DecisionRequestContextHelper.java

/*
 * Copyright (c) Members of the EGEE Collaboration. 2006-2010.
 * See http://www.eu-egee.org/partners/ for details on the copyright holders.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.glite.authz.common.context;

import java.security.NoSuchAlgorithmException;

import org.glite.authz.common.AuthzServiceConstants;

import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.IdentifierGenerator;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.ws.soap.client.http.HttpSOAPRequestParameters;
import org.opensaml.ws.soap.common.SOAPObjectBuilder;
import org.opensaml.ws.soap.soap11.Body;
import org.opensaml.ws.soap.soap11.Envelope;
import org.opensaml.xacml.ctx.RequestType;
import org.opensaml.xacml.profile.saml.XACMLAuthzDecisionQueryType;

/**
 * Helper class for the XACML decision request message context
 * 
 * @author Valery Tschopp <valery.tschopp@switch.ch>
 */
public class DecisionRequestContextHelper {

    /** Generator for message IDs. */
    private static IdentifierGenerator idGenerator;

    /** Builder of XACMLAuthzDecisionQuery XMLObjects. */
    @SuppressWarnings("unchecked")
    private static SAMLObjectBuilder<XACMLAuthzDecisionQueryType> authzDecisionQueryBuilder= (SAMLObjectBuilder<XACMLAuthzDecisionQueryType>) Configuration.getBuilderFactory().getBuilder(XACMLAuthzDecisionQueryType.TYPE_NAME_XACML20);

    /** Builder of Body XMLObjects. */
    @SuppressWarnings("unchecked")
    private static SOAPObjectBuilder<Body> bodyBuilder= (SOAPObjectBuilder<Body>) Configuration.getBuilderFactory().getBuilder(Body.TYPE_NAME);

    /** Builder of Envelope XMLObjects. */
    @SuppressWarnings("unchecked")
    private static SOAPObjectBuilder<Envelope> envelopeBuilder= (SOAPObjectBuilder<Envelope>) Configuration.getBuilderFactory().getBuilder(Envelope.TYPE_NAME);

    /** Builder of Issuer XMLObjects. */
    @SuppressWarnings("unchecked")
    private static SAMLObjectBuilder<Issuer> issuerBuilder= (SAMLObjectBuilder<Issuer>) Configuration.getBuilderFactory().getBuilder(Issuer.DEFAULT_ELEMENT_NAME);

    static {
        try {
            idGenerator= new SecureRandomIdentifierGenerator();
            idGenerator.generateIdentifier();
        } catch (NoSuchAlgorithmException e) {
            // do nothing, all VMs are required to support the default algo
        }
    }

    /**
     * Builds a {@link DecisionRequestContext}. The communication profileID used
     * is {@value AuthzServiceConstants#XACML_SAML_PROFILE_URI}.
     * 
     * @param messageIssuerId
     *            The entityID of the message issuer
     * @return
     */
    static public DecisionRequestContext buildMessageContext(
            String messageIssuerId) {
        DecisionRequestContext messageContext= new DecisionRequestContext();
        messageContext.setCommunicationProfileId(AuthzServiceConstants.XACML_SAML_PROFILE_URI);
        messageContext.setOutboundMessageIssuer(messageIssuerId);
        messageContext.setSOAPRequestParameters(new HttpSOAPRequestParameters("http://www.oasis-open.org/committees/security"));

        // TODO fill in security policy resolver
        return messageContext;
    }

    /**
     * Creates a SOAP message within which lies the XACML request and set it as
     * outbound message in the message context.
     * 
     * @param messageIssuerId
     *            The entityID of the message issuer
     * @param messageContext
     *            current request context
     * @param xacmlRequest
     *            the XACML authorization request to be sent
     * 
     * @return the generated SOAP envelope containing the message
     */
    static public Envelope buildSOAPMessage(String messageIssuerId,
            DecisionRequestContext messageContext, RequestType xacmlRequest) {

        // create SAML decision query request
        XACMLAuthzDecisionQueryType samlRequest= authzDecisionQueryBuilder.buildObject(XACMLAuthzDecisionQueryType.DEFAULT_ELEMENT_NAME_XACML20,
                                                                                       XACMLAuthzDecisionQueryType.TYPE_NAME_XACML20);
        samlRequest.setRequest(xacmlRequest);

        Issuer issuer= issuerBuilder.buildObject();
        issuer.setFormat(Issuer.ENTITY);
        issuer.setValue(messageIssuerId);
        samlRequest.setIssuer(issuer);

        samlRequest.setID(idGenerator.generateIdentifier());
        samlRequest.setIssueInstant(new DateTime());

        samlRequest.setInputContextOnly(false);
        samlRequest.setReturnContext(true);

        // create SOAP body and envelop
        Body body= bodyBuilder.buildObject();
        body.getUnknownXMLObjects().add(samlRequest);

        Envelope envelope= envelopeBuilder.buildObject();
        envelope.setBody(body);

        // attach the SOAP envelop to message context 
        messageContext.setOutboundMessage(envelope);
        messageContext.setOutboundMessageId(samlRequest.getID());

        return envelope;
    }

}