1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.principalConnector;
18
19 import java.sql.SQLException;
20
21 import org.opensaml.saml1.core.NameIdentifier;
22 import org.opensaml.saml2.core.NameID;
23 import org.opensaml.xml.util.DatatypeHelper;
24 import org.slf4j.Logger;
25 import org.slf4j.LoggerFactory;
26
27 import edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolutionException;
28 import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethResolutionContext;
29 import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StoredIDDataConnector;
30 import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StoredIDStore;
31 import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StoredIDStore.PersistentIdEntry;
32 import edu.internet2.middleware.shibboleth.common.profile.provider.SAMLProfileRequestContext;
33
34
35
36
37 public class StoredIDPrincipalConnector extends BasePrincipalConnector {
38
39
40 private final Logger log = LoggerFactory.getLogger(StoredIDPrincipalConnector.class);
41
42
43 private StoredIDStore pidStore;
44
45
46
47
48
49
50 public StoredIDPrincipalConnector(StoredIDDataConnector idProducer) {
51 if (idProducer == null) {
52 throw new IllegalArgumentException("ID producing data connector may not be null");
53 }
54 pidStore = idProducer.getStoredIDStore();
55
56 }
57
58
59 public String resolve(ShibbolethResolutionContext resolutionContext) throws AttributeResolutionException {
60 SAMLProfileRequestContext requestContext = resolutionContext.getAttributeRequestContext();
61
62 String persistentId;
63 if (requestContext.getSubjectNameIdentifier() instanceof NameIdentifier) {
64 persistentId = ((NameIdentifier) requestContext.getSubjectNameIdentifier()).getNameIdentifier();
65 } else if (requestContext.getSubjectNameIdentifier() instanceof NameID) {
66 persistentId = ((NameID) requestContext.getSubjectNameIdentifier()).getValue();
67 } else {
68 throw new AttributeResolutionException("Subject name identifier is not of a supported type");
69 }
70
71 try {
72 PersistentIdEntry pidEntry = pidStore.getActivePersistentIdEntry(persistentId);
73 if (pidEntry == null) {
74 return null;
75 }
76
77 if (!DatatypeHelper.safeEquals(requestContext.getInboundMessageIssuer(), pidEntry.getPeerEntityId())) {
78 log.warn("Requester '{}' attempted to use identifier '{}' which was issued to the entity '{}'",
79 new Object[] { requestContext.getInboundMessageIssuer(), pidEntry.getPersistentId(),
80 pidEntry.getPeerEntityId(), });
81 return null;
82 }
83
84 return pidEntry.getPrincipalName();
85 } catch (SQLException e) {
86 log.error("Error retrieving persistent ID from database", e);
87 throw new AttributeResolutionException("Error retrieving persistent ID from database", e);
88 }
89 }
90
91
92 public void validate() throws AttributeResolutionException {
93 if (pidStore == null) {
94 throw new AttributeResolutionException("Persistent ID store was null");
95 }
96
97 try {
98 pidStore.getPersistentIdEntry("test", false);
99 } catch (SQLException e) {
100 throw new AttributeResolutionException("Persistent ID store can not perform persistent ID search", e);
101 }
102 }
103 }