private Object parseMessage() {
// Consume SOAP message, if any
// TODO: Add a SOAP handler in Parser.java
if (soapAction != null) {
try {
MimeHeaders mime_headers = new MimeHeaders();
for (Object k : headers.getIds()) {
if (k instanceof String) {
String name = (String) k;
String value = Context.toString(ScriptableObject.getProperty(headers, name));
mime_headers.addHeader(name, value);
}
}
return MessageFactory.newInstance(SOAPConstants.DYNAMIC_SOAP_PROTOCOL)
.createMessage(mime_headers, request.getInputStream());
} catch (IOException ex) {
throw new ESXXException("Unable to read SOAP message stream: " + ex.getMessage());
} catch (SOAPException ex) {
throw new ESXXException(400 /* Bad Request */, "Invalid SOAP message: " + ex.getMessage());
} finally {
try {
request.getInputStream().close();
} catch (Exception ignored) {
}
}
} else if (contentType != null && contentLength > 0) {
try {
ESXX esxx = ESXX.getInstance();
return esxx.parseStream(
contentType,
request.getInputStream(),
URI.create("urn:x-esxx:incoming-request-entity"),
null,
new java.io.PrintWriter(request.getErrorWriter()),
Context.getCurrentContext(),
this);
} catch (Exception ex) {
throw new ESXXException(
400 /* Bad Request */, "Unable to parse request entity: " + ex.getMessage(), ex);
} finally {
try {
request.getInputStream().close();
} catch (Exception ignored) {
}
}
} else {
// Return a dummy object
return Context.getCurrentContext().newObject(this);
}
}
public void setValue(String value) {
Node valueNode = getValueNodeStrict();
if (valueNode != null) {
valueNode.setNodeValue(value);
} else {
try {
addTextNode(value);
} catch (SOAPException e) {
throw new RuntimeException(e.getMessage());
}
}
}
/**
* Returns SAMLv2 <code>Response</code>. SAMLv2 request is sent enclosed in the body of a SOAP
* Message to a SOAP endpoint. Prior to sending the request query, attributes required for
* completeness of the SAMLv2 Request will be set (eg. Issuer) if not already set. Message will be
* signed if signing is enabled. SAMLv2 Query Request will be enclosed in the SOAP Body to create
* a SOAP message to send to the server.
*
* @param request the SAMLv2 <code>RequestAbstract</code> object.
* @param pepEntityID entity identifier of the hosted query requester.
* @param pdpEntityID entity identifier of the remote server.
* @return SAMLv2 <code>Response</code> received from the Query Responder.
* @throws SAML2Exception if there is an error processing the query.
*/
public static Response processXACMLQuery(
RequestAbstract request, String pepEntityID, String pdpEntityID) throws SAML2Exception {
String classMethod = "QueryClient:processXACMLQuery";
String realm = "/";
Response samlResponse = null;
Response response = null;
// retreive pepEntityID metadata
if (pepEntityID == null || pepEntityID.length() == 0) {
debug.error(classMethod + "PEP Identifier is null");
String[] data = {pepEntityID};
LogUtil.error(Level.INFO, LogUtil.INVALID_PEP_ID, data);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullPEP"));
}
// retreive pdpEntityID metadata
if (pdpEntityID == null || pdpEntityID.length() == 0) {
debug.error(classMethod + "PDP Identifier is null");
String[] data = {pdpEntityID};
LogUtil.error(Level.INFO, LogUtil.INVALID_PDP_ID, data);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullPDP"));
}
if (request != null) {
// set properties in the request.
XACMLAuthzDecisionQuery xacmlQuery = (XACMLAuthzDecisionQuery) request;
if (xacmlQuery != null) {
// set Issuer
Issuer issuer = createIssuer(pepEntityID);
xacmlQuery.setIssuer(issuer);
// generate ID
String requestID = SAML2SDKUtils.generateID();
xacmlQuery.setID(requestID);
xacmlQuery.setVersion(SAML2Constants.VERSION_2_0);
xacmlQuery.setIssueInstant(new Date());
XACMLPDPConfigElement pdpConfig = getPDPConfig(realm, pdpEntityID);
if (pdpConfig != null) {
String wantQuerySigned =
getAttributeValueFromPDPConfig(pdpConfig, "wantXACMLAuthzDecisionQuerySigned");
if (wantQuerySigned != null && wantQuerySigned.equals("true")) {
signAttributeQuery(xacmlQuery, realm, pepEntityID, false);
}
}
String xmlString = xacmlQuery.toXMLString(true, true);
if (debug.messageEnabled()) {
debug.message(classMethod + "XACML Query XML String :" + xmlString);
}
// retrieve endpoint from meta data
String endPoint = null;
XACMLAuthzDecisionQueryConfigElement pepConfig = getPEPConfig(realm, pepEntityID);
endPoint = getPDPEndPoint(pdpEntityID);
if (debug.messageEnabled()) {
debug.message(classMethod + " ResponseLocation is :" + endPoint);
}
// create SOAP message
try {
String soapMessage = SAML2SDKUtils.createSOAPMessageString(xmlString);
endPoint = SAML2SDKUtils.fillInBasicAuthInfo(pepConfig, endPoint);
String[] urls = {endPoint};
SOAPClient soapClient = new SOAPClient(urls);
if (debug.messageEnabled()) {
debug.message(classMethod + "soapMessage :" + soapMessage);
}
InputStream soapIn = soapClient.call(soapMessage, null, null);
StringBuffer reply = new StringBuffer();
String line;
BufferedReader reader = new BufferedReader(new InputStreamReader(soapIn, "UTF-8"));
while ((line = reader.readLine()) != null) {
reply.append(line).append("\n");
}
// check the SOAP message for any SOAP related errors
// before passing control to SAML processor
xmlString = reply.toString();
if (debug.messageEnabled()) {
debug.message("Response Message:\n" + xmlString);
}
samlResponse = getSAMLResponse(xmlString);
issuer = samlResponse.getIssuer();
String issuerID = null;
if (issuer != null) {
issuerID = issuer.getValue().trim();
}
boolean isTrusted = verifyResponseIssuer(realm, pepEntityID, issuerID);
if (!isTrusted) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Issuer in Request is not valid.");
}
String[] args = {realm, pepEntityID, pdpEntityID};
LogUtil.error(Level.INFO, LogUtil.INVALID_ISSUER_IN_PEP_REQUEST, args);
throw new SAML2Exception("invalidIssuerInRequest");
}
if (samlResponse != null) {
xmlString = samlResponse.toXMLString(true, true);
if (debug.messageEnabled()) {
debug.message(classMethod + "Response: " + xmlString);
}
response = verifyResponse(realm, pepEntityID, samlResponse);
if (debug.messageEnabled()) {
debug.message(
classMethod
+ "Response with decrypted Assertion: "
+ response.toXMLString(true, true));
}
}
} catch (SOAPException soae) {
if (debug.messageEnabled()) {
debug.message(classMethod + "SOAPException :", soae);
}
throw new SAML2Exception(soae.getMessage());
} catch (Exception e) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Exception ", e);
}
throw new SAML2Exception(e.getMessage());
}
}
}
return response;
}
