first stable version that uses OpenSAML 3.x

1 files changed, 41 insertions, 0 deletions

diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/EaafMessageContextInitializationHandler.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/EaafMessageContextInitializationHandler.java
index 2672bef2..aba0a68b 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/EaafMessageContextInitializationHandler.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/EaafMessageContextInitializationHandler.java
@@ -1,23 +1,64 @@
 package at.gv.egiz.eaaf.modules.pvp2.impl.verification;
 
+import javax.annotation.Nonnull;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+
+import org.opensaml.core.config.ConfigurationService;
 import org.opensaml.messaging.context.MessageContext;
 import org.opensaml.messaging.handler.AbstractMessageHandler;
 import org.opensaml.messaging.handler.MessageHandlerException;
 import org.opensaml.saml.common.SAMLObject;
 import org.opensaml.saml.common.messaging.context.SAMLMessageInfoContext;
 import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
+import org.opensaml.xmlsec.SignatureValidationConfiguration;
+import org.opensaml.xmlsec.SignatureValidationParameters;
+import org.opensaml.xmlsec.context.SecurityParametersContext;
+import org.opensaml.xmlsec.signature.support.SignatureTrustEngine;
 
 import lombok.extern.slf4j.Slf4j;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
 
 @Slf4j
 public class EaafMessageContextInitializationHandler extends AbstractMessageHandler<SAMLObject> {
 
+  private final IPvp2MetadataProvider internalMetadataProvider;
+  private SignatureTrustEngine trustEngine;
+
+  public EaafMessageContextInitializationHandler(@Nonnull IPvp2MetadataProvider metadataProvider) {
+    internalMetadataProvider = metadataProvider;
+  }
+
+  @Override
+  protected void doInitialize() throws ComponentInitializationException {
+    try {
+      trustEngine = TrustEngineFactory.getSignatureKnownKeysTrustEngine(internalMetadataProvider);
+
+    } catch (final Pvp2InternalErrorException e) {
+      throw new ComponentInitializationException("TrustEngine injection FAILED", e);
+
+    }
+  }
+
+
   @Override
   protected void doInvoke(MessageContext<SAMLObject> messageContext) throws MessageHandlerException {
     log.trace("Injecting sub-context to SAML2 message ... ");
     messageContext.addSubcontext(new SAMLPeerEntityContext());
     messageContext.addSubcontext(new SAMLMessageInfoContext());
 
+
+    final SecurityParametersContext securityParameterContext = new SecurityParametersContext();
+    final SignatureValidationParameters sigValParameters = new SignatureValidationParameters();
+    securityParameterContext.setSignatureValidationParameters(sigValParameters);
+    messageContext.addSubcontext(securityParameterContext);
+
+    sigValParameters.setBlacklistedAlgorithms(
+        ConfigurationService.get(SignatureValidationConfiguration.class)
+            .getBlacklistedAlgorithms());
+    sigValParameters.setSignatureTrustEngine(trustEngine);
   }
 
 }