/** {@inheritDoc} */ protected void doDecode(MessageContext messageContext) throws MessageDecodingException { if (!(messageContext instanceof SAMLMessageContext)) { log.error("Invalid message context type, this decoder only support SAMLMessageContext"); throw new MessageDecodingException( "Invalid message context type, this decoder only support SAMLMessageContext"); } if (!(messageContext.getInboundMessageTransport() instanceof HTTPInTransport)) { log.error("Invalid inbound message transport type, this decoder only support HTTPInTransport"); throw new MessageDecodingException( "Invalid inbound message transport type, this decoder only support HTTPInTransport"); } SAMLMessageContext samlMsgCtx = (SAMLMessageContext) messageContext; HTTPInTransport inTransport = (HTTPInTransport) samlMsgCtx.getInboundMessageTransport(); if (!inTransport.getHTTPMethod().equalsIgnoreCase("POST")) { throw new MessageDecodingException("This message decoder only supports the HTTP POST method"); } String relayState = inTransport.getParameterValue("RelayState"); samlMsgCtx.setRelayState(relayState); log.debug("Decoded SAML relay state of: {}", relayState); InputStream base64DecodedMessage = getBase64DecodedMessage(inTransport); Assertion inboundMessage = (Assertion) unmarshallMessage(base64DecodedMessage); Response response = SamlRedirectUtils.wrapAssertionIntoResponse(inboundMessage, inboundMessage.getIssuer().getValue()); samlMsgCtx.setInboundMessage(response); samlMsgCtx.setInboundSAMLMessage(response); log.debug("Decoded SAML message"); populateMessageContext(samlMsgCtx); }
/** * Get the entity ID of the presenter of the client TLS certificate, as will be used for trust evaluation purposes. * * <p> * The default behavior is to return the value of {@link MessageContext#getInboundMessageIssuer()}. Subclasses may * override to implement different logic. * </p> * * @param messageContext the current message context * @return the entity ID of the client TLS certificate presenter */ protected String getCertificatePresenterEntityID(MessageContext messageContext) { return messageContext.getInboundMessageIssuer(); }
/** * Store the sucessfully authenticated derived entity ID of the certificate presenter in the message context. * * <p> * The default behavior is to set the value by calling {@link MessageContext#setInboundMessageIssuer(String)}. * Subclasses may override to implement different logic. * </p> * * @param messageContext the current message context * @param entityID the successfully authenticated derived entity ID of the client TLS certificate presenter */ protected void setAuthenticatedCertificatePresenterEntityID(MessageContext messageContext, String entityID) { messageContext.setInboundMessageIssuer(entityID); }
/** {@inheritDoc} */ public boolean providesMessageConfidentiality(MessageContext messageContext) throws MessageEncodingException { if (messageContext.getOutboundMessageTransport().isConfidential()) { return true; } return false; }
/** {@inheritDoc} */ public void evaluate(MessageContext messageContext) throws SecurityPolicyException { if (!(messageContext.getInboundMessageTransport() instanceof HTTPTransport)) { log.debug("Message context was did not contain an HTTP transport, unable to evaluate security rule"); return; } doEvaluate(messageContext); }
/** {@inheritDoc} */ protected void prepareMessageContext(MessageContext messageContext) throws MessageEncodingException { if (messageContext.getOutboundMessage() == null) { messageContext.setOutboundMessage(buildSOAPEnvelope(messageContext)); } }
/** * Determine whether the inbound message represented by the message context * contains a SOAP Envelope. * * @param messageContext the current message context * @return true if the inbound message contains a SOAP Envelope, false otherwise */ public static boolean isInboundSOAPMessage(MessageContext messageContext) { XMLObject inboundMessage = messageContext.getInboundMessage(); if (inboundMessage == null) { return false; } // SOAP 1.1 Envelope if (inboundMessage instanceof Envelope) { return true; } //TODO SOAP 1.2 support when object providers are implemented return false; }
/** {@inheritDoc} */ public boolean isIssuerAuthenticated() { return isInboundSAMLMessageAuthenticated() || super.isIssuerAuthenticated(); } }
/** {@inheritDoc} */ public boolean isIssuerAuthenticated() { return getInboundMessageTransport().isAuthenticated(); }
/** {@inheritDoc} */ public void evaluate(MessageContext messageContext) throws SecurityPolicyException { if(!messageContext.isIssuerAuthenticated()) { log.error("Inbound message issuer was not authenticated."); throw new SecurityPolicyException("Inbound message issuer was not authenticated."); } } }
/** {@inheritDoc} */ public boolean providesMessageConfidentiality(MessageContext messageContext) throws MessageEncodingException { if (notConfidential) { return false; } return messageContext.getOutboundMessageTransport().isConfidential(); }
/** * Evaluates if the message context transport, guaranteed to be of type {@link HTTPTransport}, meets all * requirements. * * @param messageContext message context being evaluated * * @throws SecurityPolicyException thrown if the message context does not meet the requirements of an evaluated rule */ protected void doEvaluate(MessageContext messageContext) throws SecurityPolicyException { HTTPTransport transport = (HTTPTransport) messageContext.getInboundMessageTransport(); evaluateContentType(transport); evaluateRequestMethod(transport); evaluateSecured(transport); }
/** {@inheritDoc} */ public boolean providesMessageIntegrity(MessageContext messageContext) throws MessageEncodingException { if (messageContext.getOutboundMessageTransport().isIntegrityProtected()) { return true; } return false; }
/** {@inheritDoc} */ public boolean providesMessageIntegrity(MessageContext messageContext) throws MessageEncodingException { if (messageContext.getOutboundMessageTransport().isIntegrityProtected()) { return true; } return false; }
/** {@inheritDoc} */ public boolean providesMessageConfidentiality(MessageContext messageContext) throws MessageEncodingException { return messageContext.getOutboundMessageTransport().isConfidential(); }
/** {@inheritDoc} */ public boolean providesMessageConfidentiality(MessageContext messageContext) throws MessageEncodingException { if (messageContext.getOutboundMessageTransport().isConfidential()) { return true; } return false; }
/** {@inheritDoc} */ public boolean providesMessageIntegrity(MessageContext messageContext) throws MessageEncodingException { return messageContext.getOutboundMessageTransport().isIntegrityProtected(); }
/** {@inheritDoc} */ public boolean providesMessageIntegrity(MessageContext messageContext) throws MessageEncodingException { return messageContext.getOutboundMessageTransport().isIntegrityProtected(); }
public boolean providesMessageConfidentiality(MessageContext messageContext) throws MessageEncodingException { return messageContext.getOutboundMessageTransport().isConfidential(); }
public boolean providesMessageIntegrity(MessageContext messageContext) throws MessageEncodingException { return messageContext.getOutboundMessageTransport().isIntegrityProtected(); }