1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.principalConnector;
18
19 import java.sql.SQLException;
20
21 import org.opensaml.saml1.core.NameIdentifier;
22 import org.opensaml.saml2.core.NameID;
23 import org.opensaml.xml.util.DatatypeHelper;
24 import org.slf4j.Logger;
25 import org.slf4j.LoggerFactory;
26
27 import edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolutionException;
28 import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethResolutionContext;
29 import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StoredIDDataConnector;
30 import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StoredIDStore;
31 import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StoredIDStore.PersistentIdEntry;
32 import edu.internet2.middleware.shibboleth.common.profile.provider.SAMLProfileRequestContext;
33
34
35
36
37 public class StoredIDPrincipalConnector extends BasePrincipalConnector {
38
39
40 private final Logger log = LoggerFactory.getLogger(StoredIDPrincipalConnector.class);
41
42
43 private StoredIDStore pidStore;
44
45
46 private boolean noResultIsError;
47
48
49
50
51
52
53 public StoredIDPrincipalConnector(StoredIDDataConnector idProducer) {
54 if (idProducer == null) {
55 throw new IllegalArgumentException("ID producing data connector may not be null");
56 }
57 pidStore = idProducer.getStoredIDStore();
58 noResultIsError = false;
59 }
60
61
62
63
64
65
66 public boolean isNoResultIsError() {
67 return noResultIsError;
68 }
69
70
71
72
73
74
75 public void setNoResultIsError(boolean isError) {
76 noResultIsError = isError;
77 }
78
79
80
81 public String resolve(ShibbolethResolutionContext resolutionContext) throws AttributeResolutionException {
82 SAMLProfileRequestContext requestContext = resolutionContext.getAttributeRequestContext();
83
84 String persistentId;
85 if (requestContext.getSubjectNameIdentifier() instanceof NameIdentifier) {
86 persistentId = ((NameIdentifier) requestContext.getSubjectNameIdentifier()).getNameIdentifier();
87 } else if (requestContext.getSubjectNameIdentifier() instanceof NameID) {
88 persistentId = ((NameID) requestContext.getSubjectNameIdentifier()).getValue();
89 } else {
90 throw new AttributeResolutionException("Subject name identifier is not of a supported type");
91 }
92
93 try {
94 PersistentIdEntry pidEntry = pidStore.getActivePersistentIdEntry(persistentId);
95 if (pidEntry == null) {
96 if (noResultIsError) {
97 log.warn("PersistentId '{}' not found", persistentId);
98 throw new AttributeResolutionException("No identifier found");
99 }
100 return null;
101 }
102
103 if (!DatatypeHelper.safeEquals(requestContext.getInboundMessageIssuer(), pidEntry.getPeerEntityId())) {
104 log.warn("Requester '{}' attempted to use identifier '{}' which was issued to the entity '{}'",
105 new Object[] { requestContext.getInboundMessageIssuer(), pidEntry.getPersistentId(),
106 pidEntry.getPeerEntityId(), });
107 if (noResultIsError) {
108 throw new AttributeResolutionException("identifier mismatch");
109 }
110 return null;
111 }
112
113 return pidEntry.getPrincipalName();
114 } catch (SQLException e) {
115 log.error("Error retrieving persistent ID from database", e);
116 throw new AttributeResolutionException("Error retrieving persistent ID from database", e);
117 }
118 }
119
120
121 public void validate() throws AttributeResolutionException {
122 if (pidStore == null) {
123 throw new AttributeResolutionException("Persistent ID store was null");
124 }
125
126 try {
127 pidStore.getPersistentIdEntry("test", false);
128 } catch (SQLException e) {
129 throw new AttributeResolutionException("Persistent ID store can not perform persistent ID search", e);
130 }
131 }
132 }