Package: WSXACMLMessageReceiver

WSXACMLMessageReceiver

nameinstructionbranchcomplexitylinemethod
WSXACMLMessageReceiver()
M: 3 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 1 C: 0
0%
M: 1 C: 0
0%
buildXMLObject(QName)
M: 27 C: 0
0%
M: 2 C: 0
0%
M: 2 C: 0
0%
M: 5 C: 0
0%
M: 1 C: 0
0%
createBasicCredentials()
M: 32 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 12 C: 0
0%
M: 1 C: 0
0%
createDefaultSOAPEnvelope(MessageContext)
M: 31 C: 0
0%
M: 6 C: 0
0%
M: 4 C: 0
0%
M: 12 C: 0
0%
M: 1 C: 0
0%
createIssuer()
M: 16 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 6 C: 0
0%
M: 1 C: 0
0%
doBootstrap()
M: 12 C: 0
0%
M: 2 C: 0
0%
M: 2 C: 0
0%
M: 7 C: 0
0%
M: 1 C: 0
0%
extractXACMLRequest(String)
M: 58 C: 0
0%
M: 6 C: 0
0%
M: 4 C: 0
0%
M: 16 C: 0
0%
M: 1 C: 0
0%
formatResponse(String)
M: 34 C: 0
0%
M: 2 C: 0
0%
M: 2 C: 0
0%
M: 11 C: 0
0%
M: 1 C: 0
0%
getPublicX509CredentialImpl()
M: 24 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 7 C: 0
0%
M: 1 C: 0
0%
invokeBusinessLogic(MessageContext, MessageContext)
M: 95 C: 0
0%
M: 6 C: 0
0%
M: 4 C: 0
0%
M: 27 C: 0
0%
M: 1 C: 0
0%
marshall(XMLObject)
M: 53 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 17 C: 0
0%
M: 1 C: 0
0%
secureXACMLResponse(String)
M: 110 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 33 C: 0
0%
M: 1 C: 0
0%
setSignature(Response, String, X509Credential)
M: 87 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 27 C: 0
0%
M: 1 C: 0
0%
setXACMLNamespace(Iterator)
M: 19 C: 0
0%
M: 4 C: 0
0%
M: 3 C: 0
0%
M: 7 C: 0
0%
M: 1 C: 0
0%
static {...}
M: 11 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 4 C: 0
0%
M: 1 C: 0
0%
unmarshall(String)
M: 39 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 11 C: 0
0%
M: 1 C: 0
0%
validateIssuer(Issuer)
M: 16 C: 0
0%
M: 4 C: 0
0%
M: 3 C: 0
0%
M: 5 C: 0
0%
M: 1 C: 0
0%
validateSignature(Signature)
M: 27 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 10 C: 0
0%
M: 1 C: 0
0%

Coverage

1: /*
2: * Copyright (c) 2012, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
3: *
4: * WSO2 Inc. licenses this file to you under the Apache License,
5: * Version 2.0 (the "License"); you may not use this file except
6: * in compliance with the License.
7: * You may obtain a copy of the License at
8: *
9: * http://www.apache.org/licenses/LICENSE-2.0
10: *
11: * Unless required by applicable law or agreed to in writing,
12: * software distributed under the License is distributed on an
13: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
14: * KIND, either express or implied. See the License for the
15: * specific language governing permissions and limitations
16: * under the License.
17: */
18:
19: package org.wso2.carbon.identity.entitlement.wsxacml;
20:
21: import org.apache.axiom.om.OMAbstractFactory;
22: import org.apache.axiom.om.OMElement;
23: import org.apache.axiom.om.OMNamespace;
24: import org.apache.axiom.om.util.AXIOMUtil;
25: import org.apache.axiom.soap.SOAP11Constants;
26: import org.apache.axiom.soap.SOAP12Constants;
27: import org.apache.axiom.soap.SOAPEnvelope;
28: import org.apache.axiom.soap.SOAPFactory;
29: import org.apache.axis2.AxisFault;
30: import org.apache.axis2.context.MessageContext;
31: import org.apache.axis2.rpc.receivers.RPCMessageReceiver;
32: import org.apache.commons.logging.Log;
33: import org.apache.commons.logging.LogFactory;
34: import org.apache.xml.security.c14n.Canonicalizer;
35: import org.apache.xml.security.signature.XMLSignature;
36: import org.joda.time.DateTime;
37: import org.opensaml.Configuration;
38: import org.opensaml.DefaultBootstrap;
39: import org.opensaml.saml2.core.Assertion;
40: import org.opensaml.saml2.core.Issuer;
41: import org.opensaml.saml2.core.Response;
42: import org.opensaml.saml2.core.Statement;
43: import org.opensaml.saml2.core.impl.AssertionBuilder;
44: import org.opensaml.saml2.core.impl.IssuerBuilder;
45: import org.opensaml.saml2.core.impl.ResponseBuilder;
46: import org.opensaml.xacml.ctx.RequestType;
47: import org.opensaml.xacml.ctx.ResponseType;
48: import org.opensaml.xacml.profile.saml.XACMLAuthzDecisionQueryType;
49: import org.opensaml.xacml.profile.saml.XACMLAuthzDecisionStatementType;
50: import org.opensaml.xacml.profile.saml.impl.XACMLAuthzDecisionStatementTypeImplBuilder;
51: import org.opensaml.xml.ConfigurationException;
52: import org.opensaml.xml.XMLObject;
53: import org.opensaml.xml.XMLObjectBuilder;
54: import org.opensaml.xml.io.Marshaller;
55: import org.opensaml.xml.io.MarshallerFactory;
56: import org.opensaml.xml.io.Unmarshaller;
57: import org.opensaml.xml.io.UnmarshallerFactory;
58: import org.opensaml.xml.security.x509.BasicX509Credential;
59: import org.opensaml.xml.security.x509.X509Credential;
60: import org.opensaml.xml.signature.KeyInfo;
61: import org.opensaml.xml.signature.Signature;
62: import org.opensaml.xml.signature.SignatureValidator;
63: import org.opensaml.xml.signature.Signer;
64: import org.opensaml.xml.signature.X509Certificate;
65: import org.opensaml.xml.signature.X509Data;
66: import org.opensaml.xml.validation.ValidationException;
67: import org.w3c.dom.Document;
68: import org.w3c.dom.Element;
69: import org.w3c.dom.bootstrap.DOMImplementationRegistry;
70: import org.w3c.dom.ls.DOMImplementationLS;
71: import org.w3c.dom.ls.LSOutput;
72: import org.w3c.dom.ls.LSSerializer;
73: import org.wso2.carbon.core.util.KeyStoreManager;
74: import org.wso2.carbon.identity.core.util.IdentityUtil;
75: import org.wso2.carbon.identity.entitlement.EntitlementException;
76:
77: import javax.xml.namespace.QName;
78: import javax.xml.parsers.DocumentBuilder;
79: import javax.xml.parsers.DocumentBuilderFactory;
80: import java.io.ByteArrayInputStream;
81: import java.io.ByteArrayOutputStream;
82: import java.security.PrivateKey;
83: import java.security.cert.Certificate;
84: import java.security.cert.CertificateEncodingException;
85: import java.util.ArrayList;
86: import java.util.Iterator;
87: import java.util.List;
88:
89: public class WSXACMLMessageReceiver extends RPCMessageReceiver {
90:
91: private static Log log = LogFactory.getLog(WSXACMLMessageReceiver.class);
92: private static boolean isBootStrapped = false;
93: private static OMNamespace xacmlContextNS = OMAbstractFactory.getOMFactory()
94: .createOMNamespace("urn:oasis:names:tc:xacml:2.0:context:schema:os", "xacml-context");
95:
96: /**
97: * Bootstrap the OpenSAML2 library only if it is not bootstrapped.
98: */
99: public static void doBootstrap() {
100:
101:• if (!isBootStrapped) {
102: try {
103: DefaultBootstrap.bootstrap();
104: isBootStrapped = true;
105: } catch (ConfigurationException e) {
106: log.error("Error in bootstrapping the OpenSAML2 library", e);
107: }
108: }
109: }
110:
111: /**
112: * Create the issuer object to be added
113: *
114: * @return : the issuer of the statements
115: */
116: private static Issuer createIssuer() {
117:
118: IssuerBuilder issuer = (IssuerBuilder) org.opensaml.xml.Configuration.getBuilderFactory().
119: getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
120: Issuer issuerObject = issuer.buildObject();
121: issuerObject.setValue("https://identity.carbon.wso2.org");
122: issuerObject.setSPProvidedID("SPPProvierId");
123: return issuerObject;
124: }
125:
126: /**
127: * Overloaded method to sign a SAML response
128: *
129: * @param response : SAML response to be signed
130: * @param signatureAlgorithm : algorithm to be used in signing
131: * @param cred : signing credentials
132: * @return signed SAML response
133: * @throws EntitlementException
134: */
135: private static Response setSignature(Response response, String signatureAlgorithm,
136: X509Credential cred) throws EntitlementException {
137: doBootstrap();
138: try {
139: Signature signature = (Signature) buildXMLObject(Signature.DEFAULT_ELEMENT_NAME);
140: signature.setSigningCredential(cred);
141: signature.setSignatureAlgorithm(signatureAlgorithm);
142: signature.setCanonicalizationAlgorithm(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
143:
144: try {
145: KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
146: X509Data data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
147: X509Certificate cert = (X509Certificate) buildXMLObject(X509Certificate.DEFAULT_ELEMENT_NAME);
148: String value = org.apache.xml.security.utils.Base64.encode(cred.getEntityCertificate().getEncoded());
149: cert.setValue(value);
150: data.getX509Certificates().add(cert);
151: keyInfo.getX509Datas().add(data);
152: signature.setKeyInfo(keyInfo);
153: } catch (CertificateEncodingException e) {
154: throw new EntitlementException("errorGettingCert");
155: }
156: response.setSignature(signature);
157: List<Signature> signatureList = new ArrayList<Signature>();
158: signatureList.add(signature);
159: //Marshall and Sign
160: MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
161: Marshaller marshaller = marshallerFactory.getMarshaller(response);
162: marshaller.marshall(response);
163: org.apache.xml.security.Init.init();
164: Signer.signObjects(signatureList);
165: return response;
166: } catch (Exception e) {
167: throw new EntitlementException("Error When signing the assertion.", e);
168: }
169: }
170:
171: /**
172: * Create XMLObject from a given QName
173: *
174: * @param objectQName: QName of the object to be built into a XMLObject
175: * @return built xmlObject
176: * @throws EntitlementException
177: */
178: private static XMLObject buildXMLObject(QName objectQName) throws EntitlementException {
179:
180: XMLObjectBuilder builder = org.opensaml.xml.Configuration.getBuilderFactory().getBuilder(objectQName);
181:• if (builder == null) {
182: throw new EntitlementException("Unable to retrieve builder for object QName "
183: + objectQName);
184: }
185: return builder.buildObject(objectQName.getNamespaceURI(), objectQName.getLocalPart(),
186: objectQName.getPrefix());
187: }
188:
189: /**
190: * Create basic credentials needed to generate signature using EntitlementServiceComponent
191: *
192: * @return basicX509Credential
193: */
194: private static BasicX509Credential createBasicCredentials() {
195:
196: Certificate certificate = null;
197: PrivateKey issuerPK = null;
198:
199: KeyStoreManager keyMan = KeyStoreManager.getInstance(-1234);
200:
201: try {
202: certificate = keyMan.getDefaultPrimaryCertificate();
203: issuerPK = keyMan.getDefaultPrivateKey();
204: } catch (Exception e) {
205: log.error("Error occurred while getting the KeyStore from KeyManger.", e);
206: }
207:
208: BasicX509Credential basicCredential = new BasicX509Credential();
209: basicCredential.setEntityCertificate((java.security.cert.X509Certificate) certificate);
210: basicCredential.setPrivateKey(issuerPK);
211:
212: return basicCredential;
213: }
214:
215: /**
216: * Set relevant xacml namespace to all the children in the given iterator. *
217: *
218: * @param iterator: Iterator for all children inside OMElement
219: */
220: private static void setXACMLNamespace(Iterator iterator) {
221:
222:• while (iterator.hasNext()) {
223: OMElement omElement2 = (OMElement) iterator.next();
224: omElement2.setNamespace(xacmlContextNS);
225:• if (omElement2.getChildElements().hasNext()) {
226: setXACMLNamespace(omElement2.getChildElements());
227: }
228: }
229: }
230:
231: @Override
232: public void invokeBusinessLogic(MessageContext inMessageContext, MessageContext outMessageContext)
233: throws AxisFault {
234:
235: try {
236: OMElement xacmlAuthzDecisionQueryElement = inMessageContext.getEnvelope().getBody().getFirstElement();
237: String xacmlAuthzDecisionQuery = xacmlAuthzDecisionQueryElement.toString();
238: String xacmlRequest = extractXACMLRequest(xacmlAuthzDecisionQuery);
239: String serviceClass;
240: try {
241: serviceClass = inMessageContext.getAxisService().getParameterValue("XACMLHandlerImplClass").
242: toString().trim();
243: } catch (NullPointerException e) {
244: log.error("WS-XACML ServiceClass not specified in service context");
245: throw new AxisFault("WS-XACML ServiceClass not specified in service context");
246: }
247:• if (serviceClass == null || serviceClass.length() == 0) {
248: log.error("WS-XACML ServiceClass not specified in service context");
249: throw new AxisFault("WS-XACML ServiceClass not specified in service context");
250: }
251: XACMLHandler xacmlHandler = (XACMLHandler) Class.forName(serviceClass).newInstance();
252: xacmlRequest = xacmlRequest.replaceAll("xacml-context:", "");
253: String xacmlResponse = xacmlHandler.XACMLAuthzDecisionQuery(xacmlRequest);
254: String samlResponse = secureXACMLResponse(xacmlResponse);
255: OMElement samlResponseElement = AXIOMUtil.stringToOM(samlResponse);
256: SOAPEnvelope outSOAPEnvelope = createDefaultSOAPEnvelope(inMessageContext);
257:• if (outSOAPEnvelope != null) {
258: outSOAPEnvelope.getBody().addChild(samlResponseElement);
259: outMessageContext.setEnvelope(outSOAPEnvelope);
260: } else {
261: throw new Exception("SOAP envelope can not be null");
262: }
263: } catch (Exception e) {
264: log.error("Error occurred while evaluating XACML request.", e);
265: throw new AxisFault("Error occurred while evaluating XACML request.", e);
266: }
267: }
268:
269: /* Creating a soap response according the the soap namespce uri */
270: private SOAPEnvelope createDefaultSOAPEnvelope(MessageContext inMsgCtx) {
271:
272: String soapNamespace = inMsgCtx.getEnvelope().getNamespace()
273: .getNamespaceURI();
274: SOAPFactory soapFactory = null;
275:• if (soapNamespace.equals(SOAP11Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
276: soapFactory = OMAbstractFactory.getSOAP11Factory();
277: } else if (soapNamespace
278:• .equals(SOAP12Constants.SOAP_ENVELOPE_NAMESPACE_URI)) {
279: soapFactory = OMAbstractFactory.getSOAP12Factory();
280: } else {
281: log.error("Unknown SOAP Envelope");
282: }
283:• if (soapFactory != null) {
284: return soapFactory.getDefaultEnvelope();
285: }
286:
287: return null;
288: }
289:
290: /**
291: * Extract XACML request from passed in SAML-XACMLAuthzDecisionQuery
292: *
293: * @param decisionQuery : XACMLAuthxDecisionQuery passed in from PEP as a String
294: * @return xacml Request
295: * @throws Exception
296: */
297: private String extractXACMLRequest(String decisionQuery) throws Exception {
298:
299: RequestType xacmlRequest = null;
300: doBootstrap();
301: String queryString = null;
302: XACMLAuthzDecisionQueryType xacmlAuthzDecisionQuery;
303: try {
304: xacmlAuthzDecisionQuery = (XACMLAuthzDecisionQueryType) unmarshall(decisionQuery);
305: //Access the XACML request only if Issuer and the Signature are valid.
306:• if (validateIssuer(xacmlAuthzDecisionQuery.getIssuer())) {
307:• if (validateSignature(xacmlAuthzDecisionQuery.getSignature())) {
308: xacmlRequest = xacmlAuthzDecisionQuery.getRequest();
309: } else {
310: log.debug("The submitted signature is not valid!");
311: }
312: } else {
313: log.debug("The submitted issuer is not valid!");
314: }
315:
316:• if (xacmlRequest != null) {
317: queryString = marshall(xacmlRequest);
318: queryString = queryString.replace("<?xml version=\"1.0\" encoding=\"UTF-8\"?>", "").replace("\n", "");
319: }
320: return queryString;
321: } catch (Exception e) {
322: log.error("Error unmarshalling the XACMLAuthzDecisionQuery.", e);
323: throw new Exception("Error unmarshalling the XACMLAuthzDecisionQuery.", e);
324: }
325:
326: }
327:
328: /**
329: * Constructing the SAML or XACML Objects from a String
330: *
331: * @param xmlString Decoded SAML or XACML String
332: * @return SAML or XACML Object
333: * @throws org.wso2.carbon.identity.entitlement.EntitlementException
334: */
335: public XMLObject unmarshall(String xmlString) throws EntitlementException {
336:
337: try {
338: doBootstrap();
339: DocumentBuilderFactory documentBuilderFactory = IdentityUtil.getSecuredDocumentBuilderFactory();
340:
341: DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder();
342: Document document = docBuilder.parse(new ByteArrayInputStream(xmlString.trim().getBytes()));
343: Element element = document.getDocumentElement();
344: UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
345: Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element);
346: return unmarshaller.unmarshall(element);
347: } catch (Exception e) {
348: log.error("Error in constructing XML(SAML or XACML) Object from the encoded String", e);
349: throw new EntitlementException("Error in constructing XML(SAML or XACML) from the encoded String ", e);
350: }
351: }
352:
353: /**
354: * Check for the validity of the issuer
355: *
356: * @param issuer :who makes the claims inside the Query
357: * @return whether the issuer is valid
358: */
359: private boolean validateIssuer(Issuer issuer) {
360:
361: boolean isValidated = false;
362:
363:• if (issuer.getValue().equals("https://identity.carbon.wso2.org")
364:• && issuer.getSPProvidedID().equals("SPPProvierId")) {
365: isValidated = true;
366: }
367: return isValidated;
368: }
369:
370: /**
371: * `
372: * Serialize XML objects
373: *
374: * @param xmlObject : XACML or SAML objects to be serialized
375: * @return serialized XACML or SAML objects
376: * @throws EntitlementException
377: */
378: private String marshall(XMLObject xmlObject) throws EntitlementException {
379:
380: try {
381: doBootstrap();
382: System.setProperty("javax.xml.parsers.DocumentBuilderFactory",
383: "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
384:
385: MarshallerFactory marshallerFactory = org.opensaml.xml.Configuration.getMarshallerFactory();
386: Marshaller marshaller = marshallerFactory.getMarshaller(xmlObject);
387: Element element = marshaller.marshall(xmlObject);
388:
389: ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
390: DOMImplementationRegistry registry = DOMImplementationRegistry.newInstance();
391: DOMImplementationLS impl =
392: (DOMImplementationLS) registry.getDOMImplementation("LS");
393: LSSerializer writer = impl.createLSSerializer();
394: LSOutput output = impl.createLSOutput();
395: output.setByteStream(byteArrayOutputStream);
396: writer.write(element, output);
397: return byteArrayOutputStream.toString();
398: } catch (Exception e) {
399: log.error("Error Serializing the SAML Response");
400: throw new EntitlementException("Error Serializing the SAML Response", e);
401: }
402: }
403:
404: /**
405: * Check the validity of the Signature
406: *
407: * @param signature : XML Signature that authenticates the assertion
408: * @return whether the signature is valid
409: * @throws Exception
410: */
411: private boolean validateSignature(Signature signature) throws Exception {
412:
413: boolean isSignatureValid = false;
414:
415: try {
416: SignatureValidator validator = new SignatureValidator(getPublicX509CredentialImpl());
417: validator.validate(signature);
418: isSignatureValid = true;
419: } catch (ValidationException e) {
420: log.warn("Signature validation failed.");
421: } catch (Exception e) {
422: throw new Exception("Error in getting public X509Credentials to validate signature. ");
423: }
424: return isSignatureValid;
425: }
426:
427: /**
428: * get a org.wso2.carbon.identity.entitlement.wsxacml.X509CredentialImpl using RegistryService
429: *
430: * @return created X509Credential
431: */
432: private X509CredentialImpl getPublicX509CredentialImpl() throws Exception {
433:
434: X509CredentialImpl credentialImpl;
435: KeyStoreManager keyStoreManager;
436: try {
437: keyStoreManager = KeyStoreManager.getInstance(-1234);
438: // load the default pub. cert using the configuration in carbon.xml
439: java.security.cert.X509Certificate cert = keyStoreManager.getDefaultPrimaryCertificate();
440: credentialImpl = new X509CredentialImpl(cert);
441: return credentialImpl;
442: } catch (Exception e) {
443: log.error("Error instantiating an org.wso2.carbon.identity.entitlement.wsxacml.X509CredentialImpl " +
444: "object for the public cert.", e);
445: throw new Exception("Error instantiating an org.wso2.carbon.identity.entitlement.wsxacml.X509CredentialImpl " +
446: "object for the public cert.", e);
447: }
448: }
449:
450: /**
451: * Encapsulates the passed in xacml response into a saml response
452: *
453: * @param xacmlResponse : xacml response returned from PDP
454: * @return saml response
455: * @throws Exception
456: */
457: public String secureXACMLResponse(String xacmlResponse) throws Exception {
458:
459: ResponseType responseType;
460: String responseString;
461: doBootstrap();
462:
463: try {
464: responseType = (ResponseType) unmarshall(formatResponse(xacmlResponse));
465: } catch (Exception e) {
466: log.error("Error while unmarshalling the formatted XACML response.", e);
467: throw new EntitlementException("Error while unmarshalling the formatted XACML response.", e);
468: }
469: XACMLAuthzDecisionStatementTypeImplBuilder xacmlauthz = (XACMLAuthzDecisionStatementTypeImplBuilder)
470: org.opensaml.xml.Configuration.getBuilderFactory().
471: getBuilder(XACMLAuthzDecisionStatementType.TYPE_NAME_XACML20);
472: XACMLAuthzDecisionStatementType xacmlAuthzDecisionStatement = xacmlauthz
473: .buildObject(Statement.DEFAULT_ELEMENT_NAME, XACMLAuthzDecisionStatementType.TYPE_NAME_XACML20);
474: xacmlAuthzDecisionStatement.setResponse(responseType);
475: AssertionBuilder assertionBuilder = (AssertionBuilder) org.opensaml.xml.Configuration.getBuilderFactory()
476: .getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
477: DateTime currentTime = new DateTime();
478: Assertion assertion = assertionBuilder.buildObject();
479: assertion.setVersion(org.opensaml.common.SAMLVersion.VERSION_20);
480: assertion.setIssuer(createIssuer());
481: assertion.setIssueInstant(currentTime);
482: assertion.getStatements().add(xacmlAuthzDecisionStatement);
483: ResponseBuilder builder = (ResponseBuilder) org.opensaml.xml.Configuration.getBuilderFactory()
484: .getBuilder(Response.DEFAULT_ELEMENT_NAME);
485: Response response = builder.buildObject();
486: response.getAssertions().add(assertion);
487: response.setIssuer(createIssuer());
488: DateTime issueInstant = new DateTime();
489: response.setIssueInstant(issueInstant);
490: response = setSignature(response, XMLSignature.ALGO_ID_SIGNATURE_RSA, createBasicCredentials());
491: try {
492: responseString = marshall(response);
493: responseString = responseString.replace("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n", "");
494: return responseString;
495: } catch (EntitlementException e) {
496: log.error("Error occurred while marshalling the SAML Response.", e);
497: throw new Exception("Error occurred while marshalling the SAML Response.", e);
498: }
499: }
500:
501: /**
502: * Format the sent in response as required by OpenSAML
503: *
504: * @param xacmlResponse : received XACML response
505: * @return formatted response
506: */
507: private String formatResponse(String xacmlResponse) throws Exception {
508:
509: xacmlResponse = xacmlResponse.replace("\n", "");
510: OMElement omElemnt;
511:
512: try {
513: omElemnt = org.apache.axiom.om.util.AXIOMUtil.stringToOM(xacmlResponse);
514: omElemnt.setNamespace(xacmlContextNS);
515:• if (omElemnt.getChildren() != null) {
516: Iterator childIterator = omElemnt.getChildElements();
517: setXACMLNamespace(childIterator);
518: }
519: } catch (Exception e) {
520: log.error("Error while generating the OMElement from the XACML request.", e);
521: throw new Exception("Error while generating the OMElement from the XACML request.", e);
522: }
523:
524: return omElemnt.toString();
525: }
526: }