1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.opensaml.saml2.binding.artifact;
18
19 import java.security.MessageDigest;
20 import java.security.NoSuchAlgorithmException;
21 import java.security.SecureRandom;
22
23 import org.opensaml.common.SAMLObject;
24 import org.opensaml.common.binding.BasicEndpointSelector;
25 import org.opensaml.common.binding.SAMLMessageContext;
26 import org.opensaml.common.xml.SAMLConstants;
27 import org.opensaml.saml2.core.NameID;
28 import org.opensaml.saml2.metadata.ArtifactResolutionService;
29 import org.opensaml.saml2.metadata.Endpoint;
30 import org.opensaml.saml2.metadata.IndexedEndpoint;
31 import org.opensaml.xml.util.DatatypeHelper;
32 import org.slf4j.Logger;
33 import org.slf4j.LoggerFactory;
34
35
36
37
38 public class SAML2ArtifactType0004Builder implements SAML2ArtifactBuilder<SAML2ArtifactType0004> {
39
40
41 private final Logger log = LoggerFactory.getLogger(SAML2ArtifactType0004Builder.class);
42
43
44 public SAML2ArtifactType0004 buildArtifact(byte[] artifact) {
45 return SAML2ArtifactType0004.parseArtifact(artifact);
46 }
47
48
49 public SAML2ArtifactType0004 buildArtifact(SAMLMessageContext<SAMLObject, SAMLObject, NameID> requestContext) {
50 try {
51 IndexedEndpoint acsEndpoint = (IndexedEndpoint) getAcsEndpoint(requestContext);
52 if (acsEndpoint == null) {
53 return null;
54 }
55
56 byte[] endpointIndex = DatatypeHelper.intToByteArray(acsEndpoint.getIndex());
57 byte[] trimmedIndex = new byte[2];
58 trimmedIndex[0] = endpointIndex[2];
59 trimmedIndex[1] = endpointIndex[3];
60
61 MessageDigest sha1Digester = MessageDigest.getInstance("SHA-1");
62 byte[] source = sha1Digester.digest(requestContext.getLocalEntityId().getBytes());
63
64 SecureRandom handleGenerator = SecureRandom.getInstance("SHA1PRNG");
65 byte[] assertionHandle;
66 assertionHandle = new byte[20];
67 handleGenerator.nextBytes(assertionHandle);
68
69 return new SAML2ArtifactType0004(trimmedIndex, source, assertionHandle);
70 } catch (NoSuchAlgorithmException e) {
71 log.error("JVM does not support required cryptography algorithms: SHA-1/SHA1PRNG.", e);
72 throw new InternalError("JVM does not support required cryptography algorithms: SHA-1/SHA1PRNG.");
73 }
74 }
75
76
77
78
79
80
81
82
83 protected Endpoint getAcsEndpoint(SAMLMessageContext<SAMLObject, SAMLObject, NameID> requestContext) {
84 BasicEndpointSelector selector = new BasicEndpointSelector();
85 selector.setEndpointType(ArtifactResolutionService.DEFAULT_ELEMENT_NAME);
86 selector.getSupportedIssuerBindings().add(SAMLConstants.SAML2_SOAP11_BINDING_URI);
87 selector.setMetadataProvider(requestContext.getMetadataProvider());
88 selector.setEntityMetadata(requestContext.getLocalEntityMetadata());
89 selector.setEntityRoleMetadata(requestContext.getLocalEntityRoleMetadata());
90
91 Endpoint acsEndpoint = selector.selectEndpoint();
92
93 if (acsEndpoint == null) {
94 log.error("No artifact resolution service endpoint defined for the entity "
95 + requestContext.getOutboundMessageIssuer());
96 return null;
97 }
98
99 return acsEndpoint;
100 }
101 }