org.opensaml.saml.saml1.profile.impl.AddResponseShell Maven / Gradle / Ivy
/*
* Licensed to the University Corporation for Advanced Internet Development,
* Inc. (UCAID) under one or more contributor license agreements. See the
* NOTICE file distributed with this work for additional information regarding
* copyright ownership. The UCAID licenses this file to You under the Apache
* License, Version 2.0 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.opensaml.saml.saml1.profile.impl;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.security.IdentifierGenerationStrategy;
import net.shibboleth.utilities.java.support.security.SecureRandomIdentifierGenerationStrategy;
import org.joda.time.DateTime;
import org.joda.time.chrono.ISOChronology;
import org.opensaml.core.xml.XMLObjectBuilderFactory;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.profile.action.AbstractProfileAction;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.action.EventIds;
import org.opensaml.profile.context.ProfileRequestContext;
import org.opensaml.saml.common.SAMLObjectBuilder;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.saml1.core.Response;
import org.opensaml.saml.saml1.core.Status;
import org.opensaml.saml.saml1.core.StatusCode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.google.common.base.Function;
/**
* Action that creates an empty {@link Response}, and sets it as the
* message returned by {@link ProfileRequestContext#getOutboundMessageContext()}.
*
* The {@link Status} is set to {@link StatusCode#SUCCESS} as a default assumption,
* and this can be overridden by subsequent actions.
*
* @event {@link EventIds#PROCEED_EVENT_ID}
* @event {@link EventIds#INVALID_MSG_CTX}
* @event {@link EventIds#INVALID_PROFILE_CTX}
*
* @post ProfileRequestContext.getOutboundMessageContext().getMessage() != null
*/
public class AddResponseShell extends AbstractProfileAction {
/** Class logger. */
@Nonnull private Logger log = LoggerFactory.getLogger(AddResponseShell.class);
/** Strategy used to locate the {@link IdentifierGenerationStrategy} to use. */
@Nonnull private Function idGeneratorLookupStrategy;
/** Overwrite an existing message? */
private boolean overwriteExisting;
/** The generator to use. */
@Nullable private IdentifierGenerationStrategy idGenerator;
/** Constructor. */
public AddResponseShell() {
// Default strategy is a 16-byte secure random source.
idGeneratorLookupStrategy = new Function() {
public IdentifierGenerationStrategy apply(final ProfileRequestContext input) {
return new SecureRandomIdentifierGenerationStrategy();
}
};
}
/**
* Set whether to overwrite an existing message.
*
* @param flag flag to set
*/
public void setOverwriteExisting(final boolean flag) {
ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
overwriteExisting = flag;
}
/**
* Set the strategy used to locate the {@link IdentifierGenerationStrategy} to use.
*
* @param strategy lookup strategy
*/
public void setIdentifierGeneratorLookupStrategy(
@Nonnull final Function strategy) {
ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
idGeneratorLookupStrategy =
Constraint.isNotNull(strategy, "IdentifierGenerationStrategy lookup strategy cannot be null");
}
/** {@inheritDoc} */
@Override
protected boolean doPreExecute(@Nonnull final ProfileRequestContext profileRequestContext) {
final MessageContext outboundMessageCtx = profileRequestContext.getOutboundMessageContext();
if (outboundMessageCtx == null) {
log.debug("{} No outbound message context", getLogPrefix());
ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX);
return false;
} else if (!overwriteExisting && outboundMessageCtx.getMessage() != null) {
log.debug("{} Outbound message context already contains a Response", getLogPrefix());
ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_MSG_CTX);
return false;
}
idGenerator = idGeneratorLookupStrategy.apply(profileRequestContext);
if (idGenerator == null) {
log.debug("{} No identifier generation strategy", getLogPrefix());
ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX);
return false;
}
outboundMessageCtx.setMessage(null);
return super.doPreExecute(profileRequestContext);
}
/** {@inheritDoc} */
@Override
protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) {
final XMLObjectBuilderFactory bf = XMLObjectProviderRegistrySupport.getBuilderFactory();
final SAMLObjectBuilder statusCodeBuilder =
(SAMLObjectBuilder) bf.getBuilderOrThrow(StatusCode.DEFAULT_ELEMENT_NAME);
final SAMLObjectBuilder statusBuilder =
(SAMLObjectBuilder) bf.getBuilderOrThrow(Status.DEFAULT_ELEMENT_NAME);
final SAMLObjectBuilder responseBuilder =
(SAMLObjectBuilder) bf.getBuilderOrThrow(Response.DEFAULT_ELEMENT_NAME);
final StatusCode statusCode = statusCodeBuilder.buildObject();
statusCode.setValue(StatusCode.SUCCESS);
final Status status = statusBuilder.buildObject();
status.setStatusCode(statusCode);
final Response response = responseBuilder.buildObject();
response.setID(idGenerator.generateIdentifier());
response.setIssueInstant(new DateTime(ISOChronology.getInstanceUTC()));
response.setStatus(status);
response.setVersion(SAMLVersion.VERSION_11);
profileRequestContext.getOutboundMessageContext().setMessage(response);
}
}