1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition;
18
19 import java.security.NoSuchAlgorithmException;
20
21 import org.opensaml.common.IdentifierGenerator;
22 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
23 import org.opensaml.util.storage.StorageService;
24
25 import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
26 import edu.internet2.middleware.shibboleth.common.attribute.provider.BasicAttribute;
27 import edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolutionException;
28 import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethResolutionContext;
29 import edu.internet2.middleware.shibboleth.common.profile.provider.SAMLProfileRequestContext;
30
31
32
33
34
35
36
37
38 public class TransientIdAttributeDefinition extends BaseAttributeDefinition {
39
40
41 private StorageService<String, TransientIdEntry> idStore;
42
43
44 private String partition;
45
46
47 private IdentifierGenerator idGenerator;
48
49
50 private int idSize;
51
52
53 private long idLifetime;
54
55
56
57
58
59
60
61
62
63 public TransientIdAttributeDefinition(StorageService<String, TransientIdEntry> store) throws NoSuchAlgorithmException {
64 idGenerator = new SecureRandomIdentifierGenerator();
65 idStore = store;
66 partition = "transientId";
67 idSize = 16;
68 idLifetime = 1000 * 60 * 60 * 4;
69
70
71 idGenerator.generateIdentifier(idSize);
72 }
73
74
75 protected BaseAttribute doResolve(ShibbolethResolutionContext resolutionContext)
76 throws AttributeResolutionException {
77
78 SAMLProfileRequestContext requestContext = resolutionContext.getAttributeRequestContext();
79
80 StringBuilder principalTokenIdBuilder = new StringBuilder();
81 principalTokenIdBuilder.append(requestContext.getOutboundMessageIssuer()).append("!").append(
82 requestContext.getInboundMessageIssuer()).append("!").append(requestContext.getPrincipalName());
83 String principalTokenId = principalTokenIdBuilder.toString();
84
85 TransientIdEntry tokenEntry = idStore.get(partition, principalTokenId);
86 if (tokenEntry == null || tokenEntry.isExpired()) {
87 String token = idGenerator.generateIdentifier(idSize);
88 tokenEntry = new TransientIdEntry(idLifetime, requestContext.getInboundMessageIssuer(), requestContext
89 .getPrincipalName(), token);
90 idStore.put(partition, token, tokenEntry);
91 idStore.put(partition, principalTokenId, tokenEntry);
92 }
93
94 BasicAttribute<String> attribute = new BasicAttribute<String>();
95 attribute.setId(getId());
96 attribute.getValues().add(tokenEntry.getId());
97
98 return attribute;
99 }
100
101
102
103
104
105
106 public int getIdSize() {
107 return idSize;
108 }
109
110
111
112
113
114
115 public void setIdSize(int size) {
116 idSize = size;
117 }
118
119
120
121
122
123
124 public long getIdLifetime() {
125 return idLifetime;
126 }
127
128
129
130
131
132
133 public void setTokenLiftetime(long lifetime) {
134 idLifetime = lifetime;
135 }
136
137
138 public void validate() throws AttributeResolutionException {
139
140 }
141 }