1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.opensaml.common.binding.security;
18
19 import org.opensaml.common.binding.SAMLMessageContext;
20 import org.opensaml.security.MetadataCriteria;
21 import org.opensaml.ws.message.MessageContext;
22 import org.opensaml.ws.security.SecurityPolicyException;
23 import org.opensaml.ws.security.provider.CertificateNameOptions;
24 import org.opensaml.ws.security.provider.ClientCertAuthRule;
25 import org.opensaml.xml.security.CriteriaSet;
26 import org.opensaml.xml.security.trust.TrustEngine;
27 import org.opensaml.xml.security.x509.X509Credential;
28 import org.slf4j.Logger;
29 import org.slf4j.LoggerFactory;
30
31
32
33
34
35 public class SAMLMDClientCertAuthRule extends ClientCertAuthRule {
36
37
38 private final Logger log = LoggerFactory.getLogger(SAMLMDClientCertAuthRule.class);
39
40
41
42
43
44
45
46 public SAMLMDClientCertAuthRule(TrustEngine<X509Credential> engine, CertificateNameOptions nameOptions) {
47 super(engine, nameOptions);
48 }
49
50
51 protected CriteriaSet buildCriteriaSet(String entityID, MessageContext messageContext)
52 throws SecurityPolicyException {
53
54 if (!(messageContext instanceof SAMLMessageContext)) {
55 log.error("Supplied message context was not an instance of SAMLMessageContext, can not build criteria set from SAML metadata parameters");
56 throw new SecurityPolicyException("Supplied message context was not an instance of SAMLMessageContext");
57 }
58
59 SAMLMessageContext samlContext = (SAMLMessageContext) messageContext;
60
61 CriteriaSet criteriaSet = super.buildCriteriaSet(entityID, messageContext);
62 MetadataCriteria mdCriteria =
63 new MetadataCriteria(samlContext.getPeerEntityRole(), samlContext.getInboundSAMLProtocol());
64 criteriaSet.add(mdCriteria);
65
66 return criteriaSet;
67 }
68 }