/**
* Tries to load peer SSL certificate from the inbound message transport using attribute
* "javax.servlet.request.X509Certificate". If found sets peerSSLCredential in the context.
*
* @param samlContext context to populate
*/
protected void populatePeerSSLCredential(SAMLMessageContext samlContext) {
X509Certificate[] chain =
(X509Certificate[])
samlContext
.getInboundMessageTransport()
.getAttribute(ServletRequestX509CredentialAdapter.X509_CERT_REQUEST_ATTRIBUTE);
if (chain != null && chain.length > 0) {
logger.debug("Found certificate chain from request {}", chain[0]);
BasicX509Credential credential = new BasicX509Credential();
credential.setEntityCertificate(chain[0]);
credential.setEntityCertificateChain(Arrays.asList(chain));
samlContext.setPeerSSLCredential(credential);
}
}
/**
* Loads the IDP_PARAMETER from the request and if it is not null verifies whether IDP with this
* value is valid IDP in our circle of trust. Processing fails when IDP is not valid. IDP is set
* as PeerEntityId in the context.
*
* <p>If request parameter is null the default IDP is returned.
*
* @param context context to populate ID for
* @throws MetadataProviderException in case provided IDP value is invalid
*/
protected void populatePeerEntityId(SAMLMessageContext context) throws MetadataProviderException {
String idp =
((HTTPInTransport) context.getInboundMessageTransport())
.getParameterValue(SAMLEntryPoint.IDP_PARAMETER);
if (idp != null) {
if (!metadata.isIDPValid(idp)) {
logger.debug("User specified IDP {} is invalid", idp);
throw new MetadataProviderException("Specified IDP is not valid: " + idp);
} else {
logger.debug("Using user specified IDP {}", idp);
context.setPeerUserSelected(true);
}
} else {
idp = metadata.getDefaultIDP();
logger.debug("No IDP specified, using default {}", idp);
context.setPeerUserSelected(false);
}
context.setPeerEntityId(idp);
context.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
}
