View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.principalConnector;
18  
19  import java.sql.SQLException;
20  
21  import org.opensaml.saml1.core.NameIdentifier;
22  import org.opensaml.saml2.core.NameID;
23  import org.opensaml.xml.util.DatatypeHelper;
24  import org.slf4j.Logger;
25  import org.slf4j.LoggerFactory;
26  
27  import edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolutionException;
28  import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethResolutionContext;
29  import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StoredIDDataConnector;
30  import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StoredIDStore;
31  import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StoredIDStore.PersistentIdEntry;
32  import edu.internet2.middleware.shibboleth.common.profile.provider.SAMLProfileRequestContext;
33  
34  /**
35   * A principal connector that resolved ID created by {@link StoredIDPrincipalConnector}s into principals.
36   */
37  public class StoredIDPrincipalConnector extends BasePrincipalConnector {
38  
39      /** Class logger. */
40      private final Logger log = LoggerFactory.getLogger(StoredIDPrincipalConnector.class);
41  
42      /** ID store that manages the stored IDs. */
43      private StoredIDStore pidStore;
44  
45      /**
46       * Constructor.
47       * 
48       * @param idProducer data connector that produced the stored ID.
49       */
50      public StoredIDPrincipalConnector(StoredIDDataConnector idProducer) {
51          if (idProducer == null) {
52              throw new IllegalArgumentException("ID producing data connector may not be null");
53          }
54          pidStore = idProducer.getStoredIDStore();
55  
56      }
57  
58      /** {@inheritDoc} */
59      public String resolve(ShibbolethResolutionContext resolutionContext) throws AttributeResolutionException {
60          SAMLProfileRequestContext requestContext = resolutionContext.getAttributeRequestContext();
61  
62          String persistentId;
63          if (requestContext.getSubjectNameIdentifier() instanceof NameIdentifier) {
64              persistentId = ((NameIdentifier) requestContext.getSubjectNameIdentifier()).getNameIdentifier();
65          } else if (requestContext.getSubjectNameIdentifier() instanceof NameID) {
66              persistentId = ((NameID) requestContext.getSubjectNameIdentifier()).getValue();
67          } else {
68              throw new AttributeResolutionException("Subject name identifier is not of a supported type");
69          }
70  
71          try {
72              PersistentIdEntry pidEntry = pidStore.getActivePersistentIdEntry(persistentId);
73              if (pidEntry == null) {
74                  return null;
75              }
76  
77              if (!DatatypeHelper.safeEquals(requestContext.getInboundMessageIssuer(), pidEntry.getPeerEntityId())) {
78                  log.warn("Requester '{}' attempted to use identifier '{}' which was issued to the entity '{}'",
79                          new Object[] { requestContext.getInboundMessageIssuer(), pidEntry.getPersistentId(),
80                                  pidEntry.getPeerEntityId(), });
81                  return null;
82              }
83              
84              return pidEntry.getPrincipalName();
85          } catch (SQLException e) {
86              log.error("Error retrieving persistent ID from database", e);
87              throw new AttributeResolutionException("Error retrieving persistent ID from database", e);
88          }
89      }
90  
91      /** {@inheritDoc} */
92      public void validate() throws AttributeResolutionException {
93          if (pidStore == null) {
94              throw new AttributeResolutionException("Persistent ID store was null");
95          }
96  
97          try {
98              pidStore.getPersistentIdEntry("test", false);
99          } catch (SQLException e) {
100             throw new AttributeResolutionException("Persistent ID store can not perform persistent ID search", e);
101         }
102     }
103 }