View Javadoc

1   /*
2    * Copyright 2011 University Corporation for Advanced Internet Development, Inc.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.saml;
18  
19  import java.util.List;
20  
21  import org.opensaml.saml2.metadata.NameIDFormat;
22  import org.opensaml.saml2.metadata.SSODescriptor;
23  import org.slf4j.Logger;
24  import org.slf4j.LoggerFactory;
25  
26  import edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.FilterProcessingException;
27  import edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.ShibbolethFilteringContext;
28  import edu.internet2.middleware.shibboleth.common.attribute.filtering.provider.match.basic.AbstractMatchFunctor;
29  
30  /** Base class for matching functions that check if an SAML entity supports a particular NameID format type. */
31  public abstract class AbstractNameIDFormatSupportedMatchFunctor extends AbstractMatchFunctor {
32  
33      /** Class logger. */
34      private final Logger log = LoggerFactory.getLogger(AbstractNameIDFormatSupportedMatchFunctor.class);
35  
36      /** The NameID format that needs to be supported by the entity. */
37      private String nameIdFormat;
38  
39      /**
40       * Get the NameID format that needs to be supported by the entity.
41       * 
42       * @return NameID format that needs to be supported by the entity
43       */
44      public String getNameIdFormat() {
45          return nameIdFormat;
46      }
47  
48      /**
49       * Sets the NameID format that needs to be supported by the entity.
50       * 
51       * @param format NameID format that needs to be supported by the entity
52       */
53      public void setNameIdFormat(String format) {
54          nameIdFormat = format;
55      }
56  
57      /** {@inheritDoc} */
58      protected boolean doEvaluatePolicyRequirement(ShibbolethFilteringContext filterContext)
59              throws FilterProcessingException {
60          return isNameIDFormatSupported(filterContext);
61      }
62  
63      /** {@inheritDoc} */
64      protected boolean doEvaluateValue(ShibbolethFilteringContext filterContext, String attributeId,
65              Object attributeValue) throws FilterProcessingException {
66          return isNameIDFormatSupported(filterContext);
67      }
68  
69      /**
70       * Checks to see if the metadata for the entity supports the required NameID format.
71       * 
72       * @param filterContext current filter context
73       * 
74       * @return true if the entity supports the required NameID format, false otherwise
75       */
76      protected boolean isNameIDFormatSupported(ShibbolethFilteringContext filterContext) {
77          SSODescriptor role = getEntitySSODescriptor(filterContext);
78          if (role == null) {
79              log.debug("entity does contain an appropriate SSO role descriptor");
80              return false;
81          }
82  
83          List<NameIDFormat> supportedFormats = role.getNameIDFormats();
84          if (supportedFormats == null || supportedFormats.isEmpty()) {
85              log.debug("entity SSO role descriptor does not list any supported NameID formats");
86              return false;
87          }
88  
89          for (NameIDFormat supportedFormat : supportedFormats) {
90              if (nameIdFormat.equals(supportedFormat.getFormat())) {
91                  log.debug("entity does support the NameID format '{}'", nameIdFormat);
92                  return true;
93              }
94          }
95  
96          log.debug("entity does not support the NameID format '{}'", nameIdFormat);
97          return false;
98      }
99  
100     /**
101      * Gets the SSO role descriptor for the entity to be checked.
102      * 
103      * @param filterContext current filtering context
104      * 
105      * @return the SSO role descriptor of the entity or null if the entity does not have such a descriptor
106      */
107     protected abstract SSODescriptor getEntitySSODescriptor(ShibbolethFilteringContext filterContext);
108 }