundHandlerChain(MessageContext messageContext) throws MessageEncodingException { HandlerChainResolver outboundHandlerChainResolver = messageContext.getOutboundHandlerChainResolver(); if (outboundHandlerChainResolver != null) { log.debug("Invoking outbound handler chain on message context"); try { for (HandlerChain outboundHandlerChain : outboundHandlerChainResolver.resolve(messageContext)) { if (outboundHandlerChain != null) { invokeHandlerChain(outboundHandlerChain, messageContext); } } } catch (HandlerException e) { log.error("Encountered HandlerException when encoding message: {}", e.getMessage()); throw new MessageEncodingException("Handler exception while encoding message", e); } } }
/** * Process the pre-SecurityPolicy inbound {@link HandlerChain} for the message context, if any. * * @param messageContext the message context to process * @throws MessageDecodingException thrown if a handler indicates a problem handling the message */ protected void processPreSecurityInboundHandlerChain(MessageContext messageContext) throws MessageDecodingException { HandlerChainResolver inboundHandlerChainResolver = messageContext.getPreSecurityInboundHandlerChainResolver(); if (inboundHandlerChainResolver != null) { log.debug("Invoking pre-SecurityPolicy inbound handler chain on message context"); try { for (HandlerChain inboundHandlerChain : inboundHandlerChainResolver.resolve(messageContext)) { if (inboundHandlerChain != null) { invokeHandlerChain(inboundHandlerChain, messageContext); } } } catch (HandlerException e) { log.error("Encountered pre-SecurityPolicy HandlerException when decoding message: {}", e.getMessage()); throw new MessageDecodingException("Pre-SecurityPolicy Handler exception while decoding message", e); } } }
/** * Process the post-SecurityPolicy inbound {@link HandlerChain} for the message context, if any. * * @param messageContext the message context to process * @throws MessageDecodingException thrown if a handler indicates a problem handling the message */ protected void processPostSecurityInboundHandlerChain(MessageContext messageContext) throws MessageDecodingException { HandlerChainResolver inboundHandlerChainResolver = messageContext.getPostSecurityInboundHandlerChainResolver(); if (inboundHandlerChainResolver != null) { log.debug("Invoking post-SecurityPolicy inbound handler chain on message context"); try { for (HandlerChain inboundHandlerChain : inboundHandlerChainResolver.resolve(messageContext)) { if (inboundHandlerChain != null) { invokeHandlerChain(inboundHandlerChain, messageContext); } } } catch (HandlerException e) { log.error("Encountered post-SecurityPolicy HandlerException when decoding message: {}", e.getMessage()); throw new MessageDecodingException("Handler exception while decoding message", e); } } }
body.getUnknownXMLObjects().add(samlMessage); messageContext.setOutboundMessage(envelope);
/** * Encode the message context to the transport. * * @param messageContext the message context to process * @throws MessageEncodingException thrown if there is a problem encoding the message context * to the transport */ protected void encodeToTransport(MessageContext messageContext) throws MessageEncodingException { Element envelopeElem = marshallMessage(messageContext.getOutboundMessage()); preprocessTransport(messageContext); try { OutTransport outTransport = messageContext.getOutboundMessageTransport(); Writer out = new OutputStreamWriter(outTransport.getOutgoingStream(), "UTF-8"); XMLHelper.writeNode(envelopeElem, out); out.flush(); } catch (UnsupportedEncodingException e) { log.error("JVM does not support required UTF-8 encoding"); throw new MessageEncodingException("JVM does not support required UTF-8 encoding"); } catch (IOException e) { log.error("Unable to write message content to outbound stream", e); throw new MessageEncodingException("Unable to write message content to outbound stream", e); } }
/** * Log the encoded message to the protocol message logger. * * @param messageContext the message context to process */ protected void logEncodedMessage(MessageContext messageContext) { if(protocolMessageLog.isDebugEnabled() && messageContext.getOutboundMessage() != null){ if (messageContext.getOutboundMessage().getDOM() == null) { try { marshallMessage(messageContext.getOutboundMessage()); } catch (MessageEncodingException e) { log.error("Unable to marshall message for logging purposes: " + e.getMessage()); return; } } protocolMessageLog.debug("\n" + XMLHelper.prettyPrintXML(messageContext.getOutboundMessage().getDOM())); } }
/** * Process the outbound {@link HandlerChain} for the message context, if any. * * @param messageContext the message context to process * @throws MessageEncodingException thrown if a handler indicates a problem handling the message */ protected void processOutboundHandlerChain(MessageContext messageContext) throws MessageEncodingException { HandlerChainResolver outboundHandlerChainResolver = messageContext.getOutboundHandlerChainResolver(); if (outboundHandlerChainResolver != null) { log.debug("Invoking outbound handler chain on message context"); try { for (HandlerChain outboundHandlerChain : outboundHandlerChainResolver.resolve(messageContext)) { if (outboundHandlerChain != null) { invokeHandlerChain(outboundHandlerChain, messageContext); } } } catch (HandlerException e) { log.error("Encountered HandlerException when encoding message: {}", e.getMessage()); throw new MessageEncodingException("Handler exception while encoding message", e); } } }
/** * Process the pre-SecurityPolicy inbound {@link HandlerChain} for the message context, if any. * * @param messageContext the message context to process * @throws MessageDecodingException thrown if a handler indicates a problem handling the message */ protected void processPreSecurityInboundHandlerChain(MessageContext messageContext) throws MessageDecodingException { HandlerChainResolver inboundHandlerChainResolver = messageContext.getPreSecurityInboundHandlerChainResolver(); if (inboundHandlerChainResolver != null) { log.debug("Invoking pre-SecurityPolicy inbound handler chain on message context"); try { for (HandlerChain inboundHandlerChain : inboundHandlerChainResolver.resolve(messageContext)) { if (inboundHandlerChain != null) { invokeHandlerChain(inboundHandlerChain, messageContext); } } } catch (HandlerException e) { log.error("Encountered pre-SecurityPolicy HandlerException when decoding message: {}", e.getMessage()); throw new MessageDecodingException("Pre-SecurityPolicy Handler exception while decoding message", e); } } }
/** * Process the post-SecurityPolicy inbound {@link HandlerChain} for the message context, if any. * * @param messageContext the message context to process * @throws MessageDecodingException thrown if a handler indicates a problem handling the message */ protected void processPostSecurityInboundHandlerChain(MessageContext messageContext) throws MessageDecodingException { HandlerChainResolver inboundHandlerChainResolver = messageContext.getPostSecurityInboundHandlerChainResolver(); if (inboundHandlerChainResolver != null) { log.debug("Invoking post-SecurityPolicy inbound handler chain on message context"); try { for (HandlerChain inboundHandlerChain : inboundHandlerChainResolver.resolve(messageContext)) { if (inboundHandlerChain != null) { invokeHandlerChain(inboundHandlerChain, messageContext); } } } catch (HandlerException e) { log.error("Encountered post-SecurityPolicy HandlerException when decoding message: {}", e.getMessage()); throw new MessageDecodingException("Handler exception while decoding message", e); } } }
/** {@inheritDoc} */ public boolean providesMessageConfidentiality(MessageContext messageContext) throws MessageEncodingException { if (notConfidential) { return false; } return messageContext.getOutboundMessageTransport().isConfidential(); }
/** {@inheritDoc} */ public void evaluate(MessageContext messageContext) throws SecurityPolicyException { if (!(messageContext.getInboundMessageTransport() instanceof HTTPTransport)) { log.debug("Message context was did not contain an HTTP transport, unable to evaluate security rule"); return; } doEvaluate(messageContext); }