some more OpenSAML3 refactoring stuff

1 files changed, 65 insertions, 6 deletions

diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
index 8b1b041b..763c07f6 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/Saml2Utils.java
@@ -20,6 +20,7 @@
 package at.gv.egiz.eaaf.modules.pvp2.impl.utils;
 
 import java.io.IOException;
+import java.io.InputStream;
 import java.security.PrivateKey;
 import java.security.interfaces.ECPrivateKey;
 import java.security.interfaces.ECPublicKey;
@@ -36,12 +37,6 @@ import javax.xml.transform.dom.DOMSource;
 import javax.xml.validation.Schema;
 import javax.xml.validation.Validator;
 
-import at.gv.egiz.eaaf.core.impl.utils.Random;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.opensaml.core.xml.XMLObject;
@@ -49,8 +44,12 @@ import org.opensaml.core.xml.XMLObjectBuilderFactory;
 import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
 import org.opensaml.core.xml.io.Marshaller;
 import org.opensaml.core.xml.io.MarshallingException;
+import org.opensaml.core.xml.io.Unmarshaller;
+import org.opensaml.core.xml.io.UnmarshallingException;
 import org.opensaml.core.xml.schema.XSString;
 import org.opensaml.core.xml.schema.impl.XSStringBuilder;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.messaging.decoder.MessageDecodingException;
 import org.opensaml.saml.common.SAMLObjectContentReference;
 import org.opensaml.saml.common.xml.SAMLSchemaBuilder;
 import org.opensaml.saml.common.xml.SAMLSchemaBuilder.SAML1Version;
@@ -80,6 +79,18 @@ import org.opensaml.xmlsec.signature.support.Signer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException;
+import net.shibboleth.utilities.java.support.xml.QNameSupport;
+import net.shibboleth.utilities.java.support.xml.SerializeSupport;
 
 public class Saml2Utils {
   private static final Logger log = LoggerFactory.getLogger(Saml2Utils.class);
@@ -153,6 +164,54 @@ public class Saml2Utils {
   }
 
   /**
+   * SAML2 message unmarshaller that performs schema validation before unmarshall the message.
+   * 
+   * @param messageStream SAML2 message that shoulld be unmarshalled
+   * @return OpenSAML XML object
+   * @throws MessageDecodingException In case of a schema-validation or unmarshalling error
+   */
+  public static XMLObject unmarshallMessage(final InputStream messageStream) throws MessageDecodingException {
+    try {
+      final Element samlElement = DomUtils.parseXmlValidating(messageStream);
+
+      if (log.isTraceEnabled()) {
+        log.trace("Resultant DOM message was:");
+        log.trace(SerializeSupport.nodeToString(samlElement));
+      }
+
+      log.debug("Unmarshalling DOM parsed from InputStream");
+      final Unmarshaller unmarshaller = XMLObjectSupport.getUnmarshaller(samlElement);
+      if (unmarshaller == null) {
+        log.error("Unable to unmarshall InputStream, no unmarshaller registered for element "
+            + QNameSupport.getNodeQName(samlElement));
+        throw new UnmarshallingException(
+            "Unable to unmarshall InputStream, no unmarshaller registered for element "
+                + QNameSupport.getNodeQName(samlElement));
+      }
+
+      final XMLObject message = unmarshaller.unmarshall(samlElement);
+
+      log.debug("InputStream succesfully unmarshalled");
+
+      return message;
+
+    } catch (final UnmarshallingException e) {
+      log.error("Error unmarshalling message from input stream", e);
+      throw new MessageDecodingException("Error unmarshalling message from input stream", e);
+
+    } catch (ParserConfigurationException | SAXException e) {
+      log.warn("Message schema-validation failed.");
+      throw new MessageDecodingException("Message schema-validation failed.", 
+          new SchemaValidationException("internal.pvp.03", new Object[] { e.getMessage() }, e));
+
+    } catch (final IOException e) {
+      log.error("Error read message from input stream", e);
+      throw new MessageDecodingException("Error read message from input stream", e);
+      
+    }
+  }
+  
+  /**
    * Select signature algorithm for a given credential.
    *
    * @param credentials {@link X509Credential} that will be used for signing