1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.attributeDefinition;
18
19 import org.slf4j.Logger;
20 import org.slf4j.LoggerFactory;
21
22 import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
23 import edu.internet2.middleware.shibboleth.common.attribute.provider.BasicAttribute;
24 import edu.internet2.middleware.shibboleth.common.attribute.resolver.AttributeResolutionException;
25 import edu.internet2.middleware.shibboleth.common.attribute.resolver.provider.ShibbolethResolutionContext;
26 import edu.internet2.middleware.shibboleth.common.profile.provider.SAMLProfileRequestContext;
27 import edu.internet2.middleware.shibboleth.common.util.DataSealer;
28 import edu.internet2.middleware.shibboleth.common.util.DataSealerException;
29
30
31
32
33
34 public class CryptoTransientIdAttributeDefinition extends BaseAttributeDefinition {
35
36
37 private static Logger log = LoggerFactory.getLogger(CryptoTransientIdAttributeDefinition.class);
38
39
40 private DataSealer dataSealer;
41
42
43 private long idLifetime;
44
45
46
47
48
49
50 public CryptoTransientIdAttributeDefinition(DataSealer sealer) {
51 if (sealer == null) {
52 throw new IllegalArgumentException("DataSealer may not be null.");
53 }
54 dataSealer = sealer;
55 idLifetime = 1000 * 60 * 60 * 4;
56 }
57
58
59 protected BaseAttribute<String> doResolve(ShibbolethResolutionContext resolutionContext)
60 throws AttributeResolutionException {
61
62 SAMLProfileRequestContext<?, ?, ?, ?> requestContext = resolutionContext.getAttributeRequestContext();
63
64 StringBuilder principalTokenIdBuilder = new StringBuilder();
65 principalTokenIdBuilder.append(requestContext.getOutboundMessageIssuer()).append("!").append(
66 requestContext.getInboundMessageIssuer()).append("!").append(requestContext.getPrincipalName());
67 String transientId;
68 try {
69 transientId = dataSealer.wrap(principalTokenIdBuilder.toString(), System.currentTimeMillis() + idLifetime);
70 } catch (DataSealerException e) {
71 throw new AttributeResolutionException("Caught exception wrapping principal identifier.", e);
72 }
73
74 BasicAttribute<String> attribute = new BasicAttribute<String>();
75 attribute.setId(getId());
76 attribute.getValues().add(transientId);
77
78 return attribute;
79 }
80
81
82
83
84
85
86 public long getIdLifetime() {
87 return idLifetime;
88 }
89
90
91
92
93
94
95 public void setIdLifetime(long lifetime) {
96 idLifetime = lifetime;
97 }
98
99
100 public void validate() throws AttributeResolutionException {
101 if (dataSealer == null) {
102 log.error("CryptoTransientIdAttributeDefinition (" + getId()
103 + ") must have a DataSealer object set.");
104 throw new AttributeResolutionException("CryptoTransientIdAttributeDefinition (" + getId()
105 + ") must have a DataSealer object set.");
106 }
107 }
108 }