nbi.xmlsec
Class PEPHandler

java.lang.Object
  extended byorg.mortbay.http.handler.AbstractHttpHandler
      extended bynbi.xmlsec.PEPHandler
All Implemented Interfaces:
HttpHandler, LifeCycle, Serializable

public class PEPHandler
extends AbstractHttpHandler

This class realises the functionality of the PEP handling each incoming Http request received via Jetty. Jetty calls the method handle(String, String, HttpRequest, HttpResponse). This method filters each incoming request and the resulting response from the PyWrapper calling the methods filterRequest(HttpRequest, Set, HttpResponse) and filterResponse(HttpURLConnection, HttpResponse, Set).

Since:
Version:
$Revision: 1.34 $
Author:
Lutz Suhrbier
See Also:
Serialized Form

Field Summary
private  X509Certificate cert
           
private  Configuration config
          The configuration.
private  String domain
          The working domain for this PEP.
private  URI host
          The host to redirect permitted requests to.
private  KeyStore keystore
           
(package private) static Logger logger
           
private  RBACPDP pdp
          The RBACPDP to evaluate the access control policies for a given role set.
private  PrivateKey privKey
           
(package private)  Request request
          BioCASE request to be filtered
private  RoleEnablementAuthority roleEnableAuth
          The RoleEnablementAuthority to evaluate roles for a given subject.
(package private)  int status
          Status of the filter
(package private) static int STATUS_REQUEST_ERROR
          Status Request denied
(package private) static int STATUS_REQUEST_NONE
          Initial status
(package private) static int STATUS_REQUEST_OK
          Status Request permitted
(package private) static int STATUS_RESPONSE_ERROR
          Status Response processing error
(package private) static int STATUS_RESPONSE_OK
          Status Response processed
(package private) static String version
           
private  URI wrapper
          The PyWrapperURI to redirect BioCASE requests to..
 
Fields inherited from class org.mortbay.http.handler.AbstractHttpHandler
 
Constructor Summary
PEPHandler()
           
PEPHandler(Configuration config)
          Creates a PEPHandler based on its configuration.
 
Method Summary
private  String addQueryParameter(String query, String paramLabel, String paramValue)
          Add a parameter to the given query request.
private  void addRoleQuery(Set roleIds, URI uri)
           
private  void addURLQuery(URI uri)
          Add the wrapper-URL to the url-header parameter for a Http-GET request.
private  String buildHostURL(String urlRequest, String urlHost)
          Builds the wrapperURL to be set in the provider's interface.
private  String buildWrapperURL(String urlRequest, String urlWrapper)
          Builds the wrapperURL to be set in the provider's interface.
private  HttpResponse createErrorResponse(HttpResponse httpResponse, Request request, String errMess)
          Creates an BioCASE error response.
private  List createReferences(ResponseFilter responseFilter, XMLSignatureFactory fac)
           
private  Reference createXPathReference(String xpath, XMLSignatureFactory fac)
           
private  int filterRequest(HttpRequest httpRequest, Set roleIds, HttpResponse httpResponse)
          Filters the incoming request filtering any BioCASE request using the RBACPDP and rejecting all denied request.
private  int filterResponse(HttpURLConnection httpConnection, HttpResponse httpResponse, Set roleIds)
          Filters the only responses corresponding to redirected requests and filtering any BioCASE responses using the RBACPDP eliminating all XML elements from the received document denied by the RBACPDP.
(package private) static X509Certificate getClientCertificate(HttpRequest request, String parameter)
          Retrieves the client's certificate from a HttpRequest parameter.
(package private) static X509Certificate getClientCertificate(SSLSocket socket)
          Retrieves the client's certificate from a SSL ServerSocket.
private  String getQueryParameterValue(String query, String paramLabel)
          Get the value of a parameter from the current query request.
private  Set getRoles(HttpRequest request)
          Retrieve the enabled roles from the REA for a given Http-request.
 void handle(String pathInContext, String pathParams, HttpRequest request, HttpResponse response)
          The handlers main function called from Jetty.
private  Set handleRoleParameter(Set roleIds, HttpRequest httpRequest)
          Reads the role parameter from the PyWrapper query, only if the requesting role is set to guest.
private  void handleWrapperURLParameter(HttpRequest httpRequest)
          Redefines the wrapper_url parameter of a Http-Request to the wrapperURL build using the method buildWrapperURL(String, String).
private  HttpURLConnection openHostConnection(HttpRequest request, Set roleIds)
          Opens an Http-connection to the provider's interface host and adds the client roles to the given Http-request and redirects the request to the provider's interface host.
private  void signResponse(ByteArrayInputStream contentIn, OutputStream contentOut, ResponseFilter responseFilter)
           
 
Methods inherited from class org.mortbay.http.handler.AbstractHttpHandler
getHttpContext, getName, handleTrace, initialize, isStarted, setName, start, stop, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

logger

static Logger logger

STATUS_REQUEST_NONE

static final int STATUS_REQUEST_NONE
Initial status

See Also:
Constant Field Values

STATUS_REQUEST_OK

static final int STATUS_REQUEST_OK
Status Request permitted

See Also:
Constant Field Values

STATUS_REQUEST_ERROR

static final int STATUS_REQUEST_ERROR
Status Request denied

See Also:
Constant Field Values

STATUS_RESPONSE_OK

static final int STATUS_RESPONSE_OK
Status Response processed

See Also:
Constant Field Values

STATUS_RESPONSE_ERROR

static final int STATUS_RESPONSE_ERROR
Status Response processing error

See Also:
Constant Field Values

config

private Configuration config
The configuration.


keystore

private KeyStore keystore

privKey

private PrivateKey privKey

cert

private X509Certificate cert

roleEnableAuth

private RoleEnablementAuthority roleEnableAuth
The RoleEnablementAuthority to evaluate roles for a given subject.


pdp

private RBACPDP pdp
The RBACPDP to evaluate the access control policies for a given role set.


domain

private String domain
The working domain for this PEP.


host

private URI host
The host to redirect permitted requests to.


wrapper

private URI wrapper
The PyWrapperURI to redirect BioCASE requests to..


status

int status
Status of the filter


request

Request request
BioCASE request to be filtered


version

static final String version
See Also:
Constant Field Values
Constructor Detail

PEPHandler

public PEPHandler()

PEPHandler

public PEPHandler(Configuration config)
           throws ClassNotFoundException,
                  NoSuchMethodException,
                  InvocationTargetException,
                  InstantiationException,
                  IllegalAccessException
Creates a PEPHandler based on its configuration.

Parameters:
config - The configuration.
Throws:
ClassNotFoundException
NoSuchMethodException
InvocationTargetException
InstantiationException
IllegalAccessException
Method Detail

getClientCertificate

static X509Certificate getClientCertificate(SSLSocket socket)
                                     throws SSLPeerUnverifiedException
Retrieves the client's certificate from a SSL ServerSocket.

Parameters:
socket - The SSL server socket
Returns:
The client's certificate or null.
Throws:
SSLPeerUnverifiedException

getClientCertificate

static X509Certificate getClientCertificate(HttpRequest request,
                                            String parameter)
                                     throws CertificateException
Retrieves the client's certificate from a HttpRequest parameter.

Parameters:
request - The Http request.
parameter - The Http request parameter name of the client certificate.
Returns:
The client's certificate or null.
Throws:
NullPointerException - if parameter could not be retrieved from the request.
CertificateException

getRoles

private Set getRoles(HttpRequest request)
Retrieve the enabled roles from the REA for a given Http-request. First, the client's certificate is retrieved, then the REA is evaluated for the client's roles enabled.

Parameters:
request - The received Http request
Returns:
Set of enabled roles for the client.

openHostConnection

private HttpURLConnection openHostConnection(HttpRequest request,
                                             Set roleIds)
                                      throws IOException,
                                             ParsingException,
                                             URISyntaxException
Opens an Http-connection to the provider's interface host and adds the client roles to the given Http-request and redirects the request to the provider's interface host.

Parameters:
request - The received Http-Request
roleIds - The roles to add to the Http-Request as parameters
Returns:
The established URLConnection or null.
Throws:
IOException
ParsingException
URISyntaxException

buildWrapperURL

private String buildWrapperURL(String urlRequest,
                               String urlWrapper)
Builds the wrapperURL to be set in the provider's interface. The URL is created from the wrapper URL concatenating the paht of the request URL.

Parameters:
urlRequest - The URL of the current Request.
urlWrapper - The URL of the PyWrapper.
Returns:
The new wrapperURL or null.

buildHostURL

private String buildHostURL(String urlRequest,
                            String urlHost)
Builds the wrapperURL to be set in the provider's interface. The URL is created from the host URL concatenating the paht of the request URL.

Parameters:
urlRequest - The URL of the current Request.
urlHost - The URL of the provider's interface host.
Returns:
The new wrapperURL or null.

handleWrapperURLParameter

private void handleWrapperURLParameter(HttpRequest httpRequest)
                                throws MalformedURLException
Redefines the wrapper_url parameter of a Http-Request to the wrapperURL build using the method buildWrapperURL(String, String).

Parameters:
httpRequest - The request to modify.
Throws:
MalformedURLException

getQueryParameterValue

private String getQueryParameterValue(String query,
                                      String paramLabel)
Get the value of a parameter from the current query request.

Parameters:
query - The query.
paramLabel - The parameter to search for.
Returns:
The parameter value or null.

addQueryParameter

private String addQueryParameter(String query,
                                 String paramLabel,
                                 String paramValue)
Add a parameter to the given query request.

Parameters:
query - The query of the current request.
paramLabel - The label of the parameter to add.
paramValue - The value of the parameter to add.
Returns:
The new query or null.

addRoleQuery

private void addRoleQuery(Set roleIds,
                          URI uri)
                   throws ParsingException,
                          URISyntaxException
Throws:
ParsingException
URISyntaxException

addURLQuery

private void addURLQuery(URI uri)
                  throws ParsingException,
                         URISyntaxException
Add the wrapper-URL to the url-header parameter for a Http-GET request.

Parameters:
uri - The URI to build the wrapper url.
Throws:
ParsingException
URISyntaxException

handleRoleParameter

private Set handleRoleParameter(Set roleIds,
                                HttpRequest httpRequest)
                         throws ParsingException,
                                URISyntaxException
Reads the role parameter from the PyWrapper query, only if the requesting role is set to guest.

Parameters:
roleIds - The set of roles.
httpRequest - The request to inspect.
Returns:
The role parameter from the request.
Throws:
ParsingException
URISyntaxException

filterRequest

private int filterRequest(HttpRequest httpRequest,
                          Set roleIds,
                          HttpResponse httpResponse)
                   throws ParserConfigurationException,
                          SAXException,
                          UnsupportedEncodingException,
                          IOException
Filters the incoming request filtering any BioCASE request using the RBACPDP and rejecting all denied request. When an request is denied or an error occurs, an error response is generated. The method returns the new status for this PEPHandler.

Parameters:
httpRequest - The request to filter.
roleIds - The enabled role Id's for this request.
httpResponse - The Http Resopnse
Returns:
The request status.
Throws:
ParserConfigurationException
SAXException
UnsupportedEncodingException
IOException

filterResponse

private int filterResponse(HttpURLConnection httpConnection,
                           HttpResponse httpResponse,
                           Set roleIds)
                    throws ParserConfigurationException,
                           SAXException,
                           UnsupportedEncodingException,
                           IOException
Filters the only responses corresponding to redirected requests and filtering any BioCASE responses using the RBACPDP eliminating all XML elements from the received document denied by the RBACPDP. When an error occurs, an error response is generated. The method returns the new status for this PEPHandler. Denied elements are reported in the BioCASE Diagnostics.

Parameters:
httpConnection - The connection to the PyWrapper
httpResponse - The Http-response received
roleIds - The roles enabled for this client request/response.
Returns:
The response status.
Throws:
ParserConfigurationException
SAXException
UnsupportedEncodingException
IOException

createReferences

private List createReferences(ResponseFilter responseFilter,
                              XMLSignatureFactory fac)
                       throws NoSuchAlgorithmException,
                              InvalidAlgorithmParameterException
Throws:
NoSuchAlgorithmException
InvalidAlgorithmParameterException

createXPathReference

private Reference createXPathReference(String xpath,
                                       XMLSignatureFactory fac)
                                throws NoSuchAlgorithmException,
                                       InvalidAlgorithmParameterException
Throws:
NoSuchAlgorithmException
InvalidAlgorithmParameterException

signResponse

private void signResponse(ByteArrayInputStream contentIn,
                          OutputStream contentOut,
                          ResponseFilter responseFilter)
                   throws Exception
Throws:
Exception

createErrorResponse

private HttpResponse createErrorResponse(HttpResponse httpResponse,
                                         Request request,
                                         String errMess)
                                  throws IOException
Creates an BioCASE error response.

Parameters:
httpResponse - The Http-response to be filled with the error message
request - The BioCASE-request
errMess - The error message to be included in the Diagnostics of the response.
Returns:
Http Error response.
Throws:
IOException

handle

public void handle(String pathInContext,
                   String pathParams,
                   HttpRequest request,
                   HttpResponse response)
            throws HttpException,
                   IOException
The handlers main function called from Jetty. Processes the handling of requests, responses and error responses calling the methods filterRequest and filterResponse.

Throws:
HttpException
IOException
See Also:
HttpHandler.handle(java.lang.String, java.lang.String, org.mortbay.http.HttpRequest, org.mortbay.http.HttpResponse)


Copyright © 2006 Lutz Suhrbier, Freie Universitšt Berlin. All Rights Reserved.