001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: XACMLRequestProcessor.java,v 1.4 2009/09/22 23:00:34 madan_ranganath Exp $
026 *
027 */
028
029package com.sun.identity.xacml.client;
030
031import java.util.Date;
032import java.util.List;
033
034import com.sun.identity.saml2.assertion.AssertionFactory;
035import com.sun.identity.saml2.assertion.Assertion;
036import com.sun.identity.saml2.assertion.Issuer;
037import com.sun.identity.saml2.common.SAML2Constants;
038import com.sun.identity.saml2.common.SAML2Exception;
039import com.sun.identity.saml2.common.SAML2Utils;
040import com.sun.identity.saml2.soapbinding.QueryClient;
041
042import com.sun.identity.xacml.common.XACMLException;
043
044import com.sun.identity.xacml.common.XACMLException;
045import com.sun.identity.xacml.common.XACMLSDKUtils;
046import com.sun.identity.xacml.context.ContextFactory;
047import com.sun.identity.xacml.context.Request;
048import com.sun.identity.xacml.context.Response;
049import com.sun.identity.xacml.saml2.XACMLAuthzDecisionQuery;
050import com.sun.identity.xacml.saml2.XACMLAuthzDecisionStatement;
051
052/**
053 * This class provides the public API to process XACML context Request. 
054 * This class accepts XACML context Request to get authorization decision,
055 * posts the request to PDP using SAML2 profile, gets SAML Response back, 
056 * extacts XACML context Response from the XACMLAuthzDecisionStatement 
057 * returned in SAML Response and returns the XACML context Response.
058 * XACML context Response includes the xacml context Result with 
059 * the XACML context authorization Decision
060 *
061 * @supported.all.api
062 *
063 */
064public class XACMLRequestProcessor {
065    
066    private XACMLRequestProcessor() {
067    }
068    
069    /**
070     * Returns an instance of <code>XACMLRequestProcessor</code>
071     * @exception if can not return an instance of 
072     *             <code>XACMLRequestProcessor</code>
073     */
074    public static XACMLRequestProcessor getInstance() throws XACMLException {
075        return new XACMLRequestProcessor();
076    }
077
078    /**
079     * Processes an XACML context Request and returns an XACML context 
080     * Response. 
081     *
082     * @param xacmlRequest XACML context Request. This describes the
083     *        Resource(s), Subject(s), Action, Environment of the request
084     *        and corresponds to XACML context schema element Request.
085     *        One would contruct this Request object using XACML client SDK.
086     *
087     * @param pdpEntityId EntityID of PDP
088     * @param pepEntityId EntityID of PEP
089     * @return XACML context Response. This corresponds to 
090     *               XACML context schema element Response
091     * @exception XACMLException if request could not be processed 
092     */
093    public Response processRequest(Request xacmlRequest, 
094            String pdpEntityId, String pepEntityId) 
095            throws XACMLException, SAML2Exception {
096
097        if (XACMLSDKUtils.debug.messageEnabled()) {
098            XACMLSDKUtils.debug.message(
099                    "XACMLRequestProcessor.processRequest(), entering"
100                    + ":pdpEntityId=" + pdpEntityId
101                    + ":pepEntityId=" + pepEntityId
102                    + ":xacmlRequest=\n" 
103                    + xacmlRequest.toXMLString(true, true));
104        }
105        XACMLAuthzDecisionQuery samlpQuery 
106            = createXACMLAuthzDecisionQuery(xacmlRequest);
107
108        //set InputContextOnly
109        samlpQuery.setInputContextOnly(true);
110
111        //set ReturnContext
112        samlpQuery.setReturnContext(true);
113
114        if (XACMLSDKUtils.debug.messageEnabled()) {
115            XACMLSDKUtils.debug.message(
116                    "XACMLRequestProcessor.processRequest(),"
117                    + "samlpQuery=\n" + samlpQuery.toXMLString(true, true));
118        }
119
120        com.sun.identity.saml2.protocol.Response samlpResponse 
121                = QueryClient.processXACMLQuery(samlpQuery,
122                pepEntityId, pdpEntityId);
123        
124        if (XACMLSDKUtils.debug.messageEnabled()) {
125            XACMLSDKUtils.debug.message(
126                    "XACMLRequestProcessor.processRequest(),"
127                    + ":samlpResponse=\n" 
128                    + samlpResponse.toXMLString(true, true));
129        }
130        
131        Response xacmlResponse = null;
132        List assertions = samlpResponse.getAssertion();
133        if (assertions != null) {
134            Assertion assertion = (Assertion)(assertions.get(0));
135            if (assertion != null) {
136                List statements = assertion.getStatements();
137                if (statements.size() > 0) {
138                    String statementString = (String)(statements.get(0));
139                    if (statementString != null) {
140                        XACMLAuthzDecisionStatement statement =
141                          ContextFactory.getInstance()
142                            .createXACMLAuthzDecisionStatement(statementString);
143                        if (XACMLSDKUtils.debug.messageEnabled()) {
144                            XACMLSDKUtils.debug.message(
145                                      "XACMLRequestProcessor.processRequest(),"
146                                    + ":xacmlAuthzDecisionStatement=\n"
147                                    + statement.toXMLString(true, true));
148                        }
149                        if (statement != null) {
150                            xacmlResponse = statement.getResponse();
151                            if (xacmlResponse != null) {
152                                if (XACMLSDKUtils.debug.messageEnabled()) {
153                                    XACMLSDKUtils.debug.message(
154                                        "XACMLRequestProcessor.processRequest()" +
155                                        ",returning :xacmlResponse=\n" +
156                                        xacmlResponse.toXMLString(true, true));
157                                }
158                                return xacmlResponse;
159                            }
160                        }
161                    }
162                }
163            }
164        }
165        return null;
166    }
167
168    //TODO: clean up and fix
169    private XACMLAuthzDecisionQuery createXACMLAuthzDecisionQuery(
170            Request xacmlRequest) 
171            throws XACMLException, SAML2Exception {
172        XACMLAuthzDecisionQuery query 
173                = ContextFactory.getInstance().createXACMLAuthzDecisionQuery();
174        query.setID("query-1");
175        query.setVersion("2.0");
176        query.setIssueInstant(new Date());
177        query.setDestination("destination-uri");
178        query.setConsent("consent-uri");
179
180        Issuer issuer = AssertionFactory.getInstance().createIssuer();
181        issuer.setValue("issuer-1");
182        issuer.setNameQualifier("name-qualifier");
183        //issuer.setSPProvidedID("sp-provided-id");
184        issuer.setSPNameQualifier("sp-name-qualifier");
185        issuer.setSPNameQualifier("sp-name-qualifier");
186        issuer.setFormat("format");
187        query.setIssuer(issuer);
188
189        query.setRequest(xacmlRequest);
190
191        return query;
192    }
193}