nbi.xmlsec
Class PEPHandler

java.lang.Object
  org.mortbay.http.handler.AbstractHttpHandler
      nbi.xmlsec.PEPHandler

All Implemented Interfaces:

HttpHandler, LifeCycle, Serializable

public class PEPHandler

extends AbstractHttpHandler

This class realises the functionality of the PEP handling each incoming Http request received via Jetty. Jetty calls the method handle(String, String, HttpRequest, HttpResponse). This method filters each incoming request and the resulting response from the PyWrapper calling the methods filterRequest(HttpRequest, Set, HttpResponse) and filterResponse(HttpURLConnection, HttpResponse, Set).

Since:

Version:

$Revision: 1.34 $

Author:

Lutz Suhrbier

See Also:

Serialized Form

Field Summary

private X509Certificate	cert
private Configuration	config The configuration.
private String	domain The working domain for this PEP.
private URI	host The host to redirect permitted requests to.
private KeyStore	keystore
(package private) static Logger	logger
private RBACPDP	pdp The RBACPDP to evaluate the access control policies for a given role set.
private PrivateKey	privKey
(package private) Request	request BioCASE request to be filtered
private RoleEnablementAuthority	roleEnableAuth The RoleEnablementAuthority to evaluate roles for a given subject.
(package private) int	status Status of the filter
(package private) static int	STATUS_REQUEST_ERROR Status Request denied
(package private) static int	STATUS_REQUEST_NONE Initial status
(package private) static int	STATUS_REQUEST_OK Status Request permitted
(package private) static int	STATUS_RESPONSE_ERROR Status Response processing error
(package private) static int	STATUS_RESPONSE_OK Status Response processed
(package private) static String	version
private URI	wrapper The PyWrapperURI to redirect BioCASE requests to..

Fields inherited from class org.mortbay.http.handler.AbstractHttpHandler

Constructor Summary

PEPHandler()

PEPHandler(Configuration config)
Creates a PEPHandler based on its configuration.

Method Summary

private String	addQueryParameter(String query, String paramLabel, String paramValue) Add a parameter to the given query request.
private void	addRoleQuery(Set roleIds, URI uri)
private void	addURLQuery(URI uri) Add the wrapper-URL to the url-header parameter for a Http-GET request.
private String	buildHostURL(String urlRequest, String urlHost) Builds the wrapperURL to be set in the provider's interface.
private String	buildWrapperURL(String urlRequest, String urlWrapper) Builds the wrapperURL to be set in the provider's interface.
private HttpResponse	createErrorResponse(HttpResponse httpResponse, Request request, String errMess) Creates an BioCASE error response.
private List	createReferences(ResponseFilter responseFilter, XMLSignatureFactory fac)
private Reference	createXPathReference(String xpath, XMLSignatureFactory fac)
private int	filterRequest(HttpRequest httpRequest, Set roleIds, HttpResponse httpResponse) Filters the incoming request filtering any BioCASE request using the RBACPDP and rejecting all denied request.
private int	filterResponse(HttpURLConnection httpConnection, HttpResponse httpResponse, Set roleIds) Filters the only responses corresponding to redirected requests and filtering any BioCASE responses using the RBACPDP eliminating all XML elements from the received document denied by the RBACPDP.
(package private) static X509Certificate	getClientCertificate(HttpRequest request, String parameter) Retrieves the client's certificate from a HttpRequest parameter.
(package private) static X509Certificate	getClientCertificate(SSLSocket socket) Retrieves the client's certificate from a SSL ServerSocket.
private String	getQueryParameterValue(String query, String paramLabel) Get the value of a parameter from the current query request.
private Set	getRoles(HttpRequest request) Retrieve the enabled roles from the REA for a given Http-request.
void	handle(String pathInContext, String pathParams, HttpRequest request, HttpResponse response) The handlers main function called from Jetty.
private Set	handleRoleParameter(Set roleIds, HttpRequest httpRequest) Reads the role parameter from the PyWrapper query, only if the requesting role is set to guest.
private void	handleWrapperURLParameter(HttpRequest httpRequest) Redefines the wrapper_url parameter of a Http-Request to the wrapperURL build using the method buildWrapperURL(String, String).
private HttpURLConnection	openHostConnection(HttpRequest request, Set roleIds) Opens an Http-connection to the provider's interface host and adds the client roles to the given Http-request and redirects the request to the provider's interface host.
private void	signResponse(ByteArrayInputStream contentIn, OutputStream contentOut, ResponseFilter responseFilter)

Methods inherited from class org.mortbay.http.handler.AbstractHttpHandler

getHttpContext, getName, handleTrace, initialize, isStarted, setName, start, stop, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

logger

static Logger logger

STATUS_REQUEST_NONE

static final int STATUS_REQUEST_NONE

Initial status

See Also:

Constant Field Values

STATUS_REQUEST_OK

static final int STATUS_REQUEST_OK

Status Request permitted

See Also:

Constant Field Values

STATUS_REQUEST_ERROR

static final int STATUS_REQUEST_ERROR

Status Request denied

See Also:

Constant Field Values

STATUS_RESPONSE_OK

static final int STATUS_RESPONSE_OK

Status Response processed

See Also:

Constant Field Values

STATUS_RESPONSE_ERROR

static final int STATUS_RESPONSE_ERROR

Status Response processing error

See Also:

Constant Field Values

config

private Configuration config

The configuration.

keystore

private KeyStore keystore

privKey

private PrivateKey privKey

cert

private X509Certificate cert

roleEnableAuth

private RoleEnablementAuthority roleEnableAuth

The RoleEnablementAuthority to evaluate roles for a given subject.

pdp

private RBACPDP pdp

The RBACPDP to evaluate the access control policies for a given role set.

domain

private String domain

The working domain for this PEP.

host

private URI host

The host to redirect permitted requests to.

wrapper

private URI wrapper

The PyWrapperURI to redirect BioCASE requests to..

status

int status

Status of the filter

request

Request request

BioCASE request to be filtered

version

static final String version

See Also:

Constant Field Values

Constructor Detail

PEPHandler

public PEPHandler()

PEPHandler

public PEPHandler(Configuration config)
           throws ClassNotFoundException,
                  NoSuchMethodException,
                  InvocationTargetException,
                  InstantiationException,
                  IllegalAccessException

Creates a PEPHandler based on its configuration.

Parameters:

config - The configuration.

Throws:

ClassNotFoundException

NoSuchMethodException

InvocationTargetException

InstantiationException

IllegalAccessException

Method Detail

getClientCertificate

static X509Certificate getClientCertificate(SSLSocket socket)
                                     throws SSLPeerUnverifiedException

Retrieves the client's certificate from a SSL ServerSocket.

Parameters:

socket - The SSL server socket

Returns:

The client's certificate or null.

Throws:

SSLPeerUnverifiedException

getClientCertificate

static X509Certificate getClientCertificate(HttpRequest request,
                                            String parameter)
                                     throws CertificateException

Retrieves the client's certificate from a HttpRequest parameter.

Parameters:

request - The Http request.

parameter - The Http request parameter name of the client certificate.

Returns:

The client's certificate or null.

Throws:

NullPointerException - if parameter could not be retrieved from the request.

CertificateException

getRoles

private Set getRoles(HttpRequest request)

Retrieve the enabled roles from the REA for a given Http-request. First, the client's certificate is retrieved, then the REA is evaluated for the client's roles enabled.

Parameters:

request - The received Http request

Returns:

Set of enabled roles for the client.

openHostConnection

private HttpURLConnection openHostConnection(HttpRequest request,
                                             Set roleIds)
                                      throws IOException,
                                             ParsingException,
                                             URISyntaxException

Opens an Http-connection to the provider's interface host and adds the client roles to the given Http-request and redirects the request to the provider's interface host.

Parameters:

request - The received Http-Request

roleIds - The roles to add to the Http-Request as parameters

Returns:

The established URLConnection or null.

Throws:

IOException

ParsingException

URISyntaxException

buildWrapperURL

private String buildWrapperURL(String urlRequest,
                               String urlWrapper)

Builds the wrapperURL to be set in the provider's interface. The URL is created from the wrapper URL concatenating the paht of the request URL.

Parameters:

urlRequest - The URL of the current Request.

urlWrapper - The URL of the PyWrapper.

Returns:

The new wrapperURL or null.

buildHostURL

private String buildHostURL(String urlRequest,
                            String urlHost)

Builds the wrapperURL to be set in the provider's interface. The URL is created from the host URL concatenating the paht of the request URL.

Parameters:

urlRequest - The URL of the current Request.

urlHost - The URL of the provider's interface host.

Returns:

The new wrapperURL or null.

handleWrapperURLParameter

private void handleWrapperURLParameter(HttpRequest httpRequest)
                                throws MalformedURLException

Redefines the wrapper_url parameter of a Http-Request to the wrapperURL build using the method buildWrapperURL(String, String).

Parameters:

httpRequest - The request to modify.

Throws:

MalformedURLException

getQueryParameterValue

private String getQueryParameterValue(String query,
                                      String paramLabel)

Get the value of a parameter from the current query request.

Parameters:

query - The query.

paramLabel - The parameter to search for.

Returns:

The parameter value or null.

addQueryParameter

private String addQueryParameter(String query,
                                 String paramLabel,
                                 String paramValue)

Add a parameter to the given query request.

Parameters:

query - The query of the current request.

paramLabel - The label of the parameter to add.

paramValue - The value of the parameter to add.

Returns:

The new query or null.

addRoleQuery

private void addRoleQuery(Set roleIds,
                          URI uri)
                   throws ParsingException,
                          URISyntaxException

Throws:

ParsingException

URISyntaxException

addURLQuery

private void addURLQuery(URI uri)
                  throws ParsingException,
                         URISyntaxException

Add the wrapper-URL to the url-header parameter for a Http-GET request.

Parameters:

uri - The URI to build the wrapper url.

Throws:

ParsingException

URISyntaxException

handleRoleParameter

private Set handleRoleParameter(Set roleIds,
                                HttpRequest httpRequest)
                         throws ParsingException,
                                URISyntaxException

Reads the role parameter from the PyWrapper query, only if the requesting role is set to guest.

Parameters:

roleIds - The set of roles.

httpRequest - The request to inspect.

Returns:

The role parameter from the request.

Throws:

ParsingException

URISyntaxException

filterRequest

private int filterRequest(HttpRequest httpRequest,
                          Set roleIds,
                          HttpResponse httpResponse)
                   throws ParserConfigurationException,
                          SAXException,
                          UnsupportedEncodingException,
                          IOException

Filters the incoming request filtering any BioCASE request using the RBACPDP and rejecting all denied request. When an request is denied or an error occurs, an error response is generated. The method returns the new status for this PEPHandler.

Parameters:

httpRequest - The request to filter.

roleIds - The enabled role Id's for this request.

httpResponse - The Http Resopnse

Returns:

The request status.

Throws:

ParserConfigurationException

SAXException

UnsupportedEncodingException

IOException

filterResponse

private int filterResponse(HttpURLConnection httpConnection,
                           HttpResponse httpResponse,
                           Set roleIds)
                    throws ParserConfigurationException,
                           SAXException,
                           UnsupportedEncodingException,
                           IOException

Filters the only responses corresponding to redirected requests and filtering any BioCASE responses using the RBACPDP eliminating all XML elements from the received document denied by the RBACPDP. When an error occurs, an error response is generated. The method returns the new status for this PEPHandler. Denied elements are reported in the BioCASE Diagnostics.

Parameters:

httpConnection - The connection to the PyWrapper

httpResponse - The Http-response received

roleIds - The roles enabled for this client request/response.

Returns:

The response status.

Throws:

ParserConfigurationException

SAXException

UnsupportedEncodingException

IOException

createReferences

private List createReferences(ResponseFilter responseFilter,
                              XMLSignatureFactory fac)
                       throws NoSuchAlgorithmException,
                              InvalidAlgorithmParameterException

Throws:

NoSuchAlgorithmException

InvalidAlgorithmParameterException

createXPathReference

private Reference createXPathReference(String xpath,
                                       XMLSignatureFactory fac)
                                throws NoSuchAlgorithmException,
                                       InvalidAlgorithmParameterException

Throws:

NoSuchAlgorithmException

InvalidAlgorithmParameterException

signResponse

private void signResponse(ByteArrayInputStream contentIn,
                          OutputStream contentOut,
                          ResponseFilter responseFilter)
                   throws Exception

Throws:

Exception

createErrorResponse

private HttpResponse createErrorResponse(HttpResponse httpResponse,
                                         Request request,
                                         String errMess)
                                  throws IOException

Creates an BioCASE error response.

Parameters:

httpResponse - The Http-response to be filled with the error message

request - The BioCASE-request

errMess - The error message to be included in the Diagnostics of the response.

Returns:

Http Error response.

Throws:

IOException

handle

public void handle(String pathInContext,
                   String pathParams,
                   HttpRequest request,
                   HttpResponse response)
            throws HttpException,
                   IOException

The handlers main function called from Jetty. Processes the handling of requests, responses and error responses calling the methods filterRequest and filterResponse.

Throws:

HttpException

IOException

See Also:

HttpHandler.handle(java.lang.String, java.lang.String, org.mortbay.http.HttpRequest, org.mortbay.http.HttpResponse)