View Javadoc

1   /*
2    * Copyright [2007] [University Corporation for Advanced Internet Development, Inc.]
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.principalConnector;
18  
19  import java.sql.SQLException;
20  
21  import org.opensaml.saml1.core.NameIdentifier;
22  import org.opensaml.saml2.core.NameID;
23  import org.opensaml.xml.util.DatatypeHelper;
24  import org.slf4j.Logger;
25  import org.slf4j.LoggerFactory;
26  
27  import edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolutionException;
28  import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethResolutionContext;
29  import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StoredIDDataConnector;
30  import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StoredIDStore;
31  import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.dataConnector.StoredIDStore.PersistentIdEntry;
32  import edu.internet2.middleware.shibboleth.common.profile.provider.SAMLProfileRequestContext;
33  
34  /**
35   * A principal connector that resolved ID created by {@link StoredIDPrincipalConnector}s into principals.
36   */
37  public class StoredIDPrincipalConnector extends BasePrincipalConnector {
38  
39      /** Class logger. */
40      private final Logger log = LoggerFactory.getLogger(StoredIDPrincipalConnector.class);
41  
42      /** ID store that manages the stored IDs. */
43      private StoredIDStore pidStore;
44  
45      /** Whether an empty result set is an error. */
46      private boolean noResultIsError;
47  
48      /**
49       * Constructor.
50       * 
51       * @param idProducer data connector that produced the stored ID.
52       */
53      public StoredIDPrincipalConnector(StoredIDDataConnector idProducer) {
54          if (idProducer == null) {
55              throw new IllegalArgumentException("ID producing data connector may not be null");
56          }
57          pidStore = idProducer.getStoredIDStore();
58          noResultIsError = false;
59      }
60  
61      /**
62       * This returns whether this connector will throw an exception if no search results are found. The default is false.
63       * 
64       * @return <code>boolean</code>
65       */
66      public boolean isNoResultIsError() {
67          return noResultIsError;
68      }
69  
70      /**
71       * This sets whether this connector will throw an exception if no search results are found.
72       * 
73       * @param isError <code>boolean</code>
74       */
75      public void setNoResultIsError(boolean isError) {
76          noResultIsError = isError;
77      }
78  
79  
80      /** {@inheritDoc} */
81      public String resolve(ShibbolethResolutionContext resolutionContext) throws AttributeResolutionException {
82          SAMLProfileRequestContext requestContext = resolutionContext.getAttributeRequestContext();
83  
84          String persistentId;
85          if (requestContext.getSubjectNameIdentifier() instanceof NameIdentifier) {
86              persistentId = ((NameIdentifier) requestContext.getSubjectNameIdentifier()).getNameIdentifier();
87          } else if (requestContext.getSubjectNameIdentifier() instanceof NameID) {
88              persistentId = ((NameID) requestContext.getSubjectNameIdentifier()).getValue();
89          } else {
90              throw new AttributeResolutionException("Subject name identifier is not of a supported type");
91          }
92  
93          try {
94              PersistentIdEntry pidEntry = pidStore.getActivePersistentIdEntry(persistentId);
95              if (pidEntry == null) {
96                  if (noResultIsError) {
97                      log.warn("PersistentId '{}' not found", persistentId);
98                      throw new AttributeResolutionException("No identifier found");
99                  }
100                 return null;
101             }
102 
103             if (!DatatypeHelper.safeEquals(requestContext.getInboundMessageIssuer(), pidEntry.getPeerEntityId())) {
104                 log.warn("Requester '{}' attempted to use identifier '{}' which was issued to the entity '{}'",
105                         new Object[] { requestContext.getInboundMessageIssuer(), pidEntry.getPersistentId(),
106                                 pidEntry.getPeerEntityId(), });
107                 if (noResultIsError) {
108                     throw new AttributeResolutionException("identifier mismatch");
109                 }
110                 return null;
111             }
112             
113             return pidEntry.getPrincipalName();
114         } catch (SQLException e) {
115             log.error("Error retrieving persistent ID from database", e);
116             throw new AttributeResolutionException("Error retrieving persistent ID from database", e);
117         }
118     }
119 
120     /** {@inheritDoc} */
121     public void validate() throws AttributeResolutionException {
122         if (pidStore == null) {
123             throw new AttributeResolutionException("Persistent ID store was null");
124         }
125 
126         try {
127             pidStore.getPersistentIdEntry("test", false);
128         } catch (SQLException e) {
129             throw new AttributeResolutionException("Persistent ID store can not perform persistent ID search", e);
130         }
131     }
132 }